From 23e5c29c25b93399a12202806791dcf8697eb9db Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 17 Mar 2024 14:40:02 +1000 Subject: [PATCH 1/4] Remove some unnecessary dependencies on EVP_PKEY_set_type EVP_PKEY_set_type needs to pull in every supported EVP_PKEY type, but most of our calls within the library already know what type they're working with. Have them call evp_pkey_set_method directly. Bug: 497 Change-Id: I17cb9a0dff0da55206686bce1d8e1df4773f6f4d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67127 Reviewed-by: Bob Beck Auto-Submit: David Benjamin Commit-Queue: David Benjamin (cherry picked from commit fea4c97491e43455063fda6967e4a2cc4234baf5) --- crypto/dilithium/p_dilithium3.c | 4 +--- crypto/evp_extra/evp_asn1.c | 25 ++++++++++++------------- crypto/evp_extra/internal.h | 4 ++++ crypto/evp_extra/p_ed25519.c | 5 +---- crypto/evp_extra/p_kem.c | 5 +---- crypto/evp_extra/p_x25519.c | 5 +---- crypto/fipsmodule/evp/evp.c | 7 ++----- 7 files changed, 22 insertions(+), 33 deletions(-) diff --git a/crypto/dilithium/p_dilithium3.c b/crypto/dilithium/p_dilithium3.c index 6f92bbe357..ad842ed1a4 100644 --- a/crypto/dilithium/p_dilithium3.c +++ b/crypto/dilithium/p_dilithium3.c @@ -29,9 +29,7 @@ static int pkey_dilithium3_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { goto err; } - if (!EVP_PKEY_set_type(pkey, EVP_PKEY_DILITHIUM3)) { - goto err; - } + evp_pkey_set_method(pkey, &dilithium3_asn1_meth); if (DILITHIUM3_keypair(key->pub, key->priv) != 0) { goto err; diff --git a/crypto/evp_extra/evp_asn1.c b/crypto/evp_extra/evp_asn1.c index fb6d815639..9765d3916d 100644 --- a/crypto/evp_extra/evp_asn1.c +++ b/crypto/evp_extra/evp_asn1.c @@ -69,10 +69,10 @@ #include "../internal.h" #include "internal.h" -static int parse_key_type(CBS *cbs, int *out_type) { +static const EVP_PKEY_ASN1_METHOD *parse_key_type(CBS *cbs) { CBS oid; if (!CBS_get_asn1(cbs, &oid, CBS_ASN1_OBJECT)) { - return 0; + return NULL; } const EVP_PKEY_ASN1_METHOD *const *asn1_methods = AWSLC_non_fips_pkey_evp_asn1_methods(); @@ -80,18 +80,16 @@ static int parse_key_type(CBS *cbs, int *out_type) { const EVP_PKEY_ASN1_METHOD *method = asn1_methods[i]; if (CBS_len(&oid) == method->oid_len && OPENSSL_memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) { - *out_type = method->pkey_id; - return 1; + return method; } } - return 0; + return NULL; } EVP_PKEY *EVP_parse_public_key(CBS *cbs) { // Parse the SubjectPublicKeyInfo. CBS spki, algorithm, key; - int type; uint8_t padding; if (!CBS_get_asn1(cbs, &spki, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || @@ -100,7 +98,8 @@ EVP_PKEY *EVP_parse_public_key(CBS *cbs) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return NULL; } - if (!parse_key_type(&algorithm, &type)) { + const EVP_PKEY_ASN1_METHOD *method = parse_key_type(&algorithm); + if (method == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); return NULL; } @@ -114,10 +113,10 @@ EVP_PKEY *EVP_parse_public_key(CBS *cbs) { // Set up an |EVP_PKEY| of the appropriate type. EVP_PKEY *ret = EVP_PKEY_new(); - if (ret == NULL || - !EVP_PKEY_set_type(ret, type)) { + if (ret == NULL) { goto err; } + evp_pkey_set_method(ret, method); // Call into the type-specific SPKI decoding function. if (ret->ameth->pub_decode == NULL) { @@ -154,7 +153,6 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) { // Parse the PrivateKeyInfo (RFC 5208) or OneAsymmetricKey (RFC 5958). CBS pkcs8, algorithm, key, public_key; uint64_t version; - int type; if (!CBS_get_asn1(cbs, &pkcs8, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_uint64(&pkcs8, &version) || version > PKCS8_VERSION_TWO || @@ -163,7 +161,8 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return NULL; } - if (!parse_key_type(&algorithm, &type)) { + const EVP_PKEY_ASN1_METHOD *method = parse_key_type(&algorithm); + if (method == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); return NULL; } @@ -192,10 +191,10 @@ EVP_PKEY *EVP_parse_private_key(CBS *cbs) { // Set up an |EVP_PKEY| of the appropriate type. EVP_PKEY *ret = EVP_PKEY_new(); - if (ret == NULL || - !EVP_PKEY_set_type(ret, type)) { + if (ret == NULL) { goto err; } + evp_pkey_set_method(ret, method); // Call into the type-specific PrivateKeyInfo decoding function. if (ret->ameth->priv_decode == NULL) { diff --git a/crypto/evp_extra/internal.h b/crypto/evp_extra/internal.h index 1623c89c68..a6a4f4f127 100644 --- a/crypto/evp_extra/internal.h +++ b/crypto/evp_extra/internal.h @@ -58,6 +58,10 @@ extern const EVP_PKEY_METHOD dilithium3_pkey_meth; extern const EVP_PKEY_METHOD kem_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; +// evp_pkey_set_method behaves like |EVP_PKEY_set_type|, but takes a pointer to +// a method table. This avoids depending on every |EVP_PKEY_ASN1_METHOD|. +void evp_pkey_set_method(EVP_PKEY *pkey, const EVP_PKEY_ASN1_METHOD *method); + // Returns a reference to the list |non_fips_pkey_evp_methods|. The list has // size |NON_FIPS_EVP_PKEY_METHODS|. const EVP_PKEY_METHOD *const *AWSLC_non_fips_pkey_evp_methods(void); diff --git a/crypto/evp_extra/p_ed25519.c b/crypto/evp_extra/p_ed25519.c index 4b437b111d..0369be6427 100644 --- a/crypto/evp_extra/p_ed25519.c +++ b/crypto/evp_extra/p_ed25519.c @@ -31,10 +31,7 @@ static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { return 0; } - if (!EVP_PKEY_set_type(pkey, EVP_PKEY_ED25519)) { - OPENSSL_free(key); - return 0; - } + evp_pkey_set_method(pkey, &ed25519_asn1_meth); uint8_t pubkey_unused[32]; ED25519_keypair(pubkey_unused, key->key); diff --git a/crypto/evp_extra/p_kem.c b/crypto/evp_extra/p_kem.c index fd7724ce5a..48cdcbf058 100644 --- a/crypto/evp_extra/p_kem.c +++ b/crypto/evp_extra/p_kem.c @@ -359,10 +359,7 @@ static int EVP_PKEY_kem_set_params(EVP_PKEY *pkey, int nid) { return 0; } - if (!EVP_PKEY_set_type(pkey, EVP_PKEY_KEM)) { - // EVP_PKEY_set_type sets the appropriate error. - return 0; - } + evp_pkey_set_method(pkey, &kem_asn1_meth); KEM_KEY *key = KEM_KEY_new(); if (key == NULL) { diff --git a/crypto/evp_extra/p_x25519.c b/crypto/evp_extra/p_x25519.c index d591cc7fa2..84b514fb87 100644 --- a/crypto/evp_extra/p_x25519.c +++ b/crypto/evp_extra/p_x25519.c @@ -31,10 +31,7 @@ static int pkey_x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { return 0; } - if (!EVP_PKEY_set_type(pkey, EVP_PKEY_X25519)) { - OPENSSL_free(key); - return 0; - } + evp_pkey_set_method(pkey, &x25519_asn1_meth); X25519_keypair(key->pub, key->priv); key->has_private = 1; diff --git a/crypto/fipsmodule/evp/evp.c b/crypto/fipsmodule/evp/evp.c index 386b989538..ad1a559973 100644 --- a/crypto/fipsmodule/evp/evp.c +++ b/crypto/fipsmodule/evp/evp.c @@ -159,9 +159,7 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { SET_DIT_AUTO_DISABLE; if (to->type == EVP_PKEY_NONE) { - if (!EVP_PKEY_set_type(to, from->type)) { - return 0; - } + evp_pkey_set_method(to, from->ameth); } else if (to->type != from->type) { OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES); return 0; @@ -259,8 +257,7 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) { return NULL; } -static void evp_pkey_set_method(EVP_PKEY *pkey, - const EVP_PKEY_ASN1_METHOD *method) { +void evp_pkey_set_method(EVP_PKEY *pkey, const EVP_PKEY_ASN1_METHOD *method) { free_it(pkey); pkey->ameth = method; pkey->type = pkey->ameth->pkey_id; From 37b6e3300b4353e85af3a0eee5388e02c8335b7a Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 17 Mar 2024 15:40:03 +1000 Subject: [PATCH 2/4] Add some barebones support for DH in EVP OpenSSH needs this. Features that have been intentionally omitted for now: - X9.42-style Diffie-Hellman ("DHX"). We continue not to support this. Use ECDH or X25519 instead. - SPKI and PKCS#8 serialization. Use ECDH or X25519 instead. The format is a bit ill-defined. Moreover, until we solve the serialization aspects of https://crbug.com/boringssl/497, adding them would put this legacy algorithm on path for every caller. - Most of the random options like stapling a KDF, etc. Though I did add EVP_PKEY_CTX_set_dh_pad because it's the only way to undo OpenSSL's bug where they chop off leading zeros by default. - Parameter generation. Diffie-Hellman parameters should not be generated at runtime. This means you need to bootstrap with a DH object and then wrap it in an EVP_PKEY. This matches the limitations of the EVP API in OpenSSL 1.1.x. Unfortunately the OpenSSL 3.x APIs are unsuitable for many, many reasons, so I expect when we get further along in https://crbug.com/boringssl/535, we'll have established some patterns here that we can apply to EVP_PKEY_DH too. Change-Id: I34b4e8799afb266ea5602a70115cc2146f19c6a7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67207 Reviewed-by: Theo Buehler Commit-Queue: David Benjamin Reviewed-by: Bob Beck (cherry picked from commit e57ab142c0cabf30b6d4e85b8038003cc179716b) --- crypto/CMakeLists.txt | 2 + crypto/err/evp.errordata | 1 + crypto/evp_extra/evp_extra_test.cc | 62 +++++++++++++ crypto/evp_extra/evp_test.cc | 64 +++++++++++++- crypto/evp_extra/evp_tests.txt | 80 +++++++++++++++++ crypto/evp_extra/internal.h | 2 + crypto/evp_extra/p_dh.c | 137 +++++++++++++++++++++++++++++ crypto/evp_extra/p_dh_asn1.c | 119 +++++++++++++++++++++++++ crypto/evp_extra/p_methods.c | 2 + crypto/fipsmodule/evp/evp.c | 16 +--- crypto/fipsmodule/evp/internal.h | 5 +- include/openssl/evp.h | 45 +++++----- include/openssl/evp_errors.h | 1 + 13 files changed, 500 insertions(+), 36 deletions(-) create mode 100644 crypto/evp_extra/p_dh.c create mode 100644 crypto/evp_extra/p_dh_asn1.c diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index eb476dc6fd..73fa416a8f 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -420,6 +420,8 @@ add_library( err_data.c engine/engine.c evp_extra/evp_asn1.c + evp_extra/p_dh.c + evp_extra/p_dh_asn1.c evp_extra/p_dsa_asn1.c evp_extra/p_ec_asn1.c evp_extra/p_ed25519.c diff --git a/crypto/err/evp.errordata b/crypto/err/evp.errordata index f2e2d21e29..f437b3619a 100644 --- a/crypto/err/evp.errordata +++ b/crypto/err/evp.errordata @@ -8,6 +8,7 @@ EVP,136,EMPTY_PSK EVP,105,ENCODE_ERROR EVP,106,EXPECTING_AN_EC_KEY_KEY EVP,107,EXPECTING_AN_RSA_KEY +EVP,139,EXPECTING_A_DH_KEY EVP,108,EXPECTING_A_DSA_KEY EVP,109,ILLEGAL_OR_UNSUPPORTED_PADDING_MODE EVP,137,INVALID_BUFFER_SIZE diff --git a/crypto/evp_extra/evp_extra_test.cc b/crypto/evp_extra/evp_extra_test.cc index 621b7f947d..75b20d8de0 100644 --- a/crypto/evp_extra/evp_extra_test.cc +++ b/crypto/evp_extra/evp_extra_test.cc @@ -1753,6 +1753,68 @@ TEST(EVPExtraTest, ECKeygen) { ExpectECGroupAndKey(pkey.get(), NID_X9_62_prime256v1); } +TEST(EVPExtraTest, DHKeygen) { + // Set up some DH params in an |EVP_PKEY|. There is currently no API to do + // this from EVP directly. + bssl::UniquePtr p(BN_get_rfc3526_prime_1536(nullptr)); + ASSERT_TRUE(p); + bssl::UniquePtr g(BN_new()); + ASSERT_TRUE(g); + ASSERT_TRUE(BN_set_u64(g.get(), 2)); + bssl::UniquePtr params_dh(DH_new()); + ASSERT_TRUE(params_dh); + ASSERT_TRUE( + DH_set0_pqg(params_dh.get(), p.release(), /*q=*/nullptr, g.release())); + bssl::UniquePtr params(EVP_PKEY_new()); + ASSERT_TRUE(params); + ASSERT_TRUE(EVP_PKEY_set1_DH(params.get(), params_dh.get())); + + for (bool copy : {false, true}) { + SCOPED_TRACE(copy); + + auto maybe_copy = [&](bssl::UniquePtr *ctx) -> bool { + if (copy) { + ctx->reset(EVP_PKEY_CTX_dup(ctx->get())); + } + return *ctx != nullptr; + }; + + // |params| may be used as a template for key generation. + bssl::UniquePtr ctx(EVP_PKEY_CTX_new(params.get(), nullptr)); + ASSERT_TRUE(ctx); + ASSERT_TRUE(maybe_copy(&ctx)); + ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get())); + ASSERT_TRUE(maybe_copy(&ctx)); + EVP_PKEY *raw = nullptr; + ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw)); + bssl::UniquePtr pkey(raw); + + EXPECT_EQ(EVP_PKEY_id(pkey.get()), EVP_PKEY_DH); + const DH *dh = EVP_PKEY_get0_DH(pkey.get()); + EXPECT_EQ(0, BN_cmp(DH_get0_p(dh), DH_get0_p(params_dh.get()))); + EXPECT_EQ(0, BN_cmp(DH_get0_g(dh), DH_get0_g(params_dh.get()))); + EXPECT_FALSE(DH_get0_q(dh)); + EXPECT_TRUE(DH_get0_pub_key(dh)); + EXPECT_TRUE(DH_get0_priv_key(dh)); + EXPECT_EQ(1, EVP_PKEY_cmp_parameters(params.get(), pkey.get())); + EXPECT_EQ(0, EVP_PKEY_cmp(params.get(), pkey.get())); + + // Generate a second key. + ctx.reset(EVP_PKEY_CTX_new(params.get(), nullptr)); + ASSERT_TRUE(ctx); + ASSERT_TRUE(maybe_copy(&ctx)); + ASSERT_TRUE(EVP_PKEY_keygen_init(ctx.get())); + ASSERT_TRUE(maybe_copy(&ctx)); + raw = nullptr; + ASSERT_TRUE(EVP_PKEY_keygen(ctx.get(), &raw)); + bssl::UniquePtr pkey2(raw); + + EXPECT_EQ(1, EVP_PKEY_cmp_parameters(params.get(), pkey2.get())); + EXPECT_EQ(1, EVP_PKEY_cmp_parameters(pkey.get(), pkey2.get())); + EXPECT_EQ(0, EVP_PKEY_cmp(pkey.get(), pkey2.get())); + } +} + // Test that |EVP_PKEY_keygen| works for Ed25519. TEST(EVPExtraTest, Ed25519Keygen) { bssl::UniquePtr pctx( diff --git a/crypto/evp_extra/evp_test.cc b/crypto/evp_extra/evp_test.cc index 5a5950174b..f98bf73a78 100644 --- a/crypto/evp_extra/evp_test.cc +++ b/crypto/evp_extra/evp_test.cc @@ -51,7 +51,6 @@ * ==================================================================== */ -#include #include #include #include @@ -75,9 +74,11 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) #include +#include #include #include #include +#include #include #include #include @@ -270,6 +271,60 @@ static bool ImportKey(FileTest *t, KeyMap *key_map, return true; } +static bool GetOptionalBignum(FileTest *t, bssl::UniquePtr *out, + const std::string &key) { + if (!t->HasAttribute(key)) { + *out = nullptr; + return true; + } + + std::vector bytes; + if (!t->GetBytes(&bytes, key)) { + return false; + } + + out->reset(BN_bin2bn(bytes.data(), bytes.size(), nullptr)); + return *out != nullptr; +} + +static bool ImportDHKey(FileTest *t, KeyMap *key_map) { + bssl::UniquePtr p, q, g, pub_key, priv_key; + if (!GetOptionalBignum(t, &p, "P") || // + !GetOptionalBignum(t, &q, "Q") || // + !GetOptionalBignum(t, &g, "G") || + !GetOptionalBignum(t, &pub_key, "Public") || + !GetOptionalBignum(t, &priv_key, "Private")) { + return false; + } + + bssl::UniquePtr dh(DH_new()); + if (dh == nullptr || !DH_set0_pqg(dh.get(), p.get(), q.get(), g.get())) { + return false; + } + // |DH_set0_pqg| takes ownership on success. + p.release(); + q.release(); + g.release(); + + if (!DH_set0_key(dh.get(), pub_key.get(), priv_key.get())) { + return false; + } + // |DH_set0_key| takes ownership on success. + pub_key.release(); + priv_key.release(); + + bssl::UniquePtr pkey(EVP_PKEY_new()); + if (pkey == nullptr || !EVP_PKEY_set1_DH(pkey.get(), dh.get())) { + return false; + } + + // Save the key for future tests. + const std::string &key_name = t->GetParameter(); + EXPECT_EQ(0u, key_map->count(key_name)) << "Duplicate key: " << key_name; + (*key_map)[key_name] = std::move(pkey); + return true; +} + // SetupContext configures |ctx| based on attributes in |t|, with the exception // of the signing digest which must be configured externally. static bool SetupContext(FileTest *t, KeyMap *key_map, EVP_PKEY_CTX *ctx) { @@ -323,6 +378,9 @@ static bool SetupContext(FileTest *t, KeyMap *key_map, EVP_PKEY_CTX *ctx) { return false; } } + if (t->HasAttribute("DiffieHellmanPad") && !EVP_PKEY_CTX_set_dh_pad(ctx, 1)) { + return false; + } return true; } @@ -425,6 +483,10 @@ static bool TestEVP(FileTest *t, KeyMap *key_map) { return ImportKey(t, key_map, EVP_parse_public_key, EVP_marshal_public_key); } + if (t->GetType() == "DHKey") { + return ImportDHKey(t, key_map); + } + // Load the key. const std::string &key_name = t->GetParameter(); if (key_map->count(key_name) == 0) { diff --git a/crypto/evp_extra/evp_tests.txt b/crypto/evp_extra/evp_tests.txt index dc55e90462..d0c06038a1 100644 --- a/crypto/evp_extra/evp_tests.txt +++ b/crypto/evp_extra/evp_tests.txt @@ -1894,3 +1894,83 @@ Output = c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552 Derive = X25519-Private DerivePeer = X25519-SmallOrderPeer Error = INVALID_PEER_KEY + +DHKey = DH-Public1 +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +G = 02 +Public = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9 + +DHKey = DH-Private1 +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +G = 02 +Public = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9 +Private = 05953ba55a5ff41a700744e06cebcd30f6fd76a6b1f7efb6bdc05028e7db2e50ef56385c65bad4a1cfff232c5d83179559e59a8901a88119ababdcc0c4e4fd75cdf6161fb07a72fb3d4c6c0fb140a2eb3e93627d4f2e93e086ba672149a4fb25594b2c6cb74a97a8e68d45097cc937cf30dd9141dbd3abdd4fb9fec45a240d528efa4a5b5690f40250a96ff54b0b90a3a0540e5cc54754579d4e65db233edcc9e55c26dd2a6f7fd8ee440b3f5bce547e0bb9197894f1728c2060b0597cbee547 + +DHKey = DH-Public2 +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +G = 02 +Public = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb + +DHKey = DH-Private2 +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +G = 02 +Public = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb +Private = 984de7473d1186e97b3dc4797f14ec8ab97df321192bf40e8fb575a2ab93210f6c32cc4d915cff27d2d4f9bbc661bc809243d116db8b844377993ae8399b4fa089c9404c7515003c71a2bfdd0361cc192dcf2e56a555105e2ef25b0c7545a6a30ba62607b0563ad46714ac8b6720446ad0e33af2c183cdf045b01ff0415fbdd8e2bd506729a84731fb68dd54a4caecfe028a09d157f94f48e90c3d5cb63f0db39e05d556a4dc85594c9c7f2f07c6dd27878512748fc8eba2652f2bd7a6395586 + +# By default, the leading zero is removed for OpenSSL compatibility (insecure). +Derive = DH-Private1 +DerivePeer = DH-Public2 +Output = 5d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495 + +Derive = DH-Private2 +DerivePeer = DH-Public1 +Output = 5d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495 + +# Setting EVP_PKEY_CTX_set_dh_pad fixes this. +Derive = DH-Private1 +DerivePeer = DH-Public2 +DiffieHellmanPad +Output = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495 + +Derive = DH-Private2 +DerivePeer = DH-Public1 +DiffieHellmanPad +Output = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495 + +Derive = DH-Public1 +DerivePeer = DH-Public2 +Error = NO_PRIVATE_VALUE + +DHKey = DH-WrongGroup +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327fffffffffffffffe +G = 02 +Public = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb +Private = 984de7473d1186e97b3dc4797f14ec8ab97df321192bf40e8fb575a2ab93210f6c32cc4d915cff27d2d4f9bbc661bc809243d116db8b844377993ae8399b4fa089c9404c7515003c71a2bfdd0361cc192dcf2e56a555105e2ef25b0c7545a6a30ba62607b0563ad46714ac8b6720446ad0e33af2c183cdf045b01ff0415fbdd8e2bd506729a84731fb68dd54a4caecfe028a09d157f94f48e90c3d5cb63f0db39e05d556a4dc85594c9c7f2f07c6dd27878512748fc8eba2652f2bd7a6395586 + +Derive = DH-WrongGroup +DerivePeer = DH-Public2 +Error = DIFFERENT_PARAMETERS + +Derive = DH-Private1 +DerivePeer = DH-WrongGroup +Error = DIFFERENT_PARAMETERS + +DHKey = DH-Params +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +G = 02 + +Derive = DH-Private1 +DerivePeer = DH-Params +Error = KEYS_NOT_SET + +DHKey = DH-Private1-With-Q +P = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff +Q = 7fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a0105df531d89cd9128a5043cc71a026ef7ca8cd9e69d218d98158536f92f8a1ba7f09ab6b6a8e122f242dabb312f3f637a262174d31bf6b585ffae5b7a035bf6f71c35fdad44cfd2d74f9208be258ff324943328f6722d9ee1003e5c50b1df82cc6d241b0e2ae9cd348b1fd47e9267afc1b2ae91ee51d6cb0e3179ab1042a95dcf6a9483b84b4b36b3861aa7255e4c0278ba36046511b993ffffffffffffffff +G = 02 +Public = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9 +Private = 05953ba55a5ff41a700744e06cebcd30f6fd76a6b1f7efb6bdc05028e7db2e50ef56385c65bad4a1cfff232c5d83179559e59a8901a88119ababdcc0c4e4fd75cdf6161fb07a72fb3d4c6c0fb140a2eb3e93627d4f2e93e086ba672149a4fb25594b2c6cb74a97a8e68d45097cc937cf30dd9141dbd3abdd4fb9fec45a240d528efa4a5b5690f40250a96ff54b0b90a3a0540e5cc54754579d4e65db233edcc9e55c26dd2a6f7fd8ee440b3f5bce547e0bb9197894f1728c2060b0597cbee547 + +Derive = DH-Private1-With-Q +DerivePeer = DH-Public2 +DiffieHellmanPad +Output = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495 \ No newline at end of file diff --git a/crypto/evp_extra/internal.h b/crypto/evp_extra/internal.h index a6a4f4f127..6cf362a60c 100644 --- a/crypto/evp_extra/internal.h +++ b/crypto/evp_extra/internal.h @@ -50,6 +50,7 @@ extern const EVP_PKEY_ASN1_METHOD dilithium3_asn1_meth; #endif extern const EVP_PKEY_ASN1_METHOD kem_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; extern const EVP_PKEY_METHOD ed25519_pkey_meth; extern const EVP_PKEY_METHOD x25519_pkey_meth; @@ -57,6 +58,7 @@ extern const EVP_PKEY_METHOD hkdf_pkey_meth; extern const EVP_PKEY_METHOD dilithium3_pkey_meth; extern const EVP_PKEY_METHOD kem_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; +extern const EVP_PKEY_METHOD dh_pkey_meth; // evp_pkey_set_method behaves like |EVP_PKEY_set_type|, but takes a pointer to // a method table. This avoids depending on every |EVP_PKEY_ASN1_METHOD|. diff --git a/crypto/evp_extra/p_dh.c b/crypto/evp_extra/p_dh.c new file mode 100644 index 0000000000..b1d799140f --- /dev/null +++ b/crypto/evp_extra/p_dh.c @@ -0,0 +1,137 @@ +/* + * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include + +#include +#include +#include + +#include "internal.h" + + +typedef struct dh_pkey_ctx_st { + int pad; +} DH_PKEY_CTX; + +static int pkey_dh_init(EVP_PKEY_CTX *ctx) { + DH_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(DH_PKEY_CTX)); + if (dctx == NULL) { + return 0; + } + + ctx->data = dctx; + return 1; +} + +static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { + if (!pkey_dh_init(dst)) { + return 0; + } + + const DH_PKEY_CTX *sctx = src->data; + DH_PKEY_CTX *dctx = dst->data; + dctx->pad = sctx->pad; + return 1; +} + +static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) { + OPENSSL_free(ctx->data); + ctx->data = NULL; +} + +static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { + DH *dh = DH_new(); + if (dh == NULL || !EVP_PKEY_assign_DH(pkey, dh)) { + DH_free(dh); + return 0; + } + + if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey)) { + return 0; + } + + return DH_generate_key(dh); +} + +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { + DH_PKEY_CTX *dctx = ctx->data; + if (ctx->pkey == NULL || ctx->peerkey == NULL) { + OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); + return 0; + } + + DH *our_key = ctx->pkey->pkey.dh; + DH *peer_key = ctx->peerkey->pkey.dh; + if (our_key == NULL || peer_key == NULL) { + OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); + return 0; + } + + const BIGNUM *pub_key = DH_get0_pub_key(peer_key); + if (pub_key == NULL) { + OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); + return 0; + } + + if (out == NULL) { + *out_len = DH_size(our_key); + return 1; + } + + if (*out_len < (size_t)DH_size(our_key)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + int ret = dctx->pad ? DH_compute_key_padded(out, pub_key, our_key) + : DH_compute_key(out, pub_key, our_key); + if (ret < 0) { + return 0; + } + + assert(ret <= DH_size(our_key)); + *out_len = (size_t)ret; + return 1; +} + +static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { + DH_PKEY_CTX *dctx = ctx->data; + switch (type) { + case EVP_PKEY_CTRL_PEER_KEY: + // |EVP_PKEY_derive_set_peer| requires the key implement this command, + // even if it is a no-op. + return 1; + + case EVP_PKEY_CTRL_DH_PAD: + dctx->pad = p1; + return 1; + + default: + OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); + return 0; + } +} + +const EVP_PKEY_METHOD dh_pkey_meth = { + .pkey_id = EVP_PKEY_DH, + .init = pkey_dh_init, + .copy = pkey_dh_copy, + .cleanup = pkey_dh_cleanup, + .keygen = pkey_dh_keygen, + .derive = pkey_dh_derive, + .ctrl = pkey_dh_ctrl, +}; + +int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_DH_PAD, pad, NULL); +} diff --git a/crypto/evp_extra/p_dh_asn1.c b/crypto/evp_extra/p_dh_asn1.c new file mode 100644 index 0000000000..0000060326 --- /dev/null +++ b/crypto/evp_extra/p_dh_asn1.c @@ -0,0 +1,119 @@ +/* + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include +#include + +#include "internal.h" +#include "../internal.h" + + +static void dh_free(EVP_PKEY *pkey) { + DH_free(pkey->pkey.dh); + pkey->pkey.dh = NULL; +} + +static int dh_size(const EVP_PKEY *pkey) { return DH_size(pkey->pkey.dh); } + +static int dh_bits(const EVP_PKEY *pkey) { return DH_bits(pkey->pkey.dh); } + +static int dh_param_missing(const EVP_PKEY *pkey) { + const DH *dh = pkey->pkey.dh; + return dh == NULL || DH_get0_p(dh) == NULL || DH_get0_g(dh) == NULL; +} + +static int dh_param_copy(EVP_PKEY *to, const EVP_PKEY *from) { + if (dh_param_missing(from)) { + OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); + return 0; + } + + const DH *dh = from->pkey.dh; + const BIGNUM *q_old = DH_get0_q(dh); + BIGNUM *p = BN_dup(DH_get0_p(dh)); + BIGNUM *q = q_old == NULL ? NULL : BN_dup(q_old); + BIGNUM *g = BN_dup(DH_get0_g(dh)); + if (p == NULL || (q_old != NULL && q == NULL) || g == NULL || + !DH_set0_pqg(to->pkey.dh, p, q, g)) { + BN_free(p); + BN_free(q); + BN_free(g); + return 0; + } + + // |DH_set0_pqg| took ownership of |p|, |q|, and |g|. + return 1; +} + +static int dh_param_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + if (dh_param_missing(a) || dh_param_missing(b)) { + return -2; + } + + // Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman. + // OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX"). + const DH *a_dh = a->pkey.dh; + const DH *b_dh = b->pkey.dh; + return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 && + BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0; +} + +static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + if (dh_param_cmp(a, b) <= 0) { + return 0; + } + + const DH *a_dh = a->pkey.dh; + const DH *b_dh = b->pkey.dh; + return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0; +} + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { + .pkey_id = EVP_PKEY_DH, + .pub_cmp = dh_pub_cmp, + .pkey_size = dh_size, + .pkey_bits = dh_bits, + .param_missing = dh_param_missing, + .param_copy = dh_param_copy, + .param_cmp = dh_param_cmp, + .pkey_free = dh_free, +}; + +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { + if (EVP_PKEY_assign_DH(pkey, key)) { + DH_up_ref(key); + return 1; + } + return 0; +} + +int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) { + evp_pkey_set_method(pkey, &dh_asn1_meth); + pkey->pkey.dh = key; + return key != NULL; +} + +DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { + if (pkey->type != EVP_PKEY_DH) { + OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY); + return NULL; + } + return pkey->pkey.dh; +} + +DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { + DH *dh = EVP_PKEY_get0_DH(pkey); + if (dh != NULL) { + DH_up_ref(dh); + } + return dh; +} diff --git a/crypto/evp_extra/p_methods.c b/crypto/evp_extra/p_methods.c index 2c5d7a840d..a47b4cd045 100644 --- a/crypto/evp_extra/p_methods.c +++ b/crypto/evp_extra/p_methods.c @@ -14,8 +14,10 @@ static const EVP_PKEY_METHOD *const non_fips_pkey_evp_methods[] = { &dilithium3_pkey_meth, #endif &kem_pkey_meth, + &dh_pkey_meth, }; +// We intentionally omit |dh_asn1_meth| from this list. It is not serializable. const EVP_PKEY_ASN1_METHOD *const asn1_evp_pkey_methods[] = { &rsa_asn1_meth, &rsa_pss_asn1_meth, diff --git a/crypto/fipsmodule/evp/evp.c b/crypto/fipsmodule/evp/evp.c index ad1a559973..4aeb94f1fc 100644 --- a/crypto/fipsmodule/evp/evp.c +++ b/crypto/fipsmodule/evp/evp.c @@ -422,19 +422,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) { return ec_key; } -DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { - SET_DIT_AUTO_DISABLE; - return NULL; -} - -DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { - SET_DIT_AUTO_DISABLE; - return NULL; -} - int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - // This function can only be used to assign RSA, DSA, and EC keys. Other key - // types have internal representations which are not exposed through the + // This function can only be used to assign RSA, DSA, EC, and DH keys. Other + // key types have internal representations which are not exposed through the // public API. SET_DIT_AUTO_DISABLE; switch (type) { @@ -444,6 +434,8 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { return EVP_PKEY_assign_DSA(pkey, key); case EVP_PKEY_EC: return EVP_PKEY_assign_EC_KEY(pkey, key); + case EVP_PKEY_DH: + return EVP_PKEY_assign_DH(pkey, key); default: if (!EVP_PKEY_set_type(pkey, type)) { return 0; diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h index 0465d6cd66..3f3001d34c 100644 --- a/crypto/fipsmodule/evp/internal.h +++ b/crypto/fipsmodule/evp/internal.h @@ -229,6 +229,7 @@ int EVP_RSA_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void * #define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 16) #define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 17) #define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 18) +#define EVP_PKEY_CTRL_DH_PAD (EVP_PKEY_ALG_CTRL + 19) struct evp_pkey_ctx_st { // Method associated with this operation @@ -326,10 +327,10 @@ HMAC_KEY *HMAC_KEY_new(void); #define FIPS_EVP_PKEY_METHODS 5 #ifdef ENABLE_DILITHIUM -#define NON_FIPS_EVP_PKEY_METHODS 4 +#define NON_FIPS_EVP_PKEY_METHODS 5 #define ASN1_EVP_PKEY_METHODS 9 #else -#define NON_FIPS_EVP_PKEY_METHODS 3 +#define NON_FIPS_EVP_PKEY_METHODS 4 #define ASN1_EVP_PKEY_METHODS 8 #endif diff --git a/include/openssl/evp.h b/include/openssl/evp.h index c3cd1a0df0..a770b26c0f 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -176,6 +176,11 @@ OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); +OPENSSL_EXPORT int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +OPENSSL_EXPORT int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); +OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); + #define EVP_PKEY_NONE NID_undef #define EVP_PKEY_RSA NID_rsaEncryption #define EVP_PKEY_RSA_PSS NID_rsassaPss @@ -184,6 +189,7 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); #define EVP_PKEY_X25519 NID_X25519 #define EVP_PKEY_HKDF NID_hkdf #define EVP_PKEY_HMAC NID_hmac +#define EVP_PKEY_DH NID_dhKeyAgreement #ifdef ENABLE_DILITHIUM #define EVP_PKEY_DILITHIUM3 NID_DILITHIUM3_R3 @@ -928,6 +934,23 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_kem_new_raw_key(int nid, // to the secret key in |key|. OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key); + +// Diffie-Hellman-specific control functions. + +// EVP_PKEY_CTX_set_dh_pad configures configures whether |ctx|, which must be an +// |EVP_PKEY_derive| operation, configures the handling of leading zeros in the +// Diffie-Hellman shared secret. If |pad| is zero, leading zeros are removed +// from the secret. If |pad| is non-zero, the fixed-width shared secret is used +// unmodified, as in PKCS #3. If this function is not called, the default is to +// remove leading zeros. +// +// WARNING: The behavior when |pad| is zero leaks information about the shared +// secret. This may result in side channel attacks such as +// https://raccoon-attack.com/, particularly when the same private key is used +// for multiple operations. +OPENSSL_EXPORT int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + + // ASN1 functions // EVP_PKEY_asn1_get_count returns the number of available @@ -965,6 +988,7 @@ OPENSSL_EXPORT int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, const char **ppem_str, const EVP_PKEY_ASN1_METHOD *ameth); + // Deprecated functions. // EVP_PKEY_RSA2 was historically an alternate form for RSA public keys (OID @@ -1178,9 +1202,6 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine, const uint8_t *mac_key, size_t mac_key_len); - -// Deprecated functions - // EVP_PKEY_get0 returns the consumed key. The type of value returned will be // one of the following, depending on the type of the |EVP_PKEY|: // |RSA|, |DSA| or |EC_KEY|. @@ -1234,24 +1255,6 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_set_dsa_paramgen_q_bits( EVP_PKEY_CTX *ctx, int qbits); -// EVP_PKEY_DH No-ops [Deprecated]. -// -// |EVP_PKEY_DH| is deprecated. It is not possible to create a DH |EVP_PKEY| in -// AWS-LC. The following symbols are also no-ops due to the deprecation. - -// EVP_PKEY_DH is defined for compatibility, but it is impossible to create an -// |EVP_PKEY| of that type. -#define EVP_PKEY_DH NID_dhKeyAgreement - -// EVP_PKEY_get0_DH returns NULL. -// -// TODO (CryptoAlg-2398): Add |OPENSSL_DEPRECATED|. curl defines -Werror and -// depends on this. -OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); - -// EVP_PKEY_get1_DH returns NULL. -OPENSSL_EXPORT OPENSSL_DEPRECATED DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); - // EVP_PKEY_CTX No-ops [Deprecated]. // EVP_PKEY_CTX_ctrl_str is a no-op. diff --git a/include/openssl/evp_errors.h b/include/openssl/evp_errors.h index 3a06e861b0..fbbba01dc8 100644 --- a/include/openssl/evp_errors.h +++ b/include/openssl/evp_errors.h @@ -96,6 +96,7 @@ #define EVP_R_EMPTY_PSK 136 #define EVP_R_INVALID_BUFFER_SIZE 137 #define EVP_R_BAD_DECRYPT 138 +#define EVP_R_EXPECTING_A_DH_KEY 139 #define EVP_R_INVALID_PSS_MD 500 #define EVP_R_INVALID_PSS_SALT_LEN 501 #define EVP_R_INVALID_PSS_TRAILER_FIELD 502 From b54768154af5ab00fb53f71725c67e7a44299857 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Thu, 29 Aug 2024 21:14:32 +0000 Subject: [PATCH 3/4] Insert SET_DIT_AUTO_DISABLE in EVP_PKEY DH APIs --- crypto/evp_extra/p_dh_asn1.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/evp_extra/p_dh_asn1.c b/crypto/evp_extra/p_dh_asn1.c index 0000060326..b7177ff3ca 100644 --- a/crypto/evp_extra/p_dh_asn1.c +++ b/crypto/evp_extra/p_dh_asn1.c @@ -89,6 +89,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { }; int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { + SET_DIT_AUTO_DISABLE if (EVP_PKEY_assign_DH(pkey, key)) { DH_up_ref(key); return 1; @@ -97,12 +98,14 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { } int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) { + SET_DIT_AUTO_DISABLE evp_pkey_set_method(pkey, &dh_asn1_meth); pkey->pkey.dh = key; return key != NULL; } DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { + SET_DIT_AUTO_DISABLE if (pkey->type != EVP_PKEY_DH) { OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY); return NULL; @@ -111,6 +114,7 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { } DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { + SET_DIT_AUTO_DISABLE DH *dh = EVP_PKEY_get0_DH(pkey); if (dh != NULL) { DH_up_ref(dh); From fb59c089481c64897ae4535cc9c2af6de8e1054a Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Fri, 30 Aug 2024 17:12:02 +0000 Subject: [PATCH 4/4] Update build files in generated-src --- generated-src/crypto_test_data.cc | 5 +- generated-src/err_data.c | 1054 +++++++++++++++-------------- 2 files changed, 531 insertions(+), 528 deletions(-) diff --git a/generated-src/crypto_test_data.cc b/generated-src/crypto_test_data.cc index 13bdb8ad5e..1e18b5f6a2 100644 --- a/generated-src/crypto_test_data.cc +++ b/generated-src/crypto_test_data.cc @@ -5473,7 +5473,7 @@ static const char *kData47[] = { "fa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa445c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13\r\n\tK1 = 838209e0ebe7626cf6482f25c7774bfd8ee7f3164c7ff5dca310ced61e53a1c8f371e2995a57d838c869ea1f82d6045f60d00920b3e0f0b915d9c8a39f013caa\r\n\tK = 838209e0ebe7626cf6482f25c7774bfd8ee7f3164c7ff5dca310ced61e53a1c8f371e2995a57d838c869ea1f82d6045f60d00920b3e0f0b915d9c8a39f013caa\r\nEncryption key (server to client) = 838209e0ebe7626cf6482f25c7774bfd\r\n\tX = 'E' (char), 0x45 (hex)\r\n\tK || H || X || session id = 0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa455c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13\r\n\tK1 = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef\r\n\tK = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef\r\nIntegrity key (client to server) = bc62048ddb762ac50336ae0e91a402cc78e73472fe180756a4686299967d2904318b8ad1b8dc622edd75e9ff0e74f7fcb8a1f8acb86e2567a5167084c648c7ef\r\n\tX = 'F' (char), 0x46 (hex)\r\n\tK || H || X || session id = 0000010100c6c401e7a417025fce8ca5d5e654de6cac8eb1bf24fffa1eefaba828f425b5df93323ad62565d9e74c0b45619c3e97a8e006a9b28a42e96e13ea2f3807319ac587850731f64c86a3a9acd4aaa04e8a586833faeb902f95177d27e89ce25307365b22b7bf444c8e72ef2bb0fce86fe326a90b787948085fd101f04a7311ed6cf65d5073a6a29c7d99fe9fa0b915fac1d9bb6b95143ca8936e10e6e319201112ba52823dbaad935972842361394999e5a67356076e9f0b528d62325181f80d66e9b3288ba7482458c737806f474867036a234201253a91a6246c8c2876d210d2579951dd12cbc153dcec403156739be9c7d291e4904f079a5a71c01b9a84481800b060195095692352bde81e90c1b648ec46d57476892e79489d42cb8e0da2027ec41fd2e62da8e8e2a9e1ebcb8eecfaadef75e6714008ed6a2cbdef6c321bbaaa465c910a53cafca6f8c0d97c4748f67aecd9a54c8ba96bf33327565f6f68ae0a2e7a62733a9051364ff9f68bdb416176522a0e5a2f28fe27a3f5ec402b3d99da13\r\n\tK1 = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621\r\n\tK = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621\r\nIntegrity key (server to client) = 4e9644a01a3fe6c3f4f5aceddb00e2584e277354aee6392a1a5aef05024d37fcf25ff46fdd8fe52e7d1dd9a96e77328aadf44b8fc92ac22a14f63d64ad0db621\r\n\r\nCOUNT = 9\r\nK = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7e\r\nH = a6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f2\r\nsession_id = cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tX = 'A' (char), 0x41 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f241cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = 77cb432c67bf0ae658aa4e34376d01b56e3fbcf2dbc3cbc489e9842bcc77da5325ff7280eef6fe573628d0de24e1850431636569d33f575996c200b194dc0824\r\n\tK = 77cb432c67bf0ae658aa4e34376d01b56e3fbcf2dbc3cbc489e9842bcc77da5325ff7280eef6fe573628d0de24e1850431636569d33f575996c200b194dc0824\r\nInitial IV (client to server) = 77cb432c67bf0ae658aa4e34376d01b5\r\n\tX = 'B' (char), 0x42 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f242cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = f55c74d112746001d8908edd347d7e69fb51d56c3f535850320399184293ab86e8d64f2f33c92c457e9650422bdf34b1771155de68746eb5fc2bf80027f0bf3b\r\n\tK = f55c74d112746001d8908edd347d7e69fb51d56c3f535850320399184293ab86e8d64f2f33c92c457e9650422bdf34b1771155de68746eb5fc2bf80027f0bf3b\r\nInitial IV (server to client) = f55c74d112746001d8908edd347d7e69\r\n\tX = 'C' (char), 0x43 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f243cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = 34a48ab90890b385198ea6bf8c50c3f6607e7300c273492169502f496cb6a63de523931765ee73a3963a05101d511f003adef4f2efafb802a83ebc6f8f1695ec\r\n\tK = 34a48ab90890b385198ea6bf8c50c3f6607e7300c273492169502f496cb6a63de523931765ee73a3963a05101d511f003adef4f2efafb802a83ebc6f8f1695ec\r\nEncryption key (client to server) = 34a48ab90890b385198ea6bf8c50c3f6\r\n\tX = 'D' (char), 0x44 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7d", "a0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f244cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = f2b6046d3439c50a9000a63909146abc453eefc84fae13fb1447fef9a84a9e800a43a42e2265d177428d6e41b9237a480e98af031fffe368e0a946a801b2adb5\r\n\tK = f2b6046d3439c50a9000a63909146abc453eefc84fae13fb1447fef9a84a9e800a43a42e2265d177428d6e41b9237a480e98af031fffe368e0a946a801b2adb5\r\nEncryption key (server to client) = f2b6046d3439c50a9000a63909146abc\r\n\tX = 'E' (char), 0x45 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f245cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff\r\n\tK = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff\r\nIntegrity key (client to server) = 70357486ca57c93418c6705b731b054bc41be03289c25a5ed29a937732807ae10a3604486c53d1f2431411808d87bfbaa6b25971fa2e4ec3719b5d2622aed2ff\r\n\tX = 'F' (char), 0x46 (hex)\r\n\tK || H || X || session id = 0000010100a82ae4062baef678d20dd9cf1704cdc69e9e78eea5faa435e4dffec06976ff73bd1e2ebd206658a26fb85a0911e2034eede31e7df2d7b87aa9700cf301b6b38502ba4db2b9723505455a7da0c6e0cf374b063921179d1bc69508f660bbb26d05ab16a2325716dbd0a733809cac36660d9a73ff0f61e09f55d1ff0652474130be7fcd2d37ebd1203960d788a1307fae48ec4e1042ab85f037a01bfd17f15725ee929d6e6246bbda00fe7105461ee873b0190c2f44692845e464949f909df46309a8eb72037278f792c87249897a0564d290bec1e09b2c9d3ad3011710fc4dcfabfa435611794dc7d1507b657229a2aab65ce2e789305d5d24ed955e89d8eb4f7ea6ef8e3102b16ce51b2a2fe17e8dc711a964c195ca4d597aabecce595187344ccb2ea37dc4cac0a77a47e7ea1b9055b1c9948e6e09793a9121f120b3bd07c5f246cc85cf95e29a5991306b21c1738de9a6612b8cb09f12b1738a4873c29f971e8d204aeb98bb7a7502cdab952eaaa6ec1e3a9655db3e5217afbff63ad588fbbf85\r\n\tK1 = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899\r\n\tK = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899\r\nIntegrity key (server to client) = 4e6428f7a87455bdef6026cdf68a2f6d93d6cda5145d6bca60ee4eb2d6248b399f6568c65ec92cee8d9b0c7fd83053c91c5be72bf96b5904080624a348243899\r\n\r\n", }; -static const size_t kLen48 = 159096; +static const size_t kLen48 = 169023; static const char *kData48[] = { "# Public key algorithm tests\n\n# Keys used for PKEY operations.\n\n# RSA 2048 bit key.\nPrivateKey = RSA-2048\nType = RSA\nInput = 308204bc020100300d06092a864886f70d0101010500048204a6308204a20201000282010100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f02030100010282010060297ac7991b167a06d6b24758b8cbe208beb9b2d9ec9738bd80f90a2e35005dd7ce292d9e29ba885bd316fef1f20913bc0ac90d6b0808b2414d82104441d8624a33ce0233c8f780a48b375aff02d76712228a702484db3f9ebecccfbbee1709dba182800d949e9e4216e0bff3558388f8bd90da373a1d82743ec3fbdd1427fd16825a657a316912e8695365117ca2f845c909405fcac55f895fc15d20386c26ee78c9e99075029a178a6c1e4cf0c200e8a9cfb27e9d156f86e6c2adc22b1a84a1cd5ca5b2790875d79407c84b352395cb81cc3fed5bb043b69ede0c07204550025cee8c5f440170b6120bb48e0f747bcd8f522110850df043c428dfd187053102818100f6f961b47cbc035d3aedebc7de850a956b65ecdb9cf60764063f15aa48553c58d972fe6675056e35ddfdc37bf3b9f2f622ee271337256849c9bef2176fe8f7c3f8bb91ba374dd53baf3dec814d2bdec10c1fdc88cdd16876f26b1edfa3f094197edf4d42ff1fb2971103b898ca859c427287086a842ab410bb69cf2d35af6be302818100d47e724a7ff41048b270c2524a4101878b73159bb73d3dbc187b220e635b3534f96e243a184d93f860b6bfbb6b71c1ed9a1e1f458583023c301e96a692c1a08b53d0ec9ca910100d80451e3b7dc6a01bac4aecef8df798846bc235a08cbba2cf4c06804cc11219e95608c714e3f1430d491fadbba32a5751a04f97745834c9a502818021f2452bb9b95dfd028c914bf799f1ca77e89a95d50d3c16d384f8455f8bd7af9eb3dfa3d591d9842def235f7630a8e48c088ff6642e101794535a933e1e976fa8509fc728b2da0c4a1a08d7fcf37abaae1ff3001aca1dc1bbb05d9dffbaa1a09f7fb1eef38237d9ebccc722b9338436dde7119112798c26809c1a8dec4320610281801f7510aa62c2d8de4a3c53282781f41e02d0e8b402ae78432e449c48110161a11403f02d01880a8dcc938152d79721a4711a607ac4471ebf964810f95be47a45e60499e29f4c9773c83773404f606637728c2d0351bb03c326c8bb73a721e7fa5440ea2172bba1465fcc30dcb0d9f89930e815aa1f7f9729a857e00e0338dd590281804d1f0d756fe77e01099a652f50a88b7b685dc5bf00981d5d2376fd0c6fe29cd5b638734479305a73ad3c1599d39eae3bae035fbd6fed07c28de705933879a06e48e6a603686ed8e2560a5f6af1f2c24faf4aa960e382186f15eedce9a2491ae730680dd4cf778b70faa86826ab3223477cc91377b19a6d5a2eaea219760beed5\nExpectNoRawPrivate\nExpectNoRawPublic\n\n# The public half of the same key encoded as a SubjectPublicKeyInfo.\nPublicKey = RSA-2048-SPKI\nType = RSA\nInput = 30820122300d06092a864886f70d01010105000382010f003082010a0282010100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f0203010001\nExpectNoRawPrivate\nExpectNoRawPublic\n\n# RSA 2048 bit key does not support v2 encoding.\nPrivateKey = RSA-2048-WithPublicKey\nType = RSA\nInput = 308204bc020100300d06092a864886f70d0101010500048204a6308204a20201000282010100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f02030100010282010060297ac7991b167a06d6b24758b8cbe208beb9b2d9ec9738bd80f90a2e35005dd7ce292d9e29ba885bd316fef1f20913bc0ac90d6b0808b2414d82104441d8624a33ce0233c8f780a48b375aff02d76712228a702484db3f9ebecccfbbee1709dba182800d949e9e4216e0bff3558388f8bd90da373a1d82743ec3fbdd1427fd16825a657a316912e8695365117ca2f845c909405fcac55f895fc15d20386c26ee78c9e99075029a178a6c1e4cf0c200e8a9cfb27e9d156f86e6c2adc22b1a84a1cd5ca5b2790875d79407c84b352395cb81cc3fed5bb043b69ede0c07204550025cee8c5f440170b6120bb48e0f747bcd8f522110850df043c428dfd187053102818100f6f961b47cbc035d3aedebc7de850a956b65ecdb9cf60764063f15aa48553c58d972fe6675056e35ddfdc37bf3b9f2f622ee271337256849c9bef2176fe8f7c3f8bb91ba374dd53baf3dec814d2bdec10c1fdc88cdd16876f26b1edfa3f094197edf4d42ff1fb2971103b898ca859c427287086a842ab410bb69cf2d35af6be302818100d47e724a7ff41048b270c2524a4101878b73159bb73d3dbc187b220e635b3534f96e243a184d93f860b6bfbb6b71c1ed9a1e1f458583023c301e96a692c1a08b53d0ec9ca910100d80451e3b7dc6a01bac4aecef8df798846bc235a08cbba2cf4c06804cc11219e95608c714e3f1430d491fadbba32a5751a04f97745834c9a502818021f2452bb9b95dfd028c914bf799f1ca77e89a95d50d3c16d384f8455f8bd7af9eb3dfa3d591d9842def235f7630a8e48c088ff6642e101794535a933e1e976fa8509fc728b2da0c4a1a08d7fcf37abaae1ff3001aca1dc1bbb05d9dffbaa1a09f7fb1eef38237d9ebccc722b9338436dde7119112798c26809c1a8dec4320610281801f7510aa62c2d8de4a3c53282781f41e02d0e8b402ae78432e449c48110161a11403f02d01880a8dcc938152d79721a4711a607ac4471ebf964810f95be47a45e60499e29f4c9773c83773404f606637728c2d0351bb03c326c8bb73a721e7fa5440ea2172bba1465fcc30dcb0d9f89930e815aa1f7f9729a857e00e0338dd590281804d1f0d756fe77e01099a652f50a88b7b685dc5bf00981d5d2376fd0c6fe29cd5b638734479305a73ad3c1599d39eae3bae035fbd6fed07c28de705933879a06e48e6a603686ed8e2560a5f6af1f2c24faf4aa960e382186f15eedce9a2491ae730680dd4cf778b70faa86826ab3223477cc91377b19a6d5a2eaea219760beed5\nPKCS8VersionOut = 2\nError = UNSUPPORTED_ALGORITHM\n\n# The same key but with a negative RSA modulus.\nPublicKey = RSA-2048-SPKI-Negative\nInput = 30820121300d06092a864886f70d01010105000382010e003082010902820100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f0203010001\nError = NEGATIVE_NUMBER\n\n# An RSA key with an even modulus\nPublicKey = RSA-2048-Even-Modulus\nInput = 30820122300d06092a864886f70d01010105000382010f003082010a0282010100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44e0203010001\nError = BAD_RSA_PARAMETERS\n\n# The same key but with missing parameters rather than a NULL.\nPublicKey = RSA-2048-SPKI-Invalid\nInput = 30820120300b06092a864886f70d0101010382010f003082010a0282010100cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f0203010001\nError = DECODE_ERROR\n\n# The same key but with an incorrectly-encoded length prefix.\nPublicKey = RSA-2048-SPKI-Invalid2\nInput = 3083000122300d06092a864886f70d01010105000382010f003082", @@ -5495,7 +5495,8 @@ static const char *kData48[] = { "ff76819cf9cbfdd215243c3917c03ef38199312e567b3bf7aed3ab457f371ef8a1423f45b68c6e282ec111bba2833b987fd69fad83bc1b8c613c5e1ea16c11ed125ea7ec1026100fc8d6c04bec4eb9a8192ca7900cbe536e2e8b519decf33b2459798c6909df4f176db7d23190fc72b8865a718af895f1bcd9145298027423b605e70a47cf58390a8c3e88fc8c48e8b32e3da210dfbe3e881ea5674b6a348c21e93f9e55ea65efd026100d200d45e788aacea606a401d0460f87dd5c1027e12dc1a0d7586e8939d9cf789b40f51ac0442961de7d21cc21e05c83155c1f2aa9193387cfdf956cb48d153ba270406f9bbba537d4987d9e2f9942d7a14cbfffea74fecdda928d23e259f5ee1026100db16802f79a2f0d45f358d69fd33e44b81fae828622e93a54253e997d01b0743759da0e812b4aa4e6c8beab2328d5431955a418a67ff26a8c5c807a5da354e05ef31cc8cf758f463732950b03e265726fb94e39d6a572a26244ab08db75752ad026100a0a317cfe7df1423f87a6dee8451f4e2b4a67e5497f29b4f1e4e830b9fadd9401167026f5596e5a39c97817e0f5f16e27e19ec9902e01d7ea6fb9aa3c760afee1e381b69de6ac9c07585a06ad9c4ba00bf75c8ad2fa898a479e80ae294fed2a102600b21f335c353342eb44c3aa24445780c2d655b940174cae38c7c8a4e6493c0ba9fd303748267b083b9a7a6cb61e42db362b8c9896db7064e02ad5ae61587da15b4649c90594909feb37dbcb654beb7268ec801e5a8b4aa3911bebd88542f05be\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72\nOutput = f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8\nOutput = 81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3\nOutput = fd326429df9b890e09b54b18b8f34f1e24\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858\nOutput = f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e\nOutput = 53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d\n\nDecrypt = RSA-OAEP-9\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 438cc7dc08a68da249e42505f8573ba60e2c2773d5b290f4cf9dff718e842081c383e67024a0f29594ea987b9d25e4b738f285970d195abb3a8c8054e3d79d6b9c9a8327ba596f1259e27126674766907d8d582ff3a8476154929adb1e6d1235b2ccb4ec8f663ba9cc670a92bebd853c8dbf69c6436d016f61add836e94732450434207f9fd4c43dec2a12a958efa01efe2669899b5e604c255c55fb7166de5589e369597bb09168c06dd5db177e06a1740eb2d5c82faeca6d92fcee9931ba9f\nOutput = b6b28ea2198d0c1008bc64\n\nPrivateKey = RSA-OAEP-10\nType = RSA\nInput = 308204bd020100300d06092a864886f70d0101010500048204a7308204a30201000282010100ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bffba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b980884c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb020301000102820100056b04216fe5f354ac77250a4b6b0c8525a85c59b0bd80c56450a22d5f438e596a333aa875e291dd43f48cb88b9d5fc0d499f9fcd1c397f9afc070cd9e398c8d19e61db7c7410a6b2675dfbf5d345b804d201add502d5ce2dfcb091ce9997bbebe57306f383e4d588103f036f7e85d1934d152a323e4a8db451d6f4a5b1b0f102cc150e02feee2b88dea4ad4c1baccb24d84072d14e1d24a6771f7408ee30564fb86d4393a34bcf0b788501d193303f13a2284b001f0f649eaf79328d4ac5c430ab4414920a9460ed1b7bc40ec653e876d09abc509ae45b525190116a0c26101848298509c1c3bf3a483e7274054e15e97075036e989f60932807b5257751e7902818100ecf5aecd1e5515fffacbd75a2816c6ebf49018cdfb4638e185d66a7396b6f8090f8018c7fd95cc34b857dc17f0cc6516bb1346ab4d582cadad7b4103352387b70338d084047c9d9539b6496204b3dd6ea442499207bec01f964287ff6336c3984658336846f56e46861881c10233d2176bf15a5e96ddc780bc868aa77d3ce76902818100bc46c464fc6ac4ca783b0eb08a3c841b772f7e9b2f28babd588ae885e1a0c61e4858a0fb25ac299990f35be85164c259ba1175cdd7192707135184992b6c29b746dd0d2cabe142835f7d148cc161524b4a09946d48b828473f1ce76b6cb6886c345c03e05f41d51b5c3a90a3f24073c7d74a4fe25d9cf21c75960f3fc386318302818100c73564571d00fb15d08a3de9957a50915d7126e9442dacf42bc82e862e5673ff6a008ed4d2e374617df89f17a160b43b7fda9cb6b6b74218609815f7d45ca263c159aa32d272d127faf4bc8ca2d77378e8aeb19b0ad7da3cb3de0ae7314980f62b6d4b0a875d1df03c1bae39ccd833ef6cd7e2d9528bf084d1f969e794e9f6c10281802658b37f6df9c1030be1db68117fa9d87e39ea2b693b7e6d3a2f70947413eec6142e18fb8dfcb6ac545d7c86a0ad48f8457170f0efb26bc48126c53efd1d16920198dc2a1107dc282db6a80cd3062360ba3fa13f70e4312ff1a6cd6b8fc4cd9c5c3db17c6d6a57212f73ae29f619327bad59b153858585ba4e28b60a62a45e490281806f38526b3925085534ef3e415a836ede8b86158a2c7cbfeccb0bd834304fec683ba8d4f479c433d43416e63269623cea100776d85aff401d3fff610ee65411ce3b1363d63a9709eede42647cea561493d54570a879c18682cd97710b96205ec31117d73b5f36223fadd6e8ba90dd7c0ee61d44e163251e20c7f66eb305117cb8\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 53ea5dc08cd260fb3b858567287fa91552c30b2febfba213f0ae87702d068d19bab07fe574523dfb42139d68c3c5afeee0bfe4cb7969cbf382b804d6e61396144e2d0e60741f8993c3014b58b9b1957a8babcd23af854f4c356fb1662aa72bfcc7e586559dc4280d160c126785a723ebeebeff71f11594440aaef87d10793a8774a239d4a04c87fe1467b9daf85208ec6c7255794a96cc29142f9a8bd418e3c1fd67344b0cd0829df3b2bec60253196293c6b34d3f75d32f213dd45c6273d505adf4cced1057cb758fc26aeefa441255ed4e64c199ee075e7f16646182fdb464739b68ab5daff0e63e9552016824f054bf4d3c8c90a97bb6b6553284eb429fcc\nOutput = 8bba6bf82a6c0f86d5f1756e97956870b08953b06b4eb205bc1694ee\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = a2b1a430a9d657e2fa1c2bb5ed43ffb25c05a308fe9093c01031795f5874400110828ae58fb9b581ce9dddd3e549ae04a0985459bde6c626594e7b05dc4278b2a1465c1368408823c85e96dc66c3a30983c639664fc4569a37fe21e5a195b5776eed2df8d8d361af686e750229bbd663f161868a50615e0c337bec0ca35fec0bb19c36eb2e0bbcc0582fa1d93aacdb061063f59f2ce1ee43605e5d89eca183d2acdfe9f81011022ad3b43a3dd417dac94b4e11ea81b192966e966b182082e71964607b4f8002f36299844a11f2ae0faeac2eae70f8f4f98088acdcd0ac556e9fccc511521908fad26f04c64201450305778758b0538bf8b5bb144a828e629795\nOutput = e6ad181f053b58a904f2457510373e57\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput =", " 9886c3e6764a8b9a84e84148ebd8c3b1aa8050381a78f668714c16d9cfd2a6edc56979c535d9dee3b44b85c18be8928992371711472216d95dda98d2ee8347c9b14dffdff84aa48d25ac06f7d7e65398ac967b1ce90925f67dce049b7f812db0742997a74d44fe81dbe0e7a3feaf2e5c40af888d550ddbbe3bc20657a29543f8fc2913b9bd1a61b2ab2256ec409bbd7dc0d17717ea25c43f42ed27df8738bf4afc6766ff7aff0859555ee283920f4c8a63c4a7340cbafddc339ecdb4b0515002f96c932b5b79167af699c0ad3fccfdf0f44e85a70262bf2e18fe34b850589975e867ff969d48eabf212271546cdc05a69ecb526e52870c836f307bd798780ede\nOutput = 510a2cf60e866fa2340553c94ea39fbc256311e83e94454b4124\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 6318e9fb5c0d05e5307e1683436e903293ac4642358aaa223d7163013aba87e2dfda8e60c6860e29a1e92686163ea0b9175f329ca3b131a1edd3a77759a8b97bad6a4f8f4396f28cf6f39ca58112e48160d6e203daa5856f3aca5ffed577af499408e3dfd233e3e604dbe34a9c4c9082de65527cac6331d29dc80e0508a0fa7122e7f329f6cca5cfa34d4d1da417805457e008bec549e478ff9e12a763c477d15bbb78f5b69bd57830fc2c4ed686d79bc72a95d85f88134c6b0afe56a8ccfbc855828bb339bd17909cf1d70de3335ae07039093e606d655365de6550b872cd6de1d440ee031b61945f629ad8a353b0d40939e96a3c450d2a8d5eee9f678093c8\nOutput = bcdd190da3b7d300df9a06e22caae2a75f10c91ff667b7c16bde8b53064a2649a94045c9\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 75290872ccfd4a4505660d651f56da6daa09ca1301d890632f6a992f3d565cee464afded40ed3b5be9356714ea5aa7655f4a1366c2f17c728f6f2c5a5d1f8e28429bc4e6f8f2cff8da8dc0e0a9808e45fd09ea2fa40cb2b6ce6ffff5c0e159d11b68d90a85f7b84e103b09e682666480c657505c0929259468a314786d74eab131573cf234bf57db7d9e66cc6748192e002dc0deea930585f0831fdcd9bc33d51f79ed2ffc16bcf4d59812fcebcaa3f9069b0e445686d644c25ccf63b456ee5fa6ffe96f19cdf751fed9eaf35957754dbf4bfea5216aa1844dc507cb2d080e722eba150308c2b5ff1193620f1766ecf4481bafb943bd292877f2136ca494aba0\nOutput = a7dd6c7dc24b46f9dd5f1e91ada4c3b3df947e877232a9\n\nDecrypt = RSA-OAEP-10\nRSAPadding = OAEP\nMGF1Digest = SHA1\nInput = 2d207a73432a8fb4c03051b3f73b28a61764098dfa34c47a20995f8115aa6816679b557e82dbee584908c6e69782d7deb34dbd65af063d57fca76a5fd069492fd6068d9984d209350565a62e5c77f23038c12cb10c6634709b547c46f6b4a709bd85ca122d74465ef97762c29763e06dbc7a9e738c78bfca0102dc5e79d65b973f28240caab2e161a78b57d262457ed8195d53e3c7ae9da021883c6db7c24afdd2322eac972ad3c354c5fcef1e146c3a0290fb67adf007066e00428d2cec18ce58f9328698defef4b2eb5ec76918fde1c198cbb38b7afc67626a9aefec4322bfd90d2563481c9a221f78c8272c82d1b62ab914e1c69f6af6ef30ca5260db4a46\nOutput = eaf1a73a1b0c4609537de69cd9228bbcfb9a8ca8c6c3efaf056fe4a7f4634ed00b7c39ec6922d7b8ea2c04ebac\n\n\n# Single-shot signing tests.\n\nSignMessage = RSA-2048\nDigest = SHA256\nInput = \"Hello world\"\nOutput = 301894798b49d6ec55d32dcc74314f04230591a515781f3eb4492f5324b56046836c4bc3e25942af341e88558cb4c3814a849207575d343189147989b16e296b5138dbbc717116dc416f201dfa35943d15060493953cda1f04a13ff89845cf7fd69e1a78d5d38522a77bb234e5d0ba2ae17ada6e22fdae27a4052fdb8ac267507dfe06ed7a865e61a52b530bbbf65c7caa89739613df10ae3b0e62ff6831ee0770086aad39c329462aede9f1b29a501bc3d09e0fe4034aa5d6831d44491d508111d88a1d7ba50cee5ef7e701b3a589adc09a752a974a6805956f4a1a0582f66309a1e02e9fb6b10d2c820fe98bb2eb04f435bc8a649cc9ab6c5a4c03e83800d1\n\nVerifyMessage = RSA-2048\nDigest = SHA256\nInput = \"Hello world\"\nOutput = 301894798b49d6ec55d32dcc74314f04230591a515781f3eb4492f5324b56046836c4bc3e25942af341e88558cb4c3814a849207575d343189147989b16e296b5138dbbc717116dc416f201dfa35943d15060493953cda1f04a13ff89845cf7fd69e1a78d5d38522a77bb234e5d0ba2ae17ada6e22fdae27a4052fdb8ac267507dfe06ed7a865e61a52b530bbbf65c7caa89739613df10ae3b0e62ff6831ee0770086aad39c329462aede9f1b29a501bc3d09e0fe4034aa5d6831d44491d508111d88a1d7ba50cee5ef7e701b3a589adc09a752a974a6805956f4a1a0582f66309a1e02e9fb6b10d2c820fe98bb2eb04f435bc8a649cc9ab6c5a4c03e83800d1\n\nSignMessage = RSA-2048\nDigest = SHA512/256\nInput = \"Hello world\"\nOutput = 8beb180f07b45b17af94c49badf8a7a630e89ffdaade1c3e2d0845ada27188a5d2d991926650773edfb5d36de5237abb82a1009e5dba5c7080b8fe19bd08227273420b73c060fb2efad53e0936b17cd341c7c02e588c7b0a3138c1205a7d46f8c5648267104aae1b285b390d90378aad9431499cf24feec2243ff668c98481940b08a10b63da8e7423f7e7e307485b6e7a6c73a5b68d70a36ab7cc5cb634773b6f1f8651932ea80c714501853e9fe1f2eff9b67fe03631e730345e02d14fa1da5fcbe52299c8b614fe5c4d17fdc9bd4f49b659154a95914fee33bce64c0cc4ba9aaf0809680b75cd891120025597a5b47e44cb3c669118591927133202768cd7\n\nVerifyMessage = RSA-2048\nDigest = SHA512/256\nInput = \"Hello world\"\nOutput = 8beb180f07b45b17af94c49badf8a7a630e89ffdaade1c3e2d0845ada27188a5d2d991926650773edfb5d36de5237abb82a1009e5dba5c7080b8fe19bd08227273420b73c060fb2efad53e0936b17cd341c7c02e588c7b0a3138c1205a7d46f8c5648267104aae1b285b390d90378aad9431499cf24feec2243ff668c98481940b08a10b63da8e7423f7e7e307485b6e7a6c73a5b68d70a36ab7cc5cb634773b6f1f8651932ea80c714501853e9fe1f2eff9b67fe03631e730345e02d14fa1da5fcbe52299c8b614fe5c4d17fdc9bd4f49b659154a95914fee33bce64c0cc4ba9aaf0809680b75cd891120025597a5b47e44cb3c669118591927133202768cd7\n\nVerifyMessage = RSA-2048-SPKI\nDigest = SHA256\nInput = \"Hello world\"\nOutput = 301894798b49d6ec55d32dcc74314f04230591a515781f3eb4492f5324b56046836c4bc3e25942af341e88558cb4c3814a849207575d343189147989b16e296b5138dbbc717116dc416f201dfa35943d15060493953cda1f04a13ff89845cf7fd69e1a78d5d38522a77bb234e5d0ba2ae17ada6e22fdae27a4052fdb8ac267507dfe06ed7a865e61a52b530bbbf65c7caa89739613df10ae3b0e62ff6831ee0770086aad39c329462aede9f1b29a501bc3d09e0fe4034aa5d6831d44491d508111d88a1d7ba50cee5ef7e701b3a589adc09a752a974a6805956f4a1a0582f66309a1e02e9fb6b10d2c820fe98bb2eb04f435bc8a649cc9ab6c5a4c03e83800d1\n\nVerifyMessage = P-256\nDigest = SHA256\nInput = \"Hello world\"\nOutput = 304502204c66004635c267394bd6857c1e0b53b22a2bab1ca7dff9d5c1b42143858b3ea7022100ae81228510e03cd49a8863d2ebd1c05fe0c87eacd1150433132b909994cd0dbd\n\nSignMessage = P-256\nDigest = SHA512/256\nInput = \"Hello world\"\nOutput = \"\"\n\nVerifyMessage = P-256\nDigest = SHA512/256\nInput = \"Hello world\"\nOutput = 3046022100e410d8f0fac6d7ed59d1d447d7b87ad1b01d9b1d87232d40e5052267d4e9fdc4022100b59253fb9a8c1b963a65f26cfc413a1a65253d24147b8c647a6bbdbe4b5e6798\n\nSignMessage = P-256\nDigest = SHA3-224\nInput = \"Hello world\"\nOutput = \"\"\n\nVerifyMessage = P-256\nDigest = SHA3-224\nInput = \"Hello world\"\nOutput = 304502207bb34d40c1618f0ff8457934f575a4ba5ca4b53f96bed60e71e36940d6438c1a02210084996f3b8fa8356e11186f29de9981ab3ac0f7d2f769ecbf38c199c628bc5693\n\nSignMessage = P-256\nDigest = SHA3-256\nInput = \"Hello world\"\nOutput = \"\"\n\nVerifyMessage = P-256\nDigest = SHA3-256\nInput = \"Hello world\"\nOutput = 3046022100f5530d0a7450e8bc4951e37b21d390dbfa7bb48e08e450b146baa8569e13d961022100fd09d172168ef060e6c93d3f98828576db6f7151fa3a850d7da0d7f6a7ef17ab\n\nSignMessage = P-256\nDigest = SHA3-384\nInput = \"Hello world\"\nOutput = \"\"\n\nVerifyMessage = P-256\nDigest = SHA3-384\nInput = \"Hello world\"\nOutput = 3043021f1c8d2c3ccbca8cc48f14dc0534f1bc9d0571967a4ee7f1eaeaea6d7e281c0c02200b89663032d94022d8b36a9bb5ce3a0d95c7c0598dd546de6919e2f14b1d16ff\n\nSignMessage = P-256\nDigest = SHA3-512\nInput = \"Hello world\"\nOutput = \"\"\n\nVerifyMessage = P-256\nDigest = SHA3-512\nInput = \"Hello world\"\nOutput = 30450221008e031b317f932cfb66fb38fb7b4962dac541d6c07f04aeeecfffa299bd8b473f02200f13277d4c8b8f1a56f0f50a9470df7ae7a2e7f5b9cbc75299788f6429e9c851\n\n# Digest can't be omitted in many algorithms.\nSignMessage = RSA-2048\nInput = \"Hello world\"\nError = NO_DEFAULT_DIGEST\n\nVerifyMessage = RSA-2048\nInput = \"Hello world\"\nOutput = 301894798b49d6ec55d32dcc74314f04230591a515781f3eb4492f5324b56046836c4bc3e25942af341e88558cb4c3814a849207575d343189147989b16e296b5138dbbc717116dc416f201dfa35943d15060493953cda1f04a13ff89845cf7fd69e1a78d5d38522a77bb234e5d0ba2ae17ada6e22fdae27a4052fdb8ac267507dfe06ed7a865e61a52b530bbbf65c7caa89739613df10ae3b0e62ff6831ee0770086aad39c329462aede9f1b29a501bc3d09e0fe4034aa5d6831d44491d508111d88a1d7ba50cee5ef7e701b3a589adc09a752a974a6805956f4a1a0582f66309a1e02e9fb6b10d2c820fe98bb2eb04f435bc8a649cc9ab6c5a4c03e83800d1\nError = NO_DEFAULT_DIGEST\n\n# Signing test vectors from RFC 8032.\nSignMessage = Ed25519\nInput = \"\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\n\nSignMessage = Ed25519-2\nInput = 72\nOutput = 92a009a9f0d4cab8720e820b5f642540a2b27b5416", "503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00\n\nSignMessage = Ed25519-3\nInput = af82\nOutput = 6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a\n\nSignMessage = Ed25519-4\nInput = 08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0\nOutput = 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03\n\nSignMessage = Ed25519-5\nInput = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f\nOutput = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704\n\n# Signing with public keys is not allowed.\nSignMessage = Ed25519-SPKI\nInput = \"\"\nError = NOT_A_PRIVATE_KEY\n\n# Verify test vectors from RFC 8032. Test verifying with both the public and\n# private key.\nVerifyMessage = Ed25519\nInput = \"\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\n\nVerifyMessage = Ed25519-SPKI\nInput = \"\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\n\nVerifyMessage = Ed25519-2\nInput = 72\nOutput = 92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00\n\nVerifyMessage = Ed25519-SPKI-2\nInput = 72\nOutput = 92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00\n\nVerifyMessage = Ed25519-3\nInput = af82\nOutput = 6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a\n\nVerifyMessage = Ed25519-SPKI-3\nInput = af82\nOutput = 6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a\n\nVerifyMessage = Ed25519-4\nInput = 08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0\nOutput = 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03\n\nVerifyMessage = Ed25519-SPKI-4\nInput = 08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d4", - "0fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0\nOutput = 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03\n\nVerifyMessage = Ed25519-5\nInput = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f\nOutput = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704\n\nVerifyMessage = Ed25519-SPKI-5\nInput = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f\nOutput = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704\n\n# Length is wrong.\nVerifyMessage = Ed25519-SPKI\nInput = \"\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a10\nError = INVALID_SIGNATURE\n\n# Message is wrong.\nVerifyMessage = Ed25519-SPKI\nInput = \"Hello world\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\nError = INVALID_SIGNATURE\n\n# Ed25519 does not support configuring a digest.\nSignMessage = Ed25519\nInput = \"\"\nDigest = SHA256\nError = COMMAND_NOT_SUPPORTED\n\n# Ed25519 does not support signing a pre-hashed value.\nSign = Ed25519\nInput = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"\nError = OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE\n\nVerify = Ed25519\nInput = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\nError = OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE\n\n\n# Derive tests.\n\nPrivateKey = ECDH-P256-Private\nType = EC\nInput = 3041020100301306072a8648ce3d020106082a8648ce3d0301070427302502010104207d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534\n\nPublicKey = ECDH-P256-Peer\nType = EC\nInput = 3059301306072a8648ce3d020106082a8648ce3d03010703420004700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac\n\nDerive = ECDH-P256-Private\nDerivePeer = ECDH-P256-Peer\nOutput = 46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b\nSmallBufferTruncates\n\nPrivateKey = X25519-Private\nType = X25519\nInput = 302e020100300506032b656e04220420a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4\nExpectRawPrivate = a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4\n\nPublicKey = X25519-Peer\nType = X25519\nInput = 302a300506032b656e032100e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c\nExpectRawPublic = e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c\n\nPublicKey = X25519-SmallOrderPeer\nType = X25519\nExpectRawPublic = e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800\nInput = 302a300506032b656e032100e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800\n\nDerive = X25519-Private\nDerivePeer = X25519-Peer\nOutput = c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552\n\nDerive = X25519-Private\nDerivePeer = X25519-SmallOrderPeer\nError = INVALID_PEER_KEY\n", + "0fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0\nOutput = 0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03\n\nVerifyMessage = Ed25519-5\nInput = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f\nOutput = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704\n\nVerifyMessage = Ed25519-SPKI-5\nInput = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f\nOutput = dc2a4459e7369633a52b1bf277839a00201009a3efbf3ecb69bea2186c26b58909351fc9ac90b3ecfdfbc7c66431e0303dca179c138ac17ad9bef1177331a704\n\n# Length is wrong.\nVerifyMessage = Ed25519-SPKI\nInput = \"\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a10\nError = INVALID_SIGNATURE\n\n# Message is wrong.\nVerifyMessage = Ed25519-SPKI\nInput = \"Hello world\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\nError = INVALID_SIGNATURE\n\n# Ed25519 does not support configuring a digest.\nSignMessage = Ed25519\nInput = \"\"\nDigest = SHA256\nError = COMMAND_NOT_SUPPORTED\n\n# Ed25519 does not support signing a pre-hashed value.\nSign = Ed25519\nInput = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"\nError = OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE\n\nVerify = Ed25519\nInput = \"0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef\"\nOutput = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b\nError = OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE\n\n\n# Derive tests.\n\nPrivateKey = ECDH-P256-Private\nType = EC\nInput = 3041020100301306072a8648ce3d020106082a8648ce3d0301070427302502010104207d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534\n\nPublicKey = ECDH-P256-Peer\nType = EC\nInput = 3059301306072a8648ce3d020106082a8648ce3d03010703420004700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac\n\nDerive = ECDH-P256-Private\nDerivePeer = ECDH-P256-Peer\nOutput = 46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b\nSmallBufferTruncates\n\nPrivateKey = X25519-Private\nType = X25519\nInput = 302e020100300506032b656e04220420a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4\nExpectRawPrivate = a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4\n\nPublicKey = X25519-Peer\nType = X25519\nInput = 302a300506032b656e032100e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c\nExpectRawPublic = e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c\n\nPublicKey = X25519-SmallOrderPeer\nType = X25519\nExpectRawPublic = e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800\nInput = 302a300506032b656e032100e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800\n\nDerive = X25519-Private\nDerivePeer = X25519-Peer\nOutput = c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552\n\nDerive = X25519-Private\nDerivePeer = X25519-SmallOrderPeer\nError = INVALID_PEER_KEY\n\nDHKey = DH-Public1\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nG = 02\nPublic = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9\n\nDHKey = DH-Private1\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nG = 02\nPublic = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9\nPrivate = 05953ba55a5ff41a700744e06cebcd30f6fd76a6b1f7efb6bdc05028e7db2e50ef56385c65bad4a1cfff232c5d83179559e59a8901a88119ababdcc0c4e4fd75cdf6161fb07a72fb3d4c6c0fb140a2eb3e93627d4f2e93e086ba672149a4fb25594b2c6cb74a97a8e68d45097cc937cf30dd9141dbd3abdd4fb9fec45a240d528efa4a5b5690f40250a96ff54b0b90a3a0540e5cc54754579d4e65db233edcc9e55c26dd2a6f7fd8ee440b3f5bce547e0bb9197894f1728c2060b0597cbee547\n\nDHKey = DH-Public2\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nG = 02\nPublic = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb\n\nDHKey = DH-Private2\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nG = 02\nPublic = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb\nPrivate = 984de7473d1186e97b3dc4797f14ec8ab97df321192bf40e8fb575a2ab93210f6c32cc4d915cff27d2d4f9bbc661bc809243d116db8b844377993ae8399b4fa089c9404c7515003c71a2bfdd0361cc192dcf2e56a555105e2ef25b0c7545a6a30ba62607b0563ad46714ac8b6720446ad0e33af2c183cdf045b01ff0415fbdd8e2bd506729a84731fb68dd54a4caecfe028a09d157f94f48e90c3d5cb63f0db39e05d556a4dc85594c9c7f2f07c6dd27878512748fc8eba2652f2bd7a6395586\n\n# By default, the leading zero is removed for OpenSSL compatibility (insecure).\nDerive = DH-Private1\nDerivePeer = DH-Public2\nOutput = 5d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495\n\nDerive = DH-Private2\nDerivePeer = DH-Public1\nOutput = 5d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c6", + "0e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495\n\n# Setting EVP_PKEY_CTX_set_dh_pad fixes this.\nDerive = DH-Private1\nDerivePeer = DH-Public2\nDiffieHellmanPad\nOutput = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495\n\nDerive = DH-Private2\nDerivePeer = DH-Public1\nDiffieHellmanPad\nOutput = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495\n\nDerive = DH-Public1\nDerivePeer = DH-Public2\nError = NO_PRIVATE_VALUE\n\nDHKey = DH-WrongGroup\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327fffffffffffffffe\nG = 02\nPublic = 98f7472e4950b3bfcb3f37bf02b77323f7919e434e11c6e4b76b9a55132e50c3dca3c7ac55b69126cd06d7c337be1552b81ac011d6f5e56a688b89e4fa10d31a5305b78b6591354b5a22678675bdd248b82a4b267eac643cfbec1cebce93fa8aa59558e5121e9f76fb119cf90e587661aba85b2a617304c9492e5565f21af693caceea9c7fb0f68909f3279ccfe347d7132e9e76a058f99b805f9b2275a082353f5be00258670d640cc9c7926984ebba4cffb3902961a6951373ac4915a70aeb\nPrivate = 984de7473d1186e97b3dc4797f14ec8ab97df321192bf40e8fb575a2ab93210f6c32cc4d915cff27d2d4f9bbc661bc809243d116db8b844377993ae8399b4fa089c9404c7515003c71a2bfdd0361cc192dcf2e56a555105e2ef25b0c7545a6a30ba62607b0563ad46714ac8b6720446ad0e33af2c183cdf045b01ff0415fbdd8e2bd506729a84731fb68dd54a4caecfe028a09d157f94f48e90c3d5cb63f0db39e05d556a4dc85594c9c7f2f07c6dd27878512748fc8eba2652f2bd7a6395586\n\nDerive = DH-WrongGroup\nDerivePeer = DH-Public2\nError = DIFFERENT_PARAMETERS\n\nDerive = DH-Private1\nDerivePeer = DH-WrongGroup\nError = DIFFERENT_PARAMETERS\n\nDHKey = DH-Params\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nG = 02\n\nDerive = DH-Private1\nDerivePeer = DH-Params\nError = KEYS_NOT_SET\n\nDHKey = DH-Private1-With-Q\nP = ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff\nQ = 7fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a0105df531d89cd9128a5043cc71a026ef7ca8cd9e69d218d98158536f92f8a1ba7f09ab6b6a8e122f242dabb312f3f637a262174d31bf6b585ffae5b7a035bf6f71c35fdad44cfd2d74f9208be258ff324943328f6722d9ee1003e5c50b1df82cc6d241b0e2ae9cd348b1fd47e9267afc1b2ae91ee51d6cb0e3179ab1042a95dcf6a9483b84b4b36b3861aa7255e4c0278ba36046511b993ffffffffffffffff\nG = 02\nPublic = c680b01bb49e303893a5c339c9448c63dc3d0ffdcb8024a784292ebccfe95bdfb97a456f51cb1decf904704d0dbab69689bd87cde04e4fcb793f66024a43dacd0830ac155f8149aeb42f3d1ec03b05c70a1349492d24e20b58b0283155816465c0efa3b01e78fe935f1633745826a0e5c8d87ca60418d816721503ccaf7540e7e3c13093a8fb72c34c452ab35cb07ec867f58f2c1d0ad6629b6359b2b990a50d29aedaca2efbf0b1b904005859f348797b9be660f438cc763dd2180ec7dd81c9\nPrivate = 05953ba55a5ff41a700744e06cebcd30f6fd76a6b1f7efb6bdc05028e7db2e50ef56385c65bad4a1cfff232c5d83179559e59a8901a88119ababdcc0c4e4fd75cdf6161fb07a72fb3d4c6c0fb140a2eb3e93627d4f2e93e086ba672149a4fb25594b2c6cb74a97a8e68d45097cc937cf30dd9141dbd3abdd4fb9fec45a240d528efa4a5b5690f40250a96ff54b0b90a3a0540e5cc54754579d4e65db233edcc9e55c26dd2a6f7fd8ee440b3f5bce547e0bb9197894f1728c2060b0597cbee547\n\nDerive = DH-Private1-With-Q\nDerivePeer = DH-Public2\nDiffieHellmanPad\nOutput = 005d21ea6f2a141f62e77f3943a2fac88dae9bc6baf3030f467c6dd34582432c80ae0a16655e75f35dea69943503ab8a25b7bbc9cca8e82a85e14c52293635792fbc27d5089c60e528f519c054f4d89b9ef673a4167e8734e226c5bc1b88016ed8534e65e19574da4ccc5197f8cd681ea86794a294385cc7bac913f30bca359c142a7989663793fc173aa029cdd269dd29649e225bd5d7863bc084555e53ca3485fd813b6cf8f36b06b22fb42d57e19c5e00d01a8bbe7dcc6eea965178851495", }; static const size_t kLen49 = 1262; diff --git a/generated-src/err_data.c b/generated-src/err_data.c index 385633d53b..96bca7dba6 100644 --- a/generated-src/err_data.c +++ b/generated-src/err_data.c @@ -76,54 +76,54 @@ const uint32_t kOpenSSLReasonValues[] = { 0xc3b00f7, 0xc3b8921, 0x10320892, - 0x10329a18, - 0x10331a24, - 0x10339a3d, - 0x10341a50, + 0x10329a2b, + 0x10331a37, + 0x10339a50, + 0x10341a63, 0x10349064, 0x10350db0, - 0x10359a63, - 0x10361a8d, - 0x10369aa0, - 0x10371abf, - 0x10379ad8, - 0x10381aed, - 0x10389b0b, - 0x10391b1a, - 0x10399b36, - 0x103a1b51, - 0x103a9b60, - 0x103b1b7c, - 0x103b9b97, - 0x103c1bbd, + 0x10359a76, + 0x10361aa0, + 0x10369ab3, + 0x10371ad2, + 0x10379aeb, + 0x10381b00, + 0x10389b1e, + 0x10391b2d, + 0x10399b49, + 0x103a1b64, + 0x103a9b73, + 0x103b1b8f, + 0x103b9baa, + 0x103c1bd0, 0x103c80f7, - 0x103d1bce, - 0x103d9be2, - 0x103e1c01, - 0x103e9c10, - 0x103f1c27, - 0x103f9c3a, + 0x103d1be1, + 0x103d9bf5, + 0x103e1c14, + 0x103e9c23, + 0x103f1c3a, + 0x103f9c4d, 0x10400d74, - 0x10409c4d, - 0x10411c6b, - 0x10419c7e, - 0x10421c98, - 0x10429ca8, - 0x10431cbc, - 0x10439cd2, - 0x10441cea, - 0x10449cff, - 0x10451d13, - 0x10459d25, + 0x10409c60, + 0x10411c7e, + 0x10419c91, + 0x10421cab, + 0x10429cbb, + 0x10431ccf, + 0x10439ce5, + 0x10441cfd, + 0x10449d12, + 0x10451d26, + 0x10459d38, 0x10460635, 0x1046899a, - 0x10471d3a, - 0x10479d51, - 0x10481d66, - 0x10489d74, + 0x10471d4d, + 0x10479d64, + 0x10481d79, + 0x10489d87, 0x10490fb0, - 0x10499bae, - 0x104a1a78, + 0x10499bc1, + 0x104a1a8b, 0x107c1072, 0x14320d38, 0x14328d65, @@ -141,58 +141,59 @@ const uint32_t kOpenSSLReasonValues[] = { 0x183480f7, 0x18351118, 0x18359130, - 0x18361145, - 0x18369159, - 0x18371191, - 0x183791a7, - 0x183811bb, - 0x183891cb, + 0x18361158, + 0x1836916c, + 0x183711a4, + 0x183791ba, + 0x183811ce, + 0x183891de, 0x18390aef, - 0x183991db, - 0x183a1210, - 0x183a9265, + 0x183991ee, + 0x183a1223, + 0x183a9278, 0x183b0dbc, - 0x183b92b4, - 0x183c12c6, - 0x183c92d1, - 0x183d12e1, - 0x183d92f2, - 0x183e1303, - 0x183e9315, - 0x183f133e, - 0x183f9357, - 0x1840136f, + 0x183b92c7, + 0x183c12d9, + 0x183c92e4, + 0x183d12f4, + 0x183d9305, + 0x183e1316, + 0x183e9328, + 0x183f1351, + 0x183f936a, + 0x18401382, 0x1840870d, - 0x18411288, - 0x18419253, - 0x18421272, + 0x1841129b, + 0x18419266, + 0x18421285, 0x18428d52, - 0x184311f0, - 0x1843929a, + 0x18431203, + 0x184392ad, 0x1844110e, - 0x1844917d, + 0x18449190, 0x184509f2, - 0x18fa1201, - 0x18fa9224, - 0x18fb1239, - 0x203213ea, - 0x203293d7, - 0x2432164e, + 0x18459145, + 0x18fa1214, + 0x18fa9237, + 0x18fb124c, + 0x203213fd, + 0x203293ea, + 0x24321661, 0x243289f2, - 0x24331660, - 0x2433966d, - 0x2434167a, - 0x2434968c, - 0x2435169b, - 0x243596b8, - 0x243616c5, - 0x243696d3, - 0x243716e1, - 0x24379709, - 0x24381712, - 0x2438971f, - 0x24391732, - 0x243996ef, + 0x24331673, + 0x24339680, + 0x2434168d, + 0x2434969f, + 0x243516ae, + 0x243596cb, + 0x243616d8, + 0x243696e6, + 0x243716f4, + 0x2437971c, + 0x24381725, + 0x24389732, + 0x24391745, + 0x24399702, 0x28320da4, 0x28328dbc, 0x28330d74, @@ -202,52 +203,52 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283500f7, 0x28358d52, 0x2836099a, - 0x2c3237a3, - 0x2c329749, - 0x2c3337b1, - 0x2c33b7c3, - 0x2c3437d7, - 0x2c34b7e9, - 0x2c353804, - 0x2c35b816, - 0x2c363846, + 0x2c3237b6, + 0x2c32975c, + 0x2c3337c4, + 0x2c33b7d6, + 0x2c3437ea, + 0x2c34b7fc, + 0x2c353817, + 0x2c35b829, + 0x2c363859, 0x2c36833a, - 0x2c373853, - 0x2c37b87f, - 0x2c3838bd, - 0x2c38b8d4, - 0x2c3938f2, - 0x2c39b902, - 0x2c3a3914, - 0x2c3ab928, - 0x2c3b3939, - 0x2c3bb958, - 0x2c3c175b, - 0x2c3c9771, - 0x2c3d399d, - 0x2c3d978a, - 0x2c3e39c7, - 0x2c3eb9d5, - 0x2c3f39ed, - 0x2c3fba05, - 0x2c403a2f, - 0x2c4093ea, - 0x2c413a40, - 0x2c41ba66, - 0x2c42136f, - 0x2c42ba77, + 0x2c373866, + 0x2c37b892, + 0x2c3838d0, + 0x2c38b8e7, + 0x2c393905, + 0x2c39b915, + 0x2c3a3927, + 0x2c3ab93b, + 0x2c3b394c, + 0x2c3bb96b, + 0x2c3c176e, + 0x2c3c9784, + 0x2c3d39b0, + 0x2c3d979d, + 0x2c3e39da, + 0x2c3eb9e8, + 0x2c3f3a00, + 0x2c3fba18, + 0x2c403a42, + 0x2c4093fd, + 0x2c413a53, + 0x2c41ba79, + 0x2c421382, + 0x2c42ba8a, 0x2c43076d, - 0x2c43b94a, - 0x2c443892, - 0x2c44ba12, - 0x2c453829, - 0x2c45b865, - 0x2c4638e2, - 0x2c46b96c, - 0x2c473981, - 0x2c47b9ba, - 0x2c4838a4, - 0x2c48ba53, + 0x2c43b95d, + 0x2c4438a5, + 0x2c44ba25, + 0x2c45383c, + 0x2c45b878, + 0x2c4638f5, + 0x2c46b97f, + 0x2c473994, + 0x2c47b9cd, + 0x2c4838b7, + 0x2c48ba66, 0x30320000, 0x30328015, 0x3033001f, @@ -387,269 +388,269 @@ const uint32_t kOpenSSLReasonValues[] = { 0x3c418ea4, 0x3c420fb0, 0x3c428f3a, - 0x40321e06, - 0x40329e1c, - 0x40331e4a, - 0x40339e54, - 0x40341e6b, - 0x40349e89, - 0x40351e99, - 0x40359eab, - 0x40361eb8, - 0x40369ec4, - 0x40371ed9, - 0x40379f12, - 0x40381f1d, - 0x40389f2f, + 0x40321e19, + 0x40329e2f, + 0x40331e5d, + 0x40339e67, + 0x40341e7e, + 0x40349e9c, + 0x40351eac, + 0x40359ebe, + 0x40361ecb, + 0x40369ed7, + 0x40371eec, + 0x40379f25, + 0x40381f30, + 0x40389f42, 0x40391064, - 0x40399f3f, - 0x403a1f52, - 0x403a9f73, - 0x403b1f84, - 0x403b9f94, + 0x40399f52, + 0x403a1f65, + 0x403a9f86, + 0x403b1f97, + 0x403b9fa7, 0x403c0071, 0x403c8090, - 0x403d1ff5, - 0x403da00b, - 0x403e201a, - 0x403ea052, - 0x403f206c, - 0x403fa094, - 0x404020a9, - 0x4040a0bd, - 0x404120f8, - 0x4041a113, - 0x4042212c, - 0x4042a13f, - 0x40432153, - 0x4043a181, - 0x40442198, + 0x403d2008, + 0x403da01e, + 0x403e202d, + 0x403ea065, + 0x403f207f, + 0x403fa0a7, + 0x404020bc, + 0x4040a0d0, + 0x4041210b, + 0x4041a126, + 0x4042213f, + 0x4042a152, + 0x40432166, + 0x4043a194, + 0x404421ab, 0x404480b9, - 0x404521ad, - 0x4045a1bf, - 0x404621e3, - 0x4046a203, - 0x40472211, - 0x4047a238, - 0x404822a9, - 0x4048a363, - 0x4049237a, - 0x4049a394, - 0x404a23ab, - 0x404aa3c9, - 0x404b23e1, - 0x404ba40e, - 0x404c2424, - 0x404ca436, - 0x404d2457, - 0x404da490, - 0x404e24a4, - 0x404ea4b1, - 0x404f2562, - 0x404fa5d8, - 0x40502647, - 0x4050a65b, - 0x4051268e, - 0x4052269e, - 0x4052a6c2, - 0x405326da, - 0x4053a6ed, - 0x40542702, - 0x4054a725, - 0x40552750, - 0x4055a78d, - 0x405627b2, - 0x4056a7cb, - 0x405727e3, - 0x4057a7f6, - 0x4058280b, - 0x4058a832, - 0x40592861, - 0x4059a88e, - 0x405aa8a2, - 0x405b28ba, - 0x405ba8cb, - 0x405c28de, - 0x405ca91d, - 0x405d292a, - 0x405da94f, - 0x405e298d, + 0x404521c0, + 0x4045a1d2, + 0x404621f6, + 0x4046a216, + 0x40472224, + 0x4047a24b, + 0x404822bc, + 0x4048a376, + 0x4049238d, + 0x4049a3a7, + 0x404a23be, + 0x404aa3dc, + 0x404b23f4, + 0x404ba421, + 0x404c2437, + 0x404ca449, + 0x404d246a, + 0x404da4a3, + 0x404e24b7, + 0x404ea4c4, + 0x404f2575, + 0x404fa5eb, + 0x4050265a, + 0x4050a66e, + 0x405126a1, + 0x405226b1, + 0x4052a6d5, + 0x405326ed, + 0x4053a700, + 0x40542715, + 0x4054a738, + 0x40552763, + 0x4055a7a0, + 0x405627c5, + 0x4056a7de, + 0x405727f6, + 0x4057a809, + 0x4058281e, + 0x4058a845, + 0x40592874, + 0x4059a8a1, + 0x405aa8b5, + 0x405b28cd, + 0x405ba8de, + 0x405c28f1, + 0x405ca930, + 0x405d293d, + 0x405da962, + 0x405e29a0, 0x405e8b2d, - 0x405f29ae, - 0x405fa9bb, - 0x406029c9, - 0x4060a9eb, - 0x40612a4c, - 0x4061aa84, - 0x40622a9b, - 0x4062aaac, - 0x40632af9, - 0x4063ab0e, - 0x40642b25, - 0x4064ab51, - 0x40652b6c, - 0x4065ab83, - 0x40662b9b, - 0x4066abc5, - 0x40672bf0, - 0x4067acf3, - 0x40682d3b, - 0x4068ad5c, - 0x40692d8e, - 0x4069adbc, - 0x406a2ddd, - 0x406aadfd, - 0x406b2f85, - 0x406bafa8, - 0x406c2fbe, - 0x406cb2c8, - 0x406d32f7, - 0x406db31f, - 0x406e334d, - 0x406eb39a, - 0x406f33f3, - 0x406fb42b, - 0x4070343e, - 0x4070b45b, + 0x405f29c1, + 0x405fa9ce, + 0x406029dc, + 0x4060a9fe, + 0x40612a5f, + 0x4061aa97, + 0x40622aae, + 0x4062aabf, + 0x40632b0c, + 0x4063ab21, + 0x40642b38, + 0x4064ab64, + 0x40652b7f, + 0x4065ab96, + 0x40662bae, + 0x4066abd8, + 0x40672c03, + 0x4067ad06, + 0x40682d4e, + 0x4068ad6f, + 0x40692da1, + 0x4069adcf, + 0x406a2df0, + 0x406aae10, + 0x406b2f98, + 0x406bafbb, + 0x406c2fd1, + 0x406cb2db, + 0x406d330a, + 0x406db332, + 0x406e3360, + 0x406eb3ad, + 0x406f3406, + 0x406fb43e, + 0x40703451, + 0x4070b46e, 0x4071084d, - 0x4071b46d, - 0x40723480, - 0x4072b4b6, - 0x407334ce, - 0x40739973, - 0x407434e2, - 0x4074b4fc, - 0x4075350d, - 0x4075b521, - 0x4076352f, - 0x4076971f, - 0x40773554, - 0x4077b594, - 0x407835af, - 0x4078b5e8, - 0x407935ff, - 0x4079b615, - 0x407a3641, - 0x407ab654, - 0x407b3669, - 0x407bb67b, - 0x407c36ac, - 0x407cb6b5, - 0x407d2d77, - 0x407da600, - 0x407e35c4, - 0x407ea842, - 0x407f2225, - 0x407fa3f8, - 0x40802572, - 0x4080a24d, - 0x408126b0, - 0x4081a4ff, - 0x40823338, - 0x40829fa0, - 0x4083281d, - 0x4083ab36, - 0x40842261, - 0x4084a87a, - 0x408528ef, - 0x4085aa13, - 0x4086296f, - 0x4086a61a, - 0x4087337e, - 0x4087aa61, - 0x40881fde, - 0x4088ad06, - 0x4089202d, - 0x40899fba, - 0x408a2ff6, - 0x408a9d8b, - 0x408b3690, - 0x408bb408, - 0x408c28ff, - 0x408c9dc3, - 0x408d2349, - 0x408da293, - 0x408e2479, - 0x408ea76d, - 0x408f2d1a, - 0x408faa2f, - 0x40902c11, - 0x4090a941, - 0x40912fde, - 0x40919de9, - 0x4092207a, - 0x4092b3b9, - 0x40933499, - 0x4093a62b, - 0x40942275, - 0x4094b00f, - 0x40952abd, - 0x4095b621, - 0x40963365, - 0x4096a58b, - 0x40972676, - 0x4097a4c8, - 0x409820da, - 0x4098aad1, - 0x409933d5, - 0x4099a79a, - 0x409a2733, - 0x409a9da7, - 0x409b22cf, - 0x409ba2fa, - 0x409c3576, - 0x409ca322, - 0x409d2547, - 0x409da515, - 0x409e216b, - 0x409ea5c0, - 0x409f25a8, - 0x409fa2c2, - 0x40a025e8, - 0x40a0a4e2, - 0x40a12530, - 0x40fa2cd9, - 0x40faac35, - 0x40fb2cb8, - 0x40fbac4f, - 0x40fcac97, - 0x40fd2c70, - 0x40fd9eeb, - 0x40fe1eff, - 0x41f42eb0, - 0x41f92f42, - 0x41fe2e35, - 0x41feb0eb, - 0x41ff3219, - 0x42032ec9, - 0x42082eeb, - 0x4208af27, - 0x42092e19, - 0x4209af61, - 0x420a2e70, - 0x420aae50, - 0x420b2e90, - 0x420baf09, - 0x420c3235, - 0x420cb01f, - 0x420d30d2, - 0x420db109, - 0x4212313c, - 0x421731fc, - 0x4217b17e, - 0x421c31a0, - 0x421f315b, - 0x422132ad, - 0x422631df, - 0x422b328b, - 0x422bb0ad, - 0x422c326d, - 0x422cb060, - 0x422d3039, - 0x422db24c, - 0x422e308c, - 0x423031bb, - 0x4230b123, + 0x4071b480, + 0x40723493, + 0x4072b4c9, + 0x407334e1, + 0x40739986, + 0x407434f5, + 0x4074b50f, + 0x40753520, + 0x4075b534, + 0x40763542, + 0x40769732, + 0x40773567, + 0x4077b5a7, + 0x407835c2, + 0x4078b5fb, + 0x40793612, + 0x4079b628, + 0x407a3654, + 0x407ab667, + 0x407b367c, + 0x407bb68e, + 0x407c36bf, + 0x407cb6c8, + 0x407d2d8a, + 0x407da613, + 0x407e35d7, + 0x407ea855, + 0x407f2238, + 0x407fa40b, + 0x40802585, + 0x4080a260, + 0x408126c3, + 0x4081a512, + 0x4082334b, + 0x40829fb3, + 0x40832830, + 0x4083ab49, + 0x40842274, + 0x4084a88d, + 0x40852902, + 0x4085aa26, + 0x40862982, + 0x4086a62d, + 0x40873391, + 0x4087aa74, + 0x40881ff1, + 0x4088ad19, + 0x40892040, + 0x40899fcd, + 0x408a3009, + 0x408a9d9e, + 0x408b36a3, + 0x408bb41b, + 0x408c2912, + 0x408c9dd6, + 0x408d235c, + 0x408da2a6, + 0x408e248c, + 0x408ea780, + 0x408f2d2d, + 0x408faa42, + 0x40902c24, + 0x4090a954, + 0x40912ff1, + 0x40919dfc, + 0x4092208d, + 0x4092b3cc, + 0x409334ac, + 0x4093a63e, + 0x40942288, + 0x4094b022, + 0x40952ad0, + 0x4095b634, + 0x40963378, + 0x4096a59e, + 0x40972689, + 0x4097a4db, + 0x409820ed, + 0x4098aae4, + 0x409933e8, + 0x4099a7ad, + 0x409a2746, + 0x409a9dba, + 0x409b22e2, + 0x409ba30d, + 0x409c3589, + 0x409ca335, + 0x409d255a, + 0x409da528, + 0x409e217e, + 0x409ea5d3, + 0x409f25bb, + 0x409fa2d5, + 0x40a025fb, + 0x40a0a4f5, + 0x40a12543, + 0x40fa2cec, + 0x40faac48, + 0x40fb2ccb, + 0x40fbac62, + 0x40fcacaa, + 0x40fd2c83, + 0x40fd9efe, + 0x40fe1f12, + 0x41f42ec3, + 0x41f92f55, + 0x41fe2e48, + 0x41feb0fe, + 0x41ff322c, + 0x42032edc, + 0x42082efe, + 0x4208af3a, + 0x42092e2c, + 0x4209af74, + 0x420a2e83, + 0x420aae63, + 0x420b2ea3, + 0x420baf1c, + 0x420c3248, + 0x420cb032, + 0x420d30e5, + 0x420db11c, + 0x4212314f, + 0x4217320f, + 0x4217b191, + 0x421c31b3, + 0x421f316e, + 0x422132c0, + 0x422631f2, + 0x422b329e, + 0x422bb0c0, + 0x422c3280, + 0x422cb073, + 0x422d304c, + 0x422db25f, + 0x422e309f, + 0x423031ce, + 0x4230b136, 0x42310b85, 0x44320778, 0x44328787, @@ -668,137 +669,137 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4439084d, 0x4439885b, 0x443a086e, - 0x48321749, - 0x4832975b, - 0x48331771, - 0x4833978a, - 0x4c3217c7, - 0x4c3297d7, - 0x4c3317ea, - 0x4c33980a, + 0x4832175c, + 0x4832976e, + 0x48331784, + 0x4833979d, + 0x4c3217da, + 0x4c3297ea, + 0x4c3317fd, + 0x4c33981d, 0x4c3400b9, 0x4c3480f7, - 0x4c351816, - 0x4c359824, - 0x4c361840, - 0x4c369866, - 0x4c371875, - 0x4c379883, - 0x4c381898, - 0x4c3898a4, - 0x4c3918c4, - 0x4c3998ee, - 0x4c3a1907, - 0x4c3a9920, + 0x4c351829, + 0x4c359837, + 0x4c361853, + 0x4c369879, + 0x4c371888, + 0x4c379896, + 0x4c3818ab, + 0x4c3898b7, + 0x4c3918d7, + 0x4c399901, + 0x4c3a191a, + 0x4c3a9933, 0x4c3b0635, - 0x4c3b9939, - 0x4c3c194b, - 0x4c3c995a, - 0x4c3d1973, + 0x4c3b994c, + 0x4c3c195e, + 0x4c3c996d, + 0x4c3d1986, 0x4c3d8d97, - 0x4c3e19e0, - 0x4c3e9982, - 0x4c3f1a02, - 0x4c3f971f, - 0x4c401998, - 0x4c4097b3, - 0x4c4119d0, - 0x4c419853, - 0x4c4219bc, - 0x4c42979b, - 0x50323a89, - 0x5032ba98, - 0x50333aa3, - 0x5033bab3, - 0x50343acc, - 0x5034bae6, - 0x50353af4, - 0x5035bb0a, - 0x50363b1c, - 0x5036bb32, - 0x50373b4b, - 0x5037bb5e, - 0x50383b76, - 0x5038bb87, - 0x50393b9c, - 0x5039bbb0, - 0x503a3bd0, - 0x503abbe6, - 0x503b3bfe, - 0x503bbc10, - 0x503c3c2c, - 0x503cbc43, - 0x503d3c5c, - 0x503dbc72, - 0x503e3c7f, - 0x503ebc95, - 0x503f3ca7, + 0x4c3e19f3, + 0x4c3e9995, + 0x4c3f1a15, + 0x4c3f9732, + 0x4c4019ab, + 0x4c4097c6, + 0x4c4119e3, + 0x4c419866, + 0x4c4219cf, + 0x4c4297ae, + 0x50323a9c, + 0x5032baab, + 0x50333ab6, + 0x5033bac6, + 0x50343adf, + 0x5034baf9, + 0x50353b07, + 0x5035bb1d, + 0x50363b2f, + 0x5036bb45, + 0x50373b5e, + 0x5037bb71, + 0x50383b89, + 0x5038bb9a, + 0x50393baf, + 0x5039bbc3, + 0x503a3be3, + 0x503abbf9, + 0x503b3c11, + 0x503bbc23, + 0x503c3c3f, + 0x503cbc56, + 0x503d3c6f, + 0x503dbc85, + 0x503e3c92, + 0x503ebca8, + 0x503f3cba, 0x503f83b3, - 0x50403cba, - 0x5040bcca, - 0x50413ce4, - 0x5041bcf3, - 0x50423d0d, - 0x5042bd2a, - 0x50433d3a, - 0x5043bd4a, - 0x50443d67, + 0x50403ccd, + 0x5040bcdd, + 0x50413cf7, + 0x5041bd06, + 0x50423d20, + 0x5042bd3d, + 0x50433d4d, + 0x5043bd5d, + 0x50443d7a, 0x50448469, - 0x50453d7b, - 0x5045bd99, - 0x50463dac, - 0x5046bdc2, - 0x50473dd4, - 0x5047bde9, - 0x50483e0f, - 0x5048be1d, - 0x50493e30, - 0x5049be45, - 0x504a3e5b, - 0x504abe6b, - 0x504b3e8b, - 0x504bbe9e, - 0x504c3ec1, - 0x504cbeef, - 0x504d3f1c, - 0x504dbf39, - 0x504e3f54, - 0x504ebf70, - 0x504f3f82, - 0x504fbf99, - 0x50503fa8, + 0x50453d8e, + 0x5045bdac, + 0x50463dbf, + 0x5046bdd5, + 0x50473de7, + 0x5047bdfc, + 0x50483e22, + 0x5048be30, + 0x50493e43, + 0x5049be58, + 0x504a3e6e, + 0x504abe7e, + 0x504b3e9e, + 0x504bbeb1, + 0x504c3ed4, + 0x504cbf02, + 0x504d3f2f, + 0x504dbf4c, + 0x504e3f67, + 0x504ebf83, + 0x504f3f95, + 0x504fbfac, + 0x50503fbb, 0x50508729, - 0x50513fbb, - 0x5051bd59, - 0x50523f01, + 0x50513fce, + 0x5051bd6c, + 0x50523f14, 0x583210b7, - 0x5c3293f6, - 0x5c33140f, - 0x5c339460, - 0x5c341497, - 0x5c3494aa, - 0x5c3614c3, - 0x5c3694d4, - 0x5c371513, - 0x5c37954d, - 0x5c381572, - 0x5c399586, - 0x5c3a95a2, - 0x5c3b15b4, - 0x5c3b9618, - 0x5c3c13ea, - 0x5c3c944e, - 0x5c3d141a, - 0x5c3d9434, - 0x5c3e147a, - 0x5c3e95d1, - 0x5c3f15e0, - 0x5c3f95f5, - 0x5c40153a, - 0x5c40962f, - 0x5c4114e4, - 0x5c4194f2, - 0x5c421604, + 0x5c329409, + 0x5c331422, + 0x5c339473, + 0x5c3414aa, + 0x5c3494bd, + 0x5c3614d6, + 0x5c3694e7, + 0x5c371526, + 0x5c379560, + 0x5c381585, + 0x5c399599, + 0x5c3a95b5, + 0x5c3b15c7, + 0x5c3b962b, + 0x5c3c13fd, + 0x5c3c9461, + 0x5c3d142d, + 0x5c3d9447, + 0x5c3e148d, + 0x5c3e95e4, + 0x5c3f15f3, + 0x5c3f9608, + 0x5c40154d, + 0x5c409642, + 0x5c4114f7, + 0x5c419505, + 0x5c421617, 0x68321064, 0x68328dbc, 0x68330dcf, @@ -813,8 +814,8 @@ const uint32_t kOpenSSLReasonValues[] = { 0x6c33904e, 0x70320dbc, 0x70330090, - 0x703393b1, - 0x70341396, + 0x703393c4, + 0x703413a9, 0x74320a95, 0x743280b9, 0x74330d97, @@ -851,22 +852,22 @@ const uint32_t kOpenSSLReasonValues[] = { 0x784709e0, 0x78478b85, 0x78480b42, - 0x7c321385, - 0x80321866, + 0x7c321398, + 0x80321879, 0x80328090, - 0x80333772, + 0x80333785, 0x803380b9, - 0x80343781, - 0x8034b6e9, - 0x80353707, - 0x8035b795, - 0x80363749, - 0x8036b6f8, - 0x8037373b, - 0x8037b6d6, - 0x8038375c, - 0x8038b718, - 0x8039372d, + 0x80343794, + 0x8034b6fc, + 0x8035371a, + 0x8035b7a8, + 0x8036375c, + 0x8036b70b, + 0x8037374e, + 0x8037b6e9, + 0x8038376f, + 0x8038b72b, + 0x80393740, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -1099,6 +1100,7 @@ const char kOpenSSLReasonStringData[] = "EMPTY_PSK\0" "EXPECTING_AN_EC_KEY_KEY\0" "EXPECTING_AN_RSA_KEY\0" + "EXPECTING_A_DH_KEY\0" "EXPECTING_A_DSA_KEY\0" "ILLEGAL_OR_UNSUPPORTED_PADDING_MODE\0" "INVALID_BUFFER_SIZE\0"