diff --git a/.gitignore b/.gitignore
index 8cd8873..59562e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,11 +6,4 @@ SOURCES/blank-cert9.db
SOURCES/blank-key3.db
SOURCES/blank-key4.db
SOURCES/blank-secmod.db
-SOURCES/cert8.db.xml
-SOURCES/cert9.db.xml
-SOURCES/key3.db.xml
-SOURCES/key4.db.xml
-SOURCES/nss-3.44.tar.gz
-SOURCES/nss-config.xml
-SOURCES/secmod.db.xml
-SOURCES/setup-nsssysinit.xml
+SOURCES/nss-3.53.1.tar.gz
diff --git a/.nss.metadata b/.nss.metadata
index 829bbd4..2bdb864 100644
--- a/.nss.metadata
+++ b/.nss.metadata
@@ -6,11 +6,4 @@ b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db
7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db
f9c9568442386da370193474de1b25c3f68cdaf6 SOURCES/blank-key4.db
bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db
-6a43a6788fff0f2a967051209adbd354fad4c346 SOURCES/cert8.db.xml
-7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml
-24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml
-af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml
-44a83b1bf4efd27605177ecdbf217e579ae8c8ae SOURCES/nss-3.44.tar.gz
-2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml
-ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml
-bcbe05281b38d843273f91ae3f9f19f70c7d97b3 SOURCES/setup-nsssysinit.xml
+ee522d99ff582b849fe5190c1461f0633ffe1721 SOURCES/nss-3.53.1.tar.gz
diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
index 99a0919..9f8134c 100644
--- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
+++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch
@@ -1,21 +1,18 @@
diff -up nss/lib/ssl/config.mk.disableSSL2libssl nss/lib/ssl/config.mk
---- nss/lib/ssl/config.mk.disableSSL2libssl 2019-03-28 10:36:01.859196244 +0100
-+++ nss/lib/ssl/config.mk 2019-03-28 10:36:53.250120885 +0100
-@@ -61,6 +61,10 @@ ifdef NSS_DISABLE_TLS_1_3
+--- nss/lib/ssl/config.mk.disableSSL2libssl 2020-07-22 17:20:07.325371407 +0200
++++ nss/lib/ssl/config.mk 2020-07-22 17:21:23.818815809 +0200
+@@ -53,3 +53,7 @@ endif
+ ifdef NSS_DISABLE_TLS_1_3
DEFINES += -DNSS_DISABLE_TLS_1_3
endif
-
++
+ifdef NSS_NO_SSL2
+DEFINES += -DNSS_NO_SSL2
+endif
-+
- ifeq (,$(filter-out DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
- CFLAGS += -std=gnu99
- endif
diff -up nss/lib/ssl/sslsock.c.disableSSL2libssl nss/lib/ssl/sslsock.c
---- nss/lib/ssl/sslsock.c.disableSSL2libssl 2019-03-28 10:36:01.849196454 +0100
-+++ nss/lib/ssl/sslsock.c 2019-03-28 10:36:01.860196223 +0100
-@@ -1363,6 +1363,10 @@ SSLExp_SetMaxEarlyDataSize(PRFileDesc *f
+--- nss/lib/ssl/sslsock.c.disableSSL2libssl 2020-07-22 17:20:07.314371487 +0200
++++ nss/lib/ssl/sslsock.c 2020-07-22 17:20:07.326371400 +0200
+@@ -1405,6 +1405,10 @@ SSLExp_SetMaxEarlyDataSize(PRFileDesc *f
static PRBool
ssl_IsRemovedCipherSuite(PRInt32 suite)
{
diff --git a/SOURCES/cert8.db.xml b/SOURCES/cert8.db.xml
new file mode 100644
index 0000000..e82948d
--- /dev/null
+++ b/SOURCES/cert8.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ cert8.db
+ 5
+
+
+
+ cert8.db
+ Legacy NSS certificate database
+
+
+
+ Description
+ cert8.db is an NSS certificate database.
+ This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/cert8.db
+
+
+
+ See also
+ cert9.db(5), key4.db(5), pkcs11.txt(5),
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/SOURCES/cert9.db.xml b/SOURCES/cert9.db.xml
new file mode 100644
index 0000000..6cff889
--- /dev/null
+++ b/SOURCES/cert9.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ cert9.db
+ 5
+
+
+
+ cert9.db
+ Legacy NSS certificate database
+
+
+
+ Description
+ cert9.db is an NSS certificate database.
+ This certificate database is the sqlite-based shared databse with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/cert9.db
+
+
+
+ See also
+ pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch b/SOURCES/fix-min-library-version-in-SSLVersionRange.patch
deleted file mode 100644
index 00facbf..0000000
--- a/SOURCES/fix-min-library-version-in-SSLVersionRange.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./lib/ssl/sslsock.c.1171318 ./lib/ssl/sslsock.c
---- ./lib/ssl/sslsock.c.1171318 2016-02-04 10:57:08.489310227 -0800
-+++ ./lib/ssl/sslsock.c 2016-02-04 11:02:59.290818001 -0800
-@@ -92,7 +92,7 @@ static sslOptions ssl_defaults = {
- * default range of enabled SSL/TLS protocols
- */
- static SSLVersionRange versions_defaults_stream = {
-- SSL_LIBRARY_VERSION_TLS_1_0,
-+ SSL_LIBRARY_VERSION_3_0,
- SSL_LIBRARY_VERSION_TLS_1_2
- };
-
diff --git a/SOURCES/key3.db.xml b/SOURCES/key3.db.xml
new file mode 100644
index 0000000..444d7aa
--- /dev/null
+++ b/SOURCES/key3.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ key3.db
+ 5
+
+
+
+ key3.db
+ Legacy NSS certificate database
+
+
+
+ Description
+ key3.db is an NSS certificate database.
+ This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/key3.db
+
+
+
+ See also
+ cert9.db(5), key4.db(5), pkcs11.txt(5),
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/SOURCES/key4.db.xml b/SOURCES/key4.db.xml
new file mode 100644
index 0000000..9b65f41
--- /dev/null
+++ b/SOURCES/key4.db.xml
@@ -0,0 +1,59 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ key4.db
+ 5
+
+
+
+ key4.db
+ NSS certificate database
+
+
+
+ Description
+ key4.db is an NSS key database.
+ This key database is the sqlite-based shared database format with support for concurrent access.
+
+
+
+
+ Files
+ /etc/pki/nssdb/key4.db
+
+
+
+ See also
+ pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/SOURCES/nss-3.44-handle-malformed-ecdh-gtests.patch b/SOURCES/nss-3.44-handle-malformed-ecdh-gtests.patch
deleted file mode 100644
index 225f023..0000000
--- a/SOURCES/nss-3.44-handle-malformed-ecdh-gtests.patch
+++ /dev/null
@@ -1,580 +0,0 @@
-diff -up ./gtests/pk11_gtest/manifest.mn.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/manifest.mn
---- ./gtests/pk11_gtest/manifest.mn.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.827832606 -0800
-+++ ./gtests/pk11_gtest/manifest.mn 2019-12-05 10:59:53.802966671 -0800
-@@ -10,16 +10,18 @@ CPPSRCS = \
- pk11_aeskeywrap_unittest.cc \
- pk11_chacha20poly1305_unittest.cc \
- pk11_curve25519_unittest.cc \
-+ pk11_der_private_key_import_unittest.cc \
- pk11_ecdsa_unittest.cc \
- pk11_encrypt_derive_unittest.cc \
- pk11_export_unittest.cc \
- pk11_import_unittest.cc \
-+ pk11_keygen.cc \
-+ pk11_key_unittest.cc \
- pk11_pbkdf2_unittest.cc \
- pk11_prf_unittest.cc \
- pk11_prng_unittest.cc \
- pk11_rsapkcs1_unittest.cc \
- pk11_rsapss_unittest.cc \
-- pk11_der_private_key_import_unittest.cc \
- $(NULL)
-
- INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-diff -up ./gtests/pk11_gtest/pk11_gtest.gyp.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_gtest.gyp
---- ./gtests/pk11_gtest/pk11_gtest.gyp.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.828832617 -0800
-+++ ./gtests/pk11_gtest/pk11_gtest.gyp 2019-12-05 11:01:38.874134681 -0800
-@@ -11,20 +11,22 @@
- 'target_name': 'pk11_gtest',
- 'type': 'executable',
- 'sources': [
-- 'pk11_aeskeywrap_unittest.cc',
- 'pk11_aes_gcm_unittest.cc',
-+ 'pk11_aeskeywrap_unittest.cc',
- 'pk11_chacha20poly1305_unittest.cc',
- 'pk11_cipherop_unittest.cc',
- 'pk11_curve25519_unittest.cc',
-+ 'pk11_der_private_key_import_unittest.cc',
- 'pk11_ecdsa_unittest.cc',
- 'pk11_encrypt_derive_unittest.cc',
- 'pk11_import_unittest.cc',
-+ 'pk11_keygen.cc',
-+ 'pk11_key_unittest.cc',
- 'pk11_pbkdf2_unittest.cc',
- 'pk11_prf_unittest.cc',
- 'pk11_prng_unittest.cc',
- 'pk11_rsapkcs1_unittest.cc',
- 'pk11_rsapss_unittest.cc',
-- 'pk11_der_private_key_import_unittest.cc',
- '<(DEPTH)/gtests/common/gtests.cc'
- ],
- 'dependencies': [
-diff -up ./gtests/pk11_gtest/pk11_import_unittest.cc.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_import_unittest.cc
---- ./gtests/pk11_gtest/pk11_import_unittest.cc.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.821832539 -0800
-+++ ./gtests/pk11_gtest/pk11_import_unittest.cc 2019-12-05 11:08:42.394842692 -0800
-@@ -15,6 +15,7 @@
- #include "nss_scoped_ptrs.h"
- #include "gtest/gtest.h"
- #include "databuffer.h"
-+#include "pk11_keygen.h"
-
- namespace nss_test {
-
-@@ -30,7 +31,7 @@ struct PK11GenericObjectsDeleter {
-
- class Pk11KeyImportTestBase : public ::testing::Test {
- public:
-- Pk11KeyImportTestBase(CK_MECHANISM_TYPE mech) : mech_(mech) {}
-+ Pk11KeyImportTestBase() = default;
- virtual ~Pk11KeyImportTestBase() = default;
-
- void SetUp() override {
-@@ -42,12 +43,18 @@ class Pk11KeyImportTestBase : public ::t
- password_.reset(SECITEM_DupItem(&pwItem));
- }
-
-- void Test() {
-+ void Test(const Pkcs11KeyPairGenerator& generator) {
- // Generate a key and export it.
-- KeyType key_type;
-+ KeyType key_type = nullKey;
- ScopedSECKEYEncryptedPrivateKeyInfo key_info;
- ScopedSECItem public_value;
-- GenerateAndExport(&key_type, &key_info, &public_value);
-+ GenerateAndExport(generator, &key_type, &key_info, &public_value);
-+
-+ // Note: NSS is currently unable export wrapped DH keys, so this doesn't
-+ // test those beyond generate and verify.
-+ if (key_type == dhKey) {
-+ return;
-+ }
- ASSERT_NE(nullptr, key_info);
- ASSERT_NE(nullptr, public_value);
-
-@@ -66,17 +73,6 @@ class Pk11KeyImportTestBase : public ::t
- CheckForPublicKey(priv_key, public_value.get());
- }
-
-- protected:
-- class ParamHolder {
-- public:
-- virtual ~ParamHolder() = default;
-- virtual void* get() = 0;
-- };
--
-- virtual std::unique_ptr MakeParams() = 0;
--
-- CK_MECHANISM_TYPE mech_;
--
- private:
- SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
- SECItem null = { siBuffer, NULL, 0};
-@@ -196,20 +192,14 @@ class Pk11KeyImportTestBase : public ::t
- }
- }
-
-- void GenerateAndExport(KeyType* key_type,
-+ void GenerateAndExport(const Pkcs11KeyPairGenerator& generator,
-+ KeyType* key_type,
- ScopedSECKEYEncryptedPrivateKeyInfo* key_info,
- ScopedSECItem* public_value) {
-- auto params = MakeParams();
-- ASSERT_NE(nullptr, params);
--
-- SECKEYPublicKey* pub_tmp;
-- ScopedSECKEYPrivateKey priv_key(
-- PK11_GenerateKeyPair(slot_.get(), mech_, params->get(), &pub_tmp,
-- PR_FALSE, PR_TRUE, nullptr));
-- ASSERT_NE(nullptr, priv_key) << "PK11_GenerateKeyPair failed: "
-- << PORT_ErrorToName(PORT_GetError());
-- ScopedSECKEYPublicKey pub_key(pub_tmp);
-- ASSERT_NE(nullptr, pub_key);
-+ ScopedSECKEYPrivateKey priv_key;
-+ ScopedSECKEYPublicKey pub_key;
-+ generator.GenerateKey(&priv_key, &pub_key);
-+ ASSERT_TRUE(priv_key);
-
- // Wrap and export the key.
- ScopedSECKEYEncryptedPrivateKeyInfo epki(PK11_ExportEncryptedPrivKeyInfo(
-@@ -239,6 +229,11 @@ class Pk11KeyImportTestBase : public ::t
- }
-
- CheckForPublicKey(priv_key, pub_val);
-+ // Note: NSS is currently unable export wrapped DH keys, so this doesn't
-+ // test those beyond generate and verify.
-+ if (t == dhKey) {
-+ return;
-+ }
-
- *key_type = t;
- key_info->swap(epki);
-@@ -253,82 +248,13 @@ class Pk11KeyImportTest
- : public Pk11KeyImportTestBase,
- public ::testing::WithParamInterface {
- public:
-- Pk11KeyImportTest() : Pk11KeyImportTestBase(GetParam()) {}
-+ Pk11KeyImportTest() = default;
- virtual ~Pk11KeyImportTest() = default;
--
-- protected:
-- std::unique_ptr MakeParams() override {
-- switch (mech_) {
-- case CKM_RSA_PKCS_KEY_PAIR_GEN:
-- return std::unique_ptr(new RsaParamHolder());
--
-- case CKM_DSA_KEY_PAIR_GEN:
-- case CKM_DH_PKCS_KEY_PAIR_GEN: {
-- PQGParams* pqg_params = nullptr;
-- PQGVerify* pqg_verify = nullptr;
-- const unsigned int key_size = 1024;
-- SECStatus rv = PK11_PQG_ParamGenV2(key_size, 0, key_size / 16,
-- &pqg_params, &pqg_verify);
-- if (rv != SECSuccess) {
-- ADD_FAILURE() << "PK11_PQG_ParamGenV2 failed";
-- return nullptr;
-- }
-- EXPECT_NE(nullptr, pqg_verify);
-- EXPECT_NE(nullptr, pqg_params);
-- PK11_PQG_DestroyVerify(pqg_verify);
-- if (mech_ == CKM_DSA_KEY_PAIR_GEN) {
-- return std::unique_ptr(new PqgParamHolder(pqg_params));
-- }
-- return std::unique_ptr(new DhParamHolder(pqg_params));
-- }
--
-- default:
-- ADD_FAILURE() << "unknown OID " << mech_;
-- }
-- return nullptr;
-- }
--
-- private:
-- class RsaParamHolder : public ParamHolder {
-- public:
-- RsaParamHolder()
-- : params_({/*.keySizeInBits = */ 1024, /*.pe = */ 0x010001}) {}
-- ~RsaParamHolder() = default;
--
-- void* get() override { return ¶ms_; }
--
-- private:
-- PK11RSAGenParams params_;
-- };
--
-- class PqgParamHolder : public ParamHolder {
-- public:
-- PqgParamHolder(PQGParams* params) : params_(params) {}
-- ~PqgParamHolder() = default;
--
-- void* get() override { return params_.get(); }
--
-- private:
-- ScopedPQGParams params_;
-- };
--
-- class DhParamHolder : public PqgParamHolder {
-- public:
-- DhParamHolder(PQGParams* params)
-- : PqgParamHolder(params),
-- params_({/*.arena = */ nullptr,
-- /*.prime = */ params->prime,
-- /*.base = */ params->base}) {}
-- ~DhParamHolder() = default;
--
-- void* get() override { return ¶ms_; }
--
-- private:
-- SECKEYDHParams params_;
-- };
- };
-
--TEST_P(Pk11KeyImportTest, GenerateExportImport) { Test(); }
-+TEST_P(Pk11KeyImportTest, GenerateExportImport) {
-+ Test(Pkcs11KeyPairGenerator(GetParam()));
-+}
-
- INSTANTIATE_TEST_CASE_P(Pk11KeyImportTest, Pk11KeyImportTest,
- ::testing::Values(CKM_RSA_PKCS_KEY_PAIR_GEN,
-@@ -339,42 +265,13 @@ INSTANTIATE_TEST_CASE_P(Pk11KeyImportTes
- class Pk11KeyImportTestEC : public Pk11KeyImportTestBase,
- public ::testing::WithParamInterface {
- public:
-- Pk11KeyImportTestEC() : Pk11KeyImportTestBase(CKM_EC_KEY_PAIR_GEN) {}
-+ Pk11KeyImportTestEC() = default;
- virtual ~Pk11KeyImportTestEC() = default;
--
-- protected:
-- std::unique_ptr MakeParams() override {
-- return std::unique_ptr(new EcParamHolder(GetParam()));
-- }
--
-- private:
-- class EcParamHolder : public ParamHolder {
-- public:
-- EcParamHolder(SECOidTag curve_oid) {
-- SECOidData* curve = SECOID_FindOIDByTag(curve_oid);
-- EXPECT_NE(nullptr, curve);
--
-- size_t plen = curve->oid.len + 2;
-- extra_.reset(new uint8_t[plen]);
-- extra_[0] = SEC_ASN1_OBJECT_ID;
-- extra_[1] = static_cast(curve->oid.len);
-- memcpy(&extra_[2], curve->oid.data, curve->oid.len);
--
-- ec_params_ = {/*.type = */ siBuffer,
-- /*.data = */ extra_.get(),
-- /*.len = */ static_cast(plen)};
-- }
-- ~EcParamHolder() = default;
--
-- void* get() override { return &ec_params_; }
--
-- private:
-- SECKEYECParams ec_params_;
-- std::unique_ptr extra_;
-- };
- };
-
--TEST_P(Pk11KeyImportTestEC, GenerateExportImport) { Test(); }
-+TEST_P(Pk11KeyImportTestEC, GenerateExportImport) {
-+ Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam()));
-+}
-
- INSTANTIATE_TEST_CASE_P(Pk11KeyImportTestEC, Pk11KeyImportTestEC,
- ::testing::Values(SEC_OID_SECG_EC_SECP256R1,
-diff -up ./gtests/pk11_gtest/pk11_keygen.cc.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_keygen.cc
---- ./gtests/pk11_gtest/pk11_keygen.cc.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.829832628 -0800
-+++ ./gtests/pk11_gtest/pk11_keygen.cc 2019-12-05 10:56:41.829832628 -0800
-@@ -0,0 +1,143 @@
-+/* This Source Code Form is subject to the terms of the Mozilla Public
-+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
-+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
-+
-+#include "pk11_keygen.h"
-+
-+#include "pk11pub.h"
-+#include "pk11pqg.h"
-+#include "prerror.h"
-+
-+#include "gtest/gtest.h"
-+
-+namespace nss_test {
-+
-+class ParamHolder {
-+ public:
-+ virtual void* get() = 0;
-+ virtual ~ParamHolder() = default;
-+
-+ protected:
-+ ParamHolder() = default;
-+};
-+
-+void Pkcs11KeyPairGenerator::GenerateKey(ScopedSECKEYPrivateKey* priv_key,
-+ ScopedSECKEYPublicKey* pub_key) const {
-+ // This function returns if an assertion fails, so don't leak anything.
-+ priv_key->reset(nullptr);
-+ pub_key->reset(nullptr);
-+
-+ auto params = MakeParams();
-+ ASSERT_NE(nullptr, params);
-+
-+ ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-+ ASSERT_TRUE(slot);
-+
-+ SECKEYPublicKey* pub_tmp;
-+ ScopedSECKEYPrivateKey priv_tmp(PK11_GenerateKeyPair(
-+ slot.get(), mech_, params->get(), &pub_tmp, PR_FALSE, PR_TRUE, nullptr));
-+ ASSERT_NE(nullptr, priv_tmp) << "PK11_GenerateKeyPair failed: "
-+ << PORT_ErrorToName(PORT_GetError());
-+ ASSERT_NE(nullptr, pub_tmp);
-+
-+ priv_key->swap(priv_tmp);
-+ pub_key->reset(pub_tmp);
-+}
-+
-+class RsaParamHolder : public ParamHolder {
-+ public:
-+ RsaParamHolder() : params_({1024, 0x010001}) {}
-+ ~RsaParamHolder() = default;
-+
-+ void* get() override { return ¶ms_; }
-+
-+ private:
-+ PK11RSAGenParams params_;
-+};
-+
-+class PqgParamHolder : public ParamHolder {
-+ public:
-+ PqgParamHolder(PQGParams* params) : params_(params) {}
-+ ~PqgParamHolder() = default;
-+
-+ void* get() override { return params_.get(); }
-+
-+ private:
-+ ScopedPQGParams params_;
-+};
-+
-+class DhParamHolder : public PqgParamHolder {
-+ public:
-+ DhParamHolder(PQGParams* params)
-+ : PqgParamHolder(params),
-+ params_({nullptr, params->prime, params->base}) {}
-+ ~DhParamHolder() = default;
-+
-+ void* get() override { return ¶ms_; }
-+
-+ private:
-+ SECKEYDHParams params_;
-+};
-+
-+class EcParamHolder : public ParamHolder {
-+ public:
-+ EcParamHolder(SECOidTag curve_oid) {
-+ SECOidData* curve = SECOID_FindOIDByTag(curve_oid);
-+ EXPECT_NE(nullptr, curve);
-+
-+ size_t plen = curve->oid.len + 2;
-+ extra_.reset(new uint8_t[plen]);
-+ extra_[0] = SEC_ASN1_OBJECT_ID;
-+ extra_[1] = static_cast(curve->oid.len);
-+ memcpy(&extra_[2], curve->oid.data, curve->oid.len);
-+
-+ ec_params_ = {siBuffer, extra_.get(), static_cast(plen)};
-+ }
-+ ~EcParamHolder() = default;
-+
-+ void* get() override { return &ec_params_; }
-+
-+ private:
-+ SECKEYECParams ec_params_;
-+ std::unique_ptr extra_;
-+};
-+
-+std::unique_ptr Pkcs11KeyPairGenerator::MakeParams() const {
-+ switch (mech_) {
-+ case CKM_RSA_PKCS_KEY_PAIR_GEN:
-+ std::cerr << "Generate RSA pair" << std::endl;
-+ return std::unique_ptr(new RsaParamHolder());
-+
-+ case CKM_DSA_KEY_PAIR_GEN:
-+ case CKM_DH_PKCS_KEY_PAIR_GEN: {
-+ PQGParams* pqg_params = nullptr;
-+ PQGVerify* pqg_verify = nullptr;
-+ const unsigned int key_size = 1024;
-+ SECStatus rv = PK11_PQG_ParamGenV2(key_size, 0, key_size / 16,
-+ &pqg_params, &pqg_verify);
-+ if (rv != SECSuccess) {
-+ ADD_FAILURE() << "PK11_PQG_ParamGenV2 failed";
-+ return nullptr;
-+ }
-+ EXPECT_NE(nullptr, pqg_verify);
-+ EXPECT_NE(nullptr, pqg_params);
-+ PK11_PQG_DestroyVerify(pqg_verify);
-+ if (mech_ == CKM_DSA_KEY_PAIR_GEN) {
-+ std::cerr << "Generate DSA pair" << std::endl;
-+ return std::unique_ptr(new PqgParamHolder(pqg_params));
-+ }
-+ std::cerr << "Generate DH pair" << std::endl;
-+ return std::unique_ptr(new DhParamHolder(pqg_params));
-+ }
-+
-+ case CKM_EC_KEY_PAIR_GEN:
-+ std::cerr << "Generate EC pair on " << curve_ << std::endl;
-+ return std::unique_ptr(new EcParamHolder(curve_));
-+
-+ default:
-+ ADD_FAILURE() << "unknown OID " << mech_;
-+ }
-+ return nullptr;
-+}
-+
-+} // namespace nss_test
-diff -up ./gtests/pk11_gtest/pk11_keygen.h.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_keygen.h
---- ./gtests/pk11_gtest/pk11_keygen.h.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.828832617 -0800
-+++ ./gtests/pk11_gtest/pk11_keygen.h 2019-12-05 10:56:41.828832617 -0800
-@@ -0,0 +1,34 @@
-+/* This Source Code Form is subject to the terms of the Mozilla Public
-+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
-+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
-+
-+#include "nss.h"
-+#include "secoid.h"
-+
-+#include "nss_scoped_ptrs.h"
-+
-+namespace nss_test {
-+
-+class ParamHolder;
-+
-+class Pkcs11KeyPairGenerator {
-+ public:
-+ Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech, SECOidTag curve_oid)
-+ : mech_(mech), curve_(curve_oid) {}
-+ Pkcs11KeyPairGenerator(CK_MECHANISM_TYPE mech)
-+ : Pkcs11KeyPairGenerator(mech, SEC_OID_UNKNOWN) {}
-+
-+ CK_MECHANISM_TYPE mechanism() const { return mech_; }
-+ SECOidTag curve() const { return curve_; }
-+
-+ void GenerateKey(ScopedSECKEYPrivateKey* priv_key,
-+ ScopedSECKEYPublicKey* pub_key) const;
-+
-+ private:
-+ std::unique_ptr MakeParams() const;
-+
-+ CK_MECHANISM_TYPE mech_;
-+ SECOidTag curve_;
-+};
-+
-+} // namespace nss_test
-diff -up ./gtests/pk11_gtest/pk11_key_unittest.cc.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_key_unittest.cc
---- ./gtests/pk11_gtest/pk11_key_unittest.cc.handle-malformed-ecdh-gtests 2019-12-05 10:56:41.828832617 -0800
-+++ ./gtests/pk11_gtest/pk11_key_unittest.cc 2019-12-05 10:56:41.828832617 -0800
-@@ -0,0 +1,80 @@
-+/* This Source Code Form is subject to the terms of the Mozilla Public
-+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
-+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
-+
-+#include
-+#include "nss.h"
-+#include "pk11pub.h"
-+#include "pk11pqg.h"
-+#include "prerror.h"
-+#include "secoid.h"
-+
-+#include "gtest/gtest.h"
-+#include "nss_scoped_ptrs.h"
-+#include "pk11_keygen.h"
-+
-+namespace nss_test {
-+
-+class Pkcs11NullKeyTestBase : public ::testing::Test {
-+ protected:
-+ // This constructs a key pair, then erases the public value from the public
-+ // key. NSS should reject this.
-+ void Test(const Pkcs11KeyPairGenerator& generator,
-+ CK_MECHANISM_TYPE dh_mech) {
-+ ScopedSECKEYPrivateKey priv;
-+ ScopedSECKEYPublicKey pub;
-+ generator.GenerateKey(&priv, &pub);
-+ ASSERT_TRUE(priv);
-+
-+ // These don't leak because they are allocated to the arena associated with
-+ // the public key.
-+ SECItem* pub_val = nullptr;
-+ switch (SECKEY_GetPublicKeyType(pub.get())) {
-+ case rsaKey:
-+ pub_val = &pub->u.rsa.modulus;
-+ break;
-+
-+ case dsaKey:
-+ pub_val = &pub->u.dsa.publicValue;
-+ break;
-+
-+ case dhKey:
-+ pub_val = &pub->u.dh.publicValue;
-+ break;
-+
-+ case ecKey:
-+ pub_val = &pub->u.ec.publicValue;
-+ break;
-+
-+ default:
-+ FAIL() << "Unknown key type " << SECKEY_GetPublicKeyType(pub.get());
-+ }
-+ pub_val->data = nullptr;
-+ pub_val->len = 0;
-+
-+ ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF(
-+ priv.get(), pub.get(), false, nullptr, nullptr, dh_mech,
-+ CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr));
-+ ASSERT_FALSE(symKey);
-+ }
-+};
-+
-+class Pkcs11DhNullKeyTest : public Pkcs11NullKeyTestBase {};
-+TEST_F(Pkcs11DhNullKeyTest, UseNullPublicValue) {
-+ Test(Pkcs11KeyPairGenerator(CKM_DH_PKCS_KEY_PAIR_GEN), CKM_DH_PKCS_DERIVE);
-+}
-+
-+class Pkcs11EcdhNullKeyTest : public Pkcs11NullKeyTestBase,
-+ public ::testing::WithParamInterface {
-+};
-+TEST_P(Pkcs11EcdhNullKeyTest, UseNullPublicValue) {
-+ Test(Pkcs11KeyPairGenerator(CKM_EC_KEY_PAIR_GEN, GetParam()),
-+ CKM_ECDH1_DERIVE);
-+}
-+INSTANTIATE_TEST_CASE_P(Pkcs11EcdhNullKeyTest, Pkcs11EcdhNullKeyTest,
-+ ::testing::Values(SEC_OID_SECG_EC_SECP256R1,
-+ SEC_OID_SECG_EC_SECP384R1,
-+ SEC_OID_SECG_EC_SECP521R1,
-+ SEC_OID_CURVE25519));
-+
-+} // namespace nss_test
-diff --git ./gtests/pk11_gtest/pk11_curve25519_unittest.cc.handle-malformed-ecdh-gtests ./gtests/pk11_gtest/pk11_curve25519_unittest.cc
---- ./gtests/pk11_gtest/pk11_curve25519_unittest.cc.handle-malformed-ecdh-gtests
-+++ ./gtests/pk11_gtest/pk11_curve25519_unittest.cc
-@@ -40,6 +40,9 @@
-
- ScopedCERTSubjectPublicKeyInfo certSpki(
- SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
-+ if (!expect_success && !certSpki) {
-+ return;
-+ }
- ASSERT_TRUE(certSpki);
-
- ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
-
-diff -up ./gtests/ssl_gtest/tls_connect.cc.addtime ./gtests/ssl_gtest/tls_connect.cc
---- ./gtests/ssl_gtest/tls_connect.cc.addtime 2019-12-06 09:02:39.006583359 -0800
-+++ ./gtests/ssl_gtest/tls_connect.cc 2019-12-06 09:02:54.120745545 -0800
-@@ -292,7 +292,7 @@ void TlsConnectTestBase::Handshake() {
-
- ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
- (server_->state() != TlsAgent::STATE_CONNECTING),
-- 5000);
-+ 10000);
- }
-
- void TlsConnectTestBase::EnableExtendedMasterSecret() {
-
diff --git a/SOURCES/nss-3.44-handle-malformed-ecdh.patch b/SOURCES/nss-3.44-handle-malformed-ecdh.patch
deleted file mode 100644
index a0a6305..0000000
--- a/SOURCES/nss-3.44-handle-malformed-ecdh.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
---- a/lib/cryptohi/seckey.c
-+++ b/lib/cryptohi/seckey.c
-@@ -639,6 +639,11 @@
- return pubk;
- break;
- case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
-+ /* A basic sanity check on inputs. */
-+ if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
-+ PORT_SetError(SEC_ERROR_INPUT_LEN);
-+ break;
-+ }
- pubk->keyType = ecKey;
- pubk->u.ec.size = 0;
diff --git a/SOURCES/nss-3.53-fix-private_key_mac.patch b/SOURCES/nss-3.53-fix-private_key_mac.patch
new file mode 100644
index 0000000..60df7d5
--- /dev/null
+++ b/SOURCES/nss-3.53-fix-private_key_mac.patch
@@ -0,0 +1,104 @@
+diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c
+--- a/lib/softoken/sftkpwd.c
++++ b/lib/softoken/sftkpwd.c
+@@ -277,17 +277,19 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha
+ *plain = nsspkcs5_CipherData(cipherValue.param, passKey, &cipherValue.value,
+ PR_FALSE, NULL);
+ if (*plain == NULL) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* If we are using aes 256, we need to check authentication as well.*/
+- if ((type != CKT_INVALID_TYPE) && (cipherValue.alg == SEC_OID_AES_256_CBC)) {
++ if ((type != CKT_INVALID_TYPE) &&
++ (cipherValue.alg == SEC_OID_PKCS5_PBES2) &&
++ (cipherValue.param->encAlg == SEC_OID_AES_256_CBC)) {
+ SECItem signature;
+ unsigned char signData[SDB_MAX_META_DATA_LEN];
+
+ /* if we get here from the old legacy db, there is clearly an
+ * error, don't return the plaintext */
+ if (handle == NULL) {
+ rv = SECFailure;
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+@@ -299,17 +301,27 @@ sftkdb_DecryptAttribute(SFTKDBHandle *ha
+ rv = sftkdb_GetAttributeSignature(handle, handle, id, type,
+ &signature);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE, type,
+ *plain, &signature);
+ if (rv != SECSuccess) {
+- goto loser;
++ /* handle a bug where old versions of NSS misfiled the signature
++ * attribute on password update */
++ id |= SFTK_KEYDB_TYPE|SFTK_TOKEN_TYPE;
++ signature.len = sizeof(signData);
++ rv = sftkdb_GetAttributeSignature(handle, handle, id, type,
++ &signature);
++ if (rv != SECSuccess) {
++ goto loser;
++ }
++ rv = sftkdb_VerifyAttribute(handle, passKey, CK_INVALID_HANDLE,
++ type, *plain, &signature);
+ }
+ }
+
+ loser:
+ if (cipherValue.param) {
+ nsspkcs5_DestroyPBEParameter(cipherValue.param);
+ }
+ if (cipherValue.arena) {
+@@ -1186,16 +1198,17 @@ sftk_updateEncrypted(PLArenaPool *arena,
+ };
+ const CK_ULONG privAttrCount = sizeof(privAttrTypes) / sizeof(privAttrTypes[0]);
+
+ // We don't know what attributes this object has, so we update them one at a
+ // time.
+ unsigned int i;
+ for (i = 0; i < privAttrCount; i++) {
+ // Read the old attribute in the clear.
++ CK_OBJECT_HANDLE sdbId = id & SFTK_OBJ_ID_MASK;
+ CK_ATTRIBUTE privAttr = { privAttrTypes[i], NULL, 0 };
+ CK_RV crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1);
+ if (crv != CKR_OK) {
+ continue;
+ }
+ if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) {
+ continue;
+ }
+@@ -1210,30 +1223,29 @@ sftk_updateEncrypted(PLArenaPool *arena,
+ if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) {
+ return CKR_GENERAL_ERROR;
+ }
+ SECItem plainText;
+ SECItem *result;
+ plainText.data = privAttr.pValue;
+ plainText.len = privAttr.ulValueLen;
+ if (sftkdb_EncryptAttribute(arena, keydb, keydb->db, newKey,
+- iterationCount, id, privAttr.type,
++ iterationCount, sdbId, privAttr.type,
+ &plainText, &result) != SECSuccess) {
+ return CKR_GENERAL_ERROR;
+ }
+ privAttr.pValue = result->data;
+ privAttr.ulValueLen = result->len;
+ // Clear sensitive data.
+ PORT_Memset(plainText.data, 0, plainText.len);
+
+ // Write the newly encrypted attributes out directly.
+- CK_OBJECT_HANDLE newId = id & SFTK_OBJ_ID_MASK;
+ keydb->newKey = newKey;
+ keydb->newDefaultIterationCount = iterationCount;
+- crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, newId, &privAttr, 1);
++ crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, sdbId, &privAttr, 1);
+ keydb->newKey = NULL;
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
+
+ return CKR_OK;
+ }
diff --git a/SOURCES/nss-3.53.1-diffie_hellman_checks.patch b/SOURCES/nss-3.53.1-diffie_hellman_checks.patch
new file mode 100644
index 0000000..20a6dd2
--- /dev/null
+++ b/SOURCES/nss-3.53.1-diffie_hellman_checks.patch
@@ -0,0 +1,5798 @@
+diff --git a/gtests/softoken_gtest/manifest.mn b/gtests/softoken_gtest/manifest.mn
+--- a/gtests/softoken_gtest/manifest.mn
++++ b/gtests/softoken_gtest/manifest.mn
+@@ -20,16 +20,17 @@ CPPSRCS = \
+ $(NULL)
+
+ INCLUDES += \
+ -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/gtests/common \
+ -I$(CORE_DEPTH)/cpputil \
+ $(NULL)
+
+-REQUIRES = nspr gtest
++REQUIRES = nspr gtest cpputil
+
+ PROGRAM = softoken_gtest
+
+ EXTRA_LIBS = \
+ $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
++ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \
+ $(NULL)
+diff --git a/gtests/softoken_gtest/softoken_dh_vectors.h b/gtests/softoken_gtest/softoken_dh_vectors.h
+new file mode 100644
+--- /dev/null
++++ b/gtests/softoken_gtest/softoken_dh_vectors.h
+@@ -0,0 +1,3399 @@
++
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++namespace nss_test {
++/* first list the primes we want to test */
++
++/* known primes */
++/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */
++static const unsigned char prime_ike_1536[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } */
++static const unsigned char prime_ike_2048[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */
++static const unsigned char prime_tls_2048[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */
++static const unsigned char prime_ike_3072[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */
++static const unsigned char prime_tls_3072[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */
++static const unsigned char prime_ike_4096[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */
++static const unsigned char prime_tls_4096[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */
++static const unsigned char prime_ike_6144[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
++ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */
++static const unsigned char prime_tls_6144[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C,
++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64,
++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E,
++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C,
++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E,
++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58,
++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31,
++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5,
++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E,
++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */
++static const unsigned char prime_ike_8192[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
++ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
++ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
++ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
++ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
++ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
++ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
++ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
++ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
++ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
++ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
++ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
++ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
++ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
++ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
++ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
++ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
++ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
++ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
++ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
++ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */
++static const unsigned char prime_tls_8192[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C,
++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64,
++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E,
++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C,
++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E,
++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58,
++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31,
++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5,
++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E,
++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
++ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
++ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE,
++ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
++ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42,
++ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
++ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39,
++ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
++ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0,
++ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
++ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31,
++ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
++ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16,
++ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
++ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75,
++ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
++ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE,
++ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
++ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8,
++ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
++ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06,
++ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
++ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF};
++
++/* safe primes that aren't already known. These primes should pass, but
++ * take more processing in FIPS mode */
++static const unsigned char prime_safe_1536[] = {
++ 0xf7, 0x67, 0x31, 0xc8, 0x45, 0x6a, 0xd9, 0xea, 0x53, 0x0b, 0x21, 0xc7,
++ 0x4a, 0xfa, 0x81, 0x66, 0x76, 0x5c, 0xea, 0xb7, 0xf5, 0x11, 0x32, 0x6d,
++ 0xd3, 0x4c, 0x7a, 0xac, 0x39, 0x17, 0x1a, 0x87, 0xb8, 0x00, 0xd7, 0x11,
++ 0xc5, 0xfd, 0xe1, 0xe3, 0x65, 0x4c, 0x1f, 0x42, 0x24, 0x41, 0x1e, 0x92,
++ 0x42, 0xbf, 0xb6, 0x65, 0x0e, 0x72, 0x83, 0x8a, 0xb8, 0x82, 0xa6, 0x4f,
++ 0x9e, 0xca, 0x4f, 0xd1, 0xb1, 0x13, 0xc2, 0xfa, 0x67, 0xa1, 0x6a, 0x06,
++ 0x4f, 0xaf, 0x6e, 0x16, 0xd9, 0x94, 0xd8, 0xda, 0xe3, 0x66, 0x62, 0x01,
++ 0x1f, 0x82, 0x8f, 0x10, 0xe0, 0x2f, 0x3c, 0xa3, 0x42, 0xa8, 0xbb, 0x94,
++ 0x32, 0x79, 0x79, 0x7f, 0x97, 0xf8, 0x3a, 0x31, 0xaa, 0x14, 0xc7, 0xfe,
++ 0x13, 0x96, 0x77, 0x15, 0xbf, 0x47, 0x20, 0x57, 0x11, 0xe0, 0x4f, 0xda,
++ 0x7e, 0xa9, 0x19, 0x49, 0xa1, 0x8d, 0x29, 0x76, 0x8a, 0xd3, 0x9b, 0xb0,
++ 0xbe, 0x50, 0xc3, 0x25, 0x82, 0xf9, 0xe3, 0x21, 0x8c, 0xfd, 0xa6, 0x51,
++ 0xe5, 0x36, 0x7e, 0x82, 0xb6, 0x90, 0x45, 0xe1, 0xd5, 0x72, 0x56, 0xbe,
++ 0xc5, 0x67, 0x3d, 0x13, 0x1a, 0x39, 0x7f, 0x98, 0x33, 0xfc, 0xb4, 0x7b,
++ 0xa4, 0x38, 0x71, 0x87, 0x96, 0x6e, 0xe6, 0x7b, 0x77, 0xb2, 0x65, 0xfd,
++ 0xdf, 0x27, 0x93, 0x0c, 0x3c, 0x60, 0xdf, 0xe5, 0x33, 0xfe, 0xd7, 0x4b};
++
++static const unsigned char prime_safe_2048[] = {
++ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46,
++ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e,
++ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21,
++ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8,
++ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5,
++ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a,
++ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6,
++ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4,
++ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80,
++ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7,
++ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf,
++ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92,
++ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9,
++ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a,
++ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75,
++ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5,
++ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc,
++ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86,
++ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96,
++ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31,
++ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc,
++ 0x37, 0x8a, 0x80, 0x33};
++
++static const unsigned char prime_safe_3072[] = {
++ 0x87, 0x66, 0xdf, 0xf7, 0xec, 0x49, 0x6a, 0x9a, 0x7c, 0x96, 0x28, 0xae,
++ 0x67, 0x38, 0xab, 0xfa, 0xfe, 0x5c, 0x46, 0x7b, 0xef, 0xe9, 0x18, 0xa6,
++ 0x76, 0xb2, 0xe5, 0x0e, 0xbe, 0xb8, 0xf2, 0x80, 0x36, 0x09, 0x82, 0x44,
++ 0x7b, 0xe8, 0xe8, 0xcc, 0x89, 0x27, 0x68, 0x05, 0xe0, 0xe1, 0x37, 0xd7,
++ 0xbf, 0xdb, 0x0c, 0xf6, 0x48, 0x52, 0x17, 0x3f, 0x75, 0xc5, 0x4e, 0xb4,
++ 0x3d, 0xf8, 0x4c, 0xea, 0xb4, 0x0b, 0x06, 0x04, 0x15, 0x89, 0x7c, 0xba,
++ 0xf3, 0xf5, 0xde, 0x66, 0x6e, 0x7d, 0x30, 0xc4, 0x20, 0x05, 0xda, 0x32,
++ 0x0f, 0xff, 0x79, 0x71, 0x44, 0x9b, 0x10, 0x0f, 0xf1, 0xbb, 0x31, 0xde,
++ 0x67, 0x90, 0xea, 0x77, 0xad, 0x65, 0xd7, 0x05, 0x75, 0xab, 0x66, 0xf2,
++ 0xe6, 0x52, 0xac, 0xf2, 0xaa, 0xa7, 0xd2, 0x45, 0xd9, 0xc6, 0x42, 0x39,
++ 0x27, 0x1f, 0x46, 0x84, 0xad, 0x78, 0xb4, 0xfa, 0x84, 0xf8, 0x9b, 0x3e,
++ 0xcb, 0xc1, 0x99, 0xe5, 0x35, 0x42, 0x26, 0x05, 0xea, 0xac, 0x51, 0x04,
++ 0x4f, 0x8a, 0x98, 0x25, 0xa7, 0x46, 0xab, 0x7b, 0xed, 0xb8, 0xa9, 0x0b,
++ 0x24, 0x23, 0x83, 0x23, 0x16, 0x87, 0x64, 0x91, 0x0c, 0xbf, 0x1f, 0xbc,
++ 0xec, 0x4a, 0xdd, 0x12, 0x2b, 0x0c, 0xa9, 0x39, 0x96, 0xc4, 0xc3, 0xcf,
++ 0xa5, 0x38, 0x40, 0x0d, 0x6e, 0xd0, 0xfa, 0x0a, 0x0c, 0x3e, 0xe9, 0x75,
++ 0x0b, 0x70, 0x28, 0x68, 0xbc, 0xfd, 0xf6, 0xc2, 0x9a, 0x59, 0x91, 0x20,
++ 0x5c, 0x70, 0xfe, 0x31, 0xa6, 0x50, 0x87, 0x9a, 0x6a, 0x61, 0x20, 0x2c,
++ 0x77, 0x84, 0x81, 0xa8, 0x3e, 0xc9, 0xa8, 0x72, 0xb0, 0x53, 0x43, 0x85,
++ 0x1c, 0x9b, 0x3a, 0xdd, 0xef, 0x09, 0x7d, 0xc7, 0x68, 0xc6, 0xef, 0x08,
++ 0xce, 0x47, 0xa0, 0xdc, 0x5b, 0xdb, 0x2f, 0x2d, 0x34, 0xe3, 0xde, 0x95,
++ 0xf6, 0x6b, 0x6d, 0x5d, 0x91, 0xbe, 0x45, 0xee, 0x2d, 0x04, 0x93, 0x78,
++ 0xc7, 0xa4, 0x49, 0xcc, 0x71, 0xa8, 0x5d, 0xd8, 0x8a, 0x7e, 0x9e, 0x4f,
++ 0x10, 0xc9, 0x41, 0xd1, 0x62, 0xc1, 0x70, 0x48, 0xb5, 0x12, 0x11, 0x23,
++ 0xa6, 0xe4, 0xdf, 0x64, 0xac, 0xd9, 0xe4, 0x37, 0xc2, 0xb9, 0x23, 0xa7,
++ 0x40, 0xea, 0x7f, 0x54, 0xe3, 0xef, 0x71, 0x81, 0xb4, 0xe7, 0x05, 0x10,
++ 0xd6, 0x2b, 0xd5, 0x11, 0x84, 0x5a, 0x69, 0xa5, 0xac, 0x52, 0x6d, 0xa8,
++ 0x79, 0x27, 0xff, 0x1c, 0x02, 0xd1, 0x62, 0x36, 0x03, 0xa2, 0xa9, 0x46,
++ 0x6c, 0x4f, 0xca, 0x58, 0xf2, 0xb2, 0xed, 0x91, 0xb4, 0x9e, 0x5b, 0xdd,
++ 0xf9, 0x99, 0xb6, 0x8d, 0x70, 0x34, 0x0a, 0xc5, 0x4d, 0xd7, 0xce, 0x8b,
++ 0xf1, 0x50, 0x25, 0x89, 0xff, 0xe7, 0xf2, 0x1e, 0xb9, 0x21, 0xb3, 0x8b,
++ 0xc8, 0x42, 0x7c, 0x26, 0xef, 0x4c, 0x30, 0x8d, 0x60, 0xb7, 0x25, 0xfb};
++
++static const unsigned char prime_safe_4096[] = {
++ 0x8b, 0xdf, 0xc1, 0xa3, 0xe4, 0xbd, 0x1c, 0xb1, 0xf4, 0xb1, 0x51, 0xd3,
++ 0x8a, 0xce, 0x3d, 0x33, 0x58, 0x80, 0xa3, 0x1c, 0x7c, 0x0d, 0xbd, 0x8e,
++ 0xbd, 0xb3, 0xe7, 0x9e, 0xd4, 0xde, 0x06, 0xfc, 0x98, 0xaf, 0x01, 0x43,
++ 0x93, 0x2c, 0xfc, 0xfb, 0x92, 0x80, 0xe0, 0x6e, 0xf9, 0xf6, 0xab, 0x73,
++ 0x96, 0x8d, 0x7e, 0xc0, 0xeb, 0x26, 0x6c, 0x0c, 0x53, 0x06, 0x9f, 0x32,
++ 0x4b, 0xad, 0x53, 0xd5, 0xbf, 0x91, 0x35, 0x16, 0xfd, 0x7f, 0xba, 0x30,
++ 0xb6, 0xb4, 0x88, 0x10, 0x1f, 0x5a, 0xc0, 0x62, 0xf9, 0x7f, 0x71, 0x9b,
++ 0xb5, 0x10, 0x4b, 0x99, 0xd0, 0xf0, 0xe9, 0xc2, 0xee, 0x35, 0x24, 0xeb,
++ 0xcc, 0xee, 0x06, 0xbf, 0xa0, 0x05, 0xe4, 0x61, 0xa4, 0xa6, 0x98, 0x23,
++ 0xd0, 0xe4, 0x8a, 0x61, 0xca, 0x05, 0x8a, 0x6c, 0x98, 0xfa, 0x83, 0xc3,
++ 0x50, 0x7d, 0x55, 0x3b, 0x2e, 0xd5, 0xac, 0x14, 0x61, 0x86, 0xd1, 0xb5,
++ 0xcf, 0xc0, 0xdc, 0x69, 0x4b, 0x6c, 0x4a, 0xc5, 0xd7, 0xfe, 0xe0, 0xe8,
++ 0x1a, 0x64, 0x11, 0xdb, 0x56, 0xf0, 0x1c, 0x95, 0x5c, 0xd1, 0x6a, 0xb9,
++ 0xf6, 0xe2, 0x00, 0xf4, 0x22, 0x03, 0x03, 0x2a, 0xbc, 0x9c, 0x82, 0xeb,
++ 0x89, 0x1a, 0xdd, 0x94, 0x65, 0x02, 0x44, 0x61, 0x76, 0xc1, 0xae, 0xd8,
++ 0xca, 0xfd, 0x66, 0xf4, 0x96, 0xe7, 0x79, 0xfe, 0x3a, 0x98, 0xf1, 0x80,
++ 0x02, 0xfa, 0x42, 0xb7, 0xae, 0xeb, 0x39, 0x28, 0xc3, 0xb9, 0xce, 0x8c,
++ 0x71, 0xea, 0x14, 0x74, 0x86, 0x6c, 0x26, 0xd5, 0x15, 0x21, 0x97, 0x0c,
++ 0x82, 0x8d, 0x81, 0x84, 0xc5, 0x47, 0x10, 0x06, 0x67, 0xa8, 0x5f, 0xb1,
++ 0xc5, 0x32, 0xdc, 0x7f, 0xe6, 0x61, 0xe5, 0xeb, 0x9e, 0xa9, 0x61, 0x99,
++ 0x43, 0xa9, 0x8b, 0xed, 0xaf, 0xe4, 0x21, 0xef, 0x8e, 0x78, 0x5a, 0x61,
++ 0x55, 0x9d, 0x43, 0xdb, 0x77, 0xaa, 0xbb, 0x19, 0xea, 0x4f, 0x49, 0x53,
++ 0x80, 0xce, 0x7c, 0x9a, 0xea, 0xa6, 0x93, 0x58, 0xd4, 0xab, 0xf4, 0xe9,
++ 0x60, 0x7d, 0xca, 0xb2, 0x97, 0xa5, 0xe0, 0x92, 0xce, 0xec, 0x57, 0xbc,
++ 0xc5, 0x05, 0x76, 0x11, 0x79, 0x03, 0xe1, 0xb2, 0x99, 0xc1, 0x21, 0xd4,
++ 0x85, 0xe7, 0x6f, 0xc9, 0x58, 0xe8, 0x1c, 0x0d, 0xc8, 0x90, 0x44, 0x4c,
++ 0x58, 0x55, 0x9a, 0xee, 0xde, 0x62, 0x0e, 0xb2, 0xe3, 0xbc, 0xeb, 0x51,
++ 0x40, 0x05, 0x71, 0xfe, 0xb4, 0xe9, 0xe6, 0xf6, 0x0e, 0xd7, 0xbb, 0x1b,
++ 0xb8, 0x99, 0xe8, 0xc9, 0xda, 0x9f, 0xde, 0x3c, 0x13, 0xd9, 0x16, 0x45,
++ 0x3d, 0xac, 0xe2, 0x09, 0xc3, 0x87, 0xbb, 0x39, 0x8c, 0x6f, 0x11, 0x60,
++ 0x87, 0x1f, 0xaf, 0xa7, 0xdc, 0x12, 0x8f, 0x7d, 0x4c, 0x5e, 0x56, 0xc3,
++ 0x62, 0xdd, 0xdd, 0x03, 0x55, 0x9e, 0x24, 0x6c, 0xc5, 0x6c, 0xb8, 0x0e,
++ 0xaf, 0x11, 0xd5, 0x1e, 0x6a, 0x36, 0x9c, 0xca, 0x46, 0x34, 0x13, 0x2b,
++ 0xd1, 0xa3, 0x34, 0x2c, 0x83, 0x1b, 0x25, 0xcc, 0x17, 0x01, 0x9c, 0x68,
++ 0x53, 0xb7, 0x87, 0xed, 0x0e, 0x48, 0xd7, 0x69, 0xf9, 0xc8, 0x1d, 0x8b,
++ 0x71, 0xf4, 0x6f, 0xd1, 0xb1, 0xd5, 0x70, 0xa0, 0xd7, 0x71, 0x3d, 0x9f,
++ 0xfc, 0xfa, 0x35, 0x69, 0x25, 0xf3, 0x39, 0x79, 0xad, 0x7b, 0x01, 0xc5,
++ 0x66, 0xa5, 0xf0, 0xc7, 0x1c, 0xb6, 0x51, 0xe5, 0x02, 0x2b, 0xcf, 0xc1,
++ 0x2a, 0x91, 0x9d, 0xa5, 0xbf, 0x37, 0x37, 0xdd, 0x2e, 0x30, 0x40, 0xdb,
++ 0xbf, 0xec, 0xfe, 0x6c, 0x2c, 0xe9, 0x20, 0xee, 0x89, 0xac, 0x55, 0xaf,
++ 0x03, 0x5a, 0xba, 0x5a, 0x52, 0xfb, 0xbf, 0xb5, 0xae, 0x38, 0x20, 0xa5,
++ 0x68, 0x92, 0x5f, 0xec, 0x17, 0xa9, 0x80, 0x53, 0xf2, 0x3b, 0x0c, 0x09,
++ 0xf3, 0xeb, 0x15, 0x62, 0x8e, 0x39, 0x7b, 0x6b};
++
++static const unsigned char prime_safe_6144[] = {
++ 0xb9, 0x0f, 0xc1, 0x41, 0x4a, 0xde, 0x1a, 0x1c, 0x80, 0xa0, 0xd6, 0x39,
++ 0x81, 0x10, 0xf3, 0x09, 0xca, 0xc0, 0x60, 0x8c, 0x5e, 0x8c, 0x17, 0x21,
++ 0xa0, 0x18, 0x50, 0xd6, 0x60, 0x13, 0xfc, 0x38, 0x00, 0x26, 0xd9, 0x71,
++ 0xd2, 0x73, 0xfc, 0x5d, 0x0c, 0xf1, 0x20, 0xce, 0x76, 0x44, 0xbb, 0x8b,
++ 0x5c, 0xc8, 0x5a, 0x59, 0x0c, 0xcd, 0x48, 0xba, 0xbf, 0x86, 0x72, 0xda,
++ 0xf5, 0xbd, 0x7c, 0x1d, 0x41, 0xba, 0xe8, 0x9f, 0x8c, 0xc2, 0x18, 0x27,
++ 0xfa, 0xbc, 0xc6, 0xcf, 0xd8, 0x47, 0xf5, 0xe9, 0x71, 0xcc, 0x37, 0x34,
++ 0xc3, 0x9b, 0x5a, 0xff, 0xc3, 0x0c, 0xab, 0x1d, 0x97, 0x8c, 0x26, 0x95,
++ 0x8c, 0xf1, 0x0a, 0x5d, 0x22, 0x84, 0x5a, 0x7c, 0xf2, 0xd1, 0x8b, 0x7c,
++ 0x6f, 0x17, 0x09, 0x13, 0x00, 0xc9, 0xdf, 0x79, 0xe1, 0x6e, 0xc8, 0xf8,
++ 0xd3, 0xc1, 0xdd, 0xb2, 0xf4, 0x24, 0x2a, 0xfa, 0x5c, 0x66, 0x25, 0x2b,
++ 0x39, 0xd1, 0x39, 0x48, 0xfa, 0x76, 0x4f, 0x57, 0xa3, 0x20, 0xc3, 0x38,
++ 0x2e, 0x85, 0x67, 0x31, 0x92, 0x85, 0x3c, 0x70, 0x23, 0x14, 0xec, 0x6c,
++ 0x85, 0x28, 0xe0, 0x4f, 0xcc, 0xc6, 0x3b, 0xcf, 0x19, 0x30, 0x3b, 0x01,
++ 0xfe, 0x9e, 0x16, 0x65, 0x1c, 0xf4, 0x31, 0x0c, 0x9d, 0x23, 0x40, 0x85,
++ 0x6c, 0xdd, 0xe5, 0xf7, 0x90, 0x25, 0x69, 0x7a, 0x3c, 0xd6, 0xe4, 0x42,
++ 0x6c, 0x87, 0x04, 0x06, 0xa7, 0x82, 0x1d, 0xfc, 0x5e, 0xd9, 0x03, 0x60,
++ 0x20, 0x9a, 0x5c, 0x6a, 0xfe, 0x53, 0x0d, 0x05, 0x92, 0x1b, 0xa1, 0xdb,
++ 0xfa, 0x01, 0x2f, 0x84, 0x89, 0xe0, 0x56, 0x66, 0x7e, 0xe3, 0xe6, 0x99,
++ 0x4d, 0xb3, 0xd2, 0xf0, 0xce, 0xf3, 0xdf, 0x05, 0x0d, 0x57, 0x42, 0xcd,
++ 0xfc, 0x06, 0x3c, 0xe7, 0x11, 0x34, 0x7f, 0x51, 0x8e, 0xb7, 0x24, 0x01,
++ 0xe3, 0x26, 0x47, 0xe7, 0xd1, 0x57, 0x0e, 0x0e, 0xf1, 0x12, 0xc5, 0x79,
++ 0x2d, 0x87, 0x0f, 0xb1, 0x19, 0x6a, 0xd7, 0x44, 0x33, 0x46, 0x4c, 0xbc,
++ 0xc5, 0xc6, 0x24, 0xf8, 0x7c, 0x7a, 0x61, 0xfe, 0x72, 0x95, 0x21, 0xcd,
++ 0xd1, 0x3a, 0xd3, 0x5d, 0x77, 0x76, 0xbd, 0x86, 0xd8, 0xbd, 0x8e, 0x5e,
++ 0xf2, 0xe5, 0x20, 0x01, 0xd9, 0xb4, 0x47, 0xf7, 0x1c, 0x51, 0x70, 0x39,
++ 0x6a, 0xc7, 0xea, 0xed, 0x90, 0xd7, 0xc4, 0xd3, 0xcd, 0x8e, 0x4b, 0xd8,
++ 0x11, 0xf0, 0xd3, 0x66, 0x36, 0x77, 0xe2, 0x16, 0x13, 0xbd, 0xd2, 0x54,
++ 0x4a, 0x1c, 0x61, 0x54, 0x88, 0x1a, 0x69, 0x85, 0x9f, 0x5d, 0xc5, 0xb7,
++ 0x62, 0x7e, 0x72, 0x0a, 0x89, 0x90, 0x24, 0x8f, 0x39, 0xb2, 0xf2, 0xb6,
++ 0x12, 0x8e, 0x50, 0xb4, 0xd3, 0xea, 0xc3, 0xac, 0xea, 0x8d, 0x27, 0x17,
++ 0xbd, 0x07, 0xd2, 0x15, 0x80, 0x49, 0xe0, 0x97, 0x41, 0x16, 0xd6, 0x3b,
++ 0x24, 0xe8, 0x8b, 0xfd, 0xa3, 0x18, 0xbd, 0x52, 0x5d, 0xe2, 0x21, 0xce,
++ 0x7c, 0x6f, 0x10, 0x38, 0x70, 0x64, 0xc4, 0x15, 0xf3, 0x28, 0xc6, 0x66,
++ 0xfc, 0xd1, 0x22, 0x04, 0x80, 0x80, 0xc6, 0xc5, 0x75, 0xf5, 0xdc, 0xb0,
++ 0x40, 0x4b, 0x12, 0xfa, 0xdb, 0xd5, 0x36, 0xcd, 0x31, 0xab, 0xd7, 0x1d,
++ 0x18, 0x07, 0x9d, 0x09, 0x9b, 0x16, 0xa0, 0xfe, 0x1e, 0x6f, 0x3f, 0x34,
++ 0x5a, 0xe6, 0x70, 0x85, 0x98, 0x30, 0xd4, 0x94, 0xc5, 0xf0, 0x36, 0x35,
++ 0xa1, 0xed, 0x46, 0x63, 0x3c, 0x0f, 0xcf, 0xc5, 0x9e, 0x7c, 0x68, 0x25,
++ 0x64, 0x93, 0x30, 0x36, 0x38, 0xb1, 0x99, 0x6c, 0x37, 0xf5, 0xcf, 0x64,
++ 0x4b, 0xef, 0xa6, 0xff, 0x6a, 0xaa, 0xaa, 0xb6, 0x29, 0xed, 0x38, 0x80,
++ 0x1f, 0x58, 0x35, 0x88, 0x3f, 0x01, 0x1c, 0xc8, 0x23, 0x48, 0x37, 0xa7,
++ 0xd2, 0xb1, 0xb1, 0xee, 0x44, 0x59, 0x0a, 0xfb, 0x05, 0xd9, 0xe1, 0x5b,
++ 0x53, 0x34, 0x9d, 0x99, 0x30, 0x28, 0xa9, 0x3b, 0x8e, 0x1b, 0xac, 0x8a,
++ 0x90, 0x91, 0xc9, 0x71, 0x8a, 0xea, 0xb9, 0x11, 0xd5, 0x67, 0x87, 0x4f,
++ 0xdb, 0x27, 0x4f, 0x7f, 0xb8, 0x54, 0x7f, 0x5e, 0x18, 0x08, 0xf7, 0xf3,
++ 0x1c, 0x02, 0x3a, 0x04, 0xde, 0xcc, 0x10, 0x06, 0x7e, 0x15, 0xc3, 0x24,
++ 0x0c, 0xdf, 0x0d, 0xf8, 0x86, 0xc0, 0x4c, 0xab, 0x0f, 0x75, 0x04, 0xbe,
++ 0xf3, 0x90, 0x28, 0xd1, 0x22, 0x17, 0x96, 0xcc, 0x29, 0x11, 0x09, 0xa7,
++ 0x53, 0x42, 0xea, 0x91, 0x51, 0xaf, 0x55, 0xa1, 0x03, 0x67, 0x78, 0x63,
++ 0xb3, 0xb0, 0x0f, 0x59, 0x5d, 0x37, 0xe7, 0x30, 0x8b, 0xca, 0xa0, 0x45,
++ 0x12, 0x7a, 0xa5, 0x09, 0xfb, 0xa6, 0x99, 0xdd, 0xf7, 0xe9, 0x30, 0x5a,
++ 0xc2, 0x9d, 0x0d, 0xdf, 0x39, 0x99, 0x25, 0x0d, 0xb2, 0x57, 0xb6, 0x78,
++ 0x02, 0x30, 0xf8, 0x86, 0xde, 0x79, 0xb4, 0xbe, 0x3e, 0x53, 0xff, 0x74,
++ 0x0f, 0x4d, 0x30, 0x2d, 0xe6, 0x57, 0x4a, 0x57, 0x53, 0x3a, 0x0b, 0x19,
++ 0x86, 0xab, 0x90, 0xe5, 0x33, 0x84, 0x53, 0x7a, 0x17, 0xc5, 0xf1, 0x8c,
++ 0xc3, 0xe4, 0x11, 0x53, 0x2b, 0xb5, 0xb4, 0x8e, 0xe6, 0xd2, 0x04, 0x43,
++ 0x5b, 0x6a, 0x30, 0xc7, 0xca, 0xaf, 0x91, 0xc0, 0x76, 0x43, 0x86, 0x65,
++ 0xee, 0xcd, 0x82, 0xbe, 0xa2, 0xd8, 0x2d, 0xad, 0xeb, 0xb5, 0x1a, 0xb5,
++ 0xbf, 0xa1, 0xe7, 0x93, 0x50, 0x15, 0x08, 0x27, 0x27, 0x3c, 0xcc, 0x53,
++ 0x82, 0x67, 0xd4, 0xf2, 0x0d, 0x26, 0x60, 0x87, 0x05, 0x2e, 0xaa, 0x62,
++ 0x55, 0xcc, 0x9a, 0xee, 0x2c, 0x20, 0x23, 0x14, 0xfa, 0x5c, 0x29, 0x41,
++ 0xe1, 0x89, 0x83, 0x19, 0xc1, 0x36, 0x8c, 0xa4, 0x91, 0xf6, 0x40, 0x37,
++ 0x70, 0x2a, 0x0d, 0x82, 0xbb, 0x56, 0x6e, 0x23, 0x34, 0xb9, 0x6e, 0x33};
++
++static const unsigned char prime_safe_8192[] = {
++ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81,
++ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65,
++ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14,
++ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe,
++ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6,
++ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d,
++ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36,
++ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09,
++ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3,
++ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26,
++ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c,
++ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf,
++ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54,
++ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13,
++ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad,
++ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39,
++ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6,
++ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6,
++ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00,
++ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14,
++ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08,
++ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d,
++ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d,
++ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4,
++ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84,
++ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2,
++ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d,
++ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24,
++ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5,
++ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42,
++ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9,
++ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92,
++ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11,
++ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68,
++ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf,
++ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b,
++ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68,
++ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b,
++ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1,
++ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0,
++ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12,
++ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74,
++ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6,
++ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d,
++ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09,
++ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43,
++ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83,
++ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d,
++ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3,
++ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2,
++ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad,
++ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c,
++ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05,
++ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a,
++ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4,
++ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc,
++ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24,
++ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2,
++ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08,
++ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29,
++ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c,
++ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94,
++ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f,
++ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f,
++ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa,
++ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e,
++ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6,
++ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4,
++ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8,
++ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b,
++ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0,
++ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7,
++ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee,
++ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05,
++ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e,
++ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e,
++ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f,
++ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c,
++ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78,
++ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7,
++ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f,
++ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9,
++ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27,
++ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99,
++ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c,
++ 0x72, 0x10, 0xac, 0x73};
++
++/* Weak primes with value subprimes. Accepted, but takes more processing
++ * in both modes. */
++static const unsigned char prime_weak_1024[] = {
++ 0xe4, 0x82, 0x09, 0x4a, 0x6b, 0xbe, 0x9b, 0x51, 0x11, 0xa0, 0x74, 0x25,
++ 0xff, 0x50, 0x1c, 0x0a, 0xd6, 0xd0, 0xbc, 0xd3, 0x24, 0x89, 0x75, 0x74,
++ 0xb3, 0xd6, 0x6b, 0xf4, 0xc7, 0x5f, 0x6a, 0xec, 0x1e, 0x3a, 0x20, 0x02,
++ 0x16, 0x75, 0xcc, 0x44, 0x4a, 0xbf, 0x5b, 0x58, 0xad, 0xfe, 0xb0, 0x18,
++ 0x6a, 0x38, 0x8b, 0xcb, 0xdb, 0xd1, 0x77, 0x42, 0xe3, 0xa3, 0x87, 0x8a,
++ 0x99, 0x2e, 0x11, 0xd8, 0xc9, 0x02, 0x84, 0x1d, 0xd2, 0x67, 0x28, 0xbd,
++ 0x8f, 0xfb, 0x56, 0xf2, 0x63, 0x8a, 0x2c, 0x7c, 0x38, 0xef, 0xa2, 0x0c,
++ 0x6a, 0x36, 0xd0, 0x99, 0x13, 0x47, 0x48, 0x40, 0xe5, 0xcd, 0xdb, 0x04,
++ 0x4c, 0xa2, 0x12, 0x3f, 0x1a, 0x9b, 0x9a, 0x0e, 0xb8, 0x68, 0x7d, 0x01,
++ 0xbc, 0x16, 0x6f, 0x51, 0x64, 0x1d, 0xab, 0x21, 0x75, 0x49, 0x12, 0x36,
++ 0xac, 0x65, 0x8b, 0xf8, 0x87, 0xd9, 0xaf, 0xd1};
++
++static const unsigned char subprime_weak_1024[] = {
++ 0xef, 0x0c, 0x17, 0x60, 0xd1, 0x91, 0x8f, 0xea, 0x4d, 0xbe,
++ 0x0a, 0xb2, 0x37, 0xcc, 0x6b, 0xba, 0x97, 0x98, 0x2d, 0x4b};
++
++static const unsigned char base_weak_1024[] = {
++ 0x5a, 0x70, 0x8b, 0xe1, 0x1d, 0xed, 0x69, 0x04, 0xd0, 0xdc, 0xda, 0x84,
++ 0x9e, 0x79, 0x56, 0x11, 0x44, 0xdc, 0xf7, 0xb8, 0x84, 0x88, 0x75, 0x67,
++ 0xba, 0x80, 0x5b, 0x7e, 0x50, 0xc1, 0x5c, 0x80, 0x59, 0xaa, 0x55, 0x24,
++ 0x44, 0x6a, 0x8a, 0x31, 0x20, 0x1a, 0xd4, 0xba, 0x5f, 0x32, 0xc6, 0x5d,
++ 0x9d, 0x0e, 0x58, 0xfc, 0xd0, 0x6c, 0x74, 0xea, 0xd9, 0xc6, 0x86, 0x9f,
++ 0x3f, 0x83, 0x0e, 0x73, 0xae, 0x28, 0x40, 0x19, 0x9f, 0x5d, 0x64, 0xc4,
++ 0xae, 0xda, 0x11, 0x3e, 0x3f, 0x44, 0x87, 0xac, 0x41, 0x1e, 0xfa, 0xdb,
++ 0x1f, 0xde, 0x09, 0x7c, 0x54, 0x7c, 0x8a, 0xe0, 0x82, 0xd7, 0x8c, 0xb9,
++ 0x61, 0xa0, 0x10, 0xab, 0xff, 0xe1, 0x1f, 0x8b, 0x9d, 0x51, 0x71, 0xc7,
++ 0xfb, 0xd9, 0xe0, 0x10, 0xc3, 0x7d, 0x88, 0xe9, 0xd2, 0x42, 0xaf, 0xda,
++ 0x77, 0x55, 0x28, 0x07, 0x03, 0x26, 0xb3, 0x77};
++
++static const unsigned char prime_weak_2048[] = {
++ 0xb5, 0x08, 0x83, 0x6a, 0x22, 0x39, 0xdf, 0x02, 0xfe, 0x73, 0x6b, 0xfb,
++ 0x0d, 0x4e, 0xad, 0x4b, 0x0f, 0xfd, 0xb2, 0x27, 0xe7, 0xd2, 0x35, 0xd4,
++ 0x83, 0xf2, 0xbc, 0x29, 0xff, 0x50, 0xf7, 0x6b, 0xb7, 0x94, 0x38, 0xff,
++ 0xdc, 0x79, 0x67, 0x9a, 0x80, 0x8b, 0xc2, 0x20, 0x4e, 0x53, 0x02, 0x2a,
++ 0x07, 0xec, 0xa9, 0xbd, 0x22, 0xd1, 0xba, 0x35, 0x31, 0x10, 0x21, 0xb6,
++ 0x4f, 0xe1, 0x94, 0x0b, 0xb0, 0xb3, 0x37, 0x20, 0x0d, 0x6a, 0xd4, 0x91,
++ 0x5c, 0x85, 0xe9, 0xae, 0x8a, 0xf2, 0x94, 0xe7, 0x44, 0xf5, 0xcc, 0x04,
++ 0x82, 0x57, 0x81, 0x21, 0x83, 0x18, 0x48, 0x2d, 0xe3, 0x1c, 0xa1, 0x7f,
++ 0xee, 0x10, 0xb9, 0xe8, 0x40, 0xfc, 0xda, 0x43, 0x7d, 0x18, 0xe4, 0x68,
++ 0x9f, 0xed, 0x5e, 0xc3, 0x1f, 0x80, 0xef, 0x5c, 0x24, 0x5e, 0x68, 0xac,
++ 0x99, 0x9c, 0x74, 0x96, 0x5b, 0xb3, 0xe7, 0xb2, 0x65, 0x78, 0xfb, 0x3c,
++ 0x11, 0x00, 0x04, 0x4b, 0x98, 0x0e, 0x8a, 0x7b, 0x38, 0x08, 0x34, 0xb9,
++ 0x6d, 0x08, 0x65, 0x17, 0x91, 0x49, 0x62, 0x47, 0x64, 0xab, 0xc6, 0xd0,
++ 0xf2, 0xcf, 0x89, 0x07, 0xeb, 0xa3, 0x5d, 0xf3, 0xa2, 0xfb, 0xdd, 0x7b,
++ 0x3e, 0x7e, 0xa2, 0xd7, 0x1a, 0x42, 0xad, 0x74, 0xbd, 0xbb, 0xcf, 0x21,
++ 0x91, 0xd2, 0x6b, 0x1d, 0x9d, 0xa8, 0x05, 0x88, 0x4f, 0xb1, 0x45, 0xa2,
++ 0x86, 0x90, 0x12, 0xfd, 0xcb, 0x25, 0xe1, 0x12, 0x08, 0x47, 0x1d, 0x83,
++ 0x2d, 0x14, 0x42, 0x20, 0x08, 0x31, 0x54, 0x2c, 0x9b, 0x49, 0xf6, 0xb6,
++ 0x2d, 0x25, 0xea, 0x28, 0xbf, 0x13, 0x2b, 0xd3, 0x45, 0x8d, 0x02, 0x9f,
++ 0xa5, 0xaa, 0xeb, 0xc0, 0x48, 0xd1, 0x06, 0xe6, 0x1e, 0xa0, 0x3e, 0x04,
++ 0x20, 0x79, 0x7c, 0xd1, 0xd0, 0xac, 0x61, 0x89, 0x6c, 0x3b, 0x88, 0xa3,
++ 0x54, 0x6c, 0x80, 0x59};
++
++static const unsigned char subprime_weak_2048[] = {
++ 0xcd, 0x9d, 0xbf, 0x88, 0xe5, 0xc0, 0x03, 0x16, 0xec, 0x9c, 0xb4,
++ 0x6e, 0x54, 0xd2, 0xbf, 0xdc, 0x05, 0x92, 0xcd, 0x05, 0x87, 0xc9,
++ 0x9c, 0x91, 0x19, 0x54, 0xb6, 0xd7, 0x1e, 0xe1, 0x0a, 0x93};
++
++static const unsigned char base_weak_2048[] = {
++ 0x36, 0xc6, 0x6e, 0x3e, 0xe8, 0x44, 0xa0, 0x57, 0x1d, 0x8e, 0x71, 0xb6,
++ 0x6c, 0x24, 0xf6, 0x1d, 0xb6, 0xa5, 0xfd, 0xe3, 0xd6, 0xc5, 0x6b, 0xe8,
++ 0x94, 0x5a, 0x8c, 0x5a, 0xdf, 0x41, 0x51, 0xe6, 0xfb, 0x76, 0x4b, 0x06,
++ 0x4b, 0x03, 0x33, 0x98, 0x15, 0xb5, 0x60, 0x43, 0xc7, 0xc5, 0xb3, 0x4d,
++ 0x58, 0x90, 0xe8, 0x63, 0xc5, 0xad, 0x5f, 0x57, 0xcf, 0x42, 0x26, 0x99,
++ 0xa0, 0x71, 0xc6, 0x73, 0x03, 0xa0, 0x45, 0xd0, 0x87, 0xf0, 0xd8, 0x9a,
++ 0xb2, 0x7d, 0xd7, 0x2d, 0x10, 0x52, 0x04, 0x36, 0x37, 0x4f, 0x9d, 0xb7,
++ 0x66, 0xdc, 0xf5, 0x76, 0xac, 0x87, 0xfe, 0x5a, 0x9d, 0xca, 0x1e, 0xfb,
++ 0x6f, 0x7f, 0xfd, 0x9a, 0xaa, 0x12, 0xcf, 0x7a, 0xdb, 0x15, 0xf3, 0xb2,
++ 0x7b, 0x17, 0xb9, 0xaf, 0x5f, 0xdf, 0x9c, 0x66, 0x29, 0x83, 0x89, 0xf9,
++ 0xf9, 0xf7, 0x4a, 0x04, 0x1d, 0x00, 0xf7, 0x11, 0x98, 0x18, 0x0a, 0xab,
++ 0x47, 0xcc, 0x3e, 0x11, 0xf4, 0xe0, 0x7e, 0xad, 0xa5, 0x67, 0xf8, 0x4b,
++ 0x1b, 0x81, 0x72, 0x8e, 0x5b, 0x49, 0x90, 0x0e, 0x01, 0xc1, 0x7e, 0x8d,
++ 0xfb, 0xa2, 0xe7, 0x92, 0xd0, 0x23, 0xf5, 0x4a, 0xe8, 0xd4, 0x51, 0xc4,
++ 0x89, 0xe8, 0x4a, 0x9f, 0xf6, 0xa2, 0xdc, 0xe2, 0x32, 0x88, 0x56, 0x2c,
++ 0x97, 0x38, 0xdf, 0xd6, 0x4f, 0xfb, 0xf8, 0xbb, 0xee, 0x7a, 0x3a, 0x05,
++ 0xa2, 0x7f, 0xbb, 0x6d, 0xf6, 0xd6, 0x48, 0xf4, 0x6d, 0x23, 0xb3, 0x93,
++ 0x7c, 0xfb, 0xd4, 0x8c, 0xa0, 0x58, 0xbc, 0xdf, 0x1b, 0x35, 0x2a, 0x56,
++ 0x80, 0x7c, 0xc6, 0x28, 0x35, 0xb6, 0x17, 0x5d, 0xa5, 0x15, 0x79, 0x7d,
++ 0x2c, 0x6a, 0xcf, 0xb1, 0xb1, 0x6e, 0xea, 0xd0, 0x4b, 0xfb, 0xa5, 0xbb,
++ 0xb7, 0x9f, 0x74, 0x42, 0xd5, 0xf3, 0x4b, 0x54, 0x40, 0xf0, 0x4c, 0x6b,
++ 0x0f, 0xaf, 0x89, 0x10};
++
++static const unsigned char prime_weak_3072[] = {
++ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69,
++ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3,
++ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61,
++ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5,
++ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0,
++ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26,
++ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a,
++ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58,
++ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef,
++ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef,
++ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f,
++ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f,
++ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f,
++ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce,
++ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44,
++ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07,
++ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26,
++ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3,
++ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8,
++ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1,
++ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7,
++ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5,
++ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24,
++ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2,
++ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c,
++ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82,
++ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f,
++ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c,
++ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee,
++ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c,
++ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76,
++ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2d};
++
++static const unsigned char subprime_weak_3072[] = {
++ 0xd6, 0xf6, 0xeb, 0x1e, 0x65, 0x44, 0xe1, 0x1a, 0x37, 0x69, 0x8c,
++ 0x60, 0x45, 0xcb, 0xcb, 0x52, 0xe4, 0x88, 0xcb, 0xad, 0xb2, 0x27,
++ 0x18, 0xfa, 0x3a, 0xcf, 0xc6, 0xf9, 0xc3, 0x03, 0xa8, 0xb9};
++
++static const unsigned char base_weak_3072[] = {
++ 0x6e, 0x65, 0xcd, 0xd8, 0xbf, 0x8a, 0x5a, 0xa1, 0x05, 0x62, 0xa2, 0x64,
++ 0x88, 0x4a, 0x49, 0x1b, 0x57, 0xa8, 0x0e, 0x2e, 0x28, 0x4a, 0xe3, 0xaa,
++ 0xa7, 0x4e, 0xc7, 0x06, 0xe2, 0xf8, 0x9c, 0xd7, 0x05, 0x05, 0x6e, 0x5b,
++ 0x89, 0xd5, 0xa1, 0x16, 0xda, 0x2a, 0x2f, 0xe6, 0x86, 0xf0, 0x6e, 0xdc,
++ 0xd0, 0xbc, 0x0b, 0x39, 0x90, 0xe3, 0x74, 0x2c, 0x02, 0x6f, 0x7e, 0x32,
++ 0x2d, 0xf6, 0xd7, 0xa2, 0xfb, 0xe9, 0xaf, 0x8b, 0xb3, 0x1c, 0xd0, 0x78,
++ 0x4a, 0x76, 0xf8, 0xbd, 0x03, 0x5b, 0x0c, 0x68, 0x65, 0x23, 0x8a, 0x45,
++ 0xf3, 0x51, 0xe0, 0xe1, 0x96, 0x57, 0x7e, 0x05, 0x6c, 0xae, 0xaf, 0xa6,
++ 0x45, 0xdc, 0xa8, 0x36, 0x69, 0xa5, 0x13, 0x37, 0x4a, 0x16, 0x43, 0x11,
++ 0xab, 0x5b, 0xb6, 0xcf, 0x86, 0xb6, 0xf8, 0x44, 0xb9, 0x76, 0xe7, 0x1e,
++ 0x88, 0x99, 0x6f, 0xfe, 0xfb, 0x5c, 0xdb, 0x59, 0x4c, 0x26, 0xdb, 0x20,
++ 0x20, 0x97, 0x47, 0xda, 0x7b, 0x1d, 0xe9, 0x18, 0x1a, 0x89, 0x07, 0x3b,
++ 0xd1, 0xc8, 0x4c, 0xfd, 0xae, 0x35, 0x4c, 0xa0, 0x42, 0x94, 0x89, 0xc0,
++ 0xae, 0x2f, 0x94, 0x49, 0xd9, 0x7d, 0xb2, 0x4c, 0x50, 0x29, 0x46, 0x14,
++ 0x9a, 0x56, 0x49, 0x7a, 0x09, 0xa8, 0x95, 0x3a, 0x94, 0x06, 0x7c, 0xf0,
++ 0xea, 0x39, 0xcb, 0x33, 0xad, 0x28, 0xd1, 0x55, 0x02, 0xf5, 0x46, 0x0c,
++ 0x92, 0x12, 0x17, 0x05, 0x60, 0x97, 0xcd, 0x2f, 0x18, 0x5e, 0xe3, 0x41,
++ 0xe6, 0x46, 0x69, 0x27, 0x7d, 0x61, 0x00, 0x1e, 0x8d, 0x74, 0xa5, 0xc5,
++ 0xcb, 0xb9, 0xbc, 0x3f, 0x7a, 0x21, 0x23, 0x22, 0x1b, 0x15, 0x50, 0xb9,
++ 0x4b, 0x3b, 0x9f, 0xd5, 0xc0, 0x8c, 0xb9, 0x9d, 0x7e, 0xf4, 0x13, 0xc9,
++ 0x64, 0xe3, 0x7b, 0x44, 0xa7, 0x10, 0xad, 0x3c, 0xaf, 0xf0, 0x07, 0x8d,
++ 0x04, 0xc9, 0xa9, 0x36, 0x10, 0xb9, 0x8d, 0x7d, 0x43, 0x24, 0x7d, 0x8d,
++ 0x3c, 0x74, 0x58, 0x02, 0xb9, 0x4b, 0xe6, 0x6c, 0xa9, 0x9f, 0xdc, 0x50,
++ 0x5f, 0x62, 0x68, 0xc7, 0x14, 0xe7, 0x88, 0x33, 0x3e, 0x41, 0xad, 0x92,
++ 0x9d, 0x15, 0xd4, 0x77, 0xb9, 0xfb, 0x18, 0xd2, 0x8b, 0xb3, 0xc4, 0x0f,
++ 0x26, 0x04, 0xa4, 0xb1, 0xc1, 0x83, 0x96, 0x17, 0x67, 0x52, 0xa5, 0xfb,
++ 0x1b, 0x70, 0x20, 0x1c, 0x8c, 0x24, 0xc4, 0x5c, 0xd7, 0xe2, 0x12, 0xe3,
++ 0x31, 0x10, 0x4e, 0x85, 0xc2, 0xd2, 0x63, 0x3a, 0x75, 0xe0, 0x9e, 0x6f,
++ 0x78, 0x19, 0xb0, 0x40, 0x03, 0x32, 0x75, 0x6f, 0xea, 0x2f, 0x90, 0xb2,
++ 0x48, 0x79, 0xa1, 0xa0, 0x61, 0xf6, 0x13, 0xf3, 0x50, 0xa9, 0xec, 0x90,
++ 0x5d, 0xae, 0x45, 0x4f, 0x1b, 0x80, 0xd3, 0x96, 0x62, 0x05, 0x5b, 0x53,
++ 0x63, 0x99, 0xe5, 0xf2, 0x1b, 0xeb, 0x3e, 0x25, 0x2e, 0x72, 0xdb, 0x1f};
++
++static const unsigned char prime_weak_4096[] = {
++ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2,
++ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc,
++ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60,
++ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8,
++ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2,
++ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60,
++ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28,
++ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae,
++ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c,
++ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53,
++ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a,
++ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44,
++ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b,
++ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd,
++ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb,
++ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e,
++ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e,
++ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59,
++ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8,
++ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88,
++ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c,
++ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3,
++ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11,
++ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd,
++ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c,
++ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e,
++ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6,
++ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd,
++ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f,
++ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68,
++ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71,
++ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c,
++ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71,
++ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d,
++ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3,
++ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75,
++ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b,
++ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9,
++ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef,
++ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd,
++ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa,
++ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7,
++ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d};
++
++static const unsigned char subprime_weak_4096[] = {
++ 0xcf, 0xd9, 0x38, 0x6d, 0x5b, 0x8d, 0x82, 0x9d, 0xa8, 0xe7, 0x9f,
++ 0x21, 0x46, 0xcc, 0x15, 0xea, 0x61, 0x31, 0x13, 0x5d, 0x50, 0xcd,
++ 0x99, 0x26, 0xf9, 0x44, 0x28, 0x44, 0xc8, 0xae, 0xb7, 0x8f};
++
++static const unsigned char base_weak_4096[] = {
++ 0x55, 0xa1, 0x9d, 0x92, 0x16, 0x3d, 0x9c, 0xfa, 0xd7, 0x7c, 0x71, 0xea,
++ 0x29, 0x53, 0x9b, 0xdc, 0x8e, 0xa6, 0xbb, 0x06, 0xd5, 0x00, 0x5d, 0x6c,
++ 0x8e, 0x5d, 0x44, 0xb9, 0x13, 0x4b, 0x20, 0x92, 0x6d, 0x39, 0x9d, 0x34,
++ 0xaf, 0x9b, 0x12, 0x1d, 0xc5, 0xea, 0xb2, 0x89, 0x05, 0xa6, 0x49, 0x9f,
++ 0xd8, 0xf4, 0xba, 0x33, 0xab, 0x28, 0xf2, 0x2f, 0xf6, 0x49, 0x37, 0x0e,
++ 0xb2, 0xc6, 0x41, 0x8c, 0x91, 0x97, 0x07, 0xf8, 0xa3, 0x88, 0x12, 0x6b,
++ 0xe8, 0x85, 0x0e, 0x26, 0x0a, 0x79, 0xe2, 0x48, 0x1c, 0x5c, 0xee, 0x99,
++ 0x4b, 0xd1, 0xf7, 0xe8, 0xff, 0xae, 0x5b, 0xd1, 0xf4, 0x5e, 0x6a, 0x09,
++ 0xc2, 0xa0, 0xc3, 0x14, 0xe3, 0xc6, 0x25, 0x3e, 0xe4, 0xff, 0xd7, 0x38,
++ 0xb4, 0xf4, 0xda, 0xab, 0xde, 0x84, 0x08, 0xd3, 0x53, 0xce, 0xb9, 0x5f,
++ 0x41, 0x4a, 0x02, 0x9f, 0xe1, 0x90, 0x3a, 0x80, 0x2f, 0xc5, 0xbb, 0xcc,
++ 0x92, 0xa8, 0x76, 0xa4, 0x78, 0x32, 0x70, 0x50, 0x21, 0x54, 0x4a, 0x97,
++ 0x4b, 0x8f, 0x2f, 0x61, 0x66, 0x65, 0x57, 0x2e, 0xf3, 0x64, 0x0e, 0x7e,
++ 0xa0, 0xf7, 0xf7, 0x5a, 0x32, 0xd9, 0x88, 0xf7, 0x4c, 0x4b, 0xd6, 0x5a,
++ 0xe1, 0x82, 0xd7, 0x6e, 0x4d, 0xee, 0xa2, 0xf0, 0x4e, 0x3f, 0x26, 0xba,
++ 0xfa, 0xfb, 0xe2, 0x1d, 0x64, 0x19, 0x10, 0x77, 0x99, 0xf4, 0x02, 0x46,
++ 0x30, 0xb0, 0xb1, 0x4b, 0xb2, 0xbd, 0x2c, 0xd4, 0xf8, 0xf2, 0x7f, 0xaf,
++ 0xd6, 0x80, 0xa4, 0x16, 0x72, 0x39, 0x0b, 0x83, 0x7d, 0x1a, 0x03, 0xcf,
++ 0x0c, 0xdc, 0xaa, 0x9c, 0x21, 0x61, 0xef, 0x12, 0x92, 0xc5, 0x71, 0x50,
++ 0x7f, 0x66, 0xda, 0x28, 0x50, 0xfa, 0x18, 0x33, 0xb8, 0x86, 0x50, 0x1a,
++ 0x8e, 0x6b, 0x6f, 0xd3, 0xe2, 0x7d, 0x6e, 0x3f, 0x6d, 0x9b, 0x26, 0x33,
++ 0x98, 0x82, 0x95, 0x2a, 0xdf, 0x11, 0xf8, 0xb6, 0x05, 0x10, 0x3d, 0x39,
++ 0x23, 0x28, 0x4a, 0x35, 0x72, 0xc4, 0x7f, 0x47, 0x5a, 0x0b, 0xcb, 0xed,
++ 0x54, 0xd3, 0x81, 0xdf, 0xd7, 0x0c, 0xf6, 0xbe, 0xca, 0x8e, 0xac, 0x22,
++ 0x67, 0xd4, 0xf9, 0xcb, 0xaf, 0xe6, 0x42, 0x58, 0x97, 0x0f, 0x24, 0xdf,
++ 0xb8, 0x85, 0xbe, 0x34, 0xd7, 0x68, 0xfa, 0xbf, 0xc5, 0xcb, 0x61, 0x8b,
++ 0xbf, 0xa8, 0xf7, 0x64, 0xee, 0xf3, 0x8d, 0xf7, 0x5b, 0x6e, 0xe8, 0x07,
++ 0xa0, 0x6d, 0xb5, 0x75, 0xa2, 0x33, 0x1f, 0xe0, 0x3e, 0x82, 0xc0, 0xef,
++ 0xeb, 0x6a, 0x8a, 0xba, 0x87, 0xb4, 0x44, 0x66, 0xb2, 0xe7, 0x06, 0xa5,
++ 0x5a, 0x02, 0x26, 0xa7, 0x8d, 0x57, 0xa7, 0x28, 0x62, 0x20, 0x0e, 0x3b,
++ 0xff, 0x90, 0xca, 0x9e, 0x95, 0xdf, 0xf3, 0x63, 0x8c, 0xc0, 0xd6, 0x1b,
++ 0xaa, 0x5e, 0x66, 0x54, 0xb2, 0x77, 0x4d, 0xd4, 0xd3, 0x99, 0xeb, 0xba,
++ 0xc1, 0x3c, 0xe3, 0xf7, 0x48, 0x65, 0x9f, 0xb3, 0x0c, 0x96, 0x3f, 0x3b,
++ 0x2f, 0x10, 0x80, 0x8f, 0x59, 0x49, 0xa0, 0x26, 0x68, 0xf9, 0x8e, 0x0b,
++ 0x66, 0x6e, 0xc1, 0x57, 0x77, 0x5d, 0xc7, 0x4b, 0x3b, 0x73, 0xa7, 0x75,
++ 0x80, 0x0d, 0x93, 0x36, 0x62, 0xf5, 0x5f, 0xa0, 0x71, 0x72, 0x54, 0x33,
++ 0x3b, 0xc8, 0xee, 0x68, 0x70, 0xdc, 0x1e, 0x39, 0x04, 0x1e, 0x98, 0xd4,
++ 0x7f, 0x57, 0x0e, 0x5d, 0x6e, 0x3f, 0x27, 0xc1, 0x7d, 0x50, 0x13, 0x5b,
++ 0x31, 0xfe, 0x7b, 0x12, 0xd5, 0x42, 0xda, 0x8d, 0x0e, 0x69, 0xcc, 0xa1,
++ 0xc4, 0x90, 0xf5, 0x37, 0x13, 0x20, 0x42, 0x74, 0xea, 0x79, 0xde, 0x84,
++ 0x6d, 0x8e, 0xcf, 0x57, 0x0b, 0x9f, 0xa6, 0x1d, 0xbe, 0x42, 0xb2, 0x47,
++ 0xf8, 0x7e, 0x51, 0x2e, 0x8b, 0x5e, 0x7d, 0x3d, 0x98, 0x1e, 0x43, 0x2b,
++ 0x32, 0x2f, 0xcb, 0x64, 0xd9, 0x43, 0x2b, 0xae};
++
++static const unsigned char prime_weak_6144[] = {
++ 0xa2, 0x24, 0x96, 0xb6, 0x21, 0x68, 0xd5, 0x7e, 0x2c, 0x60, 0x4d, 0xc8,
++ 0x81, 0x59, 0x9c, 0x1c, 0x70, 0xec, 0x24, 0x28, 0xb6, 0x52, 0x36, 0x09,
++ 0x87, 0xaa, 0xc1, 0x5b, 0xe5, 0xa6, 0x3e, 0x88, 0x54, 0x05, 0xe3, 0x09,
++ 0x09, 0xca, 0x6d, 0x9b, 0xc4, 0x8d, 0x26, 0xaf, 0xd7, 0xee, 0x9f, 0x0d,
++ 0xbd, 0x44, 0x8e, 0xfe, 0xcd, 0xf2, 0xe6, 0xde, 0xac, 0xf2, 0x02, 0x37,
++ 0xdc, 0x35, 0xc2, 0xce, 0xcd, 0x5f, 0xc5, 0x87, 0x0f, 0x99, 0xa7, 0xdb,
++ 0x0f, 0x1a, 0xcd, 0x76, 0xaa, 0x4a, 0xa5, 0x09, 0x60, 0x60, 0xe3, 0x58,
++ 0xe4, 0x52, 0x07, 0x1b, 0x42, 0x17, 0x11, 0x50, 0x2b, 0x40, 0x95, 0x8d,
++ 0x48, 0xa0, 0x34, 0x95, 0x25, 0x38, 0xcf, 0x09, 0x94, 0xe6, 0x55, 0x06,
++ 0x8a, 0xde, 0xdc, 0x41, 0x4a, 0xd9, 0x1f, 0x80, 0x82, 0x1d, 0xb8, 0x1e,
++ 0x84, 0x60, 0xde, 0xed, 0x4f, 0xc0, 0xd8, 0x1d, 0x54, 0xda, 0xb3, 0xf3,
++ 0x0e, 0x54, 0x3f, 0x18, 0x88, 0xff, 0x25, 0x31, 0xc6, 0x16, 0xe6, 0x70,
++ 0xfa, 0xc4, 0x08, 0xfc, 0x00, 0x8b, 0xf6, 0x9d, 0x29, 0x8a, 0x59, 0x49,
++ 0xed, 0x5c, 0x34, 0x7a, 0x84, 0x79, 0x40, 0xc1, 0x7e, 0x82, 0x17, 0x36,
++ 0xc8, 0x96, 0xb5, 0xd2, 0xf9, 0xdb, 0xc0, 0x10, 0x9f, 0xf8, 0x95, 0x35,
++ 0x6f, 0xb0, 0xb9, 0x48, 0x88, 0xdc, 0xf0, 0x4d, 0x30, 0xcd, 0x15, 0xfd,
++ 0x2f, 0xba, 0x18, 0xcc, 0x94, 0x50, 0x3f, 0xfe, 0x60, 0x3d, 0x7a, 0x46,
++ 0xef, 0xc4, 0xcd, 0x14, 0xe0, 0xef, 0x97, 0x81, 0xa1, 0x95, 0xe3, 0xa5,
++ 0x91, 0x9a, 0xf7, 0x9f, 0x7c, 0xfa, 0x0c, 0x69, 0xb6, 0xdf, 0xdb, 0xaf,
++ 0x31, 0xd8, 0xa8, 0x77, 0x6a, 0xba, 0xba, 0x80, 0xff, 0x3f, 0x5f, 0x86,
++ 0x9f, 0x80, 0x03, 0x1e, 0xd0, 0x5f, 0x37, 0x50, 0x61, 0xfc, 0x03, 0xd8,
++ 0x93, 0xa1, 0x79, 0x62, 0xfa, 0x92, 0xb8, 0x4a, 0x66, 0x99, 0xd7, 0x85,
++ 0x8d, 0x0f, 0x07, 0x02, 0x03, 0x83, 0x8c, 0x20, 0xa5, 0x9c, 0x2f, 0xfd,
++ 0x22, 0x5a, 0xf0, 0x95, 0x1e, 0xbf, 0x17, 0xf1, 0x3a, 0x40, 0x7f, 0xce,
++ 0x94, 0x62, 0x5f, 0x58, 0xe5, 0xf3, 0x99, 0x8c, 0x38, 0x8f, 0x05, 0x10,
++ 0x68, 0xea, 0x41, 0xb5, 0xc0, 0x6f, 0x4f, 0x63, 0x87, 0x1d, 0x98, 0xc3,
++ 0x31, 0x66, 0x1e, 0x9f, 0x2d, 0x3c, 0x6e, 0x9f, 0xb3, 0xcf, 0x8e, 0x77,
++ 0xf5, 0x3c, 0x51, 0x5a, 0xee, 0x82, 0xa1, 0xc5, 0x53, 0x20, 0x75, 0xd1,
++ 0xa8, 0x02, 0x37, 0x43, 0x08, 0x16, 0x05, 0x01, 0xed, 0xea, 0xf1, 0x52,
++ 0x58, 0x20, 0x94, 0x85, 0x05, 0x2e, 0x48, 0x3f, 0x47, 0x49, 0x4f, 0x01,
++ 0x44, 0xbd, 0x1e, 0x42, 0xea, 0x90, 0x90, 0x23, 0x99, 0x05, 0xfd, 0x37,
++ 0x41, 0x0c, 0x2f, 0xc4, 0x20, 0x04, 0x99, 0xee, 0x0f, 0xbb, 0xc2, 0x6d,
++ 0x0a, 0x7f, 0x24, 0x5a, 0x17, 0xa4, 0xeb, 0x9c, 0x67, 0xfe, 0x64, 0x0d,
++ 0xea, 0xb7, 0x20, 0x48, 0x40, 0x3b, 0x25, 0xed, 0x51, 0x5c, 0xfc, 0x20,
++ 0x18, 0xb6, 0xfc, 0x3e, 0xdb, 0xd9, 0xa1, 0xbd, 0x9e, 0xee, 0xcb, 0x5d,
++ 0x02, 0xfe, 0x7f, 0x42, 0x9d, 0xc9, 0xce, 0xfa, 0xe1, 0xd8, 0xf2, 0x05,
++ 0x67, 0x35, 0x88, 0x4e, 0xd7, 0x70, 0x97, 0x63, 0xb5, 0x0c, 0x60, 0x89,
++ 0xc0, 0xfe, 0x32, 0xd7, 0xae, 0x4b, 0xf1, 0x0a, 0xae, 0x3c, 0xde, 0x18,
++ 0x9c, 0x1d, 0xd2, 0xda, 0xf2, 0x02, 0x8d, 0xf1, 0x07, 0xd6, 0x5e, 0xb7,
++ 0xba, 0xaf, 0x81, 0x97, 0xee, 0xe0, 0x9d, 0x51, 0xf3, 0x1d, 0xc1, 0x5d,
++ 0x43, 0xe2, 0x0b, 0x0c, 0x9c, 0x0d, 0x74, 0x91, 0x20, 0x6f, 0x65, 0xf1,
++ 0xf2, 0x84, 0x02, 0x38, 0xb5, 0xe5, 0x10, 0x21, 0xfc, 0xe6, 0xc3, 0x4b,
++ 0x60, 0x49, 0x6a, 0xf1, 0xd5, 0x50, 0x0f, 0x6f, 0x8b, 0x1e, 0x80, 0xf3,
++ 0x5d, 0x29, 0xee, 0x60, 0xab, 0x26, 0xa5, 0x8c, 0xc4, 0x4c, 0xcb, 0xa6,
++ 0xaa, 0xe3, 0xfe, 0xd1, 0x67, 0x48, 0xb4, 0xfa, 0xbf, 0x57, 0xfe, 0x62,
++ 0x85, 0xa0, 0xac, 0xdc, 0x4e, 0x71, 0x01, 0xcc, 0x12, 0xec, 0x80, 0x95,
++ 0x54, 0xdc, 0x14, 0x9e, 0x20, 0xda, 0x5a, 0xbd, 0xee, 0x76, 0xbe, 0x39,
++ 0xcf, 0xbd, 0x8a, 0xe3, 0x0e, 0x71, 0x85, 0xe4, 0x3c, 0x62, 0x3b, 0xf8,
++ 0x6e, 0x70, 0xd4, 0xd6, 0x2e, 0xe0, 0x5e, 0x11, 0x9d, 0x33, 0xd9, 0x30,
++ 0xff, 0x3b, 0xcc, 0x2a, 0x39, 0xc4, 0x6f, 0xfd, 0xca, 0x88, 0xad, 0x28,
++ 0xa2, 0xe8, 0xa8, 0xd7, 0xe6, 0x08, 0x0d, 0xaf, 0x9d, 0xd8, 0xc8, 0x41,
++ 0x66, 0x84, 0x66, 0x86, 0x2b, 0x81, 0x3b, 0x6c, 0xc6, 0x76, 0x27, 0x6a,
++ 0x0d, 0x96, 0x0e, 0x65, 0x3e, 0xdf, 0xf5, 0x68, 0x04, 0x9d, 0x2d, 0x26,
++ 0x8b, 0xca, 0x0a, 0x79, 0x2a, 0xb4, 0xa0, 0xb3, 0x18, 0x4a, 0xea, 0x6a,
++ 0xd2, 0x14, 0xcd, 0x47, 0x85, 0x9f, 0x86, 0xd7, 0xde, 0xaa, 0x1e, 0x0e,
++ 0x71, 0x13, 0xec, 0xfe, 0x7c, 0x69, 0xbf, 0x22, 0xf0, 0x61, 0x50, 0x97,
++ 0x77, 0xc2, 0x2b, 0x31, 0x89, 0x11, 0xd6, 0x08, 0xb1, 0xd4, 0xce, 0xba,
++ 0xa0, 0x16, 0x9c, 0x2b, 0x8b, 0x3e, 0x17, 0xd8, 0xea, 0xe1, 0xf1, 0x20,
++ 0x7f, 0x3e, 0x76, 0x9f, 0x2f, 0x46, 0xc3, 0xaf, 0xc4, 0xba, 0xc9, 0x63,
++ 0xf7, 0xbb, 0x98, 0x6d, 0x60, 0x16, 0x04, 0x14, 0xc2, 0xed, 0x2e, 0xc3,
++ 0x00, 0x4f, 0x8f, 0x9d, 0xc6, 0xd9, 0xcd, 0xc1, 0xab, 0x4e, 0x67, 0xed,
++ 0xf8, 0xd2, 0x62, 0x13, 0xfa, 0x11, 0x31, 0xbb, 0x08, 0xdd, 0x4e, 0x89,
++ 0x4a, 0xff, 0x07, 0x89, 0xb5, 0x6c, 0xc3, 0xfe, 0x76, 0x6d, 0x10, 0x4c,
++ 0x1e, 0x10, 0x55, 0x22, 0x95, 0xfe, 0x09, 0xa5, 0x6e, 0x73, 0x0c, 0x2b};
++
++static const unsigned char subprime_weak_6144[] = {
++ 0xa8, 0x61, 0x65, 0x91, 0xb2, 0x43, 0xe3, 0x04, 0x25, 0x77, 0xb0,
++ 0x5a, 0xc5, 0xb1, 0x50, 0x19, 0x31, 0x2a, 0xd4, 0x79, 0x93, 0xc4,
++ 0x90, 0x9b, 0x27, 0xf1, 0x1e, 0xbb, 0x6e, 0x08, 0x98, 0xb1};
++
++static const unsigned char base_weak_6144[] = {
++ 0x34, 0xc2, 0xb2, 0x1f, 0xd9, 0x4e, 0xb6, 0xfd, 0x6c, 0x01, 0x47, 0xb9,
++ 0x50, 0xf1, 0xbe, 0x07, 0x1c, 0xdd, 0x67, 0xa2, 0xf1, 0x7c, 0x0d, 0xe5,
++ 0x9b, 0x7c, 0x9e, 0x0e, 0xd9, 0xf8, 0x81, 0xa1, 0xcf, 0x12, 0x28, 0x69,
++ 0xcd, 0xdf, 0x8a, 0x91, 0xad, 0x53, 0x0e, 0x31, 0x0c, 0xff, 0x4f, 0xaa,
++ 0x4f, 0x24, 0xa3, 0xd8, 0xc5, 0x56, 0xef, 0x21, 0xd6, 0x03, 0xcc, 0x87,
++ 0xab, 0xde, 0x7b, 0xbb, 0xbc, 0x1c, 0x91, 0xd4, 0x1d, 0x08, 0xe8, 0x26,
++ 0xba, 0x6e, 0x0c, 0x17, 0x1f, 0xb1, 0x29, 0x17, 0x04, 0x6c, 0x84, 0xd5,
++ 0x43, 0xc1, 0x35, 0xfd, 0x5a, 0x03, 0xd2, 0x9f, 0x30, 0xf7, 0xa5, 0xd5,
++ 0xb3, 0xc7, 0x5e, 0x00, 0x51, 0x31, 0x49, 0xec, 0x9b, 0xdd, 0x51, 0xee,
++ 0x84, 0xf4, 0x5f, 0xbe, 0x81, 0x23, 0x1e, 0xae, 0x99, 0x08, 0xdb, 0x26,
++ 0x41, 0xea, 0xcb, 0x7f, 0x40, 0xf6, 0x7b, 0x7f, 0xf7, 0x45, 0xcc, 0x7c,
++ 0x05, 0x35, 0xa8, 0x9f, 0x5a, 0x61, 0xf2, 0x71, 0xd4, 0x9b, 0x36, 0x19,
++ 0x69, 0xcd, 0x15, 0x06, 0x7a, 0xd7, 0x65, 0x04, 0x23, 0xa1, 0xf0, 0x18,
++ 0x16, 0xb1, 0x33, 0x45, 0x22, 0x14, 0xce, 0xc2, 0xfa, 0x6f, 0x5e, 0x4e,
++ 0x80, 0xc0, 0x99, 0x82, 0x6c, 0x2e, 0x6e, 0xaa, 0x0f, 0x5d, 0x60, 0xdc,
++ 0xc0, 0x91, 0x8f, 0x8b, 0xdd, 0x6c, 0xd2, 0xc2, 0x2e, 0x7a, 0xb6, 0x97,
++ 0x0a, 0x9c, 0x3c, 0x98, 0xe2, 0xd1, 0x5f, 0x6e, 0x1c, 0xbd, 0xb5, 0xdc,
++ 0x59, 0x3e, 0xb8, 0x94, 0x22, 0x89, 0x80, 0x0f, 0x75, 0x87, 0x18, 0x58,
++ 0x14, 0xb8, 0xa0, 0x80, 0x04, 0x33, 0x31, 0x34, 0x96, 0xd8, 0x0c, 0xc6,
++ 0xfd, 0xd0, 0x2b, 0xee, 0x52, 0xbf, 0x1f, 0x77, 0xfd, 0x18, 0xba, 0x77,
++ 0xb4, 0xf7, 0xcc, 0xc6, 0x5d, 0x50, 0x10, 0x94, 0xd8, 0x99, 0xce, 0x8d,
++ 0x2c, 0xc0, 0xa1, 0xd1, 0x44, 0xde, 0x90, 0x77, 0x45, 0x6a, 0x52, 0xbe,
++ 0x02, 0x8d, 0x21, 0x98, 0x76, 0xc9, 0x78, 0x31, 0x84, 0x21, 0xc6, 0x7d,
++ 0xb5, 0xcd, 0x65, 0x1e, 0x33, 0xea, 0x26, 0xe1, 0x5c, 0x1b, 0x4d, 0x66,
++ 0xc7, 0x08, 0xc9, 0xd5, 0x83, 0x8a, 0x2e, 0x80, 0x1c, 0xb8, 0x4d, 0x5f,
++ 0xf0, 0x28, 0x10, 0x02, 0x08, 0xd4, 0xe9, 0x87, 0xff, 0x5e, 0xe6, 0x39,
++ 0x4a, 0x40, 0xe6, 0x96, 0x64, 0xe5, 0x99, 0xbd, 0x69, 0xd3, 0x9a, 0xc6,
++ 0x0f, 0xea, 0x99, 0x34, 0x16, 0x06, 0x8d, 0xc4, 0xe9, 0x1e, 0x30, 0x31,
++ 0xa3, 0x23, 0xf2, 0xf6, 0x34, 0x65, 0x28, 0xe4, 0x6e, 0xfc, 0x85, 0x27,
++ 0xa2, 0x59, 0xb0, 0x19, 0x32, 0x7b, 0x07, 0x7b, 0x71, 0xa8, 0xb2, 0x9d,
++ 0x49, 0x14, 0xcd, 0xe5, 0x4e, 0x58, 0x34, 0xa8, 0x33, 0x7d, 0x99, 0xb8,
++ 0x48, 0x54, 0x1a, 0xc0, 0xd4, 0xb1, 0xaa, 0x15, 0x00, 0xe8, 0x7e, 0x9e,
++ 0x02, 0xcc, 0xde, 0x93, 0xe8, 0x73, 0x92, 0xf3, 0x3d, 0x99, 0x04, 0x21,
++ 0xc2, 0xa9, 0xb8, 0x1c, 0xfd, 0x9a, 0xfd, 0x30, 0xb4, 0x85, 0x5b, 0xbb,
++ 0x48, 0x0a, 0x7d, 0xfe, 0xc9, 0x49, 0x72, 0xdd, 0xbe, 0x6c, 0x3a, 0x2b,
++ 0x64, 0xc5, 0x85, 0xa8, 0xb4, 0x7c, 0x3a, 0xcb, 0x5f, 0x59, 0x62, 0xd6,
++ 0x2b, 0x62, 0x2d, 0xdb, 0x77, 0x96, 0x29, 0x9b, 0x75, 0x21, 0x4a, 0xaa,
++ 0xff, 0x19, 0xe4, 0x95, 0x2b, 0x7f, 0xec, 0xcb, 0x49, 0xd9, 0xa0, 0x70,
++ 0xc8, 0x5f, 0x0a, 0x5f, 0x27, 0x05, 0xf2, 0xff, 0xaa, 0x94, 0x47, 0x75,
++ 0x22, 0xf0, 0xe9, 0x29, 0x05, 0x45, 0x08, 0xb8, 0x24, 0xa5, 0x89, 0x0a,
++ 0xd4, 0x94, 0xfc, 0xe8, 0x55, 0x67, 0x1f, 0x16, 0x0e, 0x0f, 0xdb, 0xdf,
++ 0xcf, 0x4a, 0xba, 0x8f, 0x57, 0x4a, 0xf2, 0xe7, 0x8c, 0xe1, 0xe9, 0x5c,
++ 0x4a, 0xae, 0x2e, 0x85, 0x47, 0x93, 0x57, 0x6f, 0xb1, 0xea, 0xad, 0xaa,
++ 0x38, 0x52, 0x81, 0xe0, 0x14, 0xed, 0x16, 0xc5, 0xd3, 0xef, 0x70, 0x28,
++ 0x7e, 0x64, 0x52, 0xe2, 0x4a, 0x84, 0xdb, 0x44, 0x77, 0x87, 0x4e, 0x39,
++ 0x89, 0x73, 0x96, 0x3f, 0x5a, 0xfa, 0xb3, 0xa2, 0x88, 0x3d, 0x66, 0x41,
++ 0xbf, 0xdb, 0xa9, 0xb0, 0xbf, 0xec, 0x6f, 0x86, 0x25, 0x7f, 0x58, 0xce,
++ 0xc9, 0xa0, 0x1c, 0x3d, 0xf0, 0x0e, 0x08, 0xa7, 0x6e, 0x85, 0x15, 0x7f,
++ 0x0f, 0x5c, 0x1d, 0xfd, 0xfa, 0x86, 0x02, 0x73, 0x75, 0x21, 0xe4, 0xb4,
++ 0x98, 0x57, 0x87, 0x16, 0xbf, 0xd4, 0xdf, 0xd3, 0x5e, 0x62, 0x3b, 0x52,
++ 0xc4, 0xd6, 0xee, 0xed, 0x07, 0x51, 0x3f, 0x31, 0x50, 0x04, 0xc6, 0x8b,
++ 0xea, 0xfa, 0x04, 0x10, 0x54, 0xa9, 0x1a, 0xf1, 0x5c, 0x5e, 0xb0, 0x3a,
++ 0xf3, 0xcc, 0x65, 0xb1, 0x01, 0x98, 0x8e, 0x96, 0x6d, 0x55, 0x5f, 0x5b,
++ 0xfb, 0x09, 0xfa, 0x1f, 0x4c, 0x03, 0x11, 0x6f, 0xb9, 0x69, 0xfd, 0x8c,
++ 0x7a, 0xf6, 0x16, 0x51, 0x9f, 0xc0, 0xdf, 0x42, 0x91, 0xc8, 0xd5, 0x7c,
++ 0x58, 0xd3, 0xac, 0xdc, 0x53, 0xb4, 0x38, 0xe9, 0xbc, 0x76, 0x1e, 0x9b,
++ 0xf8, 0x53, 0x5c, 0xd2, 0xea, 0x11, 0xa0, 0x7e, 0x24, 0x36, 0x12, 0xff,
++ 0xac, 0x4f, 0x9d, 0x2d, 0xdc, 0x2a, 0x2b, 0xf7, 0xb6, 0x79, 0x1a, 0xa3,
++ 0x59, 0x09, 0x34, 0x56, 0x04, 0x8f, 0xfe, 0x1b, 0x3d, 0xf9, 0x73, 0xd1,
++ 0xc7, 0x30, 0x3d, 0x97, 0xc5, 0x2f, 0x4b, 0x0b, 0x66, 0xad, 0x4b, 0x4a,
++ 0xcd, 0xc9, 0x2d, 0xaa, 0xdd, 0x3a, 0x9a, 0x22, 0x89, 0x4c, 0x8c, 0xc6,
++ 0x1e, 0xbd, 0xa4, 0xbd, 0x43, 0x0b, 0x52, 0xfb, 0xcd, 0x07, 0x04, 0x43,
++ 0x77, 0xf7, 0x11, 0x7a, 0x70, 0x4f, 0x4a, 0xae, 0xb3, 0x7b, 0x99, 0x7e,
++ 0x90, 0x17, 0x8b, 0xca, 0x77, 0xfc, 0x15, 0x4b, 0xda, 0xc1, 0x7c, 0x56};
++
++static const unsigned char prime_weak_8192[] = {
++ 0x93, 0xdf, 0x6d, 0x37, 0xdc, 0x2a, 0xa4, 0xab, 0x5d, 0xdc, 0x73, 0x42,
++ 0x12, 0x18, 0x8f, 0x39, 0x47, 0x73, 0xf5, 0x3e, 0xbc, 0x6e, 0x0d, 0x2a,
++ 0x68, 0x5d, 0x53, 0x4f, 0x22, 0x8c, 0xa8, 0xa8, 0x4a, 0xac, 0x6a, 0x60,
++ 0x54, 0xca, 0x1a, 0x75, 0xda, 0x85, 0x02, 0x5e, 0x80, 0xbb, 0x9b, 0x5a,
++ 0x74, 0x96, 0x69, 0xc2, 0x7c, 0x84, 0x1f, 0x76, 0x0d, 0x53, 0xe4, 0x0b,
++ 0x32, 0xf3, 0x4b, 0xf6, 0x92, 0x5b, 0x2c, 0x98, 0x5d, 0xa9, 0x60, 0xdc,
++ 0x17, 0x5b, 0xfb, 0xb5, 0x0e, 0x38, 0xae, 0x63, 0x16, 0x79, 0xa4, 0xc5,
++ 0x76, 0x74, 0x20, 0x97, 0x5b, 0xdc, 0xa9, 0x88, 0xd1, 0x14, 0x46, 0x3e,
++ 0x1d, 0xe6, 0xca, 0xb5, 0x38, 0x57, 0xfd, 0xeb, 0x66, 0x2a, 0xfa, 0x8c,
++ 0x30, 0x07, 0xea, 0xb4, 0xbc, 0x79, 0x33, 0x14, 0xdf, 0x8f, 0x1d, 0x60,
++ 0x47, 0xc7, 0x23, 0xd9, 0x7f, 0xe3, 0x1c, 0x94, 0xa9, 0xbb, 0x2d, 0x1b,
++ 0x37, 0x64, 0x20, 0xcf, 0x68, 0x52, 0x39, 0xd9, 0x6f, 0x23, 0x50, 0xb2,
++ 0x67, 0xc8, 0x47, 0xaa, 0x39, 0x96, 0xd2, 0xfd, 0x9b, 0x9c, 0x86, 0x71,
++ 0xd8, 0x7c, 0x67, 0xb5, 0x7a, 0x9d, 0x4f, 0xf8, 0x8f, 0x34, 0x64, 0xcb,
++ 0xdb, 0x85, 0x11, 0x97, 0x86, 0xf7, 0xa1, 0x19, 0x2a, 0x10, 0x7a, 0xf2,
++ 0x15, 0x1b, 0x0c, 0x6e, 0x64, 0xf1, 0x18, 0x53, 0xf9, 0x9a, 0xdd, 0x7c,
++ 0x0d, 0x7c, 0x3d, 0x39, 0x9c, 0xa3, 0xc5, 0xf8, 0x68, 0x6f, 0xb4, 0x35,
++ 0xf8, 0x1d, 0xb8, 0xc8, 0xab, 0xea, 0x58, 0xf3, 0xbb, 0x78, 0xf3, 0xe2,
++ 0xa6, 0x16, 0xb3, 0x4a, 0x0a, 0x56, 0x5b, 0x44, 0xac, 0xcb, 0x66, 0x5d,
++ 0xa3, 0x62, 0x71, 0x91, 0x05, 0xd4, 0x97, 0x72, 0x33, 0x77, 0x43, 0x31,
++ 0x35, 0x9c, 0x43, 0xb8, 0xd5, 0x85, 0xdb, 0x8e, 0x28, 0xcb, 0x29, 0x98,
++ 0xb7, 0xfe, 0x6a, 0xf6, 0x08, 0x89, 0x82, 0xfc, 0xe6, 0x5d, 0x62, 0x68,
++ 0x55, 0xac, 0x3b, 0x9d, 0x82, 0xcd, 0x06, 0x10, 0x53, 0x93, 0x1d, 0x66,
++ 0x6a, 0xce, 0x63, 0x2c, 0x49, 0x36, 0xf3, 0x0d, 0x1c, 0x3f, 0x24, 0xd0,
++ 0x7f, 0xb2, 0xa0, 0xcf, 0x76, 0x2a, 0x16, 0xa2, 0x6f, 0x6b, 0xf4, 0xfe,
++ 0xb5, 0xca, 0x99, 0x44, 0x7c, 0xfc, 0x3b, 0xc1, 0xe4, 0x09, 0xf5, 0x7b,
++ 0x6d, 0x6c, 0xa1, 0x15, 0x10, 0x00, 0x4c, 0x75, 0x4d, 0x2a, 0x80, 0x95,
++ 0x90, 0x9a, 0x15, 0x5e, 0x77, 0x28, 0x8e, 0x83, 0x40, 0x85, 0x1f, 0x2d,
++ 0x70, 0x17, 0xa0, 0xb0, 0x7d, 0xe5, 0xfa, 0x81, 0x51, 0xbe, 0xb4, 0x16,
++ 0xf6, 0x54, 0x9f, 0x0e, 0xa3, 0xe2, 0x1e, 0x5e, 0x9b, 0x1c, 0xda, 0x0e,
++ 0x9f, 0x93, 0x5c, 0xf4, 0x43, 0xbd, 0x9c, 0x1e, 0x16, 0x67, 0xb5, 0x42,
++ 0x94, 0x70, 0xf8, 0x79, 0x0c, 0x2d, 0x48, 0xc1, 0x24, 0xc5, 0xc6, 0xa9,
++ 0x64, 0x0c, 0x44, 0xec, 0x99, 0xae, 0xb5, 0xe7, 0xc1, 0x24, 0x8a, 0x6c,
++ 0xd1, 0xa2, 0xbf, 0x4c, 0x6b, 0x0b, 0xe9, 0xf0, 0x98, 0x3d, 0xc7, 0x9c,
++ 0xe1, 0x8d, 0x1a, 0xde, 0xc4, 0x44, 0x43, 0xc6, 0xbf, 0x38, 0x62, 0x25,
++ 0x91, 0x42, 0x84, 0x01, 0x28, 0xcb, 0x80, 0xbc, 0x39, 0x4c, 0xc3, 0x3f,
++ 0xf6, 0xdf, 0xe1, 0xe6, 0xc9, 0x77, 0x35, 0x57, 0x2f, 0x89, 0x9d, 0xfa,
++ 0xaf, 0x37, 0xd6, 0x33, 0x71, 0x34, 0xff, 0x52, 0x28, 0xb3, 0x3c, 0x96,
++ 0x68, 0x10, 0x12, 0xc9, 0xbe, 0x18, 0x03, 0xcd, 0xef, 0x27, 0x0a, 0xd1,
++ 0xc9, 0x0e, 0x49, 0x01, 0x22, 0x73, 0xdb, 0x5f, 0x11, 0x75, 0x6d, 0xea,
++ 0x16, 0xda, 0x26, 0x7f, 0x3e, 0x7c, 0xcb, 0x62, 0xcf, 0xcc, 0x8d, 0xd6,
++ 0xea, 0xce, 0x26, 0x44, 0xa4, 0x74, 0x54, 0x4e, 0x2b, 0x15, 0xba, 0x9d,
++ 0xa1, 0x39, 0xe8, 0xfd, 0xe0, 0x29, 0xf0, 0xd7, 0xaa, 0x30, 0x6b, 0xd7,
++ 0x14, 0x3c, 0xa0, 0x04, 0xbc, 0xed, 0x82, 0xcb, 0xc9, 0xdb, 0x4f, 0x20,
++ 0x05, 0x6e, 0x45, 0x79, 0xdd, 0x5b, 0x3d, 0x5e, 0xee, 0xf1, 0xc3, 0xaa,
++ 0xb3, 0xd3, 0x3a, 0x47, 0xac, 0xe3, 0x12, 0xa1, 0xd5, 0xf4, 0x24, 0xe5,
++ 0x6c, 0xe4, 0x9f, 0xb4, 0xca, 0x96, 0x49, 0x51, 0x36, 0x3b, 0xa4, 0xa2,
++ 0xd6, 0x2e, 0x42, 0x23, 0x32, 0x8c, 0xc8, 0x83, 0xea, 0x14, 0xd1, 0x08,
++ 0x09, 0x8f, 0xdb, 0x4c, 0xc2, 0x00, 0x44, 0x06, 0x81, 0xd4, 0x11, 0x5d,
++ 0x2b, 0x1e, 0x37, 0x80, 0xaa, 0xb9, 0x88, 0xfa, 0xab, 0xd2, 0x76, 0x2e,
++ 0x03, 0xb8, 0x3b, 0x0b, 0xfc, 0x01, 0x96, 0xe3, 0x62, 0x00, 0x71, 0x13,
++ 0xe8, 0xfb, 0x78, 0xce, 0x39, 0x06, 0xa1, 0x44, 0xdd, 0x61, 0x6a, 0x56,
++ 0xb2, 0xcd, 0xcb, 0xec, 0x67, 0x24, 0x28, 0x7d, 0x39, 0x80, 0x37, 0xcb,
++ 0x95, 0x49, 0x96, 0xe9, 0x3f, 0xb7, 0x89, 0xeb, 0x11, 0x7c, 0x34, 0x49,
++ 0x36, 0x2c, 0xec, 0x82, 0xb6, 0x3c, 0xa9, 0x9a, 0xd3, 0xb8, 0xab, 0xb9,
++ 0x28, 0x2f, 0x97, 0x71, 0x04, 0xa8, 0x86, 0x2b, 0x43, 0xb6, 0x27, 0x51,
++ 0x8a, 0xe0, 0xa3, 0x98, 0xe7, 0x33, 0x32, 0xfe, 0x18, 0xb9, 0x38, 0x95,
++ 0x78, 0x17, 0xbe, 0x43, 0xa0, 0x08, 0x8b, 0x05, 0x8d, 0x56, 0xd7, 0x4e,
++ 0x61, 0x01, 0x00, 0x05, 0x12, 0x6d, 0x13, 0x95, 0xea, 0xce, 0xdc, 0xbf,
++ 0xc4, 0x74, 0x20, 0x89, 0x28, 0x05, 0xd2, 0x97, 0xc3, 0x35, 0x24, 0x6d,
++ 0x43, 0xdd, 0xe2, 0x9f, 0x15, 0x80, 0xee, 0xdd, 0xcd, 0x8a, 0x88, 0xc5,
++ 0x92, 0xda, 0x1d, 0xd9, 0xd0, 0xb8, 0xfd, 0x18, 0xcc, 0x58, 0x1b, 0xca,
++ 0x3b, 0xcc, 0x9e, 0xcd, 0x53, 0x61, 0x68, 0xf5, 0xbb, 0x2d, 0x02, 0x55,
++ 0x2b, 0x93, 0x9f, 0x18, 0x17, 0x20, 0xb1, 0x54, 0xe0, 0xfe, 0x3e, 0x6a,
++ 0x10, 0x7f, 0xee, 0x60, 0x7c, 0xcb, 0x14, 0x82, 0x68, 0xed, 0x08, 0x07,
++ 0xe7, 0x34, 0xad, 0x27, 0x6f, 0xda, 0x57, 0xe2, 0xa7, 0x4b, 0x7e, 0x7a,
++ 0x2e, 0x95, 0x88, 0x58, 0x3d, 0xe7, 0xdc, 0xa3, 0xf2, 0xe9, 0xf5, 0x95,
++ 0xfd, 0x1c, 0x5f, 0x9e, 0x5c, 0x0c, 0xe8, 0x36, 0xd5, 0x09, 0x35, 0x66,
++ 0x27, 0xb9, 0x13, 0x8a, 0x0e, 0xfa, 0xeb, 0xa6, 0x5b, 0xd6, 0x07, 0x4d,
++ 0xcf, 0x0d, 0x90, 0x71, 0xa1, 0xe5, 0x58, 0x1e, 0x27, 0x69, 0x64, 0x18,
++ 0x22, 0x07, 0x8a, 0x2a, 0xe9, 0x08, 0x00, 0x02, 0x8a, 0x58, 0x38, 0x81,
++ 0x05, 0xd8, 0xe7, 0x5d, 0x3d, 0xe8, 0x2b, 0x17, 0xfa, 0x29, 0x5c, 0xeb,
++ 0x93, 0x0c, 0x0f, 0x29, 0x68, 0x21, 0x93, 0x62, 0xf2, 0xe1, 0x44, 0x38,
++ 0x69, 0x21, 0x57, 0x86, 0x71, 0x6b, 0x3d, 0x12, 0x4e, 0x28, 0xdb, 0x0b,
++ 0xd4, 0x2c, 0xc5, 0xe8, 0x5f, 0x9b, 0xd2, 0x26, 0x08, 0x45, 0xa4, 0xb2,
++ 0xb1, 0x5e, 0xd1, 0x18, 0x3e, 0x62, 0x8d, 0x77, 0xa0, 0x62, 0x07, 0x75,
++ 0x0c, 0x68, 0x7f, 0xab, 0xd2, 0x2c, 0xec, 0x8e, 0xa9, 0x6e, 0x37, 0x3d,
++ 0xdb, 0x33, 0x7a, 0x4a, 0xba, 0x86, 0x25, 0x50, 0x6a, 0x37, 0x1b, 0x9b,
++ 0x91, 0x1a, 0x5f, 0x93, 0x21, 0xea, 0x91, 0xdc, 0x64, 0xb6, 0x07, 0x44,
++ 0x34, 0x79, 0x6a, 0x6a, 0x42, 0x4e, 0xf3, 0xe2, 0xa2, 0x6b, 0xff, 0xcd,
++ 0xd7, 0xc5, 0x69, 0xb9, 0x81, 0x7d, 0x34, 0xb4, 0x5b, 0xb6, 0x83, 0xc3,
++ 0x6b, 0x9a, 0xe1, 0x2e, 0x5e, 0x34, 0x01, 0x21, 0xeb, 0x37, 0xcc, 0xc5,
++ 0x5f, 0x7f, 0xa0, 0xde, 0x0f, 0x79, 0xb7, 0xc3, 0x3b, 0x84, 0x7d, 0xe8,
++ 0x96, 0xfd, 0x32, 0x47, 0x78, 0x3e, 0x22, 0xc8, 0x98, 0xce, 0x7a, 0xef,
++ 0x1d, 0xa6, 0x09, 0x3a, 0xff, 0xf7, 0x68, 0xd9, 0xb8, 0xe9, 0x7e, 0x8a,
++ 0xec, 0x23, 0x01, 0x97};
++
++static const unsigned char subprime_weak_8192[] = {
++ 0xe2, 0x48, 0x2e, 0xe9, 0x45, 0x85, 0xe1, 0x01, 0x91, 0x3b, 0xd1,
++ 0x15, 0x16, 0xb4, 0xf5, 0x5b, 0x2c, 0xb4, 0xae, 0x42, 0x61, 0x7a,
++ 0xd9, 0x26, 0x39, 0x12, 0xd2, 0x46, 0xb3, 0x46, 0x9b, 0x5f};
++
++static const unsigned char base_weak_8192[] = {
++ 0x78, 0x4d, 0x5d, 0xa1, 0xce, 0x9d, 0x68, 0xae, 0x47, 0x31, 0x81, 0x08,
++ 0x8c, 0x24, 0x38, 0x6a, 0xc8, 0xc7, 0xf4, 0x1c, 0xa1, 0xcb, 0x5d, 0x65,
++ 0x04, 0x6e, 0x0d, 0xbe, 0x55, 0x1d, 0x25, 0xc2, 0xca, 0x74, 0x99, 0x66,
++ 0x67, 0x75, 0x00, 0xd6, 0x12, 0x90, 0x7f, 0x44, 0x56, 0x40, 0x98, 0x23,
++ 0x30, 0x87, 0x7b, 0x02, 0x86, 0xc1, 0xb3, 0x1b, 0x83, 0x82, 0xdb, 0x5b,
++ 0xa6, 0x72, 0x90, 0x77, 0xf9, 0x63, 0x9d, 0xb4, 0xe0, 0x83, 0x5e, 0x04,
++ 0x1d, 0x7b, 0x25, 0x68, 0x67, 0xa4, 0xb2, 0x4e, 0x5a, 0xde, 0x1f, 0x48,
++ 0x01, 0x10, 0xde, 0xde, 0xa9, 0xc3, 0x14, 0xc5, 0x9c, 0xda, 0xbe, 0xd9,
++ 0x19, 0x91, 0x43, 0x4a, 0xaa, 0x77, 0xcc, 0xbb, 0xe0, 0xe7, 0x71, 0xa9,
++ 0xa2, 0x73, 0x4f, 0xf6, 0x88, 0xe0, 0xc6, 0x5d, 0x1a, 0xc9, 0x80, 0x6b,
++ 0x47, 0x98, 0x76, 0xb4, 0x6c, 0xfe, 0xc8, 0xdf, 0x65, 0x42, 0x3d, 0x11,
++ 0x60, 0x09, 0x32, 0xb3, 0x35, 0xc4, 0x97, 0x4c, 0xae, 0xd3, 0x3a, 0x0c,
++ 0x2b, 0x44, 0xe6, 0x21, 0x01, 0xf3, 0xbf, 0x3d, 0xb7, 0x18, 0x31, 0x28,
++ 0x88, 0x9e, 0xad, 0x06, 0xc4, 0xb8, 0x0a, 0x26, 0x09, 0xff, 0xe7, 0xf4,
++ 0xab, 0xd9, 0x28, 0x94, 0x02, 0xe6, 0x58, 0x65, 0xf4, 0x47, 0x3f, 0x4c,
++ 0x9e, 0xd8, 0x68, 0xed, 0x65, 0x39, 0x5b, 0x04, 0x6a, 0x1d, 0x21, 0xba,
++ 0xef, 0xbd, 0xdc, 0x15, 0x69, 0xb2, 0x24, 0x6c, 0x23, 0x98, 0xdd, 0x22,
++ 0xa0, 0x90, 0x48, 0xc1, 0xcc, 0xc6, 0xb4, 0xc9, 0x19, 0x8c, 0x23, 0x89,
++ 0x0b, 0x3b, 0x66, 0x0f, 0xfb, 0x45, 0xe6, 0x05, 0x7d, 0x57, 0xd3, 0x58,
++ 0x6c, 0xe5, 0x36, 0xaa, 0x05, 0xcf, 0xa6, 0x2d, 0x5a, 0x40, 0x96, 0x12,
++ 0x1e, 0xea, 0x34, 0x11, 0x94, 0x76, 0x47, 0xc8, 0x87, 0x3d, 0xb9, 0xe8,
++ 0x83, 0x6b, 0xfe, 0x83, 0xc6, 0xa3, 0x38, 0xe1, 0x06, 0xc3, 0xb0, 0xeb,
++ 0x53, 0x07, 0x75, 0x20, 0x60, 0xc2, 0xee, 0x1e, 0x95, 0xb4, 0xc1, 0xc5,
++ 0xe0, 0x1b, 0x47, 0xbb, 0xf9, 0x48, 0x6a, 0x68, 0x09, 0xab, 0xd2, 0x6e,
++ 0x29, 0x74, 0xed, 0x61, 0x0e, 0x12, 0xe2, 0x89, 0x15, 0x4f, 0xe2, 0xa1,
++ 0x50, 0xbd, 0x81, 0x49, 0xf0, 0xc4, 0x17, 0xe5, 0xb3, 0x35, 0x0b, 0xfa,
++ 0x59, 0x9f, 0x18, 0x84, 0xba, 0x74, 0xf2, 0xb8, 0x8f, 0xdf, 0x7c, 0x3e,
++ 0x36, 0x67, 0x84, 0xb7, 0x85, 0x50, 0x51, 0x64, 0x2a, 0xca, 0x8f, 0x6b,
++ 0xc8, 0xd1, 0x88, 0x0f, 0x64, 0x9a, 0x4a, 0xbd, 0x9b, 0x5f, 0x11, 0xd0,
++ 0x80, 0xba, 0x5d, 0x2e, 0x63, 0xc1, 0xe3, 0x58, 0xc1, 0xf3, 0xe3, 0x88,
++ 0xa7, 0xe6, 0xb2, 0x3c, 0xdf, 0x9d, 0xfa, 0xed, 0x5c, 0x6f, 0x86, 0x3b,
++ 0x25, 0x0f, 0x0e, 0xff, 0x0b, 0x88, 0x1c, 0xe9, 0xeb, 0xe5, 0x75, 0xee,
++ 0x50, 0xdf, 0x7c, 0xb0, 0xf2, 0x09, 0x78, 0x47, 0x60, 0x76, 0x3b, 0x44,
++ 0x5a, 0x9d, 0xf2, 0x5c, 0x68, 0xf9, 0x03, 0x88, 0x6a, 0x9f, 0x6a, 0x73,
++ 0x85, 0xc9, 0xe7, 0x5e, 0xbf, 0xac, 0x9e, 0x7a, 0x13, 0x53, 0x40, 0x65,
++ 0x65, 0x41, 0x02, 0x38, 0x5e, 0x05, 0xac, 0xbc, 0xc5, 0xff, 0xc5, 0x35,
++ 0x6c, 0x2b, 0x76, 0xac, 0xc5, 0xcc, 0x1e, 0x28, 0x53, 0x88, 0xab, 0x58,
++ 0x36, 0x7a, 0x99, 0xeb, 0x68, 0x7a, 0xdc, 0xd5, 0xc5, 0xaf, 0x84, 0xad,
++ 0x43, 0x0b, 0x3f, 0x3c, 0xbf, 0x87, 0x33, 0x45, 0xc6, 0x62, 0xf3, 0xac,
++ 0xff, 0x58, 0x82, 0x86, 0x9a, 0x3d, 0x05, 0xa0, 0xd2, 0xbb, 0x6d, 0x19,
++ 0x09, 0x09, 0x01, 0xeb, 0x8f, 0xd6, 0xf8, 0x13, 0xf6, 0x2f, 0xce, 0x0c,
++ 0x01, 0xe1, 0xcd, 0x56, 0xad, 0xf7, 0xd6, 0xe3, 0xf3, 0xfe, 0x5b, 0x61,
++ 0x40, 0x3d, 0x6b, 0x9b, 0xca, 0x44, 0xda, 0xac, 0xf5, 0xc0, 0x9f, 0xb5,
++ 0x23, 0x77, 0x70, 0x72, 0x83, 0xf4, 0xb8, 0x15, 0x66, 0x59, 0xc6, 0x72,
++ 0xea, 0xba, 0xa7, 0x1f, 0xd8, 0x27, 0xd3, 0x52, 0xdf, 0xec, 0x7c, 0x1d,
++ 0x3e, 0x60, 0x98, 0xb1, 0x30, 0xb8, 0x00, 0x37, 0x1a, 0x2d, 0xe9, 0xdb,
++ 0x62, 0x7f, 0xa9, 0x37, 0x9d, 0xf9, 0x82, 0x10, 0x98, 0xed, 0xc5, 0xc7,
++ 0xc7, 0xe6, 0x6e, 0xe8, 0x0f, 0xa8, 0x7e, 0xac, 0x30, 0xf8, 0x75, 0x95,
++ 0xc8, 0x56, 0x3b, 0xbb, 0x6f, 0x69, 0x48, 0x84, 0xb5, 0x4e, 0x8d, 0x68,
++ 0xdf, 0x2a, 0x1d, 0xf5, 0xd6, 0xd8, 0x00, 0x6f, 0x29, 0xea, 0x66, 0xb1,
++ 0xcb, 0xf3, 0xdb, 0x5e, 0x55, 0x9f, 0x13, 0x67, 0x22, 0xc3, 0x02, 0x74,
++ 0xc8, 0x69, 0x6b, 0xe5, 0x23, 0x83, 0x27, 0x20, 0x91, 0xda, 0xb3, 0x4a,
++ 0xe4, 0x92, 0xc9, 0x25, 0x76, 0x16, 0xf9, 0xfc, 0x74, 0xec, 0x95, 0xd9,
++ 0x61, 0x5f, 0x03, 0xac, 0x94, 0x2f, 0x4d, 0x00, 0xce, 0x97, 0xb7, 0x18,
++ 0x60, 0x10, 0x44, 0x1a, 0x48, 0xb2, 0x86, 0x02, 0x18, 0xac, 0x68, 0x61,
++ 0x73, 0x5e, 0x13, 0xd1, 0xd4, 0x66, 0x71, 0x8b, 0x1d, 0xbc, 0x08, 0xa2,
++ 0x45, 0xac, 0xe2, 0x06, 0xea, 0xe7, 0xb2, 0x8a, 0x27, 0x25, 0xb8, 0xa2,
++ 0xaf, 0x03, 0xc0, 0x0d, 0x90, 0x34, 0x90, 0x60, 0x55, 0x5f, 0x71, 0x94,
++ 0x8d, 0xfa, 0x5d, 0x91, 0x96, 0x3e, 0x7a, 0x2a, 0x4f, 0x50, 0x3f, 0x48,
++ 0xc2, 0x31, 0xd2, 0xa9, 0x29, 0x8a, 0x0a, 0x41, 0x50, 0xf2, 0x7d, 0x9b,
++ 0x52, 0xc9, 0xdf, 0x69, 0xfb, 0x6a, 0x1e, 0xee, 0xf2, 0x44, 0x3e, 0xe5,
++ 0x48, 0xad, 0x24, 0x3b, 0xac, 0xad, 0x62, 0x4f, 0xc8, 0x30, 0x1d, 0x7e,
++ 0x42, 0x4b, 0x52, 0x53, 0xca, 0x16, 0x27, 0x37, 0x76, 0x8f, 0x95, 0x7c,
++ 0xd1, 0xcd, 0x39, 0xac, 0x30, 0xc0, 0x1d, 0x15, 0xe4, 0x80, 0xc2, 0x43,
++ 0x6d, 0x77, 0x5d, 0x27, 0x4a, 0xad, 0xf4, 0x64, 0x56, 0xfd, 0x0b, 0x3a,
++ 0xaf, 0xb7, 0x63, 0x03, 0x44, 0x86, 0x4d, 0x72, 0x03, 0xd9, 0x91, 0xb9,
++ 0x06, 0xc0, 0x3f, 0x7a, 0xd7, 0xb6, 0x17, 0xd5, 0xb3, 0x2a, 0x13, 0x93,
++ 0x9d, 0x45, 0xfa, 0x70, 0xe7, 0x3a, 0xcd, 0x5e, 0xad, 0x7c, 0x70, 0x96,
++ 0x84, 0x91, 0xfd, 0x1c, 0x2b, 0xa2, 0x68, 0x7c, 0xc4, 0x8f, 0xa0, 0x2f,
++ 0x02, 0x6e, 0x4f, 0xd5, 0xe9, 0xb8, 0xbf, 0x52, 0x85, 0xd3, 0xdd, 0xbb,
++ 0x43, 0x73, 0x58, 0xd9, 0xa4, 0xb0, 0x08, 0x25, 0x16, 0xe3, 0x13, 0xc9,
++ 0x98, 0x26, 0x79, 0x91, 0xf8, 0x67, 0x2f, 0x05, 0x10, 0x8f, 0x03, 0xe5,
++ 0x26, 0x5c, 0xcb, 0x99, 0x97, 0xb7, 0xc9, 0x19, 0x4d, 0x4c, 0x9f, 0xc6,
++ 0xcc, 0x24, 0xfb, 0xe2, 0x83, 0x59, 0xbb, 0x9f, 0x25, 0x14, 0xf0, 0x92,
++ 0x3a, 0xcc, 0xc7, 0xcf, 0x66, 0xea, 0x43, 0x48, 0x8a, 0x23, 0xcb, 0xec,
++ 0xf5, 0x60, 0x7e, 0x81, 0x72, 0x94, 0x44, 0xfd, 0x33, 0x38, 0xfc, 0xbd,
++ 0xcf, 0x91, 0xe7, 0x22, 0x19, 0x8f, 0x1e, 0x0a, 0x8c, 0x08, 0x8c, 0xf1,
++ 0x39, 0x7d, 0xd4, 0xf1, 0xb3, 0xa0, 0x9d, 0xae, 0x9e, 0x8e, 0x24, 0xd7,
++ 0x37, 0x39, 0x9b, 0x93, 0xd7, 0x89, 0x1c, 0x04, 0x1b, 0x3e, 0x84, 0x5d,
++ 0xc6, 0x75, 0x36, 0x64, 0x08, 0x06, 0x0d, 0xdd, 0x83, 0x8c, 0xf4, 0xc4,
++ 0xe1, 0x11, 0xe1, 0x14, 0x49, 0xb1, 0x32, 0xce, 0x6a, 0x6c, 0x39, 0x0d,
++ 0xf9, 0x35, 0x1b, 0x95, 0x4b, 0xe1, 0x65, 0x0c, 0xa6, 0xac, 0x69, 0x27,
++ 0x98, 0xfa, 0x34, 0xf1, 0x30, 0x35, 0xb6, 0xe4, 0xc4, 0x55, 0x2d, 0xa8,
++ 0x5c, 0xcb, 0x6c, 0xcd, 0x66, 0x65, 0xe2, 0x94, 0xb2, 0xb1, 0xf4, 0x52,
++ 0x75, 0xed, 0x32, 0x8c, 0x08, 0xa1, 0x86, 0x53, 0x01, 0x6f, 0x52, 0x78,
++ 0xda, 0x20, 0x6e, 0x6a};
++/* Calculated subprimes to verify primes are safe primes */
++
++/* q=(p-1)/2 for prime prime_ike_1536 */
++static const unsigned char sub2_prime_ike_1536[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_2048 */
++static const unsigned char sub2_prime_ike_2048[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_2048 */
++static const unsigned char sub2_prime_tls_2048[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_3072 */
++static const unsigned char sub2_prime_ike_3072[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_3072 */
++static const unsigned char sub2_prime_tls_3072[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_4096 */
++static const unsigned char sub2_prime_ike_4096[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc,
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_4096 */
++static const unsigned char sub2_prime_tls_4096[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5,
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_6144 */
++static const unsigned char sub2_prime_ike_6144[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49,
++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59,
++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde,
++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17,
++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18,
++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5,
++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d,
++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8,
++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f,
++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a,
++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b,
++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18,
++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79,
++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb,
++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55,
++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69,
++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94,
++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e,
++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae,
++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b,
++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77,
++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f,
++ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_6144 */
++static const unsigned char sub2_prime_tls_6144[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81,
++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96,
++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53,
++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2,
++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d,
++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f,
++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b,
++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17,
++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1,
++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6,
++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda,
++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f,
++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb,
++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac,
++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6,
++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18,
++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5,
++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea,
++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82,
++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47,
++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0,
++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e,
++ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_8192 */
++static const unsigned char sub2_prime_ike_8192[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49,
++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59,
++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde,
++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17,
++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18,
++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5,
++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d,
++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8,
++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f,
++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a,
++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b,
++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18,
++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79,
++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb,
++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55,
++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69,
++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94,
++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e,
++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae,
++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b,
++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77,
++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f,
++ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2,
++ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68,
++ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80,
++ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49,
++ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4,
++ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65,
++ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c,
++ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4,
++ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35,
++ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf,
++ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d,
++ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc,
++ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b,
++ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62,
++ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50,
++ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1,
++ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9,
++ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17,
++ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23,
++ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71,
++ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38,
++ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_8192 */
++static const unsigned char sub2_prime_tls_8192[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81,
++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96,
++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53,
++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2,
++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d,
++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f,
++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b,
++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17,
++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1,
++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6,
++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda,
++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f,
++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb,
++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac,
++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6,
++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18,
++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5,
++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea,
++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82,
++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47,
++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0,
++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e,
++ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c,
++ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7,
++ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f,
++ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1,
++ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32,
++ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c,
++ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41,
++ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60,
++ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11,
++ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98,
++ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96,
++ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b,
++ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc,
++ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a,
++ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b,
++ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff,
++ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18,
++ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c,
++ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86,
++ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83,
++ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46,
++ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_safe_1536 */
++static const unsigned char sub2_prime_safe_1536[] = {
++ 0x7b, 0xb3, 0x98, 0xe4, 0x22, 0xb5, 0x6c, 0xf5, 0x29, 0x85, 0x90, 0xe3,
++ 0xa5, 0x7d, 0x40, 0xb3, 0x3b, 0x2e, 0x75, 0x5b, 0xfa, 0x88, 0x99, 0x36,
++ 0xe9, 0xa6, 0x3d, 0x56, 0x1c, 0x8b, 0x8d, 0x43, 0xdc, 0x00, 0x6b, 0x88,
++ 0xe2, 0xfe, 0xf0, 0xf1, 0xb2, 0xa6, 0x0f, 0xa1, 0x12, 0x20, 0x8f, 0x49,
++ 0x21, 0x5f, 0xdb, 0x32, 0x87, 0x39, 0x41, 0xc5, 0x5c, 0x41, 0x53, 0x27,
++ 0xcf, 0x65, 0x27, 0xe8, 0xd8, 0x89, 0xe1, 0x7d, 0x33, 0xd0, 0xb5, 0x03,
++ 0x27, 0xd7, 0xb7, 0x0b, 0x6c, 0xca, 0x6c, 0x6d, 0x71, 0xb3, 0x31, 0x00,
++ 0x8f, 0xc1, 0x47, 0x88, 0x70, 0x17, 0x9e, 0x51, 0xa1, 0x54, 0x5d, 0xca,
++ 0x19, 0x3c, 0xbc, 0xbf, 0xcb, 0xfc, 0x1d, 0x18, 0xd5, 0x0a, 0x63, 0xff,
++ 0x09, 0xcb, 0x3b, 0x8a, 0xdf, 0xa3, 0x90, 0x2b, 0x88, 0xf0, 0x27, 0xed,
++ 0x3f, 0x54, 0x8c, 0xa4, 0xd0, 0xc6, 0x94, 0xbb, 0x45, 0x69, 0xcd, 0xd8,
++ 0x5f, 0x28, 0x61, 0x92, 0xc1, 0x7c, 0xf1, 0x90, 0xc6, 0x7e, 0xd3, 0x28,
++ 0xf2, 0x9b, 0x3f, 0x41, 0x5b, 0x48, 0x22, 0xf0, 0xea, 0xb9, 0x2b, 0x5f,
++ 0x62, 0xb3, 0x9e, 0x89, 0x8d, 0x1c, 0xbf, 0xcc, 0x19, 0xfe, 0x5a, 0x3d,
++ 0xd2, 0x1c, 0x38, 0xc3, 0xcb, 0x37, 0x73, 0x3d, 0xbb, 0xd9, 0x32, 0xfe,
++ 0xef, 0x93, 0xc9, 0x86, 0x1e, 0x30, 0x6f, 0xf2, 0x99, 0xff, 0x6b, 0xa5,
++};
++
++/* q=(p-1)/2 for prime prime_safe_2048 */
++static const unsigned char sub2_prime_safe_2048[] = {
++ 0x70, 0xd1, 0xb7, 0x24, 0xb4, 0x83, 0x8e, 0x2f, 0xda, 0x0a, 0x9a, 0xa3,
++ 0x4c, 0xa9, 0x68, 0x27, 0x7f, 0xa7, 0x26, 0x58, 0xf0, 0xac, 0xf6, 0x97,
++ 0x38, 0xf9, 0xc0, 0x0a, 0x2a, 0x68, 0x7e, 0x41, 0x90, 0x14, 0x8a, 0x90,
++ 0xd3, 0x2f, 0x88, 0x40, 0xab, 0xfa, 0x17, 0x24, 0xd9, 0x68, 0x9b, 0xf4,
++ 0x35, 0x5f, 0xb9, 0x7c, 0xaa, 0xa7, 0x4f, 0x57, 0x10, 0x62, 0xdb, 0x62,
++ 0xc8, 0xbc, 0x86, 0xd1, 0x6e, 0xda, 0x5d, 0xa8, 0x27, 0x10, 0x65, 0x45,
++ 0x47, 0xc1, 0x1a, 0x5c, 0xb5, 0x1f, 0x4d, 0x33, 0xe1, 0x3f, 0x41, 0xfb,
++ 0x60, 0x56, 0xf1, 0xe5, 0x00, 0x6b, 0x08, 0xc4, 0x4e, 0x63, 0xcf, 0xda,
++ 0x1e, 0xa9, 0xd2, 0xad, 0x4b, 0xa2, 0x26, 0xf3, 0xae, 0x6a, 0xbb, 0x40,
++ 0x7c, 0x06, 0x66, 0xd3, 0x2a, 0xf1, 0x2f, 0xe7, 0xfa, 0x23, 0x52, 0x63,
++ 0x87, 0xe0, 0xc0, 0x42, 0x32, 0xa3, 0x46, 0x43, 0xe9, 0x4c, 0xc1, 0x6f,
++ 0xc7, 0x00, 0x44, 0xf9, 0x86, 0xea, 0xe0, 0x2a, 0x4a, 0x63, 0x51, 0xc9,
++ 0x07, 0xc8, 0x88, 0x77, 0x51, 0xb2, 0xa2, 0x5b, 0xb6, 0xf4, 0x11, 0xfc,
++ 0xbf, 0xc8, 0xb1, 0x32, 0x84, 0xc7, 0x50, 0x99, 0xea, 0x6b, 0x2a, 0x85,
++ 0x60, 0x74, 0x33, 0x38, 0x02, 0xe8, 0x09, 0x1a, 0x60, 0xfe, 0xe7, 0x3a,
++ 0xd2, 0x3a, 0xf0, 0xa3, 0x50, 0x84, 0x5a, 0x29, 0x7f, 0x12, 0xd2, 0x62,
++ 0xa7, 0x91, 0x82, 0x3f, 0x50, 0x96, 0x79, 0xab, 0x65, 0xfd, 0x3d, 0x5e,
++ 0x22, 0xe6, 0x3c, 0x59, 0x94, 0x79, 0xf2, 0xea, 0x93, 0x2b, 0x13, 0xc3,
++ 0x35, 0x2b, 0x35, 0xc3, 0xab, 0x07, 0x62, 0x1e, 0x76, 0xff, 0xe5, 0xcb,
++ 0x5a, 0x09, 0x8e, 0xa6, 0x9c, 0x27, 0x34, 0x9a, 0x28, 0xbd, 0x42, 0x98,
++ 0xda, 0x40, 0x6d, 0x20, 0xf1, 0xee, 0x17, 0x29, 0xec, 0x38, 0x9f, 0x66,
++ 0x1b, 0xc5, 0x40, 0x19,
++};
++
++/* q=(p-1)/2 for prime prime_safe_3072 */
++static const unsigned char sub2_prime_safe_3072[] = {
++ 0x43, 0xb3, 0x6f, 0xfb, 0xf6, 0x24, 0xb5, 0x4d, 0x3e, 0x4b, 0x14, 0x57,
++ 0x33, 0x9c, 0x55, 0xfd, 0x7f, 0x2e, 0x23, 0x3d, 0xf7, 0xf4, 0x8c, 0x53,
++ 0x3b, 0x59, 0x72, 0x87, 0x5f, 0x5c, 0x79, 0x40, 0x1b, 0x04, 0xc1, 0x22,
++ 0x3d, 0xf4, 0x74, 0x66, 0x44, 0x93, 0xb4, 0x02, 0xf0, 0x70, 0x9b, 0xeb,
++ 0xdf, 0xed, 0x86, 0x7b, 0x24, 0x29, 0x0b, 0x9f, 0xba, 0xe2, 0xa7, 0x5a,
++ 0x1e, 0xfc, 0x26, 0x75, 0x5a, 0x05, 0x83, 0x02, 0x0a, 0xc4, 0xbe, 0x5d,
++ 0x79, 0xfa, 0xef, 0x33, 0x37, 0x3e, 0x98, 0x62, 0x10, 0x02, 0xed, 0x19,
++ 0x07, 0xff, 0xbc, 0xb8, 0xa2, 0x4d, 0x88, 0x07, 0xf8, 0xdd, 0x98, 0xef,
++ 0x33, 0xc8, 0x75, 0x3b, 0xd6, 0xb2, 0xeb, 0x82, 0xba, 0xd5, 0xb3, 0x79,
++ 0x73, 0x29, 0x56, 0x79, 0x55, 0x53, 0xe9, 0x22, 0xec, 0xe3, 0x21, 0x1c,
++ 0x93, 0x8f, 0xa3, 0x42, 0x56, 0xbc, 0x5a, 0x7d, 0x42, 0x7c, 0x4d, 0x9f,
++ 0x65, 0xe0, 0xcc, 0xf2, 0x9a, 0xa1, 0x13, 0x02, 0xf5, 0x56, 0x28, 0x82,
++ 0x27, 0xc5, 0x4c, 0x12, 0xd3, 0xa3, 0x55, 0xbd, 0xf6, 0xdc, 0x54, 0x85,
++ 0x92, 0x11, 0xc1, 0x91, 0x8b, 0x43, 0xb2, 0x48, 0x86, 0x5f, 0x8f, 0xde,
++ 0x76, 0x25, 0x6e, 0x89, 0x15, 0x86, 0x54, 0x9c, 0xcb, 0x62, 0x61, 0xe7,
++ 0xd2, 0x9c, 0x20, 0x06, 0xb7, 0x68, 0x7d, 0x05, 0x06, 0x1f, 0x74, 0xba,
++ 0x85, 0xb8, 0x14, 0x34, 0x5e, 0x7e, 0xfb, 0x61, 0x4d, 0x2c, 0xc8, 0x90,
++ 0x2e, 0x38, 0x7f, 0x18, 0xd3, 0x28, 0x43, 0xcd, 0x35, 0x30, 0x90, 0x16,
++ 0x3b, 0xc2, 0x40, 0xd4, 0x1f, 0x64, 0xd4, 0x39, 0x58, 0x29, 0xa1, 0xc2,
++ 0x8e, 0x4d, 0x9d, 0x6e, 0xf7, 0x84, 0xbe, 0xe3, 0xb4, 0x63, 0x77, 0x84,
++ 0x67, 0x23, 0xd0, 0x6e, 0x2d, 0xed, 0x97, 0x96, 0x9a, 0x71, 0xef, 0x4a,
++ 0xfb, 0x35, 0xb6, 0xae, 0xc8, 0xdf, 0x22, 0xf7, 0x16, 0x82, 0x49, 0xbc,
++ 0x63, 0xd2, 0x24, 0xe6, 0x38, 0xd4, 0x2e, 0xec, 0x45, 0x3f, 0x4f, 0x27,
++ 0x88, 0x64, 0xa0, 0xe8, 0xb1, 0x60, 0xb8, 0x24, 0x5a, 0x89, 0x08, 0x91,
++ 0xd3, 0x72, 0x6f, 0xb2, 0x56, 0x6c, 0xf2, 0x1b, 0xe1, 0x5c, 0x91, 0xd3,
++ 0xa0, 0x75, 0x3f, 0xaa, 0x71, 0xf7, 0xb8, 0xc0, 0xda, 0x73, 0x82, 0x88,
++ 0x6b, 0x15, 0xea, 0x88, 0xc2, 0x2d, 0x34, 0xd2, 0xd6, 0x29, 0x36, 0xd4,
++ 0x3c, 0x93, 0xff, 0x8e, 0x01, 0x68, 0xb1, 0x1b, 0x01, 0xd1, 0x54, 0xa3,
++ 0x36, 0x27, 0xe5, 0x2c, 0x79, 0x59, 0x76, 0xc8, 0xda, 0x4f, 0x2d, 0xee,
++ 0xfc, 0xcc, 0xdb, 0x46, 0xb8, 0x1a, 0x05, 0x62, 0xa6, 0xeb, 0xe7, 0x45,
++ 0xf8, 0xa8, 0x12, 0xc4, 0xff, 0xf3, 0xf9, 0x0f, 0x5c, 0x90, 0xd9, 0xc5,
++ 0xe4, 0x21, 0x3e, 0x13, 0x77, 0xa6, 0x18, 0x46, 0xb0, 0x5b, 0x92, 0xfd,
++};
++
++/* q=(p-1)/2 for prime prime_safe_4096 */
++static const unsigned char sub2_prime_safe_4096[] = {
++ 0x45, 0xef, 0xe0, 0xd1, 0xf2, 0x5e, 0x8e, 0x58, 0xfa, 0x58, 0xa8, 0xe9,
++ 0xc5, 0x67, 0x1e, 0x99, 0xac, 0x40, 0x51, 0x8e, 0x3e, 0x06, 0xde, 0xc7,
++ 0x5e, 0xd9, 0xf3, 0xcf, 0x6a, 0x6f, 0x03, 0x7e, 0x4c, 0x57, 0x80, 0xa1,
++ 0xc9, 0x96, 0x7e, 0x7d, 0xc9, 0x40, 0x70, 0x37, 0x7c, 0xfb, 0x55, 0xb9,
++ 0xcb, 0x46, 0xbf, 0x60, 0x75, 0x93, 0x36, 0x06, 0x29, 0x83, 0x4f, 0x99,
++ 0x25, 0xd6, 0xa9, 0xea, 0xdf, 0xc8, 0x9a, 0x8b, 0x7e, 0xbf, 0xdd, 0x18,
++ 0x5b, 0x5a, 0x44, 0x08, 0x0f, 0xad, 0x60, 0x31, 0x7c, 0xbf, 0xb8, 0xcd,
++ 0xda, 0x88, 0x25, 0xcc, 0xe8, 0x78, 0x74, 0xe1, 0x77, 0x1a, 0x92, 0x75,
++ 0xe6, 0x77, 0x03, 0x5f, 0xd0, 0x02, 0xf2, 0x30, 0xd2, 0x53, 0x4c, 0x11,
++ 0xe8, 0x72, 0x45, 0x30, 0xe5, 0x02, 0xc5, 0x36, 0x4c, 0x7d, 0x41, 0xe1,
++ 0xa8, 0x3e, 0xaa, 0x9d, 0x97, 0x6a, 0xd6, 0x0a, 0x30, 0xc3, 0x68, 0xda,
++ 0xe7, 0xe0, 0x6e, 0x34, 0xa5, 0xb6, 0x25, 0x62, 0xeb, 0xff, 0x70, 0x74,
++ 0x0d, 0x32, 0x08, 0xed, 0xab, 0x78, 0x0e, 0x4a, 0xae, 0x68, 0xb5, 0x5c,
++ 0xfb, 0x71, 0x00, 0x7a, 0x11, 0x01, 0x81, 0x95, 0x5e, 0x4e, 0x41, 0x75,
++ 0xc4, 0x8d, 0x6e, 0xca, 0x32, 0x81, 0x22, 0x30, 0xbb, 0x60, 0xd7, 0x6c,
++ 0x65, 0x7e, 0xb3, 0x7a, 0x4b, 0x73, 0xbc, 0xff, 0x1d, 0x4c, 0x78, 0xc0,
++ 0x01, 0x7d, 0x21, 0x5b, 0xd7, 0x75, 0x9c, 0x94, 0x61, 0xdc, 0xe7, 0x46,
++ 0x38, 0xf5, 0x0a, 0x3a, 0x43, 0x36, 0x13, 0x6a, 0x8a, 0x90, 0xcb, 0x86,
++ 0x41, 0x46, 0xc0, 0xc2, 0x62, 0xa3, 0x88, 0x03, 0x33, 0xd4, 0x2f, 0xd8,
++ 0xe2, 0x99, 0x6e, 0x3f, 0xf3, 0x30, 0xf2, 0xf5, 0xcf, 0x54, 0xb0, 0xcc,
++ 0xa1, 0xd4, 0xc5, 0xf6, 0xd7, 0xf2, 0x10, 0xf7, 0xc7, 0x3c, 0x2d, 0x30,
++ 0xaa, 0xce, 0xa1, 0xed, 0xbb, 0xd5, 0x5d, 0x8c, 0xf5, 0x27, 0xa4, 0xa9,
++ 0xc0, 0x67, 0x3e, 0x4d, 0x75, 0x53, 0x49, 0xac, 0x6a, 0x55, 0xfa, 0x74,
++ 0xb0, 0x3e, 0xe5, 0x59, 0x4b, 0xd2, 0xf0, 0x49, 0x67, 0x76, 0x2b, 0xde,
++ 0x62, 0x82, 0xbb, 0x08, 0xbc, 0x81, 0xf0, 0xd9, 0x4c, 0xe0, 0x90, 0xea,
++ 0x42, 0xf3, 0xb7, 0xe4, 0xac, 0x74, 0x0e, 0x06, 0xe4, 0x48, 0x22, 0x26,
++ 0x2c, 0x2a, 0xcd, 0x77, 0x6f, 0x31, 0x07, 0x59, 0x71, 0xde, 0x75, 0xa8,
++ 0xa0, 0x02, 0xb8, 0xff, 0x5a, 0x74, 0xf3, 0x7b, 0x07, 0x6b, 0xdd, 0x8d,
++ 0xdc, 0x4c, 0xf4, 0x64, 0xed, 0x4f, 0xef, 0x1e, 0x09, 0xec, 0x8b, 0x22,
++ 0x9e, 0xd6, 0x71, 0x04, 0xe1, 0xc3, 0xdd, 0x9c, 0xc6, 0x37, 0x88, 0xb0,
++ 0x43, 0x8f, 0xd7, 0xd3, 0xee, 0x09, 0x47, 0xbe, 0xa6, 0x2f, 0x2b, 0x61,
++ 0xb1, 0x6e, 0xee, 0x81, 0xaa, 0xcf, 0x12, 0x36, 0x62, 0xb6, 0x5c, 0x07,
++ 0x57, 0x88, 0xea, 0x8f, 0x35, 0x1b, 0x4e, 0x65, 0x23, 0x1a, 0x09, 0x95,
++ 0xe8, 0xd1, 0x9a, 0x16, 0x41, 0x8d, 0x92, 0xe6, 0x0b, 0x80, 0xce, 0x34,
++ 0x29, 0xdb, 0xc3, 0xf6, 0x87, 0x24, 0x6b, 0xb4, 0xfc, 0xe4, 0x0e, 0xc5,
++ 0xb8, 0xfa, 0x37, 0xe8, 0xd8, 0xea, 0xb8, 0x50, 0x6b, 0xb8, 0x9e, 0xcf,
++ 0xfe, 0x7d, 0x1a, 0xb4, 0x92, 0xf9, 0x9c, 0xbc, 0xd6, 0xbd, 0x80, 0xe2,
++ 0xb3, 0x52, 0xf8, 0x63, 0x8e, 0x5b, 0x28, 0xf2, 0x81, 0x15, 0xe7, 0xe0,
++ 0x95, 0x48, 0xce, 0xd2, 0xdf, 0x9b, 0x9b, 0xee, 0x97, 0x18, 0x20, 0x6d,
++ 0xdf, 0xf6, 0x7f, 0x36, 0x16, 0x74, 0x90, 0x77, 0x44, 0xd6, 0x2a, 0xd7,
++ 0x81, 0xad, 0x5d, 0x2d, 0x29, 0x7d, 0xdf, 0xda, 0xd7, 0x1c, 0x10, 0x52,
++ 0xb4, 0x49, 0x2f, 0xf6, 0x0b, 0xd4, 0xc0, 0x29, 0xf9, 0x1d, 0x86, 0x04,
++ 0xf9, 0xf5, 0x8a, 0xb1, 0x47, 0x1c, 0xbd, 0xb5,
++};
++
++/* q=(p-1)/2 for prime prime_safe_6144 */
++static const unsigned char sub2_prime_safe_6144[] = {
++ 0x5c, 0x87, 0xe0, 0xa0, 0xa5, 0x6f, 0x0d, 0x0e, 0x40, 0x50, 0x6b, 0x1c,
++ 0xc0, 0x88, 0x79, 0x84, 0xe5, 0x60, 0x30, 0x46, 0x2f, 0x46, 0x0b, 0x90,
++ 0xd0, 0x0c, 0x28, 0x6b, 0x30, 0x09, 0xfe, 0x1c, 0x00, 0x13, 0x6c, 0xb8,
++ 0xe9, 0x39, 0xfe, 0x2e, 0x86, 0x78, 0x90, 0x67, 0x3b, 0x22, 0x5d, 0xc5,
++ 0xae, 0x64, 0x2d, 0x2c, 0x86, 0x66, 0xa4, 0x5d, 0x5f, 0xc3, 0x39, 0x6d,
++ 0x7a, 0xde, 0xbe, 0x0e, 0xa0, 0xdd, 0x74, 0x4f, 0xc6, 0x61, 0x0c, 0x13,
++ 0xfd, 0x5e, 0x63, 0x67, 0xec, 0x23, 0xfa, 0xf4, 0xb8, 0xe6, 0x1b, 0x9a,
++ 0x61, 0xcd, 0xad, 0x7f, 0xe1, 0x86, 0x55, 0x8e, 0xcb, 0xc6, 0x13, 0x4a,
++ 0xc6, 0x78, 0x85, 0x2e, 0x91, 0x42, 0x2d, 0x3e, 0x79, 0x68, 0xc5, 0xbe,
++ 0x37, 0x8b, 0x84, 0x89, 0x80, 0x64, 0xef, 0xbc, 0xf0, 0xb7, 0x64, 0x7c,
++ 0x69, 0xe0, 0xee, 0xd9, 0x7a, 0x12, 0x15, 0x7d, 0x2e, 0x33, 0x12, 0x95,
++ 0x9c, 0xe8, 0x9c, 0xa4, 0x7d, 0x3b, 0x27, 0xab, 0xd1, 0x90, 0x61, 0x9c,
++ 0x17, 0x42, 0xb3, 0x98, 0xc9, 0x42, 0x9e, 0x38, 0x11, 0x8a, 0x76, 0x36,
++ 0x42, 0x94, 0x70, 0x27, 0xe6, 0x63, 0x1d, 0xe7, 0x8c, 0x98, 0x1d, 0x80,
++ 0xff, 0x4f, 0x0b, 0x32, 0x8e, 0x7a, 0x18, 0x86, 0x4e, 0x91, 0xa0, 0x42,
++ 0xb6, 0x6e, 0xf2, 0xfb, 0xc8, 0x12, 0xb4, 0xbd, 0x1e, 0x6b, 0x72, 0x21,
++ 0x36, 0x43, 0x82, 0x03, 0x53, 0xc1, 0x0e, 0xfe, 0x2f, 0x6c, 0x81, 0xb0,
++ 0x10, 0x4d, 0x2e, 0x35, 0x7f, 0x29, 0x86, 0x82, 0xc9, 0x0d, 0xd0, 0xed,
++ 0xfd, 0x00, 0x97, 0xc2, 0x44, 0xf0, 0x2b, 0x33, 0x3f, 0x71, 0xf3, 0x4c,
++ 0xa6, 0xd9, 0xe9, 0x78, 0x67, 0x79, 0xef, 0x82, 0x86, 0xab, 0xa1, 0x66,
++ 0xfe, 0x03, 0x1e, 0x73, 0x88, 0x9a, 0x3f, 0xa8, 0xc7, 0x5b, 0x92, 0x00,
++ 0xf1, 0x93, 0x23, 0xf3, 0xe8, 0xab, 0x87, 0x07, 0x78, 0x89, 0x62, 0xbc,
++ 0x96, 0xc3, 0x87, 0xd8, 0x8c, 0xb5, 0x6b, 0xa2, 0x19, 0xa3, 0x26, 0x5e,
++ 0x62, 0xe3, 0x12, 0x7c, 0x3e, 0x3d, 0x30, 0xff, 0x39, 0x4a, 0x90, 0xe6,
++ 0xe8, 0x9d, 0x69, 0xae, 0xbb, 0xbb, 0x5e, 0xc3, 0x6c, 0x5e, 0xc7, 0x2f,
++ 0x79, 0x72, 0x90, 0x00, 0xec, 0xda, 0x23, 0xfb, 0x8e, 0x28, 0xb8, 0x1c,
++ 0xb5, 0x63, 0xf5, 0x76, 0xc8, 0x6b, 0xe2, 0x69, 0xe6, 0xc7, 0x25, 0xec,
++ 0x08, 0xf8, 0x69, 0xb3, 0x1b, 0x3b, 0xf1, 0x0b, 0x09, 0xde, 0xe9, 0x2a,
++ 0x25, 0x0e, 0x30, 0xaa, 0x44, 0x0d, 0x34, 0xc2, 0xcf, 0xae, 0xe2, 0xdb,
++ 0xb1, 0x3f, 0x39, 0x05, 0x44, 0xc8, 0x12, 0x47, 0x9c, 0xd9, 0x79, 0x5b,
++ 0x09, 0x47, 0x28, 0x5a, 0x69, 0xf5, 0x61, 0xd6, 0x75, 0x46, 0x93, 0x8b,
++ 0xde, 0x83, 0xe9, 0x0a, 0xc0, 0x24, 0xf0, 0x4b, 0xa0, 0x8b, 0x6b, 0x1d,
++ 0x92, 0x74, 0x45, 0xfe, 0xd1, 0x8c, 0x5e, 0xa9, 0x2e, 0xf1, 0x10, 0xe7,
++ 0x3e, 0x37, 0x88, 0x1c, 0x38, 0x32, 0x62, 0x0a, 0xf9, 0x94, 0x63, 0x33,
++ 0x7e, 0x68, 0x91, 0x02, 0x40, 0x40, 0x63, 0x62, 0xba, 0xfa, 0xee, 0x58,
++ 0x20, 0x25, 0x89, 0x7d, 0x6d, 0xea, 0x9b, 0x66, 0x98, 0xd5, 0xeb, 0x8e,
++ 0x8c, 0x03, 0xce, 0x84, 0xcd, 0x8b, 0x50, 0x7f, 0x0f, 0x37, 0x9f, 0x9a,
++ 0x2d, 0x73, 0x38, 0x42, 0xcc, 0x18, 0x6a, 0x4a, 0x62, 0xf8, 0x1b, 0x1a,
++ 0xd0, 0xf6, 0xa3, 0x31, 0x9e, 0x07, 0xe7, 0xe2, 0xcf, 0x3e, 0x34, 0x12,
++ 0xb2, 0x49, 0x98, 0x1b, 0x1c, 0x58, 0xcc, 0xb6, 0x1b, 0xfa, 0xe7, 0xb2,
++ 0x25, 0xf7, 0xd3, 0x7f, 0xb5, 0x55, 0x55, 0x5b, 0x14, 0xf6, 0x9c, 0x40,
++ 0x0f, 0xac, 0x1a, 0xc4, 0x1f, 0x80, 0x8e, 0x64, 0x11, 0xa4, 0x1b, 0xd3,
++ 0xe9, 0x58, 0xd8, 0xf7, 0x22, 0x2c, 0x85, 0x7d, 0x82, 0xec, 0xf0, 0xad,
++ 0xa9, 0x9a, 0x4e, 0xcc, 0x98, 0x14, 0x54, 0x9d, 0xc7, 0x0d, 0xd6, 0x45,
++ 0x48, 0x48, 0xe4, 0xb8, 0xc5, 0x75, 0x5c, 0x88, 0xea, 0xb3, 0xc3, 0xa7,
++ 0xed, 0x93, 0xa7, 0xbf, 0xdc, 0x2a, 0x3f, 0xaf, 0x0c, 0x04, 0x7b, 0xf9,
++ 0x8e, 0x01, 0x1d, 0x02, 0x6f, 0x66, 0x08, 0x03, 0x3f, 0x0a, 0xe1, 0x92,
++ 0x06, 0x6f, 0x86, 0xfc, 0x43, 0x60, 0x26, 0x55, 0x87, 0xba, 0x82, 0x5f,
++ 0x79, 0xc8, 0x14, 0x68, 0x91, 0x0b, 0xcb, 0x66, 0x14, 0x88, 0x84, 0xd3,
++ 0xa9, 0xa1, 0x75, 0x48, 0xa8, 0xd7, 0xaa, 0xd0, 0x81, 0xb3, 0xbc, 0x31,
++ 0xd9, 0xd8, 0x07, 0xac, 0xae, 0x9b, 0xf3, 0x98, 0x45, 0xe5, 0x50, 0x22,
++ 0x89, 0x3d, 0x52, 0x84, 0xfd, 0xd3, 0x4c, 0xee, 0xfb, 0xf4, 0x98, 0x2d,
++ 0x61, 0x4e, 0x86, 0xef, 0x9c, 0xcc, 0x92, 0x86, 0xd9, 0x2b, 0xdb, 0x3c,
++ 0x01, 0x18, 0x7c, 0x43, 0x6f, 0x3c, 0xda, 0x5f, 0x1f, 0x29, 0xff, 0xba,
++ 0x07, 0xa6, 0x98, 0x16, 0xf3, 0x2b, 0xa5, 0x2b, 0xa9, 0x9d, 0x05, 0x8c,
++ 0xc3, 0x55, 0xc8, 0x72, 0x99, 0xc2, 0x29, 0xbd, 0x0b, 0xe2, 0xf8, 0xc6,
++ 0x61, 0xf2, 0x08, 0xa9, 0x95, 0xda, 0xda, 0x47, 0x73, 0x69, 0x02, 0x21,
++ 0xad, 0xb5, 0x18, 0x63, 0xe5, 0x57, 0xc8, 0xe0, 0x3b, 0x21, 0xc3, 0x32,
++ 0xf7, 0x66, 0xc1, 0x5f, 0x51, 0x6c, 0x16, 0xd6, 0xf5, 0xda, 0x8d, 0x5a,
++ 0xdf, 0xd0, 0xf3, 0xc9, 0xa8, 0x0a, 0x84, 0x13, 0x93, 0x9e, 0x66, 0x29,
++ 0xc1, 0x33, 0xea, 0x79, 0x06, 0x93, 0x30, 0x43, 0x82, 0x97, 0x55, 0x31,
++ 0x2a, 0xe6, 0x4d, 0x77, 0x16, 0x10, 0x11, 0x8a, 0x7d, 0x2e, 0x14, 0xa0,
++ 0xf0, 0xc4, 0xc1, 0x8c, 0xe0, 0x9b, 0x46, 0x52, 0x48, 0xfb, 0x20, 0x1b,
++ 0xb8, 0x15, 0x06, 0xc1, 0x5d, 0xab, 0x37, 0x11, 0x9a, 0x5c, 0xb7, 0x19,
++};
++
++/* q=(p-1)/2 for prime prime_safe_8192 */
++static const unsigned char sub2_prime_safe_8192[] = {
++ 0x4d, 0xd3, 0xcd, 0xd1, 0x43, 0x2a, 0x73, 0xcc, 0x88, 0xad, 0x9a, 0xc0,
++ 0xea, 0xbd, 0x45, 0x37, 0x26, 0xa6, 0xb0, 0xae, 0xe9, 0xe7, 0x86, 0x32,
++ 0xbf, 0x6d, 0x6c, 0x67, 0x14, 0x56, 0x50, 0x1c, 0x40, 0xf7, 0x50, 0x8a,
++ 0x12, 0x90, 0xb3, 0xb3, 0x1d, 0x36, 0x07, 0xc0, 0x1e, 0xc4, 0xbc, 0xff,
++ 0x38, 0xa1, 0xab, 0xe1, 0xd4, 0xaa, 0x0f, 0x10, 0x45, 0x77, 0x07, 0xd3,
++ 0x45, 0xc4, 0x40, 0x9e, 0xf4, 0x2e, 0x20, 0x23, 0x82, 0xef, 0xec, 0x36,
++ 0xcc, 0x32, 0x8b, 0x54, 0xfc, 0xe2, 0x46, 0x01, 0x5d, 0x57, 0x35, 0x9b,
++ 0x3b, 0x64, 0xfd, 0x47, 0x68, 0x6b, 0xcd, 0x1e, 0x65, 0xe8, 0xa2, 0x04,
++ 0xeb, 0xa7, 0x94, 0x28, 0xca, 0x49, 0x2d, 0x81, 0x59, 0x5e, 0xbc, 0x69,
++ 0xe1, 0x3b, 0x01, 0x8a, 0x8b, 0x85, 0xaa, 0x84, 0x01, 0x21, 0x4f, 0x13,
++ 0x2b, 0x19, 0xb9, 0x73, 0x5e, 0x87, 0x7c, 0x9e, 0x96, 0x59, 0xc5, 0x26,
++ 0x33, 0x8b, 0xfe, 0xf4, 0x81, 0xd6, 0xc6, 0x1a, 0x42, 0x72, 0xc1, 0xef,
++ 0xce, 0x02, 0x49, 0x81, 0x93, 0x0c, 0xe0, 0xf8, 0x92, 0x34, 0x7b, 0x2a,
++ 0x4b, 0x67, 0x1c, 0x28, 0xde, 0xb6, 0x1e, 0xce, 0x06, 0x6c, 0x37, 0x09,
++ 0xa6, 0x45, 0xfb, 0x1a, 0x57, 0x6c, 0x42, 0x8e, 0x8e, 0xc7, 0x61, 0x56,
++ 0xd5, 0xd1, 0x62, 0xa0, 0x3b, 0x3f, 0x97, 0x97, 0x1c, 0x7a, 0x35, 0x1c,
++ 0x99, 0x9e, 0x8b, 0xe7, 0x0f, 0xf4, 0xe1, 0xc6, 0xcf, 0x72, 0xdf, 0x6b,
++ 0x56, 0xcd, 0x11, 0xec, 0x03, 0x79, 0xbe, 0x1c, 0xea, 0xd7, 0x2b, 0xdb,
++ 0x72, 0xe1, 0xcd, 0x45, 0x46, 0x37, 0x69, 0xe0, 0x8d, 0x32, 0x09, 0x00,
++ 0x0c, 0x29, 0xe5, 0x19, 0x44, 0x47, 0x60, 0x2f, 0x96, 0xd9, 0x1e, 0x8a,
++ 0x0d, 0xac, 0x2e, 0x10, 0x74, 0x29, 0x72, 0x94, 0x20, 0xde, 0x4f, 0x04,
++ 0x14, 0xd5, 0xd2, 0xa1, 0xcc, 0x87, 0x6b, 0x95, 0x5c, 0xdc, 0x32, 0x4e,
++ 0xc1, 0xf1, 0x8d, 0x13, 0x2c, 0xb2, 0xf9, 0x06, 0x64, 0xe2, 0xc7, 0x86,
++ 0xe7, 0xd0, 0x8c, 0x7e, 0x45, 0xbb, 0xf4, 0xf0, 0x8c, 0xbd, 0x81, 0xea,
++ 0x1b, 0xc6, 0xae, 0x9b, 0x95, 0xd6, 0xac, 0x2f, 0x39, 0xb9, 0x67, 0x42,
++ 0x72, 0xe4, 0xba, 0x8e, 0xf9, 0xac, 0x21, 0x3b, 0xff, 0x29, 0xd0, 0x61,
++ 0x33, 0x10, 0xd7, 0xf1, 0x30, 0xe9, 0x42, 0x59, 0x81, 0xa6, 0xec, 0x3e,
++ 0xc2, 0xf0, 0xd4, 0x50, 0x24, 0x2e, 0x8d, 0x54, 0xd6, 0x60, 0xb4, 0x92,
++ 0x63, 0x7d, 0x5a, 0x91, 0x1f, 0x51, 0xc6, 0x9a, 0x94, 0xe7, 0xcd, 0x72,
++ 0xc2, 0x1d, 0x85, 0x93, 0x9b, 0x3f, 0x4e, 0xd3, 0x58, 0x22, 0xb0, 0x21,
++ 0x0f, 0x25, 0x92, 0x68, 0x9b, 0x45, 0xb8, 0x68, 0xca, 0xaa, 0x0a, 0x5c,
++ 0xa3, 0x9e, 0xc6, 0xf2, 0x2f, 0xc0, 0x8d, 0x10, 0x8b, 0x8b, 0xdf, 0xc9,
++ 0x11, 0x26, 0x3b, 0x98, 0x6e, 0x4e, 0x42, 0x73, 0x34, 0x66, 0x6b, 0x08,
++ 0x82, 0x7f, 0xb8, 0xc3, 0x59, 0xd4, 0xcd, 0x89, 0xca, 0x9a, 0xfe, 0xb4,
++ 0x14, 0x4d, 0xb7, 0xae, 0x7b, 0xb3, 0x54, 0x37, 0xc4, 0x87, 0xc9, 0x6f,
++ 0xa9, 0x12, 0x1f, 0xed, 0x97, 0xa0, 0x09, 0x19, 0x52, 0x7f, 0x97, 0x25,
++ 0xdc, 0x50, 0x73, 0xe4, 0xe5, 0xcc, 0x09, 0xfc, 0xe9, 0x7d, 0x41, 0x34,
++ 0x59, 0x47, 0xe9, 0x8b, 0xc6, 0x49, 0xfa, 0xc0, 0x72, 0x2d, 0x19, 0x8d,
++ 0xb5, 0x6c, 0x5f, 0x9b, 0xd3, 0xf0, 0xb1, 0x8e, 0xb5, 0x61, 0xfd, 0x50,
++ 0x97, 0xe0, 0xb9, 0x2a, 0xea, 0xf1, 0x33, 0x9d, 0xb5, 0x9d, 0x54, 0x58,
++ 0x2a, 0x02, 0x0e, 0xdd, 0xe0, 0xf2, 0x9d, 0x29, 0x58, 0xb3, 0x85, 0x89,
++ 0x1f, 0x66, 0xd4, 0xcd, 0x07, 0x5d, 0xd1, 0xba, 0xb6, 0xb7, 0xbb, 0xba,
++ 0x32, 0x71, 0x8b, 0x46, 0x52, 0xdd, 0x76, 0x28, 0xb9, 0xe7, 0x25, 0xf3,
++ 0x37, 0x9e, 0x8a, 0xab, 0x21, 0xf0, 0x8b, 0xbb, 0xb3, 0x55, 0xee, 0x4e,
++ 0xcd, 0x88, 0x2e, 0xe2, 0x74, 0x8f, 0x55, 0x16, 0x8a, 0xdd, 0xe2, 0x04,
++ 0xa3, 0x18, 0x70, 0xdc, 0x49, 0x4a, 0x2f, 0xdb, 0xf3, 0xbf, 0x4b, 0xa1,
++ 0xe0, 0x24, 0x2d, 0xd7, 0xf5, 0x3a, 0x57, 0x46, 0x3c, 0xb5, 0xb3, 0x41,
++ 0xb1, 0x44, 0x0b, 0xd2, 0x2b, 0x2e, 0xac, 0x7d, 0xb6, 0x1c, 0x2b, 0xa6,
++ 0xf7, 0xeb, 0x9b, 0x22, 0x1c, 0xad, 0xd5, 0xca, 0x72, 0x04, 0x18, 0x69,
++ 0x96, 0x2c, 0xd0, 0x19, 0x71, 0x38, 0xcc, 0xf6, 0x33, 0x2f, 0x7b, 0xf1,
++ 0x4e, 0x0c, 0xb4, 0xb9, 0x37, 0xed, 0x9f, 0x66, 0x0c, 0xad, 0x7e, 0xd6,
++ 0xeb, 0x37, 0x4e, 0x83, 0xe0, 0x32, 0x80, 0xba, 0xee, 0x9b, 0x8d, 0xce,
++ 0x2f, 0x49, 0x99, 0x7c, 0x3f, 0x32, 0xea, 0xda, 0x8a, 0x9a, 0xd6, 0x82,
++ 0xda, 0xe9, 0x12, 0xe3, 0xb8, 0xad, 0x72, 0x5b, 0xac, 0x35, 0x61, 0xad,
++ 0x6c, 0xea, 0x77, 0x19, 0x5a, 0x85, 0xad, 0x95, 0x66, 0xc0, 0x67, 0x6a,
++ 0x16, 0xe4, 0x84, 0xca, 0x7a, 0xf9, 0x3e, 0x57, 0xdd, 0x2d, 0x69, 0xee,
++ 0x66, 0xeb, 0xfb, 0xf5, 0x21, 0x71, 0x61, 0x1a, 0x10, 0xdc, 0x8a, 0x92,
++ 0x74, 0x19, 0x35, 0xb7, 0xd8, 0x76, 0xbb, 0x2f, 0x22, 0xdf, 0x81, 0x51,
++ 0x5c, 0x1e, 0x52, 0xfa, 0xba, 0x71, 0x8c, 0x44, 0x90, 0xa7, 0x53, 0x04,
++ 0x51, 0xd2, 0xc9, 0xb4, 0xa4, 0x4b, 0x5e, 0xa3, 0xe9, 0xf5, 0xb3, 0x94,
++ 0xd4, 0x5d, 0xdf, 0x3c, 0x02, 0xfd, 0x23, 0x44, 0xa7, 0x06, 0x71, 0x36,
++ 0x5d, 0xf2, 0xfc, 0x5d, 0x72, 0xae, 0x94, 0xf3, 0xee, 0xb8, 0xbf, 0x4a,
++ 0x6b, 0xab, 0x06, 0x1e, 0x6f, 0x2f, 0xde, 0x6e, 0x07, 0xc7, 0x6b, 0x37,
++ 0x85, 0x03, 0xdc, 0x03, 0x92, 0x31, 0x26, 0x76, 0xa2, 0xa7, 0x86, 0xcf,
++ 0x97, 0x41, 0xb5, 0x75, 0xde, 0x7f, 0xd4, 0xf9, 0x39, 0xd9, 0xad, 0xd5,
++ 0x56, 0x76, 0xd6, 0x44, 0x51, 0x06, 0xc6, 0xc7, 0xda, 0x7b, 0xb9, 0x8f,
++ 0x60, 0x17, 0x69, 0xa2, 0x8a, 0xa5, 0xa5, 0x73, 0xea, 0x77, 0xd8, 0xe3,
++ 0x69, 0xc7, 0xfc, 0x12, 0x09, 0x19, 0x9f, 0x47, 0x4a, 0xde, 0x40, 0xda,
++ 0x6a, 0x68, 0x89, 0xde, 0x3f, 0x12, 0xda, 0x2d, 0xff, 0x8a, 0xdd, 0x7c,
++ 0x4d, 0x76, 0x3c, 0x72, 0x31, 0xe3, 0x93, 0x6a, 0xc4, 0x9e, 0xb1, 0xad,
++ 0xbe, 0x43, 0x31, 0x9a, 0x03, 0x14, 0x11, 0x84, 0x7f, 0xb6, 0xde, 0xf0,
++ 0x3a, 0xd9, 0xb8, 0x89, 0x13, 0x31, 0xe5, 0x49, 0x9b, 0x43, 0x75, 0xfb,
++ 0xa4, 0x68, 0xcb, 0x7a, 0x01, 0x1f, 0x2e, 0xb4, 0xba, 0xaf, 0x4a, 0xf7,
++ 0x19, 0x5c, 0xdd, 0x2a, 0xe2, 0xa1, 0x3a, 0x00, 0x70, 0x87, 0x8b, 0x02,
++ 0xb1, 0x1e, 0x2c, 0x65, 0xf0, 0x6a, 0x54, 0xf2, 0x8d, 0x1d, 0xc2, 0x3f,
++ 0x0c, 0xc3, 0xd6, 0xb3, 0xe6, 0xcd, 0xcb, 0xd8, 0x19, 0x6b, 0xdc, 0x0f,
++ 0x4b, 0x34, 0xba, 0x87, 0xb0, 0xb4, 0xd9, 0xe4, 0xe7, 0x39, 0xbe, 0x2f,
++ 0xea, 0x84, 0x6f, 0xea, 0x03, 0xba, 0xb0, 0x6b, 0xa8, 0x29, 0x73, 0xae,
++ 0x37, 0x82, 0x2c, 0xb2, 0xde, 0xb8, 0x4c, 0x8a, 0xfc, 0xde, 0x1a, 0x3c,
++ 0x35, 0x32, 0x56, 0x2f, 0x83, 0xe1, 0x44, 0xc4, 0x7f, 0x08, 0xbd, 0x7b,
++ 0x9e, 0xdf, 0x41, 0xff, 0xf5, 0x8e, 0xa9, 0x5f, 0x6a, 0x04, 0xb8, 0x87,
++ 0xbe, 0x4a, 0x8c, 0xf9, 0x25, 0xfa, 0xa2, 0x31, 0xf9, 0x76, 0x1f, 0xfc,
++ 0xf2, 0x7d, 0xdf, 0x12, 0x59, 0x0c, 0x29, 0xe7, 0x0b, 0x20, 0x0f, 0x13,
++ 0xb1, 0x4c, 0xc9, 0xe4, 0xa4, 0xc7, 0xcc, 0x06, 0xec, 0x39, 0xb2, 0xcc,
++ 0xd6, 0x7f, 0xff, 0x11, 0x35, 0x68, 0xfd, 0xd0, 0xf2, 0x73, 0xd5, 0x9e,
++ 0x39, 0x08, 0x56, 0x39,
++};
++
++/* q=(p-1)/2 for prime prime_weak_1024 */
++static const unsigned char sub2_prime_weak_1024[] = {
++ 0x72, 0x41, 0x04, 0xa5, 0x35, 0xdf, 0x4d, 0xa8, 0x88, 0xd0, 0x3a, 0x12,
++ 0xff, 0xa8, 0x0e, 0x05, 0x6b, 0x68, 0x5e, 0x69, 0x92, 0x44, 0xba, 0xba,
++ 0x59, 0xeb, 0x35, 0xfa, 0x63, 0xaf, 0xb5, 0x76, 0x0f, 0x1d, 0x10, 0x01,
++ 0x0b, 0x3a, 0xe6, 0x22, 0x25, 0x5f, 0xad, 0xac, 0x56, 0xff, 0x58, 0x0c,
++ 0x35, 0x1c, 0x45, 0xe5, 0xed, 0xe8, 0xbb, 0xa1, 0x71, 0xd1, 0xc3, 0xc5,
++ 0x4c, 0x97, 0x08, 0xec, 0x64, 0x81, 0x42, 0x0e, 0xe9, 0x33, 0x94, 0x5e,
++ 0xc7, 0xfd, 0xab, 0x79, 0x31, 0xc5, 0x16, 0x3e, 0x1c, 0x77, 0xd1, 0x06,
++ 0x35, 0x1b, 0x68, 0x4c, 0x89, 0xa3, 0xa4, 0x20, 0x72, 0xe6, 0xed, 0x82,
++ 0x26, 0x51, 0x09, 0x1f, 0x8d, 0x4d, 0xcd, 0x07, 0x5c, 0x34, 0x3e, 0x80,
++ 0xde, 0x0b, 0x37, 0xa8, 0xb2, 0x0e, 0xd5, 0x90, 0xba, 0xa4, 0x89, 0x1b,
++ 0x56, 0x32, 0xc5, 0xfc, 0x43, 0xec, 0xd7, 0xe8,
++};
++
++/* q=(p-1)/2 for prime prime_weak_2048 */
++static const unsigned char sub2_prime_weak_2048[] = {
++ 0x5a, 0x84, 0x41, 0xb5, 0x11, 0x1c, 0xef, 0x81, 0x7f, 0x39, 0xb5, 0xfd,
++ 0x86, 0xa7, 0x56, 0xa5, 0x87, 0xfe, 0xd9, 0x13, 0xf3, 0xe9, 0x1a, 0xea,
++ 0x41, 0xf9, 0x5e, 0x14, 0xff, 0xa8, 0x7b, 0xb5, 0xdb, 0xca, 0x1c, 0x7f,
++ 0xee, 0x3c, 0xb3, 0xcd, 0x40, 0x45, 0xe1, 0x10, 0x27, 0x29, 0x81, 0x15,
++ 0x03, 0xf6, 0x54, 0xde, 0x91, 0x68, 0xdd, 0x1a, 0x98, 0x88, 0x10, 0xdb,
++ 0x27, 0xf0, 0xca, 0x05, 0xd8, 0x59, 0x9b, 0x90, 0x06, 0xb5, 0x6a, 0x48,
++ 0xae, 0x42, 0xf4, 0xd7, 0x45, 0x79, 0x4a, 0x73, 0xa2, 0x7a, 0xe6, 0x02,
++ 0x41, 0x2b, 0xc0, 0x90, 0xc1, 0x8c, 0x24, 0x16, 0xf1, 0x8e, 0x50, 0xbf,
++ 0xf7, 0x08, 0x5c, 0xf4, 0x20, 0x7e, 0x6d, 0x21, 0xbe, 0x8c, 0x72, 0x34,
++ 0x4f, 0xf6, 0xaf, 0x61, 0x8f, 0xc0, 0x77, 0xae, 0x12, 0x2f, 0x34, 0x56,
++ 0x4c, 0xce, 0x3a, 0x4b, 0x2d, 0xd9, 0xf3, 0xd9, 0x32, 0xbc, 0x7d, 0x9e,
++ 0x08, 0x80, 0x02, 0x25, 0xcc, 0x07, 0x45, 0x3d, 0x9c, 0x04, 0x1a, 0x5c,
++ 0xb6, 0x84, 0x32, 0x8b, 0xc8, 0xa4, 0xb1, 0x23, 0xb2, 0x55, 0xe3, 0x68,
++ 0x79, 0x67, 0xc4, 0x83, 0xf5, 0xd1, 0xae, 0xf9, 0xd1, 0x7d, 0xee, 0xbd,
++ 0x9f, 0x3f, 0x51, 0x6b, 0x8d, 0x21, 0x56, 0xba, 0x5e, 0xdd, 0xe7, 0x90,
++ 0xc8, 0xe9, 0x35, 0x8e, 0xce, 0xd4, 0x02, 0xc4, 0x27, 0xd8, 0xa2, 0xd1,
++ 0x43, 0x48, 0x09, 0x7e, 0xe5, 0x92, 0xf0, 0x89, 0x04, 0x23, 0x8e, 0xc1,
++ 0x96, 0x8a, 0x21, 0x10, 0x04, 0x18, 0xaa, 0x16, 0x4d, 0xa4, 0xfb, 0x5b,
++ 0x16, 0x92, 0xf5, 0x14, 0x5f, 0x89, 0x95, 0xe9, 0xa2, 0xc6, 0x81, 0x4f,
++ 0xd2, 0xd5, 0x75, 0xe0, 0x24, 0x68, 0x83, 0x73, 0x0f, 0x50, 0x1f, 0x02,
++ 0x10, 0x3c, 0xbe, 0x68, 0xe8, 0x56, 0x30, 0xc4, 0xb6, 0x1d, 0xc4, 0x51,
++ 0xaa, 0x36, 0x40, 0x2c,
++};
++
++/* q=(p-1)/2 for prime prime_weak_3072 */
++static const unsigned char sub2_prime_weak_3072[] = {
++ 0x4a, 0x19, 0x63, 0xa3, 0xa8, 0xd1, 0x81, 0xcd, 0xf9, 0x28, 0xae, 0x34,
++ 0xd7, 0x82, 0x9e, 0x3b, 0x31, 0x51, 0x76, 0x2d, 0x66, 0x6f, 0xc0, 0x79,
++ 0x96, 0xe7, 0x52, 0xd2, 0xcf, 0x16, 0xd5, 0xaf, 0xc8, 0xde, 0xc9, 0xb0,
++ 0xeb, 0xbd, 0xb8, 0xb7, 0xf9, 0xc9, 0x5f, 0xd4, 0x7e, 0x66, 0x80, 0x7a,
++ 0xa4, 0x84, 0x00, 0x46, 0x69, 0x7f, 0x25, 0x6c, 0x15, 0xb7, 0x21, 0x60,
++ 0x6c, 0x51, 0x45, 0x95, 0x8c, 0x01, 0x56, 0xf4, 0x27, 0x22, 0x04, 0x93,
++ 0x50, 0xd0, 0xe5, 0x4c, 0xf1, 0xec, 0xcd, 0x43, 0x9e, 0x41, 0xb5, 0x0d,
++ 0x3d, 0xb0, 0x5d, 0x3c, 0x06, 0x3c, 0xa8, 0x0f, 0xef, 0x20, 0x0a, 0x2c,
++ 0x0c, 0x54, 0x95, 0xba, 0x08, 0xda, 0x32, 0xff, 0x4e, 0x81, 0xd2, 0x77,
++ 0xef, 0xba, 0x47, 0x66, 0xbd, 0xea, 0x79, 0x94, 0x3a, 0xd9, 0x18, 0xf7,
++ 0xcc, 0xb2, 0xe5, 0xad, 0x3b, 0xe5, 0x51, 0x12, 0x94, 0x57, 0x7d, 0x4f,
++ 0xf5, 0xed, 0x66, 0x1a, 0x3d, 0x90, 0xeb, 0xed, 0xaa, 0x20, 0x73, 0x17,
++ 0xed, 0xe0, 0x67, 0x6e, 0x72, 0xe4, 0x93, 0xcb, 0xcc, 0xce, 0x01, 0x27,
++ 0x92, 0x44, 0x49, 0xef, 0xd4, 0xe3, 0x9f, 0x08, 0x64, 0x55, 0x35, 0x67,
++ 0x6d, 0x23, 0x4a, 0x46, 0x56, 0x8f, 0x78, 0xe5, 0xe9, 0xe6, 0xa1, 0xa2,
++ 0x5a, 0x10, 0x48, 0xcf, 0x7b, 0x68, 0x81, 0xf7, 0xe1, 0x02, 0x7b, 0x83,
++ 0xed, 0xd6, 0x51, 0x14, 0x46, 0x3e, 0x8e, 0xae, 0x96, 0x2d, 0x7e, 0x13,
++ 0x2d, 0x85, 0xac, 0x5c, 0xcd, 0x23, 0xf4, 0xd0, 0x6f, 0xd2, 0xad, 0x79,
++ 0xf2, 0xeb, 0x75, 0xb4, 0xda, 0xa7, 0x5e, 0x38, 0xe0, 0x6b, 0x4d, 0xdc,
++ 0x20, 0x1d, 0xe2, 0xb9, 0x2e, 0xa6, 0x8d, 0x8b, 0x9e, 0x9b, 0x52, 0x58,
++ 0x8a, 0xd3, 0xcd, 0x39, 0x75, 0xf9, 0x4f, 0x20, 0x68, 0xde, 0x1a, 0xe3,
++ 0xe8, 0x8d, 0x47, 0x8e, 0x15, 0xaf, 0x6c, 0x59, 0x9d, 0xa2, 0x57, 0x7a,
++ 0xc0, 0xe8, 0x45, 0x1b, 0xd5, 0xdd, 0x11, 0x5e, 0x16, 0xc4, 0x17, 0x92,
++ 0x5d, 0xd8, 0x0d, 0x54, 0xaf, 0x83, 0x88, 0x36, 0xe3, 0x5d, 0x9e, 0x51,
++ 0x33, 0x7c, 0xdc, 0xca, 0xeb, 0x2f, 0x46, 0x67, 0x02, 0x6e, 0x59, 0xa6,
++ 0x5e, 0x74, 0xe2, 0xe5, 0x8c, 0xcb, 0xf1, 0x50, 0x84, 0x9c, 0x6b, 0xc1,
++ 0x53, 0x5f, 0xe4, 0x8a, 0x92, 0xf8, 0x96, 0x3b, 0xfe, 0x5e, 0xfd, 0x3f,
++ 0xc9, 0x7f, 0x6b, 0x18, 0x81, 0x91, 0x96, 0x8b, 0x97, 0xa8, 0xcf, 0x2e,
++ 0x58, 0xb4, 0x60, 0x1f, 0xa1, 0x4c, 0x80, 0x2a, 0x99, 0xb4, 0x6b, 0xf7,
++ 0x28, 0xbe, 0x9f, 0x01, 0xa7, 0x81, 0x2f, 0x93, 0xee, 0x8b, 0x8c, 0x36,
++ 0x0f, 0x4e, 0xc8, 0xb2, 0xfc, 0x6b, 0xd3, 0x4f, 0xd0, 0xdd, 0x54, 0x3b,
++ 0x72, 0x6c, 0x7a, 0x2c, 0xc8, 0x0b, 0x33, 0xc4, 0x61, 0x54, 0xf2, 0x16,
++};
++
++/* q=(p-1)/2 for prime prime_weak_4096 */
++static const unsigned char sub2_prime_weak_4096[] = {
++ 0x7f, 0xa8, 0x69, 0xe6, 0x44, 0x8b, 0xaf, 0x5b, 0x7c, 0x51, 0xd8, 0x71,
++ 0x7c, 0xcf, 0x8b, 0xd0, 0xc9, 0x2b, 0x0a, 0x89, 0x89, 0x4f, 0x8c, 0x6e,
++ 0x03, 0x80, 0x61, 0x24, 0xe4, 0xec, 0xea, 0x05, 0x71, 0xeb, 0xfb, 0x30,
++ 0x10, 0xd4, 0xbd, 0xe0, 0x07, 0x87, 0x57, 0x1f, 0x3b, 0xbb, 0xa4, 0x6c,
++ 0x7e, 0xa1, 0x76, 0x5a, 0xd7, 0x00, 0x55, 0xe7, 0x68, 0x88, 0xe5, 0x69,
++ 0x32, 0x2d, 0x51, 0xb5, 0xdd, 0x68, 0xc9, 0xf5, 0x6d, 0x69, 0x50, 0x30,
++ 0x1c, 0x85, 0x9a, 0x27, 0x86, 0x78, 0xd8, 0x29, 0x3a, 0xa8, 0x9e, 0x94,
++ 0x01, 0x5a, 0xde, 0xa1, 0x4c, 0x10, 0x53, 0xa1, 0x5c, 0x90, 0xcd, 0x57,
++ 0x5b, 0x20, 0xbd, 0xb8, 0x71, 0xec, 0xd7, 0xc0, 0x8d, 0x60, 0x9c, 0xce,
++ 0x29, 0x2b, 0x65, 0x86, 0xb5, 0x33, 0xb7, 0x9e, 0x89, 0x3b, 0x39, 0xa9,
++ 0xca, 0x96, 0xe0, 0x82, 0x6d, 0xc1, 0xf2, 0x68, 0x5f, 0x16, 0xd3, 0x3d,
++ 0x07, 0xc0, 0x0d, 0xe8, 0x0b, 0x0a, 0x1d, 0x70, 0x24, 0x7d, 0x7a, 0xa2,
++ 0x54, 0x70, 0x5f, 0xcc, 0x70, 0xab, 0x75, 0x3b, 0x5b, 0x71, 0x51, 0xad,
++ 0x8a, 0xbc, 0x88, 0x58, 0x20, 0xee, 0x14, 0x87, 0x8f, 0x1b, 0xb4, 0xe6,
++ 0x89, 0xdf, 0x16, 0xf0, 0x39, 0x9c, 0x34, 0x76, 0xa8, 0x35, 0x68, 0x7d,
++ 0xe5, 0x8b, 0x9d, 0x2c, 0xfd, 0xf6, 0x5d, 0x3a, 0xdb, 0x27, 0x17, 0xb7,
++ 0x4b, 0xcc, 0x07, 0x3c, 0x92, 0xee, 0xec, 0x7a, 0x9a, 0x5a, 0x50, 0x3f,
++ 0x5d, 0x34, 0x3e, 0x27, 0xfd, 0xf0, 0x4b, 0xa3, 0x28, 0x0f, 0x25, 0x2c,
++ 0xce, 0x6e, 0x1a, 0x71, 0x15, 0x5a, 0xe4, 0x2c, 0x4a, 0x24, 0x4f, 0xdc,
++ 0x1b, 0x65, 0xe7, 0x1b, 0x58, 0xbe, 0x72, 0xc6, 0xad, 0xa1, 0xeb, 0xc4,
++ 0x6f, 0xd7, 0x68, 0x64, 0xa1, 0x2f, 0x85, 0x71, 0xb1, 0x88, 0xe2, 0x86,
++ 0x40, 0x2a, 0xac, 0x6b, 0xf9, 0x28, 0xb7, 0x59, 0xbf, 0x4e, 0x8e, 0x61,
++ 0xb0, 0xac, 0xae, 0x23, 0xea, 0x4c, 0xe0, 0x33, 0xfd, 0xd9, 0x6b, 0x08,
++ 0xed, 0x49, 0x2d, 0xb5, 0xe9, 0x38, 0x5b, 0xb4, 0xb9, 0x73, 0x83, 0x6e,
++ 0xa0, 0x56, 0x40, 0xa8, 0x8e, 0xa9, 0x3d, 0x22, 0x9c, 0x44, 0x93, 0x96,
++ 0x62, 0x25, 0xbf, 0x2f, 0x3c, 0xf7, 0xc2, 0x35, 0x12, 0x26, 0xce, 0x4f,
++ 0x65, 0x3a, 0xae, 0x03, 0x36, 0xe8, 0x29, 0x74, 0xed, 0x4f, 0xa3, 0x5b,
++ 0x31, 0x0e, 0xd9, 0xec, 0xf9, 0x3e, 0xeb, 0x61, 0x3d, 0x24, 0xbe, 0x6e,
++ 0xcd, 0xd5, 0x61, 0xc2, 0x05, 0x84, 0x19, 0xdc, 0x40, 0x61, 0x89, 0x47,
++ 0xd6, 0xd6, 0x07, 0xbf, 0xd7, 0xac, 0xb0, 0x86, 0xcc, 0x60, 0xfc, 0xb4,
++ 0x61, 0x8d, 0x88, 0x04, 0x62, 0x19, 0x9e, 0x52, 0x71, 0x6a, 0xf5, 0xb8,
++ 0xae, 0x8c, 0xbf, 0x02, 0xe5, 0x4d, 0x7a, 0xdd, 0xb8, 0xaa, 0xc1, 0xce,
++ 0x12, 0xa8, 0x1a, 0xbf, 0x96, 0xf5, 0xf9, 0x06, 0xf6, 0x9e, 0x5c, 0x38,
++ 0xde, 0x84, 0x7a, 0xc4, 0xbf, 0x2f, 0x1c, 0x20, 0x6b, 0xf6, 0xbb, 0xc6,
++ 0xbd, 0x76, 0x95, 0x4f, 0xfe, 0x00, 0xfa, 0x71, 0x67, 0xed, 0x46, 0x51,
++ 0xab, 0xee, 0x0a, 0x6b, 0x50, 0xec, 0xcb, 0xdc, 0xf3, 0x7e, 0x24, 0x3a,
++ 0xa1, 0xde, 0x9d, 0xc8, 0x8b, 0x9e, 0x19, 0xe5, 0x67, 0x14, 0x84, 0x8d,
++ 0xf4, 0x4e, 0xdb, 0x3a, 0x02, 0xaf, 0x17, 0x52, 0x8e, 0xbf, 0x9d, 0x54,
++ 0x96, 0x7b, 0x26, 0xa0, 0xc8, 0x5e, 0x2b, 0x0c, 0x29, 0x01, 0x48, 0x77,
++ 0xb8, 0xff, 0x9f, 0x06, 0x7c, 0x00, 0x02, 0x03, 0xea, 0x90, 0x13, 0x6e,
++ 0xae, 0x58, 0x9b, 0x81, 0x90, 0x06, 0x5a, 0x5b, 0x1c, 0xa4, 0xa4, 0xd5,
++ 0x73, 0xcc, 0x00, 0xd1, 0x17, 0x05, 0x19, 0xc1, 0x4f, 0x5c, 0x92, 0x5b,
++ 0xc0, 0x6f, 0xe9, 0xef, 0x82, 0x72, 0x28, 0x4e,
++};
++
++/* q=(p-1)/2 for prime prime_weak_6144 */
++static const unsigned char sub2_prime_weak_6144[] = {
++ 0x51, 0x12, 0x4b, 0x5b, 0x10, 0xb4, 0x6a, 0xbf, 0x16, 0x30, 0x26, 0xe4,
++ 0x40, 0xac, 0xce, 0x0e, 0x38, 0x76, 0x12, 0x14, 0x5b, 0x29, 0x1b, 0x04,
++ 0xc3, 0xd5, 0x60, 0xad, 0xf2, 0xd3, 0x1f, 0x44, 0x2a, 0x02, 0xf1, 0x84,
++ 0x84, 0xe5, 0x36, 0xcd, 0xe2, 0x46, 0x93, 0x57, 0xeb, 0xf7, 0x4f, 0x86,
++ 0xde, 0xa2, 0x47, 0x7f, 0x66, 0xf9, 0x73, 0x6f, 0x56, 0x79, 0x01, 0x1b,
++ 0xee, 0x1a, 0xe1, 0x67, 0x66, 0xaf, 0xe2, 0xc3, 0x87, 0xcc, 0xd3, 0xed,
++ 0x87, 0x8d, 0x66, 0xbb, 0x55, 0x25, 0x52, 0x84, 0xb0, 0x30, 0x71, 0xac,
++ 0x72, 0x29, 0x03, 0x8d, 0xa1, 0x0b, 0x88, 0xa8, 0x15, 0xa0, 0x4a, 0xc6,
++ 0xa4, 0x50, 0x1a, 0x4a, 0x92, 0x9c, 0x67, 0x84, 0xca, 0x73, 0x2a, 0x83,
++ 0x45, 0x6f, 0x6e, 0x20, 0xa5, 0x6c, 0x8f, 0xc0, 0x41, 0x0e, 0xdc, 0x0f,
++ 0x42, 0x30, 0x6f, 0x76, 0xa7, 0xe0, 0x6c, 0x0e, 0xaa, 0x6d, 0x59, 0xf9,
++ 0x87, 0x2a, 0x1f, 0x8c, 0x44, 0x7f, 0x92, 0x98, 0xe3, 0x0b, 0x73, 0x38,
++ 0x7d, 0x62, 0x04, 0x7e, 0x00, 0x45, 0xfb, 0x4e, 0x94, 0xc5, 0x2c, 0xa4,
++ 0xf6, 0xae, 0x1a, 0x3d, 0x42, 0x3c, 0xa0, 0x60, 0xbf, 0x41, 0x0b, 0x9b,
++ 0x64, 0x4b, 0x5a, 0xe9, 0x7c, 0xed, 0xe0, 0x08, 0x4f, 0xfc, 0x4a, 0x9a,
++ 0xb7, 0xd8, 0x5c, 0xa4, 0x44, 0x6e, 0x78, 0x26, 0x98, 0x66, 0x8a, 0xfe,
++ 0x97, 0xdd, 0x0c, 0x66, 0x4a, 0x28, 0x1f, 0xff, 0x30, 0x1e, 0xbd, 0x23,
++ 0x77, 0xe2, 0x66, 0x8a, 0x70, 0x77, 0xcb, 0xc0, 0xd0, 0xca, 0xf1, 0xd2,
++ 0xc8, 0xcd, 0x7b, 0xcf, 0xbe, 0x7d, 0x06, 0x34, 0xdb, 0x6f, 0xed, 0xd7,
++ 0x98, 0xec, 0x54, 0x3b, 0xb5, 0x5d, 0x5d, 0x40, 0x7f, 0x9f, 0xaf, 0xc3,
++ 0x4f, 0xc0, 0x01, 0x8f, 0x68, 0x2f, 0x9b, 0xa8, 0x30, 0xfe, 0x01, 0xec,
++ 0x49, 0xd0, 0xbc, 0xb1, 0x7d, 0x49, 0x5c, 0x25, 0x33, 0x4c, 0xeb, 0xc2,
++ 0xc6, 0x87, 0x83, 0x81, 0x01, 0xc1, 0xc6, 0x10, 0x52, 0xce, 0x17, 0xfe,
++ 0x91, 0x2d, 0x78, 0x4a, 0x8f, 0x5f, 0x8b, 0xf8, 0x9d, 0x20, 0x3f, 0xe7,
++ 0x4a, 0x31, 0x2f, 0xac, 0x72, 0xf9, 0xcc, 0xc6, 0x1c, 0x47, 0x82, 0x88,
++ 0x34, 0x75, 0x20, 0xda, 0xe0, 0x37, 0xa7, 0xb1, 0xc3, 0x8e, 0xcc, 0x61,
++ 0x98, 0xb3, 0x0f, 0x4f, 0x96, 0x9e, 0x37, 0x4f, 0xd9, 0xe7, 0xc7, 0x3b,
++ 0xfa, 0x9e, 0x28, 0xad, 0x77, 0x41, 0x50, 0xe2, 0xa9, 0x90, 0x3a, 0xe8,
++ 0xd4, 0x01, 0x1b, 0xa1, 0x84, 0x0b, 0x02, 0x80, 0xf6, 0xf5, 0x78, 0xa9,
++ 0x2c, 0x10, 0x4a, 0x42, 0x82, 0x97, 0x24, 0x1f, 0xa3, 0xa4, 0xa7, 0x80,
++ 0xa2, 0x5e, 0x8f, 0x21, 0x75, 0x48, 0x48, 0x11, 0xcc, 0x82, 0xfe, 0x9b,
++ 0xa0, 0x86, 0x17, 0xe2, 0x10, 0x02, 0x4c, 0xf7, 0x07, 0xdd, 0xe1, 0x36,
++ 0x85, 0x3f, 0x92, 0x2d, 0x0b, 0xd2, 0x75, 0xce, 0x33, 0xff, 0x32, 0x06,
++ 0xf5, 0x5b, 0x90, 0x24, 0x20, 0x1d, 0x92, 0xf6, 0xa8, 0xae, 0x7e, 0x10,
++ 0x0c, 0x5b, 0x7e, 0x1f, 0x6d, 0xec, 0xd0, 0xde, 0xcf, 0x77, 0x65, 0xae,
++ 0x81, 0x7f, 0x3f, 0xa1, 0x4e, 0xe4, 0xe7, 0x7d, 0x70, 0xec, 0x79, 0x02,
++ 0xb3, 0x9a, 0xc4, 0x27, 0x6b, 0xb8, 0x4b, 0xb1, 0xda, 0x86, 0x30, 0x44,
++ 0xe0, 0x7f, 0x19, 0x6b, 0xd7, 0x25, 0xf8, 0x85, 0x57, 0x1e, 0x6f, 0x0c,
++ 0x4e, 0x0e, 0xe9, 0x6d, 0x79, 0x01, 0x46, 0xf8, 0x83, 0xeb, 0x2f, 0x5b,
++ 0xdd, 0x57, 0xc0, 0xcb, 0xf7, 0x70, 0x4e, 0xa8, 0xf9, 0x8e, 0xe0, 0xae,
++ 0xa1, 0xf1, 0x05, 0x86, 0x4e, 0x06, 0xba, 0x48, 0x90, 0x37, 0xb2, 0xf8,
++ 0xf9, 0x42, 0x01, 0x1c, 0x5a, 0xf2, 0x88, 0x10, 0xfe, 0x73, 0x61, 0xa5,
++ 0xb0, 0x24, 0xb5, 0x78, 0xea, 0xa8, 0x07, 0xb7, 0xc5, 0x8f, 0x40, 0x79,
++ 0xae, 0x94, 0xf7, 0x30, 0x55, 0x93, 0x52, 0xc6, 0x62, 0x26, 0x65, 0xd3,
++ 0x55, 0x71, 0xff, 0x68, 0xb3, 0xa4, 0x5a, 0x7d, 0x5f, 0xab, 0xff, 0x31,
++ 0x42, 0xd0, 0x56, 0x6e, 0x27, 0x38, 0x80, 0xe6, 0x09, 0x76, 0x40, 0x4a,
++ 0xaa, 0x6e, 0x0a, 0x4f, 0x10, 0x6d, 0x2d, 0x5e, 0xf7, 0x3b, 0x5f, 0x1c,
++ 0xe7, 0xde, 0xc5, 0x71, 0x87, 0x38, 0xc2, 0xf2, 0x1e, 0x31, 0x1d, 0xfc,
++ 0x37, 0x38, 0x6a, 0x6b, 0x17, 0x70, 0x2f, 0x08, 0xce, 0x99, 0xec, 0x98,
++ 0x7f, 0x9d, 0xe6, 0x15, 0x1c, 0xe2, 0x37, 0xfe, 0xe5, 0x44, 0x56, 0x94,
++ 0x51, 0x74, 0x54, 0x6b, 0xf3, 0x04, 0x06, 0xd7, 0xce, 0xec, 0x64, 0x20,
++ 0xb3, 0x42, 0x33, 0x43, 0x15, 0xc0, 0x9d, 0xb6, 0x63, 0x3b, 0x13, 0xb5,
++ 0x06, 0xcb, 0x07, 0x32, 0x9f, 0x6f, 0xfa, 0xb4, 0x02, 0x4e, 0x96, 0x93,
++ 0x45, 0xe5, 0x05, 0x3c, 0x95, 0x5a, 0x50, 0x59, 0x8c, 0x25, 0x75, 0x35,
++ 0x69, 0x0a, 0x66, 0xa3, 0xc2, 0xcf, 0xc3, 0x6b, 0xef, 0x55, 0x0f, 0x07,
++ 0x38, 0x89, 0xf6, 0x7f, 0x3e, 0x34, 0xdf, 0x91, 0x78, 0x30, 0xa8, 0x4b,
++ 0xbb, 0xe1, 0x15, 0x98, 0xc4, 0x88, 0xeb, 0x04, 0x58, 0xea, 0x67, 0x5d,
++ 0x50, 0x0b, 0x4e, 0x15, 0xc5, 0x9f, 0x0b, 0xec, 0x75, 0x70, 0xf8, 0x90,
++ 0x3f, 0x9f, 0x3b, 0x4f, 0x97, 0xa3, 0x61, 0xd7, 0xe2, 0x5d, 0x64, 0xb1,
++ 0xfb, 0xdd, 0xcc, 0x36, 0xb0, 0x0b, 0x02, 0x0a, 0x61, 0x76, 0x97, 0x61,
++ 0x80, 0x27, 0xc7, 0xce, 0xe3, 0x6c, 0xe6, 0xe0, 0xd5, 0xa7, 0x33, 0xf6,
++ 0xfc, 0x69, 0x31, 0x09, 0xfd, 0x08, 0x98, 0xdd, 0x84, 0x6e, 0xa7, 0x44,
++ 0xa5, 0x7f, 0x83, 0xc4, 0xda, 0xb6, 0x61, 0xff, 0x3b, 0x36, 0x88, 0x26,
++ 0x0f, 0x08, 0x2a, 0x91, 0x4a, 0xff, 0x04, 0xd2, 0xb7, 0x39, 0x86, 0x15,
++};
++
++/* q=(p-1)/2 for prime prime_weak_8192 */
++static const unsigned char sub2_prime_weak_8192[] = {
++ 0x49, 0xef, 0xb6, 0x9b, 0xee, 0x15, 0x52, 0x55, 0xae, 0xee, 0x39, 0xa1,
++ 0x09, 0x0c, 0x47, 0x9c, 0xa3, 0xb9, 0xfa, 0x9f, 0x5e, 0x37, 0x06, 0x95,
++ 0x34, 0x2e, 0xa9, 0xa7, 0x91, 0x46, 0x54, 0x54, 0x25, 0x56, 0x35, 0x30,
++ 0x2a, 0x65, 0x0d, 0x3a, 0xed, 0x42, 0x81, 0x2f, 0x40, 0x5d, 0xcd, 0xad,
++ 0x3a, 0x4b, 0x34, 0xe1, 0x3e, 0x42, 0x0f, 0xbb, 0x06, 0xa9, 0xf2, 0x05,
++ 0x99, 0x79, 0xa5, 0xfb, 0x49, 0x2d, 0x96, 0x4c, 0x2e, 0xd4, 0xb0, 0x6e,
++ 0x0b, 0xad, 0xfd, 0xda, 0x87, 0x1c, 0x57, 0x31, 0x8b, 0x3c, 0xd2, 0x62,
++ 0xbb, 0x3a, 0x10, 0x4b, 0xad, 0xee, 0x54, 0xc4, 0x68, 0x8a, 0x23, 0x1f,
++ 0x0e, 0xf3, 0x65, 0x5a, 0x9c, 0x2b, 0xfe, 0xf5, 0xb3, 0x15, 0x7d, 0x46,
++ 0x18, 0x03, 0xf5, 0x5a, 0x5e, 0x3c, 0x99, 0x8a, 0x6f, 0xc7, 0x8e, 0xb0,
++ 0x23, 0xe3, 0x91, 0xec, 0xbf, 0xf1, 0x8e, 0x4a, 0x54, 0xdd, 0x96, 0x8d,
++ 0x9b, 0xb2, 0x10, 0x67, 0xb4, 0x29, 0x1c, 0xec, 0xb7, 0x91, 0xa8, 0x59,
++ 0x33, 0xe4, 0x23, 0xd5, 0x1c, 0xcb, 0x69, 0x7e, 0xcd, 0xce, 0x43, 0x38,
++ 0xec, 0x3e, 0x33, 0xda, 0xbd, 0x4e, 0xa7, 0xfc, 0x47, 0x9a, 0x32, 0x65,
++ 0xed, 0xc2, 0x88, 0xcb, 0xc3, 0x7b, 0xd0, 0x8c, 0x95, 0x08, 0x3d, 0x79,
++ 0x0a, 0x8d, 0x86, 0x37, 0x32, 0x78, 0x8c, 0x29, 0xfc, 0xcd, 0x6e, 0xbe,
++ 0x06, 0xbe, 0x1e, 0x9c, 0xce, 0x51, 0xe2, 0xfc, 0x34, 0x37, 0xda, 0x1a,
++ 0xfc, 0x0e, 0xdc, 0x64, 0x55, 0xf5, 0x2c, 0x79, 0xdd, 0xbc, 0x79, 0xf1,
++ 0x53, 0x0b, 0x59, 0xa5, 0x05, 0x2b, 0x2d, 0xa2, 0x56, 0x65, 0xb3, 0x2e,
++ 0xd1, 0xb1, 0x38, 0xc8, 0x82, 0xea, 0x4b, 0xb9, 0x19, 0xbb, 0xa1, 0x98,
++ 0x9a, 0xce, 0x21, 0xdc, 0x6a, 0xc2, 0xed, 0xc7, 0x14, 0x65, 0x94, 0xcc,
++ 0x5b, 0xff, 0x35, 0x7b, 0x04, 0x44, 0xc1, 0x7e, 0x73, 0x2e, 0xb1, 0x34,
++ 0x2a, 0xd6, 0x1d, 0xce, 0xc1, 0x66, 0x83, 0x08, 0x29, 0xc9, 0x8e, 0xb3,
++ 0x35, 0x67, 0x31, 0x96, 0x24, 0x9b, 0x79, 0x86, 0x8e, 0x1f, 0x92, 0x68,
++ 0x3f, 0xd9, 0x50, 0x67, 0xbb, 0x15, 0x0b, 0x51, 0x37, 0xb5, 0xfa, 0x7f,
++ 0x5a, 0xe5, 0x4c, 0xa2, 0x3e, 0x7e, 0x1d, 0xe0, 0xf2, 0x04, 0xfa, 0xbd,
++ 0xb6, 0xb6, 0x50, 0x8a, 0x88, 0x00, 0x26, 0x3a, 0xa6, 0x95, 0x40, 0x4a,
++ 0xc8, 0x4d, 0x0a, 0xaf, 0x3b, 0x94, 0x47, 0x41, 0xa0, 0x42, 0x8f, 0x96,
++ 0xb8, 0x0b, 0xd0, 0x58, 0x3e, 0xf2, 0xfd, 0x40, 0xa8, 0xdf, 0x5a, 0x0b,
++ 0x7b, 0x2a, 0x4f, 0x87, 0x51, 0xf1, 0x0f, 0x2f, 0x4d, 0x8e, 0x6d, 0x07,
++ 0x4f, 0xc9, 0xae, 0x7a, 0x21, 0xde, 0xce, 0x0f, 0x0b, 0x33, 0xda, 0xa1,
++ 0x4a, 0x38, 0x7c, 0x3c, 0x86, 0x16, 0xa4, 0x60, 0x92, 0x62, 0xe3, 0x54,
++ 0xb2, 0x06, 0x22, 0x76, 0x4c, 0xd7, 0x5a, 0xf3, 0xe0, 0x92, 0x45, 0x36,
++ 0x68, 0xd1, 0x5f, 0xa6, 0x35, 0x85, 0xf4, 0xf8, 0x4c, 0x1e, 0xe3, 0xce,
++ 0x70, 0xc6, 0x8d, 0x6f, 0x62, 0x22, 0x21, 0xe3, 0x5f, 0x9c, 0x31, 0x12,
++ 0xc8, 0xa1, 0x42, 0x00, 0x94, 0x65, 0xc0, 0x5e, 0x1c, 0xa6, 0x61, 0x9f,
++ 0xfb, 0x6f, 0xf0, 0xf3, 0x64, 0xbb, 0x9a, 0xab, 0x97, 0xc4, 0xce, 0xfd,
++ 0x57, 0x9b, 0xeb, 0x19, 0xb8, 0x9a, 0x7f, 0xa9, 0x14, 0x59, 0x9e, 0x4b,
++ 0x34, 0x08, 0x09, 0x64, 0xdf, 0x0c, 0x01, 0xe6, 0xf7, 0x93, 0x85, 0x68,
++ 0xe4, 0x87, 0x24, 0x80, 0x91, 0x39, 0xed, 0xaf, 0x88, 0xba, 0xb6, 0xf5,
++ 0x0b, 0x6d, 0x13, 0x3f, 0x9f, 0x3e, 0x65, 0xb1, 0x67, 0xe6, 0x46, 0xeb,
++ 0x75, 0x67, 0x13, 0x22, 0x52, 0x3a, 0x2a, 0x27, 0x15, 0x8a, 0xdd, 0x4e,
++ 0xd0, 0x9c, 0xf4, 0x7e, 0xf0, 0x14, 0xf8, 0x6b, 0xd5, 0x18, 0x35, 0xeb,
++ 0x8a, 0x1e, 0x50, 0x02, 0x5e, 0x76, 0xc1, 0x65, 0xe4, 0xed, 0xa7, 0x90,
++ 0x02, 0xb7, 0x22, 0xbc, 0xee, 0xad, 0x9e, 0xaf, 0x77, 0x78, 0xe1, 0xd5,
++ 0x59, 0xe9, 0x9d, 0x23, 0xd6, 0x71, 0x89, 0x50, 0xea, 0xfa, 0x12, 0x72,
++ 0xb6, 0x72, 0x4f, 0xda, 0x65, 0x4b, 0x24, 0xa8, 0x9b, 0x1d, 0xd2, 0x51,
++ 0x6b, 0x17, 0x21, 0x11, 0x99, 0x46, 0x64, 0x41, 0xf5, 0x0a, 0x68, 0x84,
++ 0x04, 0xc7, 0xed, 0xa6, 0x61, 0x00, 0x22, 0x03, 0x40, 0xea, 0x08, 0xae,
++ 0x95, 0x8f, 0x1b, 0xc0, 0x55, 0x5c, 0xc4, 0x7d, 0x55, 0xe9, 0x3b, 0x17,
++ 0x01, 0xdc, 0x1d, 0x85, 0xfe, 0x00, 0xcb, 0x71, 0xb1, 0x00, 0x38, 0x89,
++ 0xf4, 0x7d, 0xbc, 0x67, 0x1c, 0x83, 0x50, 0xa2, 0x6e, 0xb0, 0xb5, 0x2b,
++ 0x59, 0x66, 0xe5, 0xf6, 0x33, 0x92, 0x14, 0x3e, 0x9c, 0xc0, 0x1b, 0xe5,
++ 0xca, 0xa4, 0xcb, 0x74, 0x9f, 0xdb, 0xc4, 0xf5, 0x88, 0xbe, 0x1a, 0x24,
++ 0x9b, 0x16, 0x76, 0x41, 0x5b, 0x1e, 0x54, 0xcd, 0x69, 0xdc, 0x55, 0xdc,
++ 0x94, 0x17, 0xcb, 0xb8, 0x82, 0x54, 0x43, 0x15, 0xa1, 0xdb, 0x13, 0xa8,
++ 0xc5, 0x70, 0x51, 0xcc, 0x73, 0x99, 0x99, 0x7f, 0x0c, 0x5c, 0x9c, 0x4a,
++ 0xbc, 0x0b, 0xdf, 0x21, 0xd0, 0x04, 0x45, 0x82, 0xc6, 0xab, 0x6b, 0xa7,
++ 0x30, 0x80, 0x80, 0x02, 0x89, 0x36, 0x89, 0xca, 0xf5, 0x67, 0x6e, 0x5f,
++ 0xe2, 0x3a, 0x10, 0x44, 0x94, 0x02, 0xe9, 0x4b, 0xe1, 0x9a, 0x92, 0x36,
++ 0xa1, 0xee, 0xf1, 0x4f, 0x8a, 0xc0, 0x77, 0x6e, 0xe6, 0xc5, 0x44, 0x62,
++ 0xc9, 0x6d, 0x0e, 0xec, 0xe8, 0x5c, 0x7e, 0x8c, 0x66, 0x2c, 0x0d, 0xe5,
++ 0x1d, 0xe6, 0x4f, 0x66, 0xa9, 0xb0, 0xb4, 0x7a, 0xdd, 0x96, 0x81, 0x2a,
++ 0x95, 0xc9, 0xcf, 0x8c, 0x0b, 0x90, 0x58, 0xaa, 0x70, 0x7f, 0x1f, 0x35,
++ 0x08, 0x3f, 0xf7, 0x30, 0x3e, 0x65, 0x8a, 0x41, 0x34, 0x76, 0x84, 0x03,
++ 0xf3, 0x9a, 0x56, 0x93, 0xb7, 0xed, 0x2b, 0xf1, 0x53, 0xa5, 0xbf, 0x3d,
++ 0x17, 0x4a, 0xc4, 0x2c, 0x1e, 0xf3, 0xee, 0x51, 0xf9, 0x74, 0xfa, 0xca,
++ 0xfe, 0x8e, 0x2f, 0xcf, 0x2e, 0x06, 0x74, 0x1b, 0x6a, 0x84, 0x9a, 0xb3,
++ 0x13, 0xdc, 0x89, 0xc5, 0x07, 0x7d, 0x75, 0xd3, 0x2d, 0xeb, 0x03, 0xa6,
++ 0xe7, 0x86, 0xc8, 0x38, 0xd0, 0xf2, 0xac, 0x0f, 0x13, 0xb4, 0xb2, 0x0c,
++ 0x11, 0x03, 0xc5, 0x15, 0x74, 0x84, 0x00, 0x01, 0x45, 0x2c, 0x1c, 0x40,
++ 0x82, 0xec, 0x73, 0xae, 0x9e, 0xf4, 0x15, 0x8b, 0xfd, 0x14, 0xae, 0x75,
++ 0xc9, 0x86, 0x07, 0x94, 0xb4, 0x10, 0xc9, 0xb1, 0x79, 0x70, 0xa2, 0x1c,
++ 0x34, 0x90, 0xab, 0xc3, 0x38, 0xb5, 0x9e, 0x89, 0x27, 0x14, 0x6d, 0x85,
++ 0xea, 0x16, 0x62, 0xf4, 0x2f, 0xcd, 0xe9, 0x13, 0x04, 0x22, 0xd2, 0x59,
++ 0x58, 0xaf, 0x68, 0x8c, 0x1f, 0x31, 0x46, 0xbb, 0xd0, 0x31, 0x03, 0xba,
++ 0x86, 0x34, 0x3f, 0xd5, 0xe9, 0x16, 0x76, 0x47, 0x54, 0xb7, 0x1b, 0x9e,
++ 0xed, 0x99, 0xbd, 0x25, 0x5d, 0x43, 0x12, 0xa8, 0x35, 0x1b, 0x8d, 0xcd,
++ 0xc8, 0x8d, 0x2f, 0xc9, 0x90, 0xf5, 0x48, 0xee, 0x32, 0x5b, 0x03, 0xa2,
++ 0x1a, 0x3c, 0xb5, 0x35, 0x21, 0x27, 0x79, 0xf1, 0x51, 0x35, 0xff, 0xe6,
++ 0xeb, 0xe2, 0xb4, 0xdc, 0xc0, 0xbe, 0x9a, 0x5a, 0x2d, 0xdb, 0x41, 0xe1,
++ 0xb5, 0xcd, 0x70, 0x97, 0x2f, 0x1a, 0x00, 0x90, 0xf5, 0x9b, 0xe6, 0x62,
++ 0xaf, 0xbf, 0xd0, 0x6f, 0x07, 0xbc, 0xdb, 0xe1, 0x9d, 0xc2, 0x3e, 0xf4,
++ 0x4b, 0x7e, 0x99, 0x23, 0xbc, 0x1f, 0x11, 0x64, 0x4c, 0x67, 0x3d, 0x77,
++ 0x8e, 0xd3, 0x04, 0x9d, 0x7f, 0xfb, 0xb4, 0x6c, 0xdc, 0x74, 0xbf, 0x45,
++ 0x76, 0x11, 0x80, 0xcb,
++};
++
++/* Public keys in known small subgroups - fails in all modes */
++static const unsigned char pub_key_zero[] = {0};
++static const unsigned char pub_key_one[] = {1};
++
++static const unsigned char pub_key_minus_1_ike_1536[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE};
++
++static const unsigned char pub_key_minus_1_safe_2048[] = {
++ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46,
++ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e,
++ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21,
++ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8,
++ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5,
++ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a,
++ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6,
++ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4,
++ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80,
++ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7,
++ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf,
++ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92,
++ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9,
++ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a,
++ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75,
++ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5,
++ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc,
++ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86,
++ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96,
++ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31,
++ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc,
++ 0x37, 0x8a, 0x80, 0x32};
++
++static const unsigned char pub_key_minus_1_weak_3072[] = {
++ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69,
++ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3,
++ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61,
++ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5,
++ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0,
++ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26,
++ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a,
++ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58,
++ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef,
++ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef,
++ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f,
++ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f,
++ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f,
++ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce,
++ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44,
++ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07,
++ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26,
++ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3,
++ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8,
++ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1,
++ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7,
++ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5,
++ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24,
++ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2,
++ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c,
++ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82,
++ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f,
++ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c,
++ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee,
++ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c,
++ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76,
++ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2c};
++
++static const unsigned char pub_key_minus_1_weak_4096[] = {
++ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2,
++ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc,
++ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60,
++ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8,
++ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2,
++ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60,
++ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28,
++ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae,
++ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c,
++ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53,
++ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a,
++ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44,
++ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b,
++ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd,
++ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb,
++ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e,
++ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e,
++ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59,
++ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8,
++ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88,
++ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c,
++ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3,
++ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11,
++ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd,
++ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c,
++ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e,
++ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6,
++ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd,
++ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f,
++ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68,
++ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71,
++ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c,
++ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71,
++ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d,
++ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3,
++ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75,
++ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b,
++ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9,
++ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef,
++ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd,
++ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa,
++ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7,
++ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d};
++
++static const unsigned char pub_key_minus_1_tls_6144[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C,
++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64,
++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E,
++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C,
++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E,
++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58,
++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31,
++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5,
++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E,
++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE};
++
++static const unsigned char pub_key_minus_1_safe_8192[] = {
++ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81,
++ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65,
++ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14,
++ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe,
++ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6,
++ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d,
++ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36,
++ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09,
++ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3,
++ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26,
++ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c,
++ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf,
++ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54,
++ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13,
++ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad,
++ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39,
++ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6,
++ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6,
++ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00,
++ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14,
++ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08,
++ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d,
++ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d,
++ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4,
++ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84,
++ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2,
++ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d,
++ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24,
++ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5,
++ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42,
++ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9,
++ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92,
++ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11,
++ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68,
++ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf,
++ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b,
++ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68,
++ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b,
++ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1,
++ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0,
++ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12,
++ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74,
++ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6,
++ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d,
++ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09,
++ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43,
++ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83,
++ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d,
++ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3,
++ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2,
++ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad,
++ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c,
++ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05,
++ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a,
++ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4,
++ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc,
++ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24,
++ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2,
++ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08,
++ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29,
++ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c,
++ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94,
++ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f,
++ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f,
++ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa,
++ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e,
++ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6,
++ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4,
++ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8,
++ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b,
++ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0,
++ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7,
++ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee,
++ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05,
++ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e,
++ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e,
++ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f,
++ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c,
++ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78,
++ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7,
++ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f,
++ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9,
++ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27,
++ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99,
++ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c,
++ 0x72, 0x10, 0xac, 0x72};
++
++/* Public keys in small subgroups of weak primes - fails in all modes*/
++static const unsigned char pub_key_bad_weak_1024[] = {3};
++static const unsigned char pub_key_bad_weak_2048[] = {3};
++static const unsigned char pub_key_bad_weak_3072[] = {3};
++static const unsigned char pub_key_bad_weak_4096[] = {3};
++static const unsigned char pub_key_bad_weak_6144[] = {3};
++static const unsigned char pub_key_bad_weak_8192[] = {3};
++
++#ifdef notdef
++/* Public keys not in group g of safe primes. - fails in fips mode */
++static const unsigned char pub_key_bad_safe_1536[] = {3};
++static const unsigned char pub_key_bad_safe_2048[] = {3};
++static const unsigned char pub_key_bad_safe_3072[] = {3};
++static const unsigned char pub_key_bad_safe_4096[] = {3};
++static const unsigned char pub_key_bad_safe_6144[] = {3};
++static const unsigned char pub_key_bad_safe_8192[] = {3};
++#endif
++
++enum DhParamType {
++ TLS_APPROVED,
++ IKE_APPROVED,
++ SAFE_PRIME,
++ SAFE_PRIME_WITH_SUBPRIME,
++ KNOWN_SUBPRIME,
++ WRONG_SUBPRIME,
++ UNKNOWN_SUBPRIME,
++ BAD_PUB_KEY
++};
++
++enum DhKeyClass {
++ CLASS_1536 = 0,
++ CLASS_2048,
++ CLASS_3072,
++ CLASS_4096,
++ CLASS_6144,
++ CLASS_8192,
++ CLASS_LAST
++};
++const DhKeyClass CLASS_FIRST = CLASS_1536;
++
++const unsigned char *reference_prime[CLASS_LAST] = {
++ prime_ike_1536, prime_tls_2048, prime_tls_3072,
++ prime_ike_4096, prime_ike_6144, prime_tls_8192};
++
++const size_t reference_prime_len[CLASS_LAST] = {
++ sizeof(prime_ike_1536), sizeof(prime_tls_2048), sizeof(prime_tls_3072),
++ sizeof(prime_ike_4096), sizeof(prime_ike_6144), sizeof(prime_tls_8192)};
++
++struct DhTestVector {
++ const char *id;
++ SECItem p;
++ SECItem g;
++ SECItem q;
++ SECItem pub_key;
++ DhParamType param_type;
++ DhKeyClass key_class;
++};
++
++static const unsigned char g2[] = {2};
++static const unsigned char g3[] = {3};
++
++static const DhTestVector DH_TEST_VECTORS[] = {
++ /* test our approved primes, the pass in all modes and configurations */
++ {"IKE 1536",
++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_1536},
++ {"IKE 2048",
++ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_2048},
++ {"TLS 3048",
++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_2048},
++ {"IKE 3072",
++ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_3072},
++ {"TLS 3072",
++ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_3072},
++ {"IKE 4096",
++ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_4096},
++ {"TLS 4096",
++ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_4096},
++ {"IKE 6144",
++ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_6144},
++ {"TLS 6144",
++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_6144},
++ {"IKE 8192",
++ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_8192},
++ {"TLS 8192",
++ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_8192},
++ /* approved primes with explicit subprimes.These should pass without
++ * the need to verify the primes and subprimes for primality */
++ {"IKE 1536 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_1536,
++ sizeof(sub2_prime_ike_1536)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_1536},
++ {"IKE 2048 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_2048,
++ sizeof(sub2_prime_ike_2048)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_2048},
++ {"TLS 2048 with subprime",
++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_2048,
++ sizeof(sub2_prime_tls_2048)},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_2048},
++ {"IKE 3072 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_3072,
++ sizeof(sub2_prime_ike_3072)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_3072},
++ {"TLS 3072 with subprime",
++ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_3072,
++ sizeof(sub2_prime_tls_3072)},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_3072},
++ {"IKE 4096 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_4096,
++ sizeof(sub2_prime_ike_4096)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_4096},
++ {"TLS 4096 with subprime",
++ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_4096,
++ sizeof(sub2_prime_tls_4096)},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_4096},
++ {"IKE 6144 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_6144,
++ sizeof(sub2_prime_ike_6144)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_6144},
++ {"TLS 6144 with subprime",
++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_6144,
++ sizeof(sub2_prime_tls_6144)},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_6144},
++ {"IKE 8192 with subprime",
++ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_ike_8192,
++ sizeof(sub2_prime_ike_8192)},
++ {siBuffer, NULL, 0},
++ IKE_APPROVED,
++ CLASS_8192},
++ {"TLS 8192 with subprime",
++ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_8192,
++ sizeof(sub2_prime_tls_8192)},
++ {siBuffer, NULL, 0},
++ TLS_APPROVED,
++ CLASS_8192},
++ /* test our non-approved safe primes. This primes should pass in
++ * non-FIPS and fail in FIPS. They should pass without checks */
++ {"Safe Prime 1536",
++ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_1536},
++ {"Safe Prime 2048",
++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)},
++ {siBuffer, (unsigned char *)g3, sizeof(g3)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_2048},
++ {"Safe Prime 3072",
++ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_3072},
++ {"Safe Prime 4096",
++ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_4096},
++ {"Safe Prime 6144",
++ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)},
++ {siBuffer, (unsigned char *)g3, sizeof(g3)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_6144},
++ {"Safe Prime 8192",
++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)},
++ {siBuffer, (unsigned char *)g3, sizeof(g3)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME,
++ CLASS_8192},
++ /* test our non-approved safe primes. This primes should pass in
++ * non-FIPS and fail in FIPS. In non-FIPS, they need checks */
++ {"Safe Prime 1536 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_1536,
++ sizeof(sub2_prime_safe_1536)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_1536},
++ {"Safe Prime 2048 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_2048,
++ sizeof(sub2_prime_safe_2048)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_2048},
++ {"Safe Prime 3072 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_3072,
++ sizeof(sub2_prime_safe_3072)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_3072},
++ {"Safe Prime 4096 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_4096,
++ sizeof(sub2_prime_safe_4096)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_4096},
++ {"Safe Prime 6144 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_6144,
++ sizeof(sub2_prime_safe_6144)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_6144},
++ {"Safe Prime 8192 with Subprime",
++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_8192,
++ sizeof(sub2_prime_safe_8192)},
++ {siBuffer, NULL, 0},
++ SAFE_PRIME_WITH_SUBPRIME,
++ CLASS_8192},
++ /* test "weak" primes with "unknown" subprimes. We use
++ * the same primes as the known subprimes, but we don't
++ * include the subprime in the test. These primes should
++ * pass in non-FIPS mode and fail in FIPS mode */
++ {"Weak Prime 1024 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)},
++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_1536},
++ {"Weak Prime 2048 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)},
++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_2048},
++ {"Weak Prime 3072 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)},
++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_3072},
++ {"Weak Prime 4096 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)},
++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_4096},
++ {"Weak Prime 6144 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)},
++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_6144},
++ {"Weak Prime 8192 Unknown Subprime",
++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)},
++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)},
++ {siBuffer, NULL, 0},
++ {siBuffer, NULL, 0},
++ UNKNOWN_SUBPRIME,
++ CLASS_8192},
++ /* test "weak" primes with known subprimes. These primes should
++ * pass in non-FIPS and fail in FIPS. In non-FIPS they should have full
++ * checks. */
++ {"Weak Prime 1024 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)},
++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)},
++ {siBuffer, (unsigned char *)subprime_weak_1024,
++ sizeof(subprime_weak_1024)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_1536},
++ {"Weak Prime 2048 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)},
++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)},
++ {siBuffer, (unsigned char *)subprime_weak_2048,
++ sizeof(subprime_weak_2048)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_2048},
++ {"Weak Prime 3072 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)},
++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)},
++ {siBuffer, (unsigned char *)subprime_weak_3072,
++ sizeof(subprime_weak_3072)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_3072},
++ {"Weak Prime 4096 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)},
++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)},
++ {siBuffer, (unsigned char *)subprime_weak_4096,
++ sizeof(subprime_weak_4096)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_4096},
++ {"Weak Prime 6144 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)},
++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)},
++ {siBuffer, (unsigned char *)subprime_weak_6144,
++ sizeof(subprime_weak_6144)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_6144},
++ {"Weak Prime 8192 Known Subprime",
++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)},
++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)},
++ {siBuffer, (unsigned char *)subprime_weak_8192,
++ sizeof(subprime_weak_8192)},
++ {siBuffer, NULL, 0},
++ KNOWN_SUBPRIME,
++ CLASS_8192},
++ /* test "weak" primes as if they were safe primes. These primes should
++ * faill in all modes. */
++ {"Weak Prime 1024 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)},
++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_1024,
++ sizeof(sub2_prime_weak_1024)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_1536},
++ {"Weak Prime 2048 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)},
++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_2048,
++ sizeof(sub2_prime_weak_2048)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_2048},
++ {"Weak Prime 3072 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)},
++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_3072,
++ sizeof(sub2_prime_weak_3072)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_3072},
++ {"Weak Prime 4096 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)},
++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_4096,
++ sizeof(sub2_prime_weak_4096)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_4096},
++ {"Weak Prime 6144 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)},
++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_6144,
++ sizeof(sub2_prime_weak_6144)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_6144},
++ {"Weak Prime 8192 Wrong Subprime",
++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)},
++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)},
++ {siBuffer, (unsigned char *)sub2_prime_weak_8192,
++ sizeof(sub2_prime_weak_8192)},
++ {siBuffer, NULL, 0},
++ WRONG_SUBPRIME,
++ CLASS_8192},
++ /******** Now test various invalid public keys */
++ /* first known small subgroups of safe primes. These test should
++ * fail in all modes with all primes */
++ {"Pubkey = 0 IKE 1536",
++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, (unsigned char *)pub_key_zero, sizeof(pub_key_zero)},
++ BAD_PUB_KEY,
++ CLASS_1536},
++ {"PubKey = 1 TLS 2048",
++ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, (unsigned char *)pub_key_one, sizeof(pub_key_one)},
++ BAD_PUB_KEY,
++ CLASS_2048},
++ {"Pubkey == -1 IKE 1536",
++ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0},
++ {siBuffer, (unsigned char *)pub_key_minus_1_ike_1536,
++ sizeof(pub_key_minus_1_ike_1536)},
++ BAD_PUB_KEY,
++ CLASS_1536},
++ {"Pubkey = -1 SAFE 2048 WITH SUBPRIME",
++ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_safe_2048,
++ sizeof(sub2_prime_safe_2048)},
++ {siBuffer, (unsigned char *)pub_key_minus_1_safe_2048,
++ sizeof(pub_key_minus_1_safe_2048)},
++ BAD_PUB_KEY,
++ CLASS_2048},
++ {"Pubkey = -1 WEAK 3072 KNOWN SUBPRIME",
++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)},
++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)},
++ {siBuffer, (unsigned char *)subprime_weak_3072,
++ sizeof(subprime_weak_3072)},
++ {siBuffer, (unsigned char *)pub_key_minus_1_weak_3072,
++ sizeof(pub_key_minus_1_weak_3072)},
++ BAD_PUB_KEY,
++ CLASS_3072},
++ {"Pubkey = -1 WEAK 4096 UNKNOWN SUBPRIME",
++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)},
++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)},
++ {siBuffer, NULL, 0},
++ {siBuffer, (unsigned char *)pub_key_minus_1_weak_4096,
++ sizeof(pub_key_minus_1_weak_4096)},
++ BAD_PUB_KEY,
++ CLASS_4096},
++ {"Pubkey = -1 TLS 6144 WITH SUBPRIME",
++ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, (unsigned char *)sub2_prime_tls_6144,
++ sizeof(sub2_prime_tls_6144)},
++ {siBuffer, (unsigned char *)pub_key_minus_1_tls_6144,
++ sizeof(pub_key_minus_1_tls_6144)},
++ BAD_PUB_KEY,
++ CLASS_6144},
++ {"Pubkey = -1 SAFE 8192",
++ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)},
++ {siBuffer, (unsigned char *)g2, sizeof(g2)},
++ {siBuffer, NULL, 0 },
++ {siBuffer, (unsigned char *)pub_key_minus_1_safe_8192,
++ sizeof(pub_key_minus_1_safe_8192)},
++ BAD_PUB_KEY,
++ CLASS_8192},
++ /* y is a known small subgroups of weak primes (which known subprimes).
++ * These test should fail in all modes with all primes */
++ {"Pubkey small subgroup Weak 1024 prime",
++ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)},
++ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)},
++ {siBuffer, (unsigned char *)subprime_weak_1024,
++ sizeof(subprime_weak_1024)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_1024,
++ sizeof(pub_key_bad_weak_1024)},
++ BAD_PUB_KEY,
++ CLASS_1536},
++ {"Pubkey small subgroup Weak 2048 prime",
++ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)},
++ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)},
++ {siBuffer, (unsigned char *)subprime_weak_2048,
++ sizeof(subprime_weak_2048)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_2048,
++ sizeof(pub_key_bad_weak_2048)},
++ BAD_PUB_KEY,
++ CLASS_2048},
++ {"Pubkey small subgroup Weak 3072 prime",
++ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)},
++ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)},
++ {siBuffer, (unsigned char *)subprime_weak_3072,
++ sizeof(subprime_weak_3072)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_3072,
++ sizeof(pub_key_bad_weak_3072)},
++ BAD_PUB_KEY,
++ CLASS_3072},
++ {"Pubkey small subgroup Weak 4096 prime",
++ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)},
++ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)},
++ {siBuffer, (unsigned char *)subprime_weak_4096,
++ sizeof(subprime_weak_4096)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_4096,
++ sizeof(pub_key_bad_weak_4096)},
++ BAD_PUB_KEY,
++ CLASS_4096},
++ {"Pubkey small subgroup Weak 6144 prime",
++ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)},
++ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)},
++ {siBuffer, (unsigned char *)subprime_weak_6144,
++ sizeof(subprime_weak_6144)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_6144,
++ sizeof(pub_key_bad_weak_6144)},
++ BAD_PUB_KEY,
++ CLASS_6144},
++ {"Pubkey small subgroup Weak 8192 prime",
++ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)},
++ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)},
++ {siBuffer, (unsigned char *)subprime_weak_8192,
++ sizeof(subprime_weak_8192)},
++ {siBuffer, (unsigned char *)pub_key_bad_weak_8192,
++ sizeof(pub_key_bad_weak_8192)},
++ BAD_PUB_KEY,
++ CLASS_8192}};
++};
+diff --git a/gtests/softoken_gtest/softoken_gtest.cc b/gtests/softoken_gtest/softoken_gtest.cc
+--- a/gtests/softoken_gtest/softoken_gtest.cc
++++ b/gtests/softoken_gtest/softoken_gtest.cc
+@@ -6,20 +6,24 @@
+ #include "secmod.h"
+ #include "secerr.h"
+
+ #include "nss_scoped_ptrs.h"
+ #include "util.h"
+
+ #define GTEST_HAS_RTTI 0
+ #include "gtest/gtest.h"
++#include "databuffer.h"
+ #include
++#include
++using namespace std::chrono;
++
++#include "softoken_dh_vectors.h"
+
+ namespace nss_test {
+-
+ class SoftokenTest : public ::testing::Test {
+ protected:
+ SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {}
+ SoftokenTest(const std::string &prefix) : mNSSDBDir(prefix) {}
+
+ virtual void SetUp() {
+ std::string nssInitArg("sql:");
+ nssInitArg.append(mNSSDBDir.GetUTF8Path());
+@@ -522,35 +526,260 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoD
+ ASSERT_TRUE(slot);
+ EXPECT_EQ(PR_FALSE, PK11_NeedUserInit(slot.get()));
+
+ // When shutting down in here we have to release the slot first.
+ slot = nullptr;
+ ASSERT_EQ(SECSuccess, NSS_Shutdown());
+ }
+
++SECStatus test_dh_value(const PQGParams *params, const SECItem *pub_key_value,
++ PRBool genFailOK, time_t *time) {
++ SECKEYDHParams dh_params;
++ dh_params.base = params->base;
++ dh_params.prime = params->prime;
++
++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
++ EXPECT_TRUE(slot);
++ if (!slot) return SECFailure;
++
++ /* create a private/public key pair in with the given params */
++ SECKEYPublicKey *pub_tmp = nullptr;
++ ScopedSECKEYPrivateKey priv_key(
++ PK11_GenerateKeyPair(slot.get(), CKM_DH_PKCS_KEY_PAIR_GEN, &dh_params,
++ &pub_tmp, PR_FALSE, PR_TRUE, nullptr));
++ if ((genFailOK) &&
++ ((priv_key.get() == nullptr) || (pub_tmp == nullptr))) {
++ return SECFailure;
++ }
++ EXPECT_NE(nullptr, priv_key.get()) << "PK11_GenerateKeyPair failed: "
++ << PORT_ErrorToName(PORT_GetError());
++ EXPECT_NE(nullptr, pub_tmp);
++ if ((priv_key.get() == nullptr) || (pub_tmp == nullptr)) return SECFailure;
++ ScopedSECKEYPublicKey pub_key(pub_tmp);
++ ScopedSECKEYPublicKey peer_pub_key_manager(nullptr);
++ SECKEYPublicKey *peer_pub_key = pub_key.get();
++
++ /* if a subprime has been given set it on the PKCS #11 key */
++ if (params->subPrime.data != nullptr) {
++ SECStatus rv;
++ EXPECT_EQ(SECSuccess, rv = PK11_WriteRawAttribute(
++ PK11_TypePrivKey, priv_key.get(), CKA_SUBPRIME,
++ (SECItem *)¶ms->subPrime))
++ << "PK11_WriteRawAttribute failed: "
++ << PORT_ErrorToString(PORT_GetError());
++ if (rv != SECSuccess) {
++ return rv;
++ }
++ }
++
++ /* find if we weren't passed a public value in, use the
++ * one we just generated */
++ if (pub_key_value && pub_key_value->data) {
++ peer_pub_key = SECKEY_CopyPublicKey(pub_key.get());
++ EXPECT_NE(nullptr, peer_pub_key);
++ if (peer_pub_key == nullptr) {
++ return SECFailure;
++ }
++ peer_pub_key->u.dh.publicValue = *pub_key_value;
++ peer_pub_key_manager.reset(peer_pub_key);
++ }
++
++ /* now do the derive. time it and return the time if
++ * the caller requested it. */
++ auto start = high_resolution_clock::now();
++ ScopedPK11SymKey derivedKey(PK11_PubDerive(
++ priv_key.get(), peer_pub_key, PR_FALSE, nullptr, nullptr,
++ CKM_DH_PKCS_DERIVE, CKM_HKDF_DERIVE, CKA_DERIVE, 32, nullptr));
++ auto stop = high_resolution_clock::now();
++ if (!derivedKey) {
++ std::cerr << "PK11_PubDerive failed: "
++ << PORT_ErrorToString(PORT_GetError()) << std::endl;
++ }
++
++ if (time) {
++ auto duration = duration_cast(stop - start);
++ *time = duration.count();
++ }
++ return derivedKey ? SECSuccess : SECFailure;
++}
++
++class SoftokenDhTest : public SoftokenTest {
++ protected:
++ SoftokenDhTest() : SoftokenTest("SoftokenDhTest.d-") {}
++ time_t reference_time[CLASS_LAST] = {0};
++
++ virtual void SetUp() {
++ SoftokenTest::SetUp();
++
++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
++ ASSERT_TRUE(slot);
++
++ time_t time;
++ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) {
++ PQGParams params;
++ params.prime.data = (unsigned char *)reference_prime[i];
++ params.prime.len = reference_prime_len[i];
++ params.base.data = (unsigned char *)g2;
++ params.base.len = sizeof(g2);
++ params.subPrime.data = nullptr;
++ params.subPrime.len = 0;
++ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time));
++ reference_time[i] = time + 2 * time;
++ }
++ };
++};
++
++const char *param_value(DhParamType param_type) {
++ switch (param_type) {
++ case TLS_APPROVED:
++ return "TLS_APPROVED";
++ case IKE_APPROVED:
++ return "IKE_APPROVED";
++ case SAFE_PRIME:
++ return "SAFE_PRIME";
++ case SAFE_PRIME_WITH_SUBPRIME:
++ return "SAFE_PRIME_WITH_SUBPRIME";
++ case KNOWN_SUBPRIME:
++ return "KNOWN_SUBPRIME";
++ case UNKNOWN_SUBPRIME:
++ return "UNKNOWN_SUBPRIME";
++ case WRONG_SUBPRIME:
++ return "WRONG_SUBPRIME";
++ case BAD_PUB_KEY:
++ return "BAD_PUB_KEY";
++ }
++ return "**Invalid**";
++}
++
++const char *key_value(DhKeyClass key_class) {
++ switch (key_class) {
++ case CLASS_1536:
++ return "CLASS_1536";
++ case CLASS_2048:
++ return "CLASS_2048";
++ case CLASS_3072:
++ return "CLASS_3072";
++ case CLASS_4096:
++ return "CLASS_4096";
++ case CLASS_6144:
++ return "CLASS_6144";
++ case CLASS_8192:
++ return "CLASS_8192";
++ case CLASS_LAST:
++ break;
++ }
++ return "**Invalid**";
++}
++
++class SoftokenDhValidate : public SoftokenDhTest,
++ public ::testing::WithParamInterface {
++};
++
++/* test the DH validation process. In non-fips mode, only BAD_PUB_KEY tests
++ * should fail */
++TEST_P(SoftokenDhValidate, DhVectors) {
++ const DhTestVector dhTestValues = GetParam();
++ std::string testId = (char *)(dhTestValues.id);
++ std::string err = "Test(" + testId + ") failed";
++ SECStatus rv;
++ time_t time;
++
++ PQGParams params;
++ params.prime = dhTestValues.p;
++ params.base = dhTestValues.g;
++ params.subPrime = dhTestValues.q;
++
++ std::cerr << "Test: " + testId << std::endl
++ << "param_type: " << param_value(dhTestValues.param_type)
++ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl
++ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len)
++ << std::endl
++ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len)
++ << std::endl
++ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len)
++ << std::endl
++ << "pub_key: "
++ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len)
++ << std::endl;
++ rv = test_dh_value(¶ms, &dhTestValues.pub_key, PR_FALSE, &time);
++
++ switch (dhTestValues.param_type) {
++ case TLS_APPROVED:
++ case IKE_APPROVED:
++ case SAFE_PRIME:
++ case UNKNOWN_SUBPRIME:
++ EXPECT_EQ(SECSuccess, rv) << err;
++ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err;
++ break;
++ case KNOWN_SUBPRIME:
++ case SAFE_PRIME_WITH_SUBPRIME:
++ EXPECT_EQ(SECSuccess, rv) << err;
++ EXPECT_GT(time, reference_time[dhTestValues.key_class]) << err;
++ break;
++ case WRONG_SUBPRIME:
++ case BAD_PUB_KEY:
++ EXPECT_EQ(SECFailure, rv) << err;
++ break;
++ }
++}
++
++INSTANTIATE_TEST_CASE_P(DhValidateCases, SoftokenDhValidate,
++ ::testing::ValuesIn(DH_TEST_VECTORS));
++
+ #ifndef NSS_FIPS_DISABLED
+
+ class SoftokenFipsTest : public SoftokenTest {
+ protected:
+ SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {}
++ SoftokenFipsTest(const std::string &prefix) : SoftokenTest(prefix) {}
+
+ virtual void SetUp() {
+ SoftokenTest::SetUp();
+
+ // Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c)
+ char *internal_name;
+ ASSERT_FALSE(PK11_IsFIPS());
+ internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName);
+- ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name));
++ ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name))
++ << PORT_ErrorToName(PORT_GetError());
+ PR_smprintf_free(internal_name);
+ ASSERT_TRUE(PK11_IsFIPS());
+ }
+ };
+
++class SoftokenFipsDhTest : public SoftokenFipsTest {
++ protected:
++ SoftokenFipsDhTest() : SoftokenFipsTest("SoftokenFipsDhTest.d-") {}
++ time_t reference_time[CLASS_LAST] = {0};
++
++ virtual void SetUp() {
++ SoftokenFipsTest::SetUp();
++
++ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
++ ASSERT_TRUE(slot);
++
++ ASSERT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, ""));
++ ASSERT_EQ(SECSuccess, PK11_Authenticate(slot.get(), PR_FALSE, nullptr));
++
++ time_t time;
++ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) {
++ PQGParams params;
++ params.prime.data = (unsigned char *)reference_prime[i];
++ params.prime.len = reference_prime_len[i];
++ params.base.data = (unsigned char *)g2;
++ params.base.len = sizeof(g2);
++ params.subPrime.data = nullptr;
++ params.subPrime.len = 0;
++ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time));
++ reference_time[i] = time + 2 * time;
++ }
++ };
++};
++
+ const std::vector kFipsPasswordCases[] = {
+ // FIPS level1 -> level1 -> level1
+ {"", "", ""},
+ // FIPS level1 -> level1 -> level2
+ {"", "", "strong-_123"},
+ // FIXME: this should work: FIPS level1 -> level2 -> level2
+ // {"", "strong-_123", "strong-_456"},
+ // FIPS level2 -> level2 -> level2
+@@ -608,22 +837,78 @@ TEST_P(SoftokenFipsBadPasswordTest, SetB
+ rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str());
+ if (it + 1 == passwords.end())
+ EXPECT_EQ(SECFailure, rv);
+ else
+ EXPECT_EQ(SECSuccess, rv);
+ }
+ }
+
++class SoftokenFipsDhValidate
++ : public SoftokenFipsDhTest,
++ public ::testing::WithParamInterface {};
++
++/* test the DH validation process. In fips mode, primes with unknown
++ * subprimes, and all sorts of bad public keys should fail */
++TEST_P(SoftokenFipsDhValidate, DhVectors) {
++ const DhTestVector dhTestValues = GetParam();
++ std::string testId = (char *)(dhTestValues.id);
++ std::string err = "Test(" + testId + ") failed";
++ time_t time;
++ PRBool genFailOK = PR_FALSE;
++ SECStatus rv;
++
++ PQGParams params;
++ params.prime = dhTestValues.p;
++ params.base = dhTestValues.g;
++ params.subPrime = dhTestValues.q;
++ std::cerr << "Test:" + testId << std::endl
++ << "param_type: " << param_value(dhTestValues.param_type)
++ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl
++ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len)
++ << std::endl
++ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len)
++ << std::endl
++ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len)
++ << std::endl
++ << "pub_key: "
++ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len)
++ << std::endl;
++
++ if ((dhTestValues.param_type != TLS_APPROVED) &&
++ (dhTestValues.param_type != IKE_APPROVED)) {
++ genFailOK = PR_TRUE;
++ }
++ rv = test_dh_value(¶ms, &dhTestValues.pub_key, genFailOK, &time);
++
++ switch (dhTestValues.param_type) {
++ case TLS_APPROVED:
++ case IKE_APPROVED:
++ EXPECT_EQ(SECSuccess, rv) << err;
++ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err;
++ break;
++ case SAFE_PRIME:
++ case SAFE_PRIME_WITH_SUBPRIME:
++ case KNOWN_SUBPRIME:
++ case UNKNOWN_SUBPRIME:
++ case WRONG_SUBPRIME:
++ case BAD_PUB_KEY:
++ EXPECT_EQ(SECFailure, rv) << err;
++ break;
++ }
++}
++
+ INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest,
+ ::testing::ValuesIn(kFipsPasswordCases));
+
+ INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest,
+ ::testing::ValuesIn(kFipsPasswordBadCases));
+
++INSTANTIATE_TEST_CASE_P(FipsDhCases, SoftokenFipsDhValidate,
++ ::testing::ValuesIn(DH_TEST_VECTORS));
+ #endif
+
+ } // namespace nss_test
+
+ int main(int argc, char **argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+
+ return RUN_ALL_TESTS();
+diff --git a/gtests/softoken_gtest/softoken_gtest.gyp b/gtests/softoken_gtest/softoken_gtest.gyp
+--- a/gtests/softoken_gtest/softoken_gtest.gyp
++++ b/gtests/softoken_gtest/softoken_gtest.gyp
+@@ -11,16 +11,17 @@
+ 'target_name': 'softoken_gtest',
+ 'type': 'executable',
+ 'sources': [
+ 'softoken_gtest.cc',
+ 'softoken_nssckbi_testlib_gtest.cc',
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
++ '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+ '<(DEPTH)/lib/util/util.gyp:nssutil3',
+ '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+ ],
+ 'conditions': [
+ [ 'static_libs==1', {
+ 'dependencies': [
+ '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+ '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
+--- a/lib/freebl/blapi.h
++++ b/lib/freebl/blapi.h
+@@ -375,16 +375,20 @@ extern SECStatus KEA_Derive(SECItem *pri
+ SECItem *derivedSecret);
+
+ /*
+ * verify that a KEA or DSA public key is a valid key for this prime and
+ * subprime domain.
+ */
+ extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
+
++/* verify a value is prime */
++PRBool KEA_PrimeCheck(SECItem *prime);
++
++
+ /****************************************
+ * J-PAKE key transport
+ */
+
+ /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
+ * using the specified hash algorithm and signer ID. The signature is
+ * returned in the values gv and r. testRandom must be NULL for a PRNG
+ * generated random committment to be used in the sigature. When testRandom
+diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
+--- a/lib/freebl/dh.c
++++ b/lib/freebl/dh.c
+@@ -12,16 +12,17 @@
+
+ #include "prerr.h"
+ #include "secerr.h"
+
+ #include "blapi.h"
+ #include "blapii.h"
+ #include "secitem.h"
+ #include "mpi.h"
++#include "mpprime.h"
+ #include "secmpi.h"
+
+ #define KEA_DERIVED_SECRET_LEN 128
+
+ /* Lengths are in bytes. */
+ static unsigned int
+ dh_GetSecretKeyLen(unsigned int primeLen)
+ {
+@@ -73,17 +74,17 @@ DH_GenParam(int primeLen, DHParams **par
+ MP_DIGITS(&psub1) = 0;
+ MP_DIGITS(&test) = 0;
+ CHECK_MPI_OK(mp_init(&p));
+ CHECK_MPI_OK(mp_init(&q));
+ CHECK_MPI_OK(mp_init(&a));
+ CHECK_MPI_OK(mp_init(&h));
+ CHECK_MPI_OK(mp_init(&psub1));
+ CHECK_MPI_OK(mp_init(&test));
+- /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
++ /* generate prime with MPI, uses Miller-Rabin to generate safe prime. */
+ CHECK_SEC_OK(generate_prime(&p, primeLen));
+ /* construct Sophie-Germain prime q = (p-1)/2. */
+ CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+ CHECK_MPI_OK(mp_div_2(&psub1, &q));
+ /* construct a generator from the prime. */
+ ab = PORT_Alloc(primeLen);
+ if (!ab) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+@@ -252,27 +253,27 @@ DH_Derive(SECItem *publicValue,
+ /* number of bytes in the derived secret */
+ len = mp_unsigned_octet_size(&ZZ);
+ if (len <= 0) {
+ err = MP_BADARG;
+ goto cleanup;
+ }
+
+ /*
+- * We check to make sure that ZZ is not equal to 1 or -1 mod p.
++ * We check to make sure that ZZ is not equal to 0, 1 or -1 mod p.
+ * This helps guard against small subgroup attacks, since an attacker
+- * using a subgroup of size N will produce 1 or -1 with probability 1/N.
++ * using a subgroup of size N will produce 0, 1 or -1 with probability 1/N.
+ * When the protocol is executed within a properly large subgroup, the
+ * probability of this result will be negligibly small. For example,
+- * with a strong prime of the form 2p+1, the probability will be 1/p.
++ * with a safe prime of the form 2q+1, the probability will be 1/q.
+ *
+ * We return MP_BADARG because this is probably the result of a bad
+ * public value or a bad prime having been provided.
+ */
+- if (mp_cmp_d(&ZZ, 1) == 0 ||
++ if (mp_cmp_d(&ZZ,0) == 0 || mp_cmp_d(&ZZ, 1) == 0 ||
+ mp_cmp(&ZZ, &psub1) == 0) {
+ err = MP_BADARG;
+ goto cleanup;
+ }
+
+ /* allocate a buffer which can hold the entire derived secret. */
+ secret = PORT_Alloc(len);
+ if (secret == NULL) {
+@@ -408,16 +409,44 @@ cleanup:
+ MP_TO_SEC_ERROR(err);
+ if (derivedSecret->data)
+ PORT_ZFree(derivedSecret->data, derivedSecret->len);
+ return SECFailure;
+ }
+ return SECSuccess;
+ }
+
++/* Test counts based on the fact the prime and subprime
++ * were given to us */
++static int
++dh_prime_testcount(int prime_length)
++{
++ if (prime_length < 1024) {
++ return 50;
++ } else if (prime_length < 2048) {
++ return 40;
++ } else if (prime_length < 3072) {
++ return 56;
++ }
++ return 64;
++}
++
++PRBool
++KEA_PrimeCheck(SECItem *prime)
++{
++ mp_int p;
++ mp_err err=0;
++ MP_DIGITS(&p) = 0;
++ CHECK_MPI_OK(mp_init(&p));
++ SECITEM_TO_MPINT(*prime, &p);
++ CHECK_MPI_OK(mpp_pprime(&p, dh_prime_testcount(prime->len)));
++cleanup:
++ return err ? PR_FALSE : PR_TRUE;
++}
++
+ PRBool
+ KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+ {
+ mp_int p, q, y, r;
+ mp_err err;
+ int cmp = 1; /* default is false */
+ if (!Y || !prime || !subPrime) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c
+--- a/lib/freebl/ldvector.c
++++ b/lib/freebl/ldvector.c
+@@ -348,19 +348,22 @@ static const struct FREEBLVectorStr vect
+ CMAC_Finish,
+ CMAC_Destroy,
+
+ /* End of version 3.022 */
+ ChaCha20Poly1305_Encrypt,
+ ChaCha20Poly1305_Decrypt,
+ AES_AEAD,
+ AESKeyWrap_EncryptKWP,
+- AESKeyWrap_DecryptKWP
++ AESKeyWrap_DecryptKWP,
+
+ /* End of version 3.023 */
++ KEA_PrimeCheck
++
++ /* End of version 3.024 */
+ };
+
+ const FREEBLVector*
+ FREEBL_GetVector(void)
+ {
+ #ifdef FREEBL_NO_DEPEND
+ SECStatus rv;
+ #endif
+diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
+--- a/lib/freebl/loader.c
++++ b/lib/freebl/loader.c
+@@ -231,16 +231,24 @@ KEA_Derive(SECItem *prime, SECItem *publ
+ PRBool
+ KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+ {
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return PR_FALSE;
+ return (vector->p_KEA_Verify)(Y, prime, subPrime);
+ }
+
++PRBool
++KEA_PrimeCheck(SECItem *prime)
++{
++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
++ return PR_FALSE;
++ return (vector->p_KEA_PrimeCheck)(prime);
++}
++
+ RC4Context *
+ RC4_CreateContext(const unsigned char *key, int len)
+ {
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return NULL;
+ return (vector->p_RC4_CreateContext)(key, len);
+ }
+
+diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
+--- a/lib/freebl/loader.h
++++ b/lib/freebl/loader.h
+@@ -5,17 +5,17 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ #ifndef _LOADER_H_
+ #define _LOADER_H_ 1
+
+ #include "blapi.h"
+
+-#define FREEBL_VERSION 0x0323
++#define FREEBL_VERSION 0x0324
+
+ struct FREEBLVectorStr {
+
+ unsigned short length; /* of this struct in bytes */
+ unsigned short version; /* of this struct. */
+
+ RSAPrivateKey *(*p_RSA_NewKey)(int keySizeInBits,
+ SECItem *publicExponent);
+@@ -807,16 +807,20 @@ struct FREEBLVectorStr {
+ unsigned char *output,
+ unsigned int *outputLen,
+ unsigned int maxOutputLen,
+ const unsigned char *input,
+ unsigned int inputLen);
+
+ /* Version 3.023 came to here */
+
++ PRBool (*p_KEA_PrimeCheck)(SECItem *prime);
++ /* Version 3.024 came to here */
++
++
+ /* Add new function pointers at the end of this struct and bump
+ * FREEBL_VERSION at the beginning of this file. */
+ };
+
+ typedef struct FREEBLVectorStr FREEBLVector;
+
+ #ifdef FREEBL_LOWHASH
+ #include "nsslowhash.h"
+diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn
+--- a/lib/softoken/manifest.mn
++++ b/lib/softoken/manifest.mn
+@@ -39,16 +39,17 @@ CSRCS = \
+ lowkey.c \
+ lowpbe.c \
+ padbuf.c \
+ pkcs11.c \
+ pkcs11c.c \
+ pkcs11u.c \
+ sdb.c \
+ sftkdb.c \
++ sftkdhverify.c \
+ sftkhmac.c \
+ sftkike.c \
+ sftkmessage.c \
+ sftkpars.c \
+ sftkpwd.c \
+ softkver.c \
+ tlsprf.c \
+ jpakesftk.c \
+diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c
+--- a/lib/softoken/pkcs11.c
++++ b/lib/softoken/pkcs11.c
+@@ -1191,16 +1191,21 @@ sftk_handlePrivateKeyObject(SFTKSession
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ if (!sftk_hasAttribute(object, CKA_BASE)) {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+ if (!sftk_hasAttribute(object, CKA_VALUE)) {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
++ /* allow subprime to be set after the fact */
++ crv = sftk_defaultAttribute(object, CKA_SUBPRIME, NULL, 0);
++ if (crv != CKR_OK) {
++ return crv;
++ }
+ encrypt = CK_FALSE;
+ recover = CK_FALSE;
+ wrap = CK_FALSE;
+ break;
+ case CKK_EC:
+ if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) {
+ return CKR_TEMPLATE_INCOMPLETE;
+ }
+diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
+--- a/lib/softoken/pkcs11c.c
++++ b/lib/softoken/pkcs11c.c
+@@ -4738,31 +4738,37 @@ loser:
+ *
+ * This function returns
+ * CKR_OK if pairwise consistency check passed
+ * CKR_GENERAL_ERROR if pairwise consistency check failed
+ * other error codes if paiswise consistency check could not be
+ * performed, for example, CKR_HOST_MEMORY.
+ */
+ static CK_RV
+-sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
++sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, SFTKSlot *slot,
+ SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType)
+ {
+ /*
+ * Key type Mechanism type
+ * --------------------------------
+ * For encrypt/decrypt: CKK_RSA => CKM_RSA_PKCS
+ * others => CKM_INVALID_MECHANISM
+ *
+ * For sign/verify: CKK_RSA => CKM_RSA_PKCS
+ * CKK_DSA => CKM_DSA
+ * CKK_EC => CKM_ECDSA
+ * others => CKM_INVALID_MECHANISM
+ *
+ * None of these mechanisms has a parameter.
++ *
++ * For derive CKK_DH => CKM_DH_PKCS_DERIVE
++ * CKK_EC => CKM_ECDH1_DERIVE
++ * others => CKM_INVALID_MECHANISM
++ *
++ * The parameters for these mechanisms is the public key.
+ */
+ CK_MECHANISM mech = { 0, NULL, 0 };
+
+ CK_ULONG modulusLen = 0;
+ CK_ULONG subPrimeLen = 0;
+ PRBool isEncryptable = PR_FALSE;
+ PRBool canSignVerify = PR_FALSE;
+ PRBool isDerivable = PR_FALSE;
+@@ -5012,34 +5018,116 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
+
+ /**********************************************/
+ /* Pairwise Consistency Check for Derivation */
+ /**********************************************/
+
+ isDerivable = sftk_isTrue(privateKey, CKA_DERIVE);
+
+ if (isDerivable) {
+- /*
+- * We are not doing consistency check for Diffie-Hellman Key -
+- * otherwise it would be here
+- * This is also true for Elliptic Curve Diffie-Hellman keys
+- * NOTE: EC keys are currently subjected to pairwise
+- * consistency check for signing/verification.
+- */
+- /*
+- * FIPS 140-2 had the following pairwise consistency test for
+- * public and private keys used for key agreement:
+- * If the keys are used to perform key agreement, then the
+- * cryptographic module shall create a second, compatible
+- * key pair. The cryptographic module shall perform both
+- * sides of the key agreement algorithm and shall compare
+- * the resulting shared values. If the shared values are
+- * not equal, the test shall fail.
+- * This test was removed in Change Notice 3.
+- */
++ SFTKAttribute *pubAttribute = NULL;
++ CK_OBJECT_HANDLE newKey;
++ PRBool isFIPS = (slot->slotID == FIPS_SLOT_ID);
++ CK_RV crv2;
++ CK_OBJECT_CLASS secret = CKO_SECRET_KEY;
++ CK_KEY_TYPE generic = CKK_GENERIC_SECRET;
++ CK_ULONG keyLen = 128;
++ CK_BBOOL ckTrue = CK_TRUE;
++ CK_ATTRIBUTE template[] = {
++ { CKA_CLASS, &secret, sizeof(secret) },
++ { CKA_KEY_TYPE, &generic, sizeof(generic) },
++ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) },
++ { CKA_DERIVE, &ckTrue, sizeof(ckTrue) }
++ };
++ CK_ULONG templateCount = PR_ARRAY_SIZE(template);
++ CK_ECDH1_DERIVE_PARAMS ecParams;
++
++ crv = CKR_OK; /*paranoia, already get's set before we drop to the end */
++ /* FIPS 140-2 requires we verify that the resulting key is a valid key.
++ * The easiest way to do this is to do a derive operation, which checks
++ * the validity of the key */
++
++ switch (keyType) {
++ case CKK_DH:
++ mech.mechanism = CKM_DH_PKCS_DERIVE;
++ pubAttribute = sftk_FindAttribute(publicKey, CKA_VALUE);
++ if (pubAttribute == NULL) {
++ return CKR_DEVICE_ERROR;
++ }
++ mech.pParameter = pubAttribute->attrib.pValue;
++ mech.ulParameterLen = pubAttribute->attrib.ulValueLen;
++ break;
++ case CKK_EC:
++ mech.mechanism = CKM_ECDH1_DERIVE;
++ pubAttribute = sftk_FindAttribute(publicKey, CKA_EC_POINT);
++ if (pubAttribute == NULL) {
++ return CKR_DEVICE_ERROR;
++ }
++ ecParams.kdf = CKD_NULL;
++ ecParams.ulSharedDataLen = 0;
++ ecParams.pSharedData = NULL;
++ ecParams.ulPublicDataLen = pubAttribute->attrib.ulValueLen;
++ ecParams.pPublicData = pubAttribute->attrib.pValue;
++ mech.pParameter = &ecParams;
++ mech.ulParameterLen = sizeof(ecParams);
++ break;
++ default:
++ return CKR_DEVICE_ERROR;
++ }
++
++ crv = NSC_DeriveKey(hSession, &mech, privateKey->handle, template, templateCount, &newKey);
++ if (crv != CKR_OK) {
++ sftk_FreeAttribute(pubAttribute);
++ return crv;
++ }
++ /* FIPS requires full validation, but in fipx mode NSC_Derive
++ * only does partial validation with approved primes, now handle
++ * full validation */
++ if (isFIPS && keyType == CKK_DH) {
++ SECItem pubKey;
++ SECItem prime;
++ SECItem subPrime;
++ const SECItem *subPrimePtr = &subPrime;
++
++ pubKey.data = pubAttribute->attrib.pValue;
++ pubKey.len = pubAttribute->attrib.ulValueLen;
++ prime.data = subPrime.data = NULL;
++ prime.len = subPrime.len = 0;
++ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME);
++ if (crv != CKR_OK) {
++ goto done;
++ }
++ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME);
++ /* we ignore the return code an only look at the length */
++ if (subPrime.len == 0) {
++ /* subprime not supplied, In this case look it up.
++ * This only works with approved primes, but in FIPS mode
++ * that's the only kine of prime that will get here */
++ subPrimePtr = sftk_VerifyDH_Prime(&prime);
++ if (subPrimePtr == NULL) {
++ crv = CKR_GENERAL_ERROR;
++ goto done;
++ }
++ }
++ if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) {
++ crv = CKR_GENERAL_ERROR;
++ }
++done:
++ PORT_Free(subPrime.data);
++ PORT_Free(prime.data);
++ }
++ /* clean up before we return */
++ sftk_FreeAttribute(pubAttribute);
++ crv2 = NSC_DestroyObject(hSession, newKey);
++ if (crv != CKR_OK) {
++ return crv;
++ }
++ if (crv2 != CKR_OK) {
++ return crv2;
++ }
+ }
+
+ return CKR_OK;
+ }
+
+ /* NSC_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects. */
+ CK_RV
+@@ -5573,17 +5661,17 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
+ }
+ if (crv == CKR_OK && !sftk_isTrue(publicKey, CKA_EXTRACTABLE)) {
+ crv = sftk_forceAttribute(publicKey, CKA_NEVER_EXTRACTABLE,
+ &cktrue, sizeof(CK_BBOOL));
+ }
+
+ if (crv == CKR_OK) {
+ /* Perform FIPS 140-2 pairwise consistency check. */
+- crv = sftk_PairwiseConsistencyCheck(hSession,
++ crv = sftk_PairwiseConsistencyCheck(hSession, slot,
+ publicKey, privateKey, key_type);
+ if (crv != CKR_OK) {
+ if (sftk_audit_enabled) {
+ char msg[128];
+ PR_snprintf(msg, sizeof msg,
+ "C_GenerateKeyPair(hSession=0x%08lX, "
+ "pMechanism->mechanism=0x%08lX)=0x%08lX "
+ "self-test: pair-wise consistency test failed",
+@@ -8176,50 +8264,110 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
+ SHA512_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+ att->attrib.ulValueLen);
+
+ crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+ break;
+
+ case CKM_DH_PKCS_DERIVE: {
+ SECItem derived, dhPublic;
+- SECItem dhPrime, dhSubPrime, dhValue;
++ SECItem dhPrime, dhValue;
++ const SECItem *subPrime;
+ /* sourceKey - values for the local existing low key */
+ /* get prime and value attributes */
+ crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME);
+ if (crv != CKR_OK)
+ break;
+- crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE);
+- if (crv != CKR_OK) {
+- PORT_Free(dhPrime.data);
+- break;
+- }
+
+ dhPublic.data = pMechanism->pParameter;
+ dhPublic.len = pMechanism->ulParameterLen;
+
+- /* If the caller bothered to provide Q, use Q to validate
+- * the public key. */
+- crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, sourceKey, CKA_SUBPRIME);
+- if (crv == CKR_OK) {
+- rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime);
+- PORT_Free(dhSubPrime.data);
+- if (rv != SECSuccess) {
++ /* if the prime is an approved prime, we can skip all the other
++ * checks. */
++ subPrime = sftk_VerifyDH_Prime(&dhPrime);
++ if (subPrime == NULL) {
++ SECItem dhSubPrime;
++ /* In FIPS mode we only accept approved primes */
++ if (isFIPS) {
+ crv = CKR_ARGUMENTS_BAD;
+ PORT_Free(dhPrime.data);
+- PORT_Free(dhValue.data);
+ break;
+ }
++ /* If the caller set the subprime value, it means that
++ * either the caller knows the subprime value and wants us
++ * to validate the key against the subprime, or that the
++ * caller wants us to verify that the prime is a safe prime
++ * by passing in subprime = (prime-1)/2 */
++ dhSubPrime.data = NULL;
++ dhSubPrime.len = 0;
++ crv = sftk_Attribute2SecItem(NULL, &dhSubPrime,
++ sourceKey, CKA_SUBPRIME);
++ /* we ignore the value of crv here, We treat a valid
++ * return of len = 0 and a failure to find a subrime the same
++ * NOTE: we free the subprime in both cases depending on
++ * PORT_Free of NULL to be a noop */
++ if (dhSubPrime.len != 0) {
++ PRBool isSafe = PR_FALSE;
++
++
++ /* Callers can set dhSubPrime to q=(p-1)/2 to force
++ * checks for safe primes. If so we only need to check
++ * q and p for primality and skip the group test. */
++ rv = sftk_IsSafePrime(&dhPrime, &dhSubPrime, &isSafe);
++ if (rv != SECSuccess) {
++ /* either p or q was even and therefore not prime,
++ * we can stop processing here and fail now */
++ crv = CKR_ARGUMENTS_BAD;
++ PORT_Free(dhPrime.data);
++ PORT_Free(dhSubPrime.data);
++ break;
++ }
++
++ /* first make sure the primes are really prime */
++ if (!KEA_PrimeCheck(&dhPrime)) {
++ crv = CKR_ARGUMENTS_BAD;
++ PORT_Free(dhPrime.data);
++ PORT_Free(dhSubPrime.data);
++ break;
++ }
++ if (!KEA_PrimeCheck(&dhSubPrime)) {
++ crv = CKR_ARGUMENTS_BAD;
++ PORT_Free(dhPrime.data);
++ PORT_Free(dhSubPrime.data);
++ break;
++ }
++ if (!isSafe) {
++ /* With safe primes, there is only one other small
++ * subgroup. As long as y isn't 0, 1, or -1 mod p,
++ * any other y is safe. Only do the full check for
++ * non-safe primes */
++ if (!KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime)) {
++ crv = CKR_ARGUMENTS_BAD;
++ PORT_Free(dhPrime.data);
++ PORT_Free(dhSubPrime.data);
++ break;
++ }
++ }
++ }
++ /* checks are complete, no need for the subPrime any longer */
++ PORT_Free(dhSubPrime.data);
++ }
++
++ /* now that the prime is validated, get the private value */
++ crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE);
++ if (crv != CKR_OK) {
++ PORT_Free(dhPrime.data);
++ break;
+ }
+
+ /* calculate private value - oct */
+ rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize);
+
+ PORT_Free(dhPrime.data);
+- PORT_Free(dhValue.data);
++ PORT_ZFree(dhValue.data, dhValue.len);
+
+ if (rv == SECSuccess) {
+ sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len);
+ PORT_ZFree(derived.data, derived.len);
+ crv = CKR_OK;
+ } else
+ crv = CKR_HOST_MEMORY;
+
+diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h
+--- a/lib/softoken/pkcs11i.h
++++ b/lib/softoken/pkcs11i.h
+@@ -909,11 +909,18 @@ void sftk_MAC_Destroy(sftk_MACCtx *ctx,
+ unsigned int sftk_CKRVToMask(CK_RV rv);
+ CK_RV sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen,
+ unsigned int blockSize, unsigned int *outPadSize);
+
+ /* NIST 800-108 (kbkdf.c) implementations */
+ extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize);
+ char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args);
+
++/* dh verify functions */
++/* verify that dhPrime matches one of our known primes, and if so return
++ * it's subprime value */
++const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime);
++/* check if dhSubPrime claims dhPrime is a safe prime. */
++SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe);
++
+ SEC_END_PROTOS
+
+ #endif /* _PKCS11I_H_ */
+diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c
+--- a/lib/softoken/pkcs11u.c
++++ b/lib/softoken/pkcs11u.c
+@@ -711,17 +711,16 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type,
+ case CKA_CLASS:
+ case CKA_CERTIFICATE_TYPE:
+ case CKA_KEY_TYPE:
+ case CKA_MODULUS:
+ case CKA_MODULUS_BITS:
+ case CKA_PUBLIC_EXPONENT:
+ case CKA_PRIVATE_EXPONENT:
+ case CKA_PRIME:
+- case CKA_SUBPRIME:
+ case CKA_BASE:
+ case CKA_PRIME_1:
+ case CKA_PRIME_2:
+ case CKA_EXPONENT_1:
+ case CKA_EXPONENT_2:
+ case CKA_COEFFICIENT:
+ case CKA_VALUE_LEN:
+ case CKA_ALWAYS_SENSITIVE:
+@@ -762,16 +761,21 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type,
+ mtype = SFTK_ALWAYS;
+ break;
+
+ /* DEPENDS ON CLASS */
+ case CKA_VALUE:
+ mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER;
+ break;
+
++ case CKA_SUBPRIME:
++ /* allow the CKA_SUBPRIME to be added to dh private keys */
++ mtype = (inClass == CKO_PRIVATE_KEY) ? SFTK_ALWAYS : SFTK_NEVER;
++ break;
++
+ case CKA_SUBJECT:
+ mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS;
+ break;
+ default:
+ break;
+ }
+ return mtype;
+ }
+diff --git a/lib/softoken/sftkdhverify.c b/lib/softoken/sftkdhverify.c
+new file mode 100644
+--- /dev/null
++++ b/lib/softoken/sftkdhverify.c
+@@ -0,0 +1,1283 @@
++
++/* This Source Code Form is subject to the terms of the Mozilla Public
++ * License, v. 2.0. If a copy of the MPL was not distributed with this
++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++/*
++ * This file makes sure a prime given to us matches one of the known
++ * approved primes for diffie-helman.
++ *
++ * It also checks if a prime is a safe prime for the case
++ * where we don't match an approved prime.
++ */
++#include "seccomon.h"
++#include "secitem.h"
++#include "secerr.h"
++#include "blapi.h"
++
++/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */
++static const unsigned char prime_ike_1536[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 */
++static const unsigned char prime_ike_2048[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */
++static const unsigned char prime_tls_2048[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */
++static const unsigned char prime_ike_3072[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */
++static const unsigned char prime_tls_3072[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */
++static const unsigned char prime_ike_4096[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */
++static const unsigned char prime_tls_4096[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */
++static const unsigned char prime_ike_6144[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
++ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */
++static const unsigned char prime_tls_6144[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C,
++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64,
++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E,
++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C,
++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E,
++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58,
++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31,
++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5,
++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E,
++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
++ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */
++static const unsigned char prime_ike_8192[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
++ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
++ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
++ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
++ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
++ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
++ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
++ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
++ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
++ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
++ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
++ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
++ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
++ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
++ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
++ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
++ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
++ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
++ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
++ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
++ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
++ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2,
++ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F,
++ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB,
++ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51,
++ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15,
++ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31,
++ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7,
++ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2,
++ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D,
++ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7,
++ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E,
++ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
++ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0,
++ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
++ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93,
++ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
++ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB,
++ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8,
++ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
++ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F,
++ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
++ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8,
++ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
++ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5,
++ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
++ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3,
++ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
++ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E,
++ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
++ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2,
++ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */
++static const unsigned char prime_tls_8192[] = {
++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58,
++ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
++ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
++ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02,
++ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
++ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55,
++ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
++ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA,
++ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
++ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82,
++ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
++ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3,
++ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
++ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1,
++ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
++ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32,
++ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
++ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83,
++ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
++ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B,
++ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
++ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26,
++ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
++ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93,
++ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
++ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB,
++ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
++ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42,
++ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
++ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B,
++ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
++ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42,
++ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
++ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86,
++ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
++ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9,
++ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
++ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9,
++ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
++ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51,
++ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
++ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C,
++ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
++ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64,
++ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
++ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E,
++ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
++ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E,
++ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
++ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C,
++ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
++ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E,
++ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
++ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58,
++ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
++ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31,
++ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
++ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5,
++ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
++ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E,
++ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
++ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C,
++ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
++ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE,
++ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
++ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42,
++ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
++ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39,
++ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
++ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0,
++ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
++ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31,
++ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
++ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16,
++ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
++ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75,
++ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
++ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE,
++ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
++ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8,
++ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
++ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06,
++ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
++ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF,
++ 0xFF, 0xFF, 0xFF, 0xFF
++};
++
++/* q=(p-1)/2 for prime prime_ike_1536 */
++static const unsigned char subprime_ike_1536_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_2048 */
++static const unsigned char subprime_ike_2048_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_2048 */
++static const unsigned char subprime_tls_2048_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_3072 */
++static const unsigned char subprime_ike_3072_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_3072 */
++static const unsigned char subprime_tls_3072_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_4096 */
++static const unsigned char subprime_ike_4096_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc,
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_4096 */
++static const unsigned char subprime_tls_4096_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5,
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_6144 */
++static const unsigned char subprime_ike_6144_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49,
++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59,
++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde,
++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17,
++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18,
++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5,
++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d,
++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8,
++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f,
++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a,
++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b,
++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18,
++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79,
++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb,
++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55,
++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69,
++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94,
++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e,
++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae,
++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b,
++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77,
++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f,
++ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_6144 */
++static const unsigned char subprime_tls_6144_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81,
++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96,
++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53,
++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2,
++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d,
++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f,
++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b,
++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17,
++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1,
++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6,
++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda,
++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f,
++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb,
++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac,
++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6,
++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18,
++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5,
++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea,
++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82,
++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47,
++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0,
++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e,
++ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_ike_8192 */
++static const unsigned char subprime_ike_8192_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51,
++ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68,
++ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53,
++ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e,
++ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36,
++ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22,
++ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74,
++ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6,
++ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08,
++ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e,
++ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b,
++ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf,
++ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab,
++ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36,
++ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04,
++ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d,
++ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1,
++ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64,
++ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe,
++ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88,
++ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86,
++ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32,
++ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab,
++ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63,
++ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70,
++ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35,
++ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39,
++ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06,
++ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60,
++ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98,
++ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90,
++ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b,
++ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c,
++ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed,
++ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d,
++ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53,
++ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27,
++ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6,
++ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb,
++ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54,
++ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee,
++ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49,
++ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59,
++ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde,
++ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17,
++ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18,
++ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5,
++ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d,
++ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8,
++ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f,
++ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a,
++ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b,
++ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18,
++ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79,
++ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb,
++ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55,
++ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69,
++ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94,
++ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e,
++ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae,
++ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b,
++ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77,
++ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f,
++ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2,
++ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68,
++ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80,
++ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49,
++ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4,
++ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65,
++ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c,
++ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4,
++ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35,
++ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf,
++ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d,
++ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc,
++ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b,
++ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62,
++ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50,
++ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1,
++ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9,
++ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17,
++ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23,
++ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71,
++ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38,
++ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++/* q=(p-1)/2 for prime prime_tls_8192 */
++static const unsigned char subprime_tls_8192_data[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d,
++ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c,
++ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93,
++ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e,
++ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49,
++ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9,
++ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55,
++ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06,
++ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21,
++ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7,
++ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95,
++ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d,
++ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1,
++ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02,
++ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43,
++ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19,
++ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c,
++ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd,
++ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54,
++ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7,
++ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28,
++ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81,
++ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96,
++ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53,
++ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2,
++ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d,
++ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f,
++ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b,
++ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17,
++ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1,
++ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6,
++ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda,
++ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f,
++ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb,
++ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac,
++ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6,
++ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18,
++ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5,
++ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea,
++ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82,
++ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47,
++ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0,
++ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e,
++ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c,
++ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7,
++ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f,
++ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1,
++ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32,
++ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c,
++ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41,
++ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60,
++ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11,
++ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98,
++ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96,
++ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b,
++ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc,
++ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a,
++ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b,
++ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff,
++ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18,
++ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c,
++ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86,
++ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83,
++ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46,
++ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff,
++};
++
++static const SECItem subprime_ike_1536=
++ { siBuffer,
++ (unsigned char *)subprime_ike_1536_data,
++ sizeof(subprime_ike_1536_data) };
++static const SECItem subprime_ike_2048=
++ { siBuffer,
++ (unsigned char *) subprime_ike_2048_data,
++ sizeof(subprime_ike_2048_data) };
++static const SECItem subprime_ike_3072=
++ { siBuffer,
++ (unsigned char *) subprime_ike_3072_data,
++ sizeof(subprime_ike_3072_data) };
++static const SECItem subprime_ike_4096=
++ { siBuffer,
++ (unsigned char *) subprime_ike_4096_data,
++ sizeof(subprime_ike_4096_data) };
++static const SECItem subprime_ike_6144=
++ { siBuffer,
++ (unsigned char *) subprime_ike_6144_data,
++ sizeof(subprime_ike_6144_data) };
++static const SECItem subprime_ike_8192=
++ { siBuffer,
++ (unsigned char *) subprime_ike_8192_data,
++ sizeof(subprime_ike_8192_data) };
++static const SECItem subprime_tls_2048=
++ { siBuffer,
++ (unsigned char *) subprime_tls_2048_data,
++ sizeof(subprime_tls_2048_data) };
++static const SECItem subprime_tls_3072=
++ { siBuffer,
++ (unsigned char *) subprime_tls_3072_data,
++ sizeof(subprime_tls_3072_data) };
++static const SECItem subprime_tls_4096=
++ { siBuffer,
++ (unsigned char *) subprime_tls_4096_data,
++ sizeof(subprime_tls_4096_data) };
++static const SECItem subprime_tls_6144=
++ { siBuffer,
++ (unsigned char *) subprime_tls_6144_data,
++ sizeof(subprime_tls_6144_data) };
++static const SECItem subprime_tls_8192=
++ { siBuffer,
++ (unsigned char *) subprime_tls_8192_data,
++ sizeof(subprime_tls_8192_data) };
++
++/*
++ * verify that dhPrime matches one of our known primes
++ */
++const SECItem *
++sftk_VerifyDH_Prime(SECItem *dhPrime)
++{
++ /* use the length to decide which primes to check */
++ switch (dhPrime->len) {
++ case 1536 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_ike_1536,
++ sizeof(prime_ike_1536)) == 0) {
++ return &subprime_ike_1536;
++ }
++ break;
++ case 2048 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_tls_2048,
++ sizeof(prime_tls_2048)) == 0) {
++ return &subprime_tls_2048;
++ }
++ if (PORT_Memcmp(dhPrime->data, prime_ike_2048,
++ sizeof(prime_ike_2048)) == 0) {
++ return &subprime_ike_2048;
++ }
++ break;
++ case 3072 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_tls_3072,
++ sizeof(prime_tls_3072)) == 0) {
++ return &subprime_tls_3072;
++ }
++ if (PORT_Memcmp(dhPrime->data, prime_ike_3072,
++ sizeof(prime_ike_3072)) == 0) {
++ return &subprime_ike_3072;
++ }
++ break;
++ case 4096 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_tls_4096,
++ sizeof(prime_tls_4096)) == 0) {
++ return &subprime_tls_4096;
++ }
++ if (PORT_Memcmp(dhPrime->data, prime_ike_4096,
++ sizeof(prime_ike_4096)) == 0) {
++ return &subprime_ike_4096;
++ }
++ break;
++ case 6144 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_tls_6144,
++ sizeof(prime_tls_6144)) == 0) {
++ return &subprime_tls_6144;
++ }
++ if (PORT_Memcmp(dhPrime->data, prime_ike_6144,
++ sizeof(prime_ike_6144)) == 0) {
++ return &subprime_ike_6144;
++ }
++ break;
++ case 8192 / PR_BITS_PER_BYTE:
++ if (PORT_Memcmp(dhPrime->data, prime_tls_8192,
++ sizeof(prime_tls_8192)) == 0) {
++ return &subprime_tls_8192;
++ }
++ if (PORT_Memcmp(dhPrime->data, prime_ike_8192,
++ sizeof(prime_ike_8192)) == 0) {
++ return &subprime_ike_8192;
++ }
++ break;
++ }
++ /* no match found, return an error */
++ PORT_SetError(SEC_ERROR_INVALID_ARGS);
++ return NULL;
++}
++
++
++/* Use the provided subPrime to see if dhPrime is a safe prime. We'll check
++ * primality of those values later. */
++SECStatus
++sftk_IsSafePrime(const SECItem *dhPrime, const SECItem *dhSubPrime, PRBool *isSafe)
++{
++ int i;
++ unsigned char carry = 0;
++ int offset = 0, subPrimeLen = dhPrime->len;
++ *isSafe = PR_FALSE;
++
++ /* Both dhPrime and dhSubPrime should be odd */
++ if (((dhPrime->data[dhPrime->len - 1] & 0x1) != 1) && ((dhSubPrime->data[dhSubPrime->len - 1] & 0x1) != 1)) {
++ PORT_SetError(SEC_ERROR_INVALID_ARGS);
++ return SECFailure;
++ }
++
++ /* subPrime is p-1/2, which means subPrime is 1 bit shorter than p.
++ * It's length in bytes is the same unless the high byte of p == 1 or 0.
++ */
++ if (dhPrime->data[0] <= 1) {
++ subPrimeLen--;
++ offset++;
++ carry = (dhPrime->data[0]) << 7;
++ }
++
++ /* if subprime len is notlong enough it is not a strong prime */
++ if (dhSubPrime->len != subPrimeLen) {
++ return SECSuccess;
++ }
++
++ /* does the subprime match q == (p-1)/2 */
++ for (i = 0; i < subPrimeLen; i++) {
++ if (dhSubPrime->data[i] !=
++ (carry | ((dhPrime->data[i + offset] >> 1) & 0x7f))) {
++ return SECSuccess;
++ }
++ carry = ((dhPrime->data[i + offset] & 1) << 7) & 0x80;
++ }
++ /* subPrime for p claims to be q=(p-1)/2. So the caller thinks p
++ * is a strong prime, just need to check primality of p and q to verify */
++ *isSafe = PR_TRUE;
++ return SECSuccess;
++}
+diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp
+--- a/lib/softoken/softoken.gyp
++++ b/lib/softoken/softoken.gyp
+@@ -51,16 +51,17 @@
+ 'kbkdf.c',
+ 'lowkey.c',
+ 'lowpbe.c',
+ 'padbuf.c',
+ 'pkcs11.c',
+ 'pkcs11c.c',
+ 'pkcs11u.c',
+ 'sdb.c',
++ 'sftkdhverify.c',
+ 'sftkdb.c',
+ 'sftkhmac.c',
+ 'sftkike.c',
+ 'sftkmessage.c',
+ 'sftkpars.c',
+ 'sftkpwd.c',
+ 'softkver.c',
+ 'tlsprf.c'
diff --git a/SOURCES/nss-3.53.1-remove-timing-tests.patch b/SOURCES/nss-3.53.1-remove-timing-tests.patch
new file mode 100644
index 0000000..33b88ba
--- /dev/null
+++ b/SOURCES/nss-3.53.1-remove-timing-tests.patch
@@ -0,0 +1,79 @@
+diff -up ./gtests/softoken_gtest/softoken_gtest.cc.remove_timing_test ./gtests/softoken_gtest/softoken_gtest.cc
+--- ./gtests/softoken_gtest/softoken_gtest.cc.remove_timing_test 2020-07-30 08:34:30.404750663 -0700
++++ ./gtests/softoken_gtest/softoken_gtest.cc 2020-07-30 08:43:39.640495618 -0700
+@@ -605,11 +605,14 @@ SECStatus test_dh_value(const PQGParams
+ class SoftokenDhTest : public SoftokenTest {
+ protected:
+ SoftokenDhTest() : SoftokenTest("SoftokenDhTest.d-") {}
++#ifdef NSS_USE_REFERENCE_TIME
+ time_t reference_time[CLASS_LAST] = {0};
++#endif
+
+ virtual void SetUp() {
+ SoftokenTest::SetUp();
+
++#ifdef NSS_USE_REFERENCE_TIME
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ASSERT_TRUE(slot);
+
+@@ -625,6 +628,7 @@ class SoftokenDhTest : public SoftokenTe
+ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time));
+ reference_time[i] = time + 2 * time;
+ }
++#endif
+ };
+ };
+
+@@ -708,12 +712,16 @@ TEST_P(SoftokenDhValidate, DhVectors) {
+ case SAFE_PRIME:
+ case UNKNOWN_SUBPRIME:
+ EXPECT_EQ(SECSuccess, rv) << err;
++#ifdef NSS_USE_REFERENCE_TIME
+ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err;
++#endif
+ break;
+ case KNOWN_SUBPRIME:
+ case SAFE_PRIME_WITH_SUBPRIME:
+ EXPECT_EQ(SECSuccess, rv) << err;
++#ifdef NSS_USE_REFERENCE_TIME
+ EXPECT_GT(time, reference_time[dhTestValues.key_class]) << err;
++#endif
+ break;
+ case WRONG_SUBPRIME:
+ case BAD_PUB_KEY:
+@@ -749,7 +757,9 @@ class SoftokenFipsTest : public Softoken
+ class SoftokenFipsDhTest : public SoftokenFipsTest {
+ protected:
+ SoftokenFipsDhTest() : SoftokenFipsTest("SoftokenFipsDhTest.d-") {}
++#ifdef NSS_USE_REFERENCE_TIME
+ time_t reference_time[CLASS_LAST] = {0};
++#endif
+
+ virtual void SetUp() {
+ SoftokenFipsTest::SetUp();
+@@ -760,6 +770,7 @@ class SoftokenFipsDhTest : public Softok
+ ASSERT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, ""));
+ ASSERT_EQ(SECSuccess, PK11_Authenticate(slot.get(), PR_FALSE, nullptr));
+
++#ifdef NSS_USE_REFERENCE_TIME
+ time_t time;
+ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) {
+ PQGParams params;
+@@ -772,6 +783,7 @@ class SoftokenFipsDhTest : public Softok
+ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time));
+ reference_time[i] = time + 2 * time;
+ }
++#endif
+ };
+ };
+
+@@ -883,7 +895,9 @@ TEST_P(SoftokenFipsDhValidate, DhVectors
+ case TLS_APPROVED:
+ case IKE_APPROVED:
+ EXPECT_EQ(SECSuccess, rv) << err;
++#ifdef NSS_USE_REFERENCE_TIME
+ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err;
++#endif
+ break;
+ case SAFE_PRIME:
+ case SAFE_PRIME_WITH_SUBPRIME:
diff --git a/SOURCES/nss-add-ipsec-usage-to-manpage.patch b/SOURCES/nss-add-ipsec-usage-to-manpage.patch
deleted file mode 100644
index cedd6a3..0000000
--- a/SOURCES/nss-add-ipsec-usage-to-manpage.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -up ./nss/doc/certutil.xml.add_ipsec_usage ./nss/doc/certutil.xml
---- ./nss/doc/certutil.xml.add_ipsec_usage 2019-06-05 09:40:37.848895763 -0700
-+++ ./nss/doc/certutil.xml 2019-06-05 09:40:47.079891058 -0700
-@@ -428,6 +428,9 @@ of the attribute codes:
-
- J (as an object signer)
-
-+
-+I (as an IPSEC user)
-+
-
-
-
diff --git a/SOURCES/nss-config.xml b/SOURCES/nss-config.xml
new file mode 100644
index 0000000..f9518c9
--- /dev/null
+++ b/SOURCES/nss-config.xml
@@ -0,0 +1,132 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ nss-config
+ 1
+
+
+
+ nss-config
+ Return meta information about nss libraries
+
+
+
+
+ nss-config
+
+
+
+
+
+
+
+
+
+
+
+ Description
+
+ nss-config is a shell scrip
+ tool which can be used to obtain gcc options for building client pacakges of nspt.
+
+
+
+
+ Options
+
+
+
+
+ Returns the top level system directory under which the nss libraries are installed.
+
+
+
+
+ returns the top level system directory under which any nss binaries would be installed.
+
+
+
+ count
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+ returns the upstream version of nss in the form major_version-minor_version-patch_version.
+
+
+
+
+ returns the compiler linking flags.
+
+
+
+
+ returns the compiler include flags.
+
+
+
+
+ returns the path to the directory were the nss libraries are installed.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for both include path and linkage flags:
+
+
+ /usr/bin/nss-config --cflags --libs
+
+
+
+
+
+
+
+
+ Files
+
+ /usr/bin/nss-config
+
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/SOURCES/nss-disable-dc.patch b/SOURCES/nss-disable-dc.patch
new file mode 100644
index 0000000..45d58d7
--- /dev/null
+++ b/SOURCES/nss-disable-dc.patch
@@ -0,0 +1,32 @@
+diff -up nss/lib/ssl/sslsock.c.dc nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.dc 2020-07-29 14:05:10.413370267 +0200
++++ nss/lib/ssl/sslsock.c 2020-07-29 14:06:38.339805833 +0200
+@@ -798,7 +798,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
+ break;
+
+ case SSL_ENABLE_DELEGATED_CREDENTIALS:
+- ss->opt.enableDelegatedCredentials = val;
++ /* disable it for now */
+ break;
+
+ case SSL_ENABLE_NPN:
+@@ -1316,7 +1316,7 @@ SSL_OptionSetDefault(PRInt32 which, PRIn
+ break;
+
+ case SSL_ENABLE_DELEGATED_CREDENTIALS:
+- ssl_defaults.enableDelegatedCredentials = val;
++ /* disable it for now */
+ break;
+
+ case SSL_ENABLE_NPN:
+diff -up nss/gtests/ssl_gtest/manifest.mn.dc nss/gtests/ssl_gtest/manifest.mn
+--- nss/gtests/ssl_gtest/manifest.mn.dc 2020-07-29 16:46:29.574134443 +0200
++++ nss/gtests/ssl_gtest/manifest.mn 2020-07-29 16:46:35.821094263 +0200
+@@ -56,7 +56,6 @@ CPPSRCS = \
+ tls_hkdf_unittest.cc \
+ tls_filter.cc \
+ tls_protect.cc \
+- tls_subcerts_unittest.cc \
+ tls_esni_unittest.cc \
+ $(SSLKEYLOGFILE_FILES) \
+ $(NULL)
diff --git a/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
deleted file mode 100644
index 1b57e75..0000000
--- a/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno
-# Date 1559031046 -7200
-# Tue May 28 10:10:46 2019 +0200
-# Node ID 0a4e8b72a92e144663c2f35d3836f7828cfc97f2
-# Parent 370a9e85f216f5f4ff277995a997c5c9b23a819f
-Bug 1552208, prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3, r=mt
-
-Reviewers: mt
-
-Reviewed By: mt
-
-Subscribers: mt, jcj, ueno, rrelyea, HubertKario, KevinJacobs
-
-Tags: #secure-revision, #bmo-crypto-core-security
-
-Bug #: 1552208
-
-Differential Revision: https://phabricator.services.mozilla.com/D32454
-
-diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
---- a/gtests/ssl_gtest/ssl_auth_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
-@@ -701,6 +701,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons
- ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
- }
-
-+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) {
-+ static const SSLSignatureScheme kSignatureScheme[] = {
-+ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256};
-+
-+ Reset(TlsAgent::kServerRsa, "rsa");
-+ client_->SetSignatureSchemes(kSignatureScheme,
-+ PR_ARRAY_SIZE(kSignatureScheme));
-+ server_->SetSignatureSchemes(kSignatureScheme,
-+ PR_ARRAY_SIZE(kSignatureScheme));
-+ client_->SetupClientAuth();
-+ server_->RequestClientAuth(true);
-+
-+ auto capture_cert_verify = MakeTlsFilter(
-+ client_, kTlsHandshakeCertificateVerify);
-+ capture_cert_verify->EnableDecryption();
-+
-+ Connect();
-+ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256,
-+ 1024);
-+}
-+
-+TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) {
-+ static const SSLSignatureScheme kSignatureScheme[] = {
-+ ssl_sig_rsa_pkcs1_sha256};
-+
-+ Reset(TlsAgent::kServerRsa, "rsa");
-+ client_->SetSignatureSchemes(kSignatureScheme,
-+ PR_ARRAY_SIZE(kSignatureScheme));
-+ server_->SetSignatureSchemes(kSignatureScheme,
-+ PR_ARRAY_SIZE(kSignatureScheme));
-+ client_->SetupClientAuth();
-+ server_->RequestClientAuth(true);
-+
-+ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
-+ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
-+ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
-+}
-+
- class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
- public:
- TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr& a)
-@@ -933,7 +971,7 @@ TEST_P(TlsConnectTls13, InconsistentSign
- client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
- }
-
--TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
-+TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) {
- server_->SetSignatureSchemes(kSignatureSchemeRsaSha384,
- PR_ARRAY_SIZE(kSignatureSchemeRsaSha384));
- server_->RequestClientAuth(false);
-@@ -1395,12 +1433,21 @@ TEST_P(TlsSignatureSchemeConfiguration,
- INSTANTIATE_TEST_CASE_P(
- SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
- ::testing::Combine(
-- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus,
-+ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12,
- ::testing::Values(TlsAgent::kServerRsaSign),
- ::testing::Values(ssl_auth_rsa_sign),
- ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
- ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256,
- ssl_sig_rsa_pss_rsae_sha384)));
-+// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3
-+INSTANTIATE_TEST_CASE_P(
-+ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration,
-+ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
-+ TlsConnectTestBase::kTlsV13,
-+ ::testing::Values(TlsAgent::kServerRsaSign),
-+ ::testing::Values(ssl_auth_rsa_sign),
-+ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256,
-+ ssl_sig_rsa_pss_rsae_sha384)));
- // PSS with SHA-512 needs a bigger key to work.
- INSTANTIATE_TEST_CASE_P(
- SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
-diff --git a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
---- a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
-@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl
- virtual void SetupCertificate() {
- if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
- switch (sig_scheme_) {
-- case ssl_sig_rsa_pkcs1_sha256:
-- case ssl_sig_rsa_pkcs1_sha384:
-- case ssl_sig_rsa_pkcs1_sha512:
-- Reset(TlsAgent::kServerRsaSign);
-- auth_type_ = ssl_auth_rsa_sign;
-- break;
- case ssl_sig_rsa_pss_rsae_sha256:
- case ssl_sig_rsa_pss_rsae_sha384:
- Reset(TlsAgent::kServerRsaSign);
-@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche
- ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384,
- ssl_sig_rsa_pss_pss_sha512};
-
-+static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = {
-+ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384,
-+ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384,
-+ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256,
-+ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512};
-+
- INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
- kDummySignatureSchemesParams,
- TLS_RSA_WITH_RC4_128_SHA,
-@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P(
- #ifndef NSS_DISABLE_TLS_1_3
- INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
- ::testing::ValuesIn(kFasterDHEGroups),
-- ::testing::ValuesIn(kSignatureSchemesParamsArr),
-+ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13),
- TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
- TLS_AES_256_GCM_SHA384);
- INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
-diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
---- a/gtests/ssl_gtest/ssl_extension_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
-@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature
- }
-
- TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
-- // 31 unknown signature algorithms followed by sha-256, rsa
-+ // 31 unknown signature algorithms followed by sha-256, rsa-pss
- const uint8_t val[] = {
- 0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
-+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04};
- DataBuffer extension(val, sizeof(val));
- MakeTlsFilter(client_, ssl_signature_algorithms_xtn,
- extension);
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess
- static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
- static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
- PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
-+PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme);
- PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme);
-
- const PRUint8 ssl_hello_retry_random[] = {
-@@ -4101,6 +4102,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch
- if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
- return PR_FALSE;
- }
-+ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
-+ return PR_FALSE;
-+ }
- /* With TLS 1.3, EC keys should have been selected based on calling
- * ssl_SignatureSchemeFromSpki(), reject them otherwise. */
- return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY;
-@@ -4351,6 +4355,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignature
- }
-
- PRBool
-+ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme)
-+{
-+ switch (scheme) {
-+ case ssl_sig_rsa_pkcs1_sha256:
-+ case ssl_sig_rsa_pkcs1_sha384:
-+ case ssl_sig_rsa_pkcs1_sha512:
-+ case ssl_sig_rsa_pkcs1_sha1:
-+ return PR_TRUE;
-+
-+ default:
-+ return PR_FALSE;
-+ }
-+ return PR_FALSE;
-+}
-+
-+PRBool
- ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme)
- {
- switch (scheme) {
diff --git a/SOURCES/nss-dsa-policy.patch b/SOURCES/nss-dsa-policy.patch
deleted file mode 100644
index 5a191ff..0000000
--- a/SOURCES/nss-dsa-policy.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c
---- a/lib/certhigh/certvfy.c
-+++ b/lib/certhigh/certvfy.c
-@@ -42,23 +42,16 @@ checkKeyParams(const SECAlgorithmID *sig
- {
- SECStatus rv;
- SECOidTag sigAlg;
- SECOidTag curve;
- PRUint32 policyFlags = 0;
- PRInt32 minLen, len;
-
- sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
-- rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
-- if (rv == SECSuccess &&
-- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
-- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
-- return SECFailure;
-- }
--
- switch (sigAlg) {
- case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
- case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
- if (key->keyType != ecKey) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
-@@ -126,16 +119,23 @@ checkKeyParams(const SECAlgorithmID *sig
- }
-
- if (len < minLen) {
- return SECFailure;
- }
-
- return SECSuccess;
- case SEC_OID_ANSIX9_DSA_SIGNATURE:
-+ rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags);
-+ if (rv == SECSuccess &&
-+ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
-+ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
-+ return SECFailure;
-+ }
-+ /* fall through */
- case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
- case SEC_OID_SDN702_DSA_SIGNATURE:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
- case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
- if (key->keyType != dsaKey) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return SECFailure;
diff --git a/SOURCES/nss-fips-disable-tls13.patch b/SOURCES/nss-fips-disable-tls13.patch
deleted file mode 100644
index 8b30bbc..0000000
--- a/SOURCES/nss-fips-disable-tls13.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
---- a/lib/ssl/sslsock.c
-+++ b/lib/ssl/sslsock.c
-@@ -2382,16 +2382,26 @@ ssl3_CreateOverlapWithPolicy(SSLProtocol
- rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
- &effectivePolicyBoundary);
- if (rv == SECFailure) {
- /* SECFailure means internal failure or invalid configuration. */
- overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
- return SECFailure;
- }
-
-+ /* TODO: TLSv1.3 doesn't work yet under FIPS mode */
-+ if (PK11_IsFIPS()) {
-+ if (effectivePolicyBoundary.min >= SSL_LIBRARY_VERSION_TLS_1_3) {
-+ effectivePolicyBoundary.min = SSL_LIBRARY_VERSION_TLS_1_2;
-+ }
-+ if (effectivePolicyBoundary.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
-+ effectivePolicyBoundary.max = SSL_LIBRARY_VERSION_TLS_1_2;
-+ }
-+ }
-+
- vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min);
- vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max);
-
- if (vrange.max < vrange.min) {
- /* there was no overlap, turn off range altogether */
- overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
- return SECFailure;
- }
diff --git a/SOURCES/nss-fix-public-key-from-priv.patch b/SOURCES/nss-fix-public-key-from-priv.patch
deleted file mode 100644
index 275bfc7..0000000
--- a/SOURCES/nss-fix-public-key-from-priv.patch
+++ /dev/null
@@ -1,299 +0,0 @@
-diff -up ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs ./nss/gtests/pk11_gtest/pk11_import_unittest.cc
---- ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
-+++ ./nss/gtests/pk11_gtest/pk11_import_unittest.cc 2019-06-05 12:01:13.728544204 -0700
-@@ -78,17 +78,40 @@ class Pk11KeyImportTestBase : public ::t
- CK_MECHANISM_TYPE mech_;
-
- private:
-+ SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) {
-+ SECItem null = { siBuffer, NULL, 0};
-+ switch(SECKEY_GetPublicKeyType(pub_key.get())) {
-+ case rsaKey:
-+ case rsaPssKey:
-+ case rsaOaepKey:
-+ return pub_key->u.rsa.modulus;
-+ case keaKey:
-+ return pub_key->u.kea.publicValue;
-+ case dsaKey:
-+ return pub_key->u.dsa.publicValue;
-+ case dhKey:
-+ return pub_key->u.dh.publicValue;
-+ case ecKey:
-+ return pub_key->u.ec.publicValue;
-+ case fortezzaKey: /* depricated */
-+ case nullKey:
-+ /* didn't use default here so we can catch new key types at compile time */
-+ break;
-+ }
-+ return null;
-+ }
- void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key,
- const SECItem* expected_public) {
- // Verify the public key exists.
- StackSECItem priv_id;
-+ KeyType type = SECKEY_GetPrivateKeyType(priv_key.get());
- SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(),
- CKA_ID, &priv_id);
- ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: "
- << PORT_ErrorToName(PORT_GetError());
-
- CK_ATTRIBUTE_TYPE value_type = CKA_VALUE;
-- switch (SECKEY_GetPrivateKeyType(priv_key.get())) {
-+ switch (type) {
- case rsaKey:
- value_type = CKA_MODULUS;
- break;
-@@ -106,6 +129,8 @@ class Pk11KeyImportTestBase : public ::t
- FAIL() << "unknown key type";
- }
-
-+ // Scan public key objects until we find one with the same CKA_ID as
-+ // priv_key
- std::unique_ptr objs(
- PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY));
- ASSERT_NE(nullptr, objs);
-@@ -128,20 +153,46 @@ class Pk11KeyImportTestBase : public ::t
- ASSERT_EQ(1U, token.len);
- ASSERT_NE(0, token.data[0]);
-
-- StackSECItem value;
-- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &value);
-+ StackSECItem raw_value;
-+ SECItem decoded_value;
-+ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value);
- ASSERT_EQ(SECSuccess, rv);
-+ SECItem value = raw_value;
-
-+ // Decode the EC_POINT and check the output against expected.
- // CKA_EC_POINT isn't stable, see Bug 1520649.
-+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
-+ ASSERT_TRUE(arena);
- if (value_type == CKA_EC_POINT) {
-- continue;
-- }
-
-+ // If this fails due to the noted inconsistency, we may need to
-+ // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag
-+ rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value,
-+ SEC_ASN1_GET(SEC_OctetStringTemplate),
-+ &raw_value);
-+ ASSERT_EQ(SECSuccess, rv);
-+ value = decoded_value;
-+ }
- ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value))
- << "expected: "
- << DataBuffer(expected_public->data, expected_public->len)
- << std::endl
- << "actual: " << DataBuffer(value.data, value.len) << std::endl;
-+
-+ // Finally, convert the private to public and ensure it matches.
-+ ScopedSECKEYPublicKey pub_key(
-+ SECKEY_ConvertToPublicKey(priv_key.get()));
-+ ASSERT_TRUE(pub_key);
-+ SECItem converted_public = GetPublicComponent(pub_key);
-+ ASSERT_TRUE(converted_public.len != 0);
-+
-+ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public))
-+ << "expected: "
-+ << DataBuffer(expected_public->data, expected_public->len)
-+ << std::endl
-+ << "actual: "
-+ << DataBuffer(converted_public.data, converted_public.len)
-+ << std::endl;
- }
- }
-
-diff -up ./nss/lib/cryptohi/seckey.c.pub-priv-mechs ./nss/lib/cryptohi/seckey.c
---- ./nss/lib/cryptohi/seckey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
-+++ ./nss/lib/cryptohi/seckey.c 2019-06-05 12:01:13.729544204 -0700
-@@ -1206,6 +1206,37 @@ SECKEY_CopyPublicKey(const SECKEYPublicK
- return NULL;
- }
-
-+/*
-+ * Use the private key to find a public key handle. The handle will be on
-+ * the same slot as the private key.
-+ */
-+static CK_OBJECT_HANDLE
-+seckey_FindPublicKeyHandle(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk)
-+{
-+ CK_OBJECT_HANDLE keyID;
-+
-+ /* this helper function is only used below. If we want to make this more
-+ * general, we would need to free up any already cached handles if the
-+ * slot doesn't match up with the private key slot */
-+ PORT_Assert(pubk->pkcs11ID == CK_INVALID_HANDLE);
-+
-+ /* first look for a matching public key */
-+ keyID = PK11_MatchItem(privk->pkcs11Slot, privk->pkcs11ID, CKO_PUBLIC_KEY);
-+ if (keyID != CK_INVALID_HANDLE) {
-+ return keyID;
-+ }
-+
-+ /* none found, create a temp one, make the pubk the owner */
-+ pubk->pkcs11ID = PK11_DerivePubKeyFromPrivKey(privk);
-+ if (pubk->pkcs11ID == CK_INVALID_HANDLE) {
-+ /* end of the road. Token doesn't have matching public key, nor can
-+ * token regenerate a new public key from and existing private key. */
-+ return CK_INVALID_HANDLE;
-+ }
-+ pubk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
-+ return pubk->pkcs11ID;
-+}
-+
- SECKEYPublicKey *
- SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
- {
-@@ -1213,6 +1244,8 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
- PLArenaPool *arena;
- CERTCertificate *cert;
- SECStatus rv;
-+ CK_OBJECT_HANDLE pubKeyHandle;
-+ SECItem decodedPoint;
-
- /*
- * First try to look up the cert.
-@@ -1243,11 +1276,47 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
-
- switch (privk->keyType) {
- case nullKey:
-- case dhKey:
-- case dsaKey:
- /* Nothing to query, if the cert isn't there, we're done -- no way
- * to get the public key */
- break;
-+ case dsaKey:
-+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
-+ if (pubKeyHandle == CK_INVALID_HANDLE)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_BASE, arena, &pubk->u.dsa.params.base);
-+ if (rv != SECSuccess)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_PRIME, arena, &pubk->u.dsa.params.prime);
-+ if (rv != SECSuccess)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_SUBPRIME, arena, &pubk->u.dsa.params.subPrime);
-+ if (rv != SECSuccess)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_VALUE, arena, &pubk->u.dsa.publicValue);
-+ if (rv != SECSuccess)
-+ break;
-+ return pubk;
-+ case dhKey:
-+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
-+ if (pubKeyHandle == CK_INVALID_HANDLE)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_BASE, arena, &pubk->u.dh.base);
-+ if (rv != SECSuccess)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_PRIME, arena, &pubk->u.dh.prime);
-+ if (rv != SECSuccess)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_VALUE, arena, &pubk->u.dh.publicValue);
-+ if (rv != SECSuccess)
-+ break;
-+ return pubk;
- case rsaKey:
- rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
- CKA_MODULUS, arena, &pubk->u.rsa.modulus);
-@@ -1258,7 +1327,6 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
- if (rv != SECSuccess)
- break;
- return pubk;
-- break;
- case ecKey:
- rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
- CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams);
-@@ -1268,7 +1336,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
- rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
- CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
- if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) {
-- break;
-+ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk);
-+ if (pubKeyHandle == CK_INVALID_HANDLE)
-+ break;
-+ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle,
-+ CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
-+ if (rv != SECSuccess)
-+ break;
-+ }
-+ /* ec.publicValue should be decoded, PKCS #11 defines CKA_EC_POINT
-+ * as encoded, but it's not always. try do decoded it and if it
-+ * succeeds store the decoded value */
-+ rv = SEC_QuickDERDecodeItem(arena, &decodedPoint,
-+ SEC_ASN1_GET(SEC_OctetStringTemplate), &pubk->u.ec.publicValue);
-+ if (rv == SECSuccess) {
-+ /* both values are in the public key arena, so it's safe to
-+ * overwrite the old value */
-+ pubk->u.ec.publicValue = decodedPoint;
- }
- pubk->u.ec.encoding = ECPoint_Undefined;
- return pubk;
-@@ -1276,7 +1360,9 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK
- break;
- }
-
-- PORT_FreeArena(arena, PR_FALSE);
-+ /* must use Destroy public key here, because some paths create temporary
-+ * PKCS #11 objects which need to be freed */
-+ SECKEY_DestroyPublicKey(pubk);
- return NULL;
- }
-
-diff -up ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs ./nss/lib/pk11wrap/pk11priv.h
---- ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
-+++ ./nss/lib/pk11wrap/pk11priv.h 2019-06-05 12:01:13.729544204 -0700
-@@ -111,6 +111,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert(
- PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
- CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
- unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType);
-+CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey);
-
- /**********************************************************************
- * Certs
-diff -up ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs ./nss/lib/pk11wrap/pk11skey.c
---- ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700
-+++ ./nss/lib/pk11wrap/pk11skey.c 2019-06-05 12:01:13.730544203 -0700
-@@ -1840,6 +1840,35 @@ loser:
- }
-
- /*
-+ * This regenerate a public key from a private key. This function is currently
-+ * NSS private. If we want to make it public, we need to add and optional
-+ * template or at least flags (a.la. PK11_DeriveWithFlags).
-+ */
-+CK_OBJECT_HANDLE
-+PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey)
-+{
-+ PK11SlotInfo *slot = privKey->pkcs11Slot;
-+ CK_MECHANISM mechanism;
-+ CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
-+ CK_RV crv;
-+
-+ mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV;
-+ mechanism.pParameter = NULL;
-+ mechanism.ulParameterLen = 0;
-+
-+ PK11_EnterSlotMonitor(slot);
-+ crv = PK11_GETTAB(slot)->C_DeriveKey(slot->session, &mechanism,
-+ privKey->pkcs11ID, NULL, 0,
-+ &objectID);
-+ PK11_ExitSlotMonitor(slot);
-+ if (crv != CKR_OK) {
-+ PORT_SetError(PK11_MapError(crv));
-+ return CK_INVALID_HANDLE;
-+ }
-+ return objectID;
-+}
-+
-+/*
- * This Generates a wrapping key based on a privateKey, publicKey, and two
- * random numbers. For Mail usage RandomB should be NULL. In the Sender's
- * case RandomA is generate, outherwize it is passed.
diff --git a/SOURCES/nss-post-handshake-auth-with-tickets.patch b/SOURCES/nss-post-handshake-auth-with-tickets.patch
deleted file mode 100644
index ac51f07..0000000
--- a/SOURCES/nss-post-handshake-auth-with-tickets.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno
-# Date 1559121620 -7200
-# Wed May 29 11:20:20 2019 +0200
-# Node ID 29a48b604602a523defd6f9322a5adeca7e284a5
-# Parent 43a7fb4f994a31222c308113b0fccdd5480d5b8e
-Bug 1553443, send session ticket only after handshake is marked as finished
-
-Reviewers: mt
-
-Reviewed By: mt
-
-Bug #: 1553443
-
-Differential Revision: https://phabricator.services.mozilla.com/D32128
-
-diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
---- a/gtests/ssl_gtest/ssl_auth_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
-@@ -537,6 +537,40 @@ TEST_F(TlsConnectStreamTls13, PostHandsh
- capture_cert_req->buffer().len()));
- }
-
-+// Check if post-handshake auth still works when session tickets are enabled:
-+// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
-+TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) {
-+ EnsureTlsSetup();
-+ client_->SetupClientAuth();
-+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
-+ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE));
-+ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
-+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
-+ EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
-+ SSL_ENABLE_SESSION_TICKETS, PR_TRUE));
-+ size_t called = 0;
-+ server_->SetAuthCertificateCallback(
-+ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus {
-+ called++;
-+ return SECSuccess;
-+ });
-+ Connect();
-+ EXPECT_EQ(0U, called);
-+ // Send CertificateRequest.
-+ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook(
-+ client_->ssl_fd(), GetClientAuthDataHook, nullptr));
-+ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd()))
-+ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError());
-+ server_->SendData(50);
-+ client_->ReadBytes(50);
-+ client_->SendData(50);
-+ server_->ReadBytes(50);
-+ EXPECT_EQ(1U, called);
-+ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd()));
-+ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd()));
-+ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
-+}
-+
- // In TLS 1.3, the client sends its cert rejection on the
- // second flight, and since it has already received the
- // server's Finished, it transitions to complete and
-diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
---- a/lib/ssl/tls13con.c
-+++ b/lib/ssl/tls13con.c
-@@ -4561,6 +4561,11 @@ tls13_ServerHandleFinished(sslSocket *ss
- return SECFailure;
- }
-
-+ rv = tls13_FinishHandshake(ss);
-+ if (rv != SECSuccess) {
-+ return SECFailure;
-+ }
-+
- ssl_GetXmitBufLock(ss);
- if (ss->opt.enableSessionTickets) {
- rv = tls13_SendNewSessionTicket(ss, NULL, 0);
-@@ -4573,8 +4578,7 @@ tls13_ServerHandleFinished(sslSocket *ss
- }
- }
- ssl_ReleaseXmitBufLock(ss);
--
-- return tls13_FinishHandshake(ss);
-+ return SECSuccess;
-
- loser:
- ssl_ReleaseXmitBufLock(ss);
-diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt
---- a/tests/ssl/sslauth.txt
-+++ b/tests/ssl/sslauth.txt
-@@ -42,6 +42,7 @@
- noECC 0 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth)
- noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth)
- noECC 1 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth)
-+ noECC 0 -r_-r_-r_-E_-u -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth)
- #
- # Use EC cert for client authentication
- #
diff --git a/SOURCES/nss-rsa-pkcs1-sigalgs.patch b/SOURCES/nss-rsa-pkcs1-sigalgs.patch
new file mode 100644
index 0000000..9855b9a
--- /dev/null
+++ b/SOURCES/nss-rsa-pkcs1-sigalgs.patch
@@ -0,0 +1,247 @@
+# HG changeset patch
+# User Daiki Ueno
+# Date 1594360877 -7200
+# Fri Jul 10 08:01:17 2020 +0200
+# Node ID df1d2695e115ed9e6f7e8df6ad4d7be2c9bc77d8
+# Parent de661583d46713c9b4873a904dda3a8ba4a61976
+Bug 1646324, advertise rsa_pkcs1_* schemes in CH and CR for certs, r=mt
+
+Summary:
+In TLS 1.3, unless "signature_algorithms_cert" is advertised, the
+"signature_algorithms" extension is used as an indication of supported
+algorithms for signatures on certificates. While rsa_pkcs1_*
+signatures schemes cannot be used for signing handshake messages, they
+should be advertised if the peer wants to to support certificates
+signed with RSA PKCS#1.
+
+This adds a flag to ssl3_EncodeSigAlgs() and ssl3_FilterSigAlgs() to
+preserve rsa_pkcs1_* schemes in the output.
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 1646324
+
+Differential Revision: https://phabricator.services.mozilla.com/D80881
+
+diff -r de661583d467 -r df1d2695e115 gtests/ssl_gtest/ssl_auth_unittest.cc
+--- a/gtests/ssl_gtest/ssl_auth_unittest.cc Thu Jul 09 22:45:27 2020 +0000
++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc Fri Jul 10 08:01:17 2020 +0200
+@@ -1591,6 +1591,47 @@
+ capture->extension());
+ }
+
++TEST_P(TlsConnectTls13, Tls13RsaPkcs1IsAdvertisedClient) {
++ EnsureTlsSetup();
++ static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pkcs1_sha256,
++ ssl_sig_rsa_pss_rsae_sha256};
++ client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
++ auto capture =
++ MakeTlsFilter(client_, ssl_signature_algorithms_xtn);
++ Connect();
++ // We should only have the one signature algorithm advertised.
++ static const uint8_t kExpectedExt[] = {0,
++ 4,
++ ssl_sig_rsa_pss_rsae_sha256 >> 8,
++ ssl_sig_rsa_pss_rsae_sha256 & 0xff,
++ ssl_sig_rsa_pkcs1_sha256 >> 8,
++ ssl_sig_rsa_pkcs1_sha256 & 0xff};
++ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)),
++ capture->extension());
++}
++
++TEST_P(TlsConnectTls13, Tls13RsaPkcs1IsAdvertisedServer) {
++ EnsureTlsSetup();
++ static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pkcs1_sha256,
++ ssl_sig_rsa_pss_rsae_sha256};
++ server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes));
++ auto capture = MakeTlsFilter(
++ server_, ssl_signature_algorithms_xtn, true);
++ capture->SetHandshakeTypes({kTlsHandshakeCertificateRequest});
++ capture->EnableDecryption();
++ server_->RequestClientAuth(false); // So we get a CertificateRequest.
++ Connect();
++ // We should only have the one signature algorithm advertised.
++ static const uint8_t kExpectedExt[] = {0,
++ 4,
++ ssl_sig_rsa_pss_rsae_sha256 >> 8,
++ ssl_sig_rsa_pss_rsae_sha256 & 0xff,
++ ssl_sig_rsa_pkcs1_sha256 >> 8,
++ ssl_sig_rsa_pkcs1_sha256 & 0xff};
++ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)),
++ capture->extension());
++}
++
+ // variant, version, certificate, auth type, signature scheme
+ typedef std::tuple
+diff -r de661583d467 -r df1d2695e115 lib/ssl/ssl3con.c
+--- a/lib/ssl/ssl3con.c Thu Jul 09 22:45:27 2020 +0000
++++ b/lib/ssl/ssl3con.c Fri Jul 10 08:01:17 2020 +0200
+@@ -784,15 +784,19 @@
+ * Both by policy and by having a token that supports it. */
+ static PRBool
+ ssl_SignatureSchemeAccepted(PRUint16 minVersion,
+- SSLSignatureScheme scheme)
++ SSLSignatureScheme scheme,
++ PRBool forCert)
+ {
+ /* Disable RSA-PSS schemes if there are no tokens to verify them. */
+ if (ssl_IsRsaPssSignatureScheme(scheme)) {
+ if (!PK11_TokenExists(auth_alg_defs[ssl_auth_rsa_pss])) {
+ return PR_FALSE;
+ }
+- } else if (ssl_IsRsaPkcs1SignatureScheme(scheme)) {
+- /* Disable PKCS#1 signatures if we are limited to TLS 1.3. */
++ } else if (!forCert && ssl_IsRsaPkcs1SignatureScheme(scheme)) {
++ /* Disable PKCS#1 signatures if we are limited to TLS 1.3.
++ * We still need to advertise PKCS#1 signatures in CH and CR
++ * for certificate signatures.
++ */
+ if (minVersion >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ return PR_FALSE;
+ }
+@@ -851,7 +855,8 @@
+ /* Ensure that there is a signature scheme that can be accepted.*/
+ for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+ if (ssl_SignatureSchemeAccepted(ss->vrange.min,
+- ss->ssl3.signatureSchemes[i])) {
++ ss->ssl3.signatureSchemes[i],
++ PR_FALSE /* forCert */)) {
+ return SECSuccess;
+ }
+ }
+@@ -880,7 +885,7 @@
+ PRBool acceptable = authType == schemeAuthType ||
+ (schemeAuthType == ssl_auth_rsa_pss &&
+ authType == ssl_auth_rsa_sign);
+- if (acceptable && ssl_SignatureSchemeAccepted(ss->version, scheme)) {
++ if (acceptable && ssl_SignatureSchemeAccepted(ss->version, scheme, PR_FALSE /* forCert */)) {
+ return PR_TRUE;
+ }
+ }
+@@ -9803,12 +9808,13 @@
+ }
+
+ SECStatus
+-ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, sslBuffer *buf)
++ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert,
++ sslBuffer *buf)
+ {
+ SSLSignatureScheme filtered[MAX_SIGNATURE_SCHEMES] = { 0 };
+ unsigned int filteredCount = 0;
+
+- SECStatus rv = ssl3_FilterSigAlgs(ss, minVersion, PR_FALSE,
++ SECStatus rv = ssl3_FilterSigAlgs(ss, minVersion, PR_FALSE, forCert,
+ PR_ARRAY_SIZE(filtered),
+ filtered, &filteredCount);
+ if (rv != SECSuccess) {
+@@ -9843,8 +9849,21 @@
+ return sslBuffer_InsertLength(buf, lengthOffset, 2);
+ }
+
++/*
++ * In TLS 1.3 we are permitted to advertise support for PKCS#1
++ * schemes. This doesn't affect the signatures in TLS itself, just
++ * those on certificates. Not advertising PKCS#1 signatures creates a
++ * serious compatibility risk as it excludes many certificate chains
++ * that include PKCS#1. Hence, forCert is used to enable advertising
++ * PKCS#1 support. Note that we include these in signature_algorithms
++ * because we don't yet support signature_algorithms_cert. TLS 1.3
++ * requires that PKCS#1 schemes are placed last in the list if they
++ * are present. This sorting can be removed once we support
++ * signature_algorithms_cert.
++ */
+ SECStatus
+ ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae,
++ PRBool forCert,
+ unsigned int maxSchemes, SSLSignatureScheme *filteredSchemes,
+ unsigned int *numFilteredSchemes)
+ {
+@@ -9856,15 +9875,32 @@
+ }
+
+ *numFilteredSchemes = 0;
++ PRBool allowUnsortedPkcs1 = forCert && minVersion < SSL_LIBRARY_VERSION_TLS_1_3;
+ for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+ if (disableRsae && ssl_IsRsaeSignatureScheme(ss->ssl3.signatureSchemes[i])) {
+ continue;
+ }
+ if (ssl_SignatureSchemeAccepted(minVersion,
+- ss->ssl3.signatureSchemes[i])) {
++ ss->ssl3.signatureSchemes[i],
++ allowUnsortedPkcs1)) {
+ filteredSchemes[(*numFilteredSchemes)++] = ss->ssl3.signatureSchemes[i];
+ }
+ }
++ if (forCert && !allowUnsortedPkcs1) {
++ for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
++ if (disableRsae && ssl_IsRsaeSignatureScheme(ss->ssl3.signatureSchemes[i])) {
++ continue;
++ }
++ if (!ssl_SignatureSchemeAccepted(minVersion,
++ ss->ssl3.signatureSchemes[i],
++ PR_FALSE) &&
++ ssl_SignatureSchemeAccepted(minVersion,
++ ss->ssl3.signatureSchemes[i],
++ PR_TRUE)) {
++ filteredSchemes[(*numFilteredSchemes)++] = ss->ssl3.signatureSchemes[i];
++ }
++ }
++ }
+ return SECSuccess;
+ }
+
+@@ -9901,7 +9937,7 @@
+
+ length = 1 + certTypesLength + 2 + calen;
+ if (isTLS12) {
+- rv = ssl3_EncodeSigAlgs(ss, ss->version, &sigAlgsBuf);
++ rv = ssl3_EncodeSigAlgs(ss, ss->version, PR_TRUE /* forCert */, &sigAlgsBuf);
+ if (rv != SECSuccess) {
+ return rv;
+ }
+diff -r de661583d467 -r df1d2695e115 lib/ssl/ssl3exthandle.c
+--- a/lib/ssl/ssl3exthandle.c Thu Jul 09 22:45:27 2020 +0000
++++ b/lib/ssl/ssl3exthandle.c Fri Jul 10 08:01:17 2020 +0200
+@@ -1652,7 +1652,7 @@
+ minVersion = ss->vrange.min; /* ClientHello */
+ }
+
+- SECStatus rv = ssl3_EncodeSigAlgs(ss, minVersion, buf);
++ SECStatus rv = ssl3_EncodeSigAlgs(ss, minVersion, PR_TRUE /* forCert */, buf);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+diff -r de661583d467 -r df1d2695e115 lib/ssl/sslimpl.h
+--- a/lib/ssl/sslimpl.h Thu Jul 09 22:45:27 2020 +0000
++++ b/lib/ssl/sslimpl.h Fri Jul 10 08:01:17 2020 +0200
+@@ -1688,12 +1688,12 @@
+ SECStatus ssl3_AuthCertificate(sslSocket *ss);
+ SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b,
+ PRUint32 length);
+-SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion,
++SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert,
+ sslBuffer *buf);
+ SECStatus ssl3_EncodeFilteredSigAlgs(const sslSocket *ss,
+ const SSLSignatureScheme *schemes,
+ PRUint32 numSchemes, sslBuffer *buf);
+-SECStatus ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae,
++SECStatus ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae, PRBool forCert,
+ unsigned int maxSchemes, SSLSignatureScheme *filteredSchemes,
+ unsigned int *numFilteredSchemes);
+ SECStatus ssl_GetCertificateRequestCAs(const sslSocket *ss,
+diff -r de661583d467 -r df1d2695e115 lib/ssl/tls13exthandle.c
+--- a/lib/ssl/tls13exthandle.c Thu Jul 09 22:45:27 2020 +0000
++++ b/lib/ssl/tls13exthandle.c Fri Jul 10 08:01:17 2020 +0200
+@@ -1519,7 +1519,8 @@
+ SSLSignatureScheme filtered[MAX_SIGNATURE_SCHEMES] = { 0 };
+ unsigned int filteredCount = 0;
+ SECStatus rv = ssl3_FilterSigAlgs(ss, ss->vrange.max,
+- PR_TRUE,
++ PR_TRUE /* disableRsae */,
++ PR_FALSE /* forCert */,
+ MAX_SIGNATURE_SCHEMES,
+ filtered,
+ &filteredCount);
diff --git a/SOURCES/nss-skip-bltest-and-fipstest.patch b/SOURCES/nss-skip-bltest-and-fipstest.patch
index 7d55d10..e68af55 100644
--- a/SOURCES/nss-skip-bltest-and-fipstest.patch
+++ b/SOURCES/nss-skip-bltest-and-fipstest.patch
@@ -1,6 +1,6 @@
diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile
---- nss/cmd/Makefile.skipthem 2017-01-13 16:41:04.117486801 +0100
-+++ nss/cmd/Makefile 2017-01-13 16:42:31.396335957 +0100
+--- nss/cmd/Makefile.skipthem 2020-06-17 00:50:59.000000000 +0200
++++ nss/cmd/Makefile 2020-07-28 16:39:14.398475287 +0200
@@ -19,7 +19,11 @@ BLTEST_SRCDIR =
ECPERF_SRCDIR =
FREEBL_ECTEST_SRCDIR =
@@ -13,3 +13,13 @@ diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile
else
BLTEST_SRCDIR = bltest
ECPERF_SRCDIR = ecperf
+diff -up nss/cmd/shlibsign/Makefile.skipthem nss/cmd/shlibsign/Makefile
+--- nss/cmd/shlibsign/Makefile.skipthem 2020-07-28 16:39:58.263169490 +0200
++++ nss/cmd/shlibsign/Makefile 2020-07-28 16:40:04.485126117 +0200
+@@ -94,6 +94,3 @@ else
+ $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+ endif
+ endif
+-
+-libs: install
+- $(MAKE) $(CHECKLOC)
diff --git a/SOURCES/nss-skip-cavs-tests.patch b/SOURCES/nss-skip-cavs-tests.patch
new file mode 100644
index 0000000..2ce3622
--- /dev/null
+++ b/SOURCES/nss-skip-cavs-tests.patch
@@ -0,0 +1,11 @@
+diff -up nss/tests/fips/fips.sh.skip-cavs nss/tests/fips/fips.sh
+--- nss/tests/fips/fips.sh.skip-cavs 2020-07-29 08:38:23.930846917 +0200
++++ nss/tests/fips/fips.sh 2020-07-29 08:38:30.001805500 +0200
+@@ -318,6 +318,6 @@ fips_cleanup()
+
+ fips_init
+ fips_140
+-fips_cavs
++#fips_cavs
+ fips_cleanup
+ echo "fips.sh done"
diff --git a/SOURCES/nss-skip-sysinit-gtests.patch b/SOURCES/nss-skip-sysinit-gtests.patch
index 4c3ea29..ca0e3d6 100644
--- a/SOURCES/nss-skip-sysinit-gtests.patch
+++ b/SOURCES/nss-skip-sysinit-gtests.patch
@@ -1,11 +1,11 @@
diff -up nss/gtests/manifest.mn.skip-sysinit-gtests nss/gtests/manifest.mn
---- nss/gtests/manifest.mn.skip-sysinit-gtests 2019-04-26 12:55:05.979302035 +0200
-+++ nss/gtests/manifest.mn 2019-04-26 12:55:09.507228984 +0200
-@@ -27,7 +27,6 @@ NSS_SRCDIRS = \
+--- nss/gtests/manifest.mn.skip-sysinit-gtests 2020-07-22 17:52:34.117219907 +0200
++++ nss/gtests/manifest.mn 2020-07-22 17:53:10.196957474 +0200
+@@ -31,7 +31,6 @@ NSS_SRCDIRS = \
smime_gtest \
softoken_gtest \
ssl_gtest \
- $(SYSINIT_GTEST) \
nss_bogo_shim \
+ pkcs11testmodule \
$(NULL)
- endif
diff --git a/SOURCES/nss-skip-tls13-fips-tests.sh b/SOURCES/nss-skip-tls13-fips-tests.sh
deleted file mode 100644
index 2d4ff9c..0000000
--- a/SOURCES/nss-skip-tls13-fips-tests.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -up nss/tests/ssl/ssl.sh.skip-tls13-fips-mode nss/tests/ssl/ssl.sh
---- nss/tests/ssl/ssl.sh.skip-tls13-fips-mode 2019-05-16 10:52:35.926904215 +0200
-+++ nss/tests/ssl/ssl.sh 2019-05-16 10:53:05.953281239 +0200
-@@ -412,6 +412,12 @@ ssl_auth()
- echo "${testname}" | grep "TLS 1.3" > /dev/null
- TLS13=$?
-
-+ if [ "${TLS13}" -eq 0 ] && \
-+ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
-+ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
-+ continue
-+ fi
-+
- if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
- echo "$SCRIPTNAME: skipping $testname (non-FIPS only)"
- elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
diff --git a/SOURCES/nss-sql-default-tests.patch b/SOURCES/nss-sql-default-tests.patch
new file mode 100644
index 0000000..1d4b6ad
--- /dev/null
+++ b/SOURCES/nss-sql-default-tests.patch
@@ -0,0 +1,85 @@
+# HG changeset patch
+# User Franziskus Kiefer
+# Date 1575483231 0
+# Wed Dec 04 18:13:51 2019 +0000
+# Node ID c1fad130dce2081a5d6ce9f539c72d999f59afce
+# Parent a9ba652046e634ccb4ca21a43dd6d76858e20d62
+Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj
+
+Disale libnssdbm by default and add flag to enable it in builds.
+On CI a build and certs test with enabled legacy DB are added.
+
+Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas.
+
+Differential Revision: https://phabricator.services.mozilla.com/D54673
+
+diff -r a9ba652046e6 -r c1fad130dce2 tests/all.sh
+--- a/tests/all.sh Tue Dec 03 23:27:28 2019 +0000
++++ b/tests/all.sh Wed Dec 04 18:13:51 2019 +0000
+@@ -51,10 +51,10 @@
+ # pkix - run test suites with PKIX enabled
+ # upgradedb - upgrade existing certificate databases to shareable
+ # format (creates them if doesn't exist yet) and run
+-# test suites with those databases
++# test suites with those databases. Requires to enable libdm.
+ # sharedb - run test suites with shareable database format
+ # enabled (databases are created directly to this
+-# format)
++# format). This is the default and doesn't need to be run separately.
+ #
+ # Mandatory environment variables (to be set before testing):
+ # -----------------------------------------------------------
+@@ -135,7 +135,7 @@
+ }
+
+ ########################## run_cycle_standard ##########################
+-# run test suites with dbm database (no PKIX, no sharedb)
++# run test suites with sql database (no PKIX)
+ ########################################################################
+ run_cycle_standard()
+ {
+@@ -144,7 +144,7 @@
+ TESTS="${ALL_TESTS}"
+ TESTS_SKIP="cipher libpkix sdr ocsp pkits"
+
+- NSS_DEFAULT_DB_TYPE="dbm"
++ NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"}
+ export NSS_DEFAULT_DB_TYPE
+
+ run_tests
+@@ -288,7 +288,7 @@
+ . ./init.sh
+ fi
+
+-cycles="standard pkix upgradedb sharedb"
++cycles="standard pkix"
+ CYCLES=${NSS_CYCLES:-$cycles}
+
+ NO_INIT_SUPPORT=`certutil --build-flags |grep -cw NSS_NO_INIT_SUPPORT`
+diff -r a9ba652046e6 -r c1fad130dce2 tests/common/init.sh
+--- a/tests/common/init.sh Tue Dec 03 23:27:28 2019 +0000
++++ b/tests/common/init.sh Wed Dec 04 18:13:51 2019 +0000
+@@ -651,9 +651,9 @@
+
+ RELOAD_CRL=1
+
+- # if test mode isn't set, test scripts default to expecting dbm
++ # if test mode isn't set, test scripts default to expecting sql
+ if [ "${TEST_MODE}" = "" ]; then
+- NSS_DEFAULT_DB_TYPE="dbm"
++ NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"}
+ export NSS_DEFAULT_DB_TYPE
+ fi
+
+diff -r a9ba652046e6 -r c1fad130dce2 tests/remote/Makefile
+--- a/tests/remote/Makefile Tue Dec 03 23:27:28 2019 +0000
++++ b/tests/remote/Makefile Wed Dec 04 18:13:51 2019 +0000
+@@ -56,7 +56,7 @@
+ TEST_SHELL?=$$HOME/bin/sh
+ ANDROID_PORT?="2222"
+ #Define the subset of tests that is known to work on Android
+-NSS_CYCLES?="standard pkix upgradedb sharedb"
++NSS_CYCLES?="standard pkix sharedb"
+ NSS_TESTS?="cipher lowhash libpkix cert dbtests tools sdr crmf smime ssl ocsp merge pkits chains"
+ NSS_SSL_TESTS?="crl normal_normal iopr"
+ NSS_SSL_RUN?="cov auth stress"
diff --git a/SOURCES/nss-sql-default.patch b/SOURCES/nss-sql-default.patch
index fd39778..d2dbcc4 100644
--- a/SOURCES/nss-sql-default.patch
+++ b/SOURCES/nss-sql-default.patch
@@ -1,42 +1,35 @@
-# HG changeset patch
-# User Kai Engert
-# Date 1511548994 -3600
-# Fri Nov 24 19:43:14 2017 +0100
-# Node ID b0658ed367633e505d38c0c0f63b801ddbbb21a4
-# Parent 807662e6ba57db5be05036511ac8634466ed473f
-Bug 1377940, Change NSS default storage file format (currently DBM), when no prefix is given, to SQL, r=rrelyea, r=fkiefer
-
---- a/tests/all.sh
-+++ b/tests/all.sh
-@@ -111,6 +111,8 @@ RUN_FIPS=""
+diff -up nss/tests/all.sh.sql-default nss/tests/all.sh
+--- nss/tests/all.sh.sql-default 2020-06-17 00:50:59.000000000 +0200
++++ nss/tests/all.sh 2020-07-22 17:41:08.591206201 +0200
+@@ -114,8 +114,6 @@ RUN_FIPS=""
########################################################################
run_tests()
{
-+ echo "Running test cycle: ${TEST_MODE} ----------------------"
-+ echo "List of tests that will be executed: ${TESTS}"
+- echo "Running test cycle: ${TEST_MODE} ----------------------"
+- echo "List of tests that will be executed: ${TESTS}"
for TEST in ${TESTS}
do
# NOTE: the spaces are important. If you don't include
-@@ -172,8 +174,9 @@ run_cycle_pkix()
- NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+@@ -173,9 +171,8 @@ run_cycle_pkix()
+
export -n NSS_SSL_RUN
-- # use the default format
-+ # use the default format. (unset for the shell, export -n for binaries)
+- # use the default format. (unset for the shell, export -n for binaries)
++ # use the default format
export -n NSS_DEFAULT_DB_TYPE
-+ unset NSS_DEFAULT_DB_TYPE
+- unset NSS_DEFAULT_DB_TYPE
run_tests
}
-diff --git a/tests/merge/merge.sh b/tests/merge/merge.sh
---- a/tests/merge/merge.sh
-+++ b/tests/merge/merge.sh
+diff -up nss/tests/merge/merge.sh.sql-default nss/tests/merge/merge.sh
+--- nss/tests/merge/merge.sh.sql-default 2020-06-17 00:50:59.000000000 +0200
++++ nss/tests/merge/merge.sh 2020-07-22 17:24:45.819348633 +0200
@@ -98,7 +98,7 @@ merge_init()
# are dbm databases.
if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
save=${NSS_DEFAULT_DB_TYPE}
-- NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
-+ NSS_DEFAULT_DB_TYPE=dbm ; export NSS_DEFAULT_DB_TYPE
+- NSS_DEFAULT_DB_TYPE=dbm ; export NSS_DEFAULT_DB_TYPE
++ NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
fi
certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
diff --git a/SOURCES/nss-ssl2-compatible-client-hello.patch b/SOURCES/nss-ssl2-compatible-client-hello.patch
index a1f5217..da155c6 100644
--- a/SOURCES/nss-ssl2-compatible-client-hello.patch
+++ b/SOURCES/nss-ssl2-compatible-client-hello.patch
@@ -1,12 +1,12 @@
diff -up nss/lib/ssl/sslsock.c.ssl2hello nss/lib/ssl/sslsock.c
---- nss/lib/ssl/sslsock.c.ssl2hello 2019-04-26 11:31:02.139693304 +0200
-+++ nss/lib/ssl/sslsock.c 2019-04-26 11:31:36.842975724 +0200
-@@ -86,7 +86,7 @@ static sslOptions ssl_defaults = {
- .enableTls13CompatMode = PR_FALSE,
+--- nss/lib/ssl/sslsock.c.ssl2hello 2020-07-22 17:54:31.498366114 +0200
++++ nss/lib/ssl/sslsock.c 2020-07-22 17:55:46.019824069 +0200
+@@ -89,7 +89,7 @@ static sslOptions ssl_defaults = {
+ .enableDtls13VersionCompat = PR_FALSE,
.enableDtlsShortHeader = PR_FALSE,
.enableHelloDowngradeCheck = PR_FALSE,
- .enableV2CompatibleHello = PR_FALSE,
+ .enableV2CompatibleHello = PR_TRUE,
- .enablePostHandshakeAuth = PR_FALSE
+ .enablePostHandshakeAuth = PR_FALSE,
+ .suppressEndOfEarlyData = PR_FALSE
};
-
diff --git a/SOURCES/nss-version-range.patch b/SOURCES/nss-version-range.patch
new file mode 100644
index 0000000..4693e96
--- /dev/null
+++ b/SOURCES/nss-version-range.patch
@@ -0,0 +1,14 @@
+diff -up nss/lib/ssl/sslsock.c.version-range nss/lib/ssl/sslsock.c
+--- nss/lib/ssl/sslsock.c.version-range 2020-07-30 08:20:35.811375910 +0200
++++ nss/lib/ssl/sslsock.c 2020-07-30 08:21:02.132188806 +0200
+@@ -98,8 +98,8 @@ static sslOptions ssl_defaults = {
+ * default range of enabled SSL/TLS protocols
+ */
+ static SSLVersionRange versions_defaults_stream = {
+- SSL_LIBRARY_VERSION_TLS_1_0,
+- SSL_LIBRARY_VERSION_TLS_1_3
++ SSL_LIBRARY_VERSION_3_0,
++ SSL_LIBRARY_VERSION_TLS_1_2
+ };
+
+ static SSLVersionRange versions_defaults_datagram = {
diff --git a/SOURCES/secmod.db.xml b/SOURCES/secmod.db.xml
new file mode 100644
index 0000000..afc9dce
--- /dev/null
+++ b/SOURCES/secmod.db.xml
@@ -0,0 +1,63 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ secmod.db
+ 5
+
+
+
+ secmod.db
+ Legacy NSS security modules database
+
+
+
+ Description
+ secmod.db is an NSS security modules database.
+ The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
+
+ The command line utility modutil is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
+
+ For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
+
+
+
+
+ Files
+ /etc/pki/nssdb/secmod.db
+
+
+
+ See also
+ modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
+
diff --git a/SOURCES/setup-nsssysinit.xml b/SOURCES/setup-nsssysinit.xml
new file mode 100644
index 0000000..5b9827f
--- /dev/null
+++ b/SOURCES/setup-nsssysinit.xml
@@ -0,0 +1,106 @@
+
+
+
+]>
+
+
+
+
+ &date;
+ Network Security Services
+ nss
+ &version;
+
+
+
+ setup-nsssysinit
+ 1
+
+
+
+ setup-nsssysinit
+ Query or enable the nss-sysinit module
+
+
+
+
+ setup-nsssysinit
+
+
+
+
+
+
+
+ Description
+ setup-nsssysinit is a shell script to query the status of the nss-sysinit module and when run with root priviledge it can enable or disable it.
+ Turns on or off the nss-sysinit module db by editing the global PKCS #11 configuration file. Displays the status. This script can be invoked by the user as super user. It is invoked at nss-sysinit post install time with argument on.
+
+
+
+
+ Options
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+
+ Turn on nss-sysinit.
+
+
+
+
+ returns whether nss-syinit is enabled or not.
+
+
+
+
+
+
+ Examples
+
+ The following example will query for the status of nss-sysinit:
+
+ /usr/bin/setup-nsssysinit status
+
+
+
+ The following example, when run as superuser, will turn on nss-sysinit:
+
+ /usr/bin/setup-nsssysinit on
+
+
+
+
+
+
+ Files
+ /usr/bin/setup-nsssysinit
+
+
+
+ See also
+ pkg-config(1)
+
+
+
+ Authors
+ The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.
+ Authors: Elio Maldonado <emaldona@redhat.com>.
+
+
+
+
+ LICENSE
+ Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+
+
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index 5292a7d..cc80bde 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -1,14 +1,14 @@
-%global nspr_version 4.21.0
-%global nss_util_version 3.44.0
-%global nss_util_build -3
+%global nspr_version 4.25.0
+%global nss_util_version 3.53.1
+%global nss_util_build -1
# adjust to the version that gets submitted for FIPS validation
-%global nss_softokn_fips_version 3.44.0
-%global nss_softokn_version 3.44.0
+%global nss_softokn_fips_version 3.53.1
+%global nss_softokn_version 3.53.1
# Attention: Separate softokn versions for build and runtime.
-%global runtime_required_softokn_build_version -1
+%global runtime_required_softokn_build_version -2
# Building NSS doesn't require the same version of softokn built for runtime.
-%global build_required_softokn_build_version -1
-%global nss_version 3.44.0
+%global build_required_softokn_build_version -2
+%global nss_version 3.53.1
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
%global allTools "certutil cmsutil crlutil derdump modutil nss-policy-check pk12util pp signtool signver ssltap vfychain vfyserv"
@@ -41,7 +41,7 @@ rpm.define(string.format("nss_archive_version %s",
Summary: Network Security Services
Name: nss
Version: %{nss_version}
-Release: 7%{?dist}
+Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -126,7 +126,9 @@ Patch53: Bug-1001841-disable-sslv2-tests.patch
Patch56: p-ignore-setpolicy.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144
Patch62: nss-fix-deadlock-squash.patch
-Patch100: fix-min-library-version-in-SSLVersionRange.patch
+# In RHEL-7, we still disable TLS 1.3 by default, and set SSL 3.0 as
+# the hard minimum
+Patch100: nss-version-range.patch
Patch108: nss-sni-c-v-fix.patch
Patch123: nss-skip-util-gtest.patch
Patch126: nss-reorder-cipher-suites.patch
@@ -140,8 +142,6 @@ Patch139: nss-modutil-skip-changepw-fips.patch
# Work around for yum
# https://bugzilla.redhat.com/show_bug.cgi?id=1469526
Patch141: nss-sysinit-getenv.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1542207
-Patch147: nss-dsa-policy.patch
# To revert the change in:
# https://bugzilla.mozilla.org/show_bug.cgi?id=818686
Patch148: nss-sysinit-userdb.patch
@@ -150,25 +150,24 @@ Patch149: nss-skip-sysinit-gtests.patch
# Enable SSLv2 compatible ClientHello, disabled in the change:
# https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
Patch150: nss-ssl2-compatible-client-hello.patch
-# TLS 1.3 currently doesn't work under FIPS mode:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
-Patch151: nss-skip-tls13-fips-tests.sh
# For backward compatibility: make -V "ssl3:" continue working, while
# the minimum version is clamped to tls1.0
Patch152: nss-version-range-set.patch
-# TLS 1.3 currently doesn't work under FIPS mode:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1710372
-Patch153: nss-fips-disable-tls13.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552208
-Patch154: nss-disable-pkcs1-sigalgs-tls13.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1553443
-Patch155: nss-post-handshake-auth-with-tickets.patch
-# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806
-Patch156: nss-fix-public-key-from-priv.patch
-Patch157: nss-add-ipsec-usage-to-manpage.patch
-# https://bugzilla.mozilla.org/show_bug.cgi?id=1515342
-Patch159: nss-3.44-handle-malformed-ecdh.patch
-Patch160: nss-3.44-handle-malformed-ecdh-gtests.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1646324
+Patch154: nss-rsa-pkcs1-sigalgs.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
+Patch155: nss-3.53.1-diffie_hellman_checks.patch
+# CAVS testing should be done in nss-softkn package
+Patch156: nss-skip-cavs-tests.patch
+# no upsteam bug yet
+Patch157: nss-3.53-fix-private_key_mac.patch
+# To revert the testing portion of the change:
+# https://bugzilla.mozilla.org/show_bug.cgi?id=1594933
+Patch158: nss-sql-default-tests.patch
+# Local patch: disable Delegated Credentials
+Patch159: nss-disable-dc.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822
+Patch160: nss-3.53.1-remove-timing-tests.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -259,7 +258,7 @@ pushd nss
%patch53 -p1 -b .disableSSL2tests
%patch56 -p1 -b .1026677_ignore_set_policy
%patch62 -p1 -b .fix_deadlock
-%patch100 -p0 -b .1171318
+%patch100 -p1 -b .version-range
popd
%patch108 -p0 -b .sni_c_v_fix
pushd nss
@@ -267,24 +266,20 @@ pushd nss
%patch126 -p1 -b .reorder-cipher-suites
%patch127 -p1 -b .disable-cipher-suites
%patch130 -p1 -b .reorder-cipher-suites-gtests
-%patch136 -p1 -R -b .sql-default
+%patch136 -p1 -b .sql-default
%patch139 -p1 -b .modutil-skip-changepw-fips
%patch148 -R -p1 -b .sysinit-userdb
%patch141 -p1 -b .sysinit-getenv
-%patch147 -p1 -b .dsa-policy
%patch149 -p1 -b .skip-sysinit-gtests
%patch150 -p1 -b .ssl2hello
-%patch151 -p1 -b .skip-tls13-fips-mode
%patch152 -p1 -b .version-range-set
-%patch153 -p1 -b .fips-disable-tls13
-%patch154 -p1 -b .disable-pkcs1-sigalgs-tls13
-%patch155 -p1 -b .post-handshake-auth-with-tickets
-popd
-%patch156 -p1 -b .pub-priv-mechs
-%patch157 -p1 -b .ipsec-usage
-pushd nss
-%patch159 -p1 -b .handle-malformed-ecdh
-%patch160 -p1 -b .handle-malformed-ecdh-gtests
+%patch154 -p1 -b .rsa-pkcs1-sigalgs
+%patch155 -p1 -b .dh-checks
+%patch156 -p1 -b .skip-cavs
+%patch157 -p1 -b .privkey-mac
+%patch158 -p1 -R -b .sql-default-tests
+%patch159 -p1 -b .dc
+%patch160 -p1 -b .remove-timing-tests
popd
#########################################################
@@ -391,9 +386,6 @@ export NSS_BLTEST_NOT_AVAILABLE=1
export NSS_FORCE_FIPS=1
-%{__make} -C ./nss/coreconf
-%{__make} -C ./nss/lib/dbm
-
# Set the policy file location
# if set NSS will always check for the policy file and load if it exists
export POLICY_FILE="nss-rhel7.config"
@@ -406,7 +398,9 @@ export POLICY_PATH="/etc/pki/nss-legacy"
%{__mkdir_p} ./dist/private/nss
%{__mv} ./nss/verref.h ./dist/private/nss/verref.h
-%{__make} -C ./nss
+%{__make} -C ./nss all
+%{__make} -C ./nss latest
+
unset NSS_BLTEST_NOT_AVAILABLE
# build the man pages clean
@@ -561,7 +555,9 @@ pushd ./nss/tests/
# all.sh is the test suite script
# don't need to run all the tests when testing packaging
-# nss_cycles: standard pkix upgradedb sharedb
+export NSS_DEFAULT_DB_TYPE=dbm #in RHEL 7, the default db is sql, but we want
+ # standard to test dbm, or upgradedb will fail
+%global nss_cycles "standard pkix upgradedb sharedb"
%global nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
# nss_ssl_run: cov auth stress
@@ -896,16 +892,30 @@ fi
%changelog
-* Fri Dec 6 2019 Bob Relyea - 3.44.0-7
+* Sat Aug 1 2020 Daiki Ueno - 3.53.1-3
+- Disable dh timing test because it's unreliable on s390 (from Bob Relyea)
+- Explicitly enable upgradedb/sharedb test cycles
+
+* Thu Jul 30 2020 Daiki Ueno - 3.53.1-2
+- Disable TLS 1.3 by default
+
+* Wed Jul 22 2020 Daiki Ueno - 3.53.1-1
+- Rebase to NSS 3.53.1
+
+* Fri Dec 6 2019 Bob Relyea - 3.44.0-8
- Increase timeout on ssl_gtest so that slow platforms can complete when
running on a busy system.
-* Thu Dec 5 2019 Bob Relyea - 3.44.0-6
+* Thu Dec 5 2019 Bob Relyea - 3.44.0-7
- back out out-of-bounds patch (patch for nss-softokn).
- Fix segfault on empty or malformed ecdh keys (#1777712)
-* Wed Dec 4 2019 Bob Relyea - 3.44.0-5
-- Fix out-of-bounds write in NSC_EncryptUpdate (#1775910)
+* Wed Dec 4 2019 Bob Relyea - 3.44.0-6
+- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)
+
+* Wed Aug 14 2019 Bob Relyea - 3.44.0-5
+- Fix pkix name constraints processing to only process the common name if the
+ certusage you are checking is IPSEC or SSL Server.
* Wed Jun 5 2019 Bob Relyea - 3.44.0-4
- Fix certutil man page