diff --git a/.gitignore b/.gitignore index 59562e2..4f7cff8 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ SOURCES/blank-cert9.db SOURCES/blank-key3.db SOURCES/blank-key4.db SOURCES/blank-secmod.db -SOURCES/nss-3.53.1.tar.gz +SOURCES/nss-3.67.tar.gz diff --git a/.nss.metadata b/.nss.metadata index d94a44d..d284a79 100644 --- a/.nss.metadata +++ b/.nss.metadata @@ -6,4 +6,4 @@ b5570125fbf6bfb410705706af48217a0817c03a SOURCES/blank-cert9.db 7f78b5bcecdb5005e7b803604b2ec9d1a9df2fb5 SOURCES/blank-key3.db f9c9568442386da370193474de1b25c3f68cdaf6 SOURCES/blank-key4.db bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db -ee522d99ff582b849fe5190c1461f0633ffe1721 SOURCES/nss-3.53.1.tar.gz +9cccf98f0476905c0d863a6b2cb08a1955482241 SOURCES/nss-3.67.tar.gz diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch index 093bb54..f943cbb 100644 --- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch +++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch @@ -1,7 +1,7 @@ -diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh ---- nss/tests/ssl/ssl.sh.disableSSL2tests 2019-03-16 01:25:08.000000000 +0100 -+++ nss/tests/ssl/ssl.sh 2019-03-28 10:39:14.254180729 +0100 -@@ -68,9 +68,14 @@ ssl_init() +diff -up ./tests/ssl/ssl.sh.disableSSL2tests ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.disableSSL2tests 2021-05-28 02:50:43.000000000 -0700 ++++ ./tests/ssl/ssl.sh 2021-06-03 15:22:02.725514179 -0700 +@@ -88,9 +88,14 @@ ssl_init() NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} # Test case files @@ -18,7 +18,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh SSLPOLICY=${QADIR}/ssl/sslpolicy.txt REQUEST_FILE=${QADIR}/ssl/sslreq.dat -@@ -128,7 +133,11 @@ is_selfserv_alive() +@@ -159,7 +164,11 @@ is_selfserv_alive() fi echo "kill -0 ${PID} >/dev/null 2>/dev/null" @@ -30,7 +30,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh echo "selfserv with PID ${PID} found at `date`" } -@@ -152,7 +161,11 @@ wait_for_selfserv() +@@ -183,7 +192,11 @@ wait_for_selfserv() ${BINDIR}/tstclnt -4 -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \ -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE} if [ $? -ne 0 ]; then @@ -42,16 +42,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh fi fi is_selfserv_alive -@@ -278,7 +291,7 @@ ssl_cov() - start_selfserv $CIPHER_SUITES # Launch the server - - VMIN="ssl3" -- VMAX="tls1.1" -+ VMAX="tls1.2" - - ignore_blank_lines ${SSLCOV} | \ - while read ectype testmax param testname -@@ -286,6 +299,12 @@ ssl_cov() +@@ -332,6 +345,12 @@ ssl_cov() echo "${testname}" | grep "EXPORT" > /dev/null EXP=$? diff --git a/SOURCES/nss-3.53-strict-proto-fix.patch b/SOURCES/nss-3.53-strict-proto-fix.patch deleted file mode 100644 index e69c977..0000000 --- a/SOURCES/nss-3.53-strict-proto-fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./lib/pk11wrap/pk11pub.h.strict_proto_fix ./lib/pk11wrap/pk11pub.h ---- ./lib/pk11wrap/pk11pub.h.strict_proto_fix 2020-06-04 16:48:54.721954514 -0700 -+++ ./lib/pk11wrap/pk11pub.h 2020-06-04 16:49:17.074066050 -0700 -@@ -948,7 +948,7 @@ PRBool SECMOD_HasRootCerts(void); - * the system state independent of the database state and can be called - * before NSS initializes. - */ --int SECMOD_GetSystemFIPSEnabled(); -+int SECMOD_GetSystemFIPSEnabled(void); - - SEC_END_PROTOS - diff --git a/SOURCES/nss-3.53.1-diffie_hellman_checks.patch b/SOURCES/nss-3.53.1-diffie_hellman_checks.patch deleted file mode 100644 index 20a6dd2..0000000 --- a/SOURCES/nss-3.53.1-diffie_hellman_checks.patch +++ /dev/null @@ -1,5798 +0,0 @@ -diff --git a/gtests/softoken_gtest/manifest.mn b/gtests/softoken_gtest/manifest.mn ---- a/gtests/softoken_gtest/manifest.mn -+++ b/gtests/softoken_gtest/manifest.mn -@@ -20,16 +20,17 @@ CPPSRCS = \ - $(NULL) - - INCLUDES += \ - -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ - -I$(CORE_DEPTH)/gtests/common \ - -I$(CORE_DEPTH)/cpputil \ - $(NULL) - --REQUIRES = nspr gtest -+REQUIRES = nspr gtest cpputil - - PROGRAM = softoken_gtest - - EXTRA_LIBS = \ - $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ -+ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \ - $(DIST)/lib/$(LIB_PREFIX)gtestutil.$(LIB_SUFFIX) \ - $(NULL) -diff --git a/gtests/softoken_gtest/softoken_dh_vectors.h b/gtests/softoken_gtest/softoken_dh_vectors.h -new file mode 100644 ---- /dev/null -+++ b/gtests/softoken_gtest/softoken_dh_vectors.h -@@ -0,0 +1,3399 @@ -+ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+namespace nss_test { -+/* first list the primes we want to test */ -+ -+/* known primes */ -+/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */ -+static const unsigned char prime_ike_1536[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } */ -+static const unsigned char prime_ike_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */ -+static const unsigned char prime_tls_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */ -+static const unsigned char prime_ike_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */ -+static const unsigned char prime_tls_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */ -+static const unsigned char prime_ike_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */ -+static const unsigned char prime_tls_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */ -+static const unsigned char prime_ike_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, -+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, -+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, -+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, -+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, -+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, -+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, -+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, -+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, -+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */ -+static const unsigned char prime_tls_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, -+ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, -+ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, -+ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, -+ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, -+ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, -+ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, -+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, -+ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, -+ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, -+ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, -+ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */ -+static const unsigned char prime_ike_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, -+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, -+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, -+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, -+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, -+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, -+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, -+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, -+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, -+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, -+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, -+ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, -+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, -+ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, -+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, -+ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, -+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, -+ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, -+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, -+ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, -+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, -+ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, -+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, -+ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, -+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, -+ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, -+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, -+ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, -+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, -+ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, -+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */ -+static const unsigned char prime_tls_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, -+ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, -+ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, -+ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, -+ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, -+ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, -+ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, -+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, -+ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, -+ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, -+ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, -+ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, -+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, -+ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, -+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42, -+ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, -+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39, -+ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, -+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0, -+ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, -+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, -+ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, -+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, -+ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, -+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, -+ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, -+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE, -+ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, -+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8, -+ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, -+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, -+ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, -+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF}; -+ -+/* safe primes that aren't already known. These primes should pass, but -+ * take more processing in FIPS mode */ -+static const unsigned char prime_safe_1536[] = { -+ 0xf7, 0x67, 0x31, 0xc8, 0x45, 0x6a, 0xd9, 0xea, 0x53, 0x0b, 0x21, 0xc7, -+ 0x4a, 0xfa, 0x81, 0x66, 0x76, 0x5c, 0xea, 0xb7, 0xf5, 0x11, 0x32, 0x6d, -+ 0xd3, 0x4c, 0x7a, 0xac, 0x39, 0x17, 0x1a, 0x87, 0xb8, 0x00, 0xd7, 0x11, -+ 0xc5, 0xfd, 0xe1, 0xe3, 0x65, 0x4c, 0x1f, 0x42, 0x24, 0x41, 0x1e, 0x92, -+ 0x42, 0xbf, 0xb6, 0x65, 0x0e, 0x72, 0x83, 0x8a, 0xb8, 0x82, 0xa6, 0x4f, -+ 0x9e, 0xca, 0x4f, 0xd1, 0xb1, 0x13, 0xc2, 0xfa, 0x67, 0xa1, 0x6a, 0x06, -+ 0x4f, 0xaf, 0x6e, 0x16, 0xd9, 0x94, 0xd8, 0xda, 0xe3, 0x66, 0x62, 0x01, -+ 0x1f, 0x82, 0x8f, 0x10, 0xe0, 0x2f, 0x3c, 0xa3, 0x42, 0xa8, 0xbb, 0x94, -+ 0x32, 0x79, 0x79, 0x7f, 0x97, 0xf8, 0x3a, 0x31, 0xaa, 0x14, 0xc7, 0xfe, -+ 0x13, 0x96, 0x77, 0x15, 0xbf, 0x47, 0x20, 0x57, 0x11, 0xe0, 0x4f, 0xda, -+ 0x7e, 0xa9, 0x19, 0x49, 0xa1, 0x8d, 0x29, 0x76, 0x8a, 0xd3, 0x9b, 0xb0, -+ 0xbe, 0x50, 0xc3, 0x25, 0x82, 0xf9, 0xe3, 0x21, 0x8c, 0xfd, 0xa6, 0x51, -+ 0xe5, 0x36, 0x7e, 0x82, 0xb6, 0x90, 0x45, 0xe1, 0xd5, 0x72, 0x56, 0xbe, -+ 0xc5, 0x67, 0x3d, 0x13, 0x1a, 0x39, 0x7f, 0x98, 0x33, 0xfc, 0xb4, 0x7b, -+ 0xa4, 0x38, 0x71, 0x87, 0x96, 0x6e, 0xe6, 0x7b, 0x77, 0xb2, 0x65, 0xfd, -+ 0xdf, 0x27, 0x93, 0x0c, 0x3c, 0x60, 0xdf, 0xe5, 0x33, 0xfe, 0xd7, 0x4b}; -+ -+static const unsigned char prime_safe_2048[] = { -+ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46, -+ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e, -+ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21, -+ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8, -+ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5, -+ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a, -+ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6, -+ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4, -+ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80, -+ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7, -+ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf, -+ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92, -+ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9, -+ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a, -+ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75, -+ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5, -+ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc, -+ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86, -+ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96, -+ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31, -+ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc, -+ 0x37, 0x8a, 0x80, 0x33}; -+ -+static const unsigned char prime_safe_3072[] = { -+ 0x87, 0x66, 0xdf, 0xf7, 0xec, 0x49, 0x6a, 0x9a, 0x7c, 0x96, 0x28, 0xae, -+ 0x67, 0x38, 0xab, 0xfa, 0xfe, 0x5c, 0x46, 0x7b, 0xef, 0xe9, 0x18, 0xa6, -+ 0x76, 0xb2, 0xe5, 0x0e, 0xbe, 0xb8, 0xf2, 0x80, 0x36, 0x09, 0x82, 0x44, -+ 0x7b, 0xe8, 0xe8, 0xcc, 0x89, 0x27, 0x68, 0x05, 0xe0, 0xe1, 0x37, 0xd7, -+ 0xbf, 0xdb, 0x0c, 0xf6, 0x48, 0x52, 0x17, 0x3f, 0x75, 0xc5, 0x4e, 0xb4, -+ 0x3d, 0xf8, 0x4c, 0xea, 0xb4, 0x0b, 0x06, 0x04, 0x15, 0x89, 0x7c, 0xba, -+ 0xf3, 0xf5, 0xde, 0x66, 0x6e, 0x7d, 0x30, 0xc4, 0x20, 0x05, 0xda, 0x32, -+ 0x0f, 0xff, 0x79, 0x71, 0x44, 0x9b, 0x10, 0x0f, 0xf1, 0xbb, 0x31, 0xde, -+ 0x67, 0x90, 0xea, 0x77, 0xad, 0x65, 0xd7, 0x05, 0x75, 0xab, 0x66, 0xf2, -+ 0xe6, 0x52, 0xac, 0xf2, 0xaa, 0xa7, 0xd2, 0x45, 0xd9, 0xc6, 0x42, 0x39, -+ 0x27, 0x1f, 0x46, 0x84, 0xad, 0x78, 0xb4, 0xfa, 0x84, 0xf8, 0x9b, 0x3e, -+ 0xcb, 0xc1, 0x99, 0xe5, 0x35, 0x42, 0x26, 0x05, 0xea, 0xac, 0x51, 0x04, -+ 0x4f, 0x8a, 0x98, 0x25, 0xa7, 0x46, 0xab, 0x7b, 0xed, 0xb8, 0xa9, 0x0b, -+ 0x24, 0x23, 0x83, 0x23, 0x16, 0x87, 0x64, 0x91, 0x0c, 0xbf, 0x1f, 0xbc, -+ 0xec, 0x4a, 0xdd, 0x12, 0x2b, 0x0c, 0xa9, 0x39, 0x96, 0xc4, 0xc3, 0xcf, -+ 0xa5, 0x38, 0x40, 0x0d, 0x6e, 0xd0, 0xfa, 0x0a, 0x0c, 0x3e, 0xe9, 0x75, -+ 0x0b, 0x70, 0x28, 0x68, 0xbc, 0xfd, 0xf6, 0xc2, 0x9a, 0x59, 0x91, 0x20, -+ 0x5c, 0x70, 0xfe, 0x31, 0xa6, 0x50, 0x87, 0x9a, 0x6a, 0x61, 0x20, 0x2c, -+ 0x77, 0x84, 0x81, 0xa8, 0x3e, 0xc9, 0xa8, 0x72, 0xb0, 0x53, 0x43, 0x85, -+ 0x1c, 0x9b, 0x3a, 0xdd, 0xef, 0x09, 0x7d, 0xc7, 0x68, 0xc6, 0xef, 0x08, -+ 0xce, 0x47, 0xa0, 0xdc, 0x5b, 0xdb, 0x2f, 0x2d, 0x34, 0xe3, 0xde, 0x95, -+ 0xf6, 0x6b, 0x6d, 0x5d, 0x91, 0xbe, 0x45, 0xee, 0x2d, 0x04, 0x93, 0x78, -+ 0xc7, 0xa4, 0x49, 0xcc, 0x71, 0xa8, 0x5d, 0xd8, 0x8a, 0x7e, 0x9e, 0x4f, -+ 0x10, 0xc9, 0x41, 0xd1, 0x62, 0xc1, 0x70, 0x48, 0xb5, 0x12, 0x11, 0x23, -+ 0xa6, 0xe4, 0xdf, 0x64, 0xac, 0xd9, 0xe4, 0x37, 0xc2, 0xb9, 0x23, 0xa7, -+ 0x40, 0xea, 0x7f, 0x54, 0xe3, 0xef, 0x71, 0x81, 0xb4, 0xe7, 0x05, 0x10, -+ 0xd6, 0x2b, 0xd5, 0x11, 0x84, 0x5a, 0x69, 0xa5, 0xac, 0x52, 0x6d, 0xa8, -+ 0x79, 0x27, 0xff, 0x1c, 0x02, 0xd1, 0x62, 0x36, 0x03, 0xa2, 0xa9, 0x46, -+ 0x6c, 0x4f, 0xca, 0x58, 0xf2, 0xb2, 0xed, 0x91, 0xb4, 0x9e, 0x5b, 0xdd, -+ 0xf9, 0x99, 0xb6, 0x8d, 0x70, 0x34, 0x0a, 0xc5, 0x4d, 0xd7, 0xce, 0x8b, -+ 0xf1, 0x50, 0x25, 0x89, 0xff, 0xe7, 0xf2, 0x1e, 0xb9, 0x21, 0xb3, 0x8b, -+ 0xc8, 0x42, 0x7c, 0x26, 0xef, 0x4c, 0x30, 0x8d, 0x60, 0xb7, 0x25, 0xfb}; -+ -+static const unsigned char prime_safe_4096[] = { -+ 0x8b, 0xdf, 0xc1, 0xa3, 0xe4, 0xbd, 0x1c, 0xb1, 0xf4, 0xb1, 0x51, 0xd3, -+ 0x8a, 0xce, 0x3d, 0x33, 0x58, 0x80, 0xa3, 0x1c, 0x7c, 0x0d, 0xbd, 0x8e, -+ 0xbd, 0xb3, 0xe7, 0x9e, 0xd4, 0xde, 0x06, 0xfc, 0x98, 0xaf, 0x01, 0x43, -+ 0x93, 0x2c, 0xfc, 0xfb, 0x92, 0x80, 0xe0, 0x6e, 0xf9, 0xf6, 0xab, 0x73, -+ 0x96, 0x8d, 0x7e, 0xc0, 0xeb, 0x26, 0x6c, 0x0c, 0x53, 0x06, 0x9f, 0x32, -+ 0x4b, 0xad, 0x53, 0xd5, 0xbf, 0x91, 0x35, 0x16, 0xfd, 0x7f, 0xba, 0x30, -+ 0xb6, 0xb4, 0x88, 0x10, 0x1f, 0x5a, 0xc0, 0x62, 0xf9, 0x7f, 0x71, 0x9b, -+ 0xb5, 0x10, 0x4b, 0x99, 0xd0, 0xf0, 0xe9, 0xc2, 0xee, 0x35, 0x24, 0xeb, -+ 0xcc, 0xee, 0x06, 0xbf, 0xa0, 0x05, 0xe4, 0x61, 0xa4, 0xa6, 0x98, 0x23, -+ 0xd0, 0xe4, 0x8a, 0x61, 0xca, 0x05, 0x8a, 0x6c, 0x98, 0xfa, 0x83, 0xc3, -+ 0x50, 0x7d, 0x55, 0x3b, 0x2e, 0xd5, 0xac, 0x14, 0x61, 0x86, 0xd1, 0xb5, -+ 0xcf, 0xc0, 0xdc, 0x69, 0x4b, 0x6c, 0x4a, 0xc5, 0xd7, 0xfe, 0xe0, 0xe8, -+ 0x1a, 0x64, 0x11, 0xdb, 0x56, 0xf0, 0x1c, 0x95, 0x5c, 0xd1, 0x6a, 0xb9, -+ 0xf6, 0xe2, 0x00, 0xf4, 0x22, 0x03, 0x03, 0x2a, 0xbc, 0x9c, 0x82, 0xeb, -+ 0x89, 0x1a, 0xdd, 0x94, 0x65, 0x02, 0x44, 0x61, 0x76, 0xc1, 0xae, 0xd8, -+ 0xca, 0xfd, 0x66, 0xf4, 0x96, 0xe7, 0x79, 0xfe, 0x3a, 0x98, 0xf1, 0x80, -+ 0x02, 0xfa, 0x42, 0xb7, 0xae, 0xeb, 0x39, 0x28, 0xc3, 0xb9, 0xce, 0x8c, -+ 0x71, 0xea, 0x14, 0x74, 0x86, 0x6c, 0x26, 0xd5, 0x15, 0x21, 0x97, 0x0c, -+ 0x82, 0x8d, 0x81, 0x84, 0xc5, 0x47, 0x10, 0x06, 0x67, 0xa8, 0x5f, 0xb1, -+ 0xc5, 0x32, 0xdc, 0x7f, 0xe6, 0x61, 0xe5, 0xeb, 0x9e, 0xa9, 0x61, 0x99, -+ 0x43, 0xa9, 0x8b, 0xed, 0xaf, 0xe4, 0x21, 0xef, 0x8e, 0x78, 0x5a, 0x61, -+ 0x55, 0x9d, 0x43, 0xdb, 0x77, 0xaa, 0xbb, 0x19, 0xea, 0x4f, 0x49, 0x53, -+ 0x80, 0xce, 0x7c, 0x9a, 0xea, 0xa6, 0x93, 0x58, 0xd4, 0xab, 0xf4, 0xe9, -+ 0x60, 0x7d, 0xca, 0xb2, 0x97, 0xa5, 0xe0, 0x92, 0xce, 0xec, 0x57, 0xbc, -+ 0xc5, 0x05, 0x76, 0x11, 0x79, 0x03, 0xe1, 0xb2, 0x99, 0xc1, 0x21, 0xd4, -+ 0x85, 0xe7, 0x6f, 0xc9, 0x58, 0xe8, 0x1c, 0x0d, 0xc8, 0x90, 0x44, 0x4c, -+ 0x58, 0x55, 0x9a, 0xee, 0xde, 0x62, 0x0e, 0xb2, 0xe3, 0xbc, 0xeb, 0x51, -+ 0x40, 0x05, 0x71, 0xfe, 0xb4, 0xe9, 0xe6, 0xf6, 0x0e, 0xd7, 0xbb, 0x1b, -+ 0xb8, 0x99, 0xe8, 0xc9, 0xda, 0x9f, 0xde, 0x3c, 0x13, 0xd9, 0x16, 0x45, -+ 0x3d, 0xac, 0xe2, 0x09, 0xc3, 0x87, 0xbb, 0x39, 0x8c, 0x6f, 0x11, 0x60, -+ 0x87, 0x1f, 0xaf, 0xa7, 0xdc, 0x12, 0x8f, 0x7d, 0x4c, 0x5e, 0x56, 0xc3, -+ 0x62, 0xdd, 0xdd, 0x03, 0x55, 0x9e, 0x24, 0x6c, 0xc5, 0x6c, 0xb8, 0x0e, -+ 0xaf, 0x11, 0xd5, 0x1e, 0x6a, 0x36, 0x9c, 0xca, 0x46, 0x34, 0x13, 0x2b, -+ 0xd1, 0xa3, 0x34, 0x2c, 0x83, 0x1b, 0x25, 0xcc, 0x17, 0x01, 0x9c, 0x68, -+ 0x53, 0xb7, 0x87, 0xed, 0x0e, 0x48, 0xd7, 0x69, 0xf9, 0xc8, 0x1d, 0x8b, -+ 0x71, 0xf4, 0x6f, 0xd1, 0xb1, 0xd5, 0x70, 0xa0, 0xd7, 0x71, 0x3d, 0x9f, -+ 0xfc, 0xfa, 0x35, 0x69, 0x25, 0xf3, 0x39, 0x79, 0xad, 0x7b, 0x01, 0xc5, -+ 0x66, 0xa5, 0xf0, 0xc7, 0x1c, 0xb6, 0x51, 0xe5, 0x02, 0x2b, 0xcf, 0xc1, -+ 0x2a, 0x91, 0x9d, 0xa5, 0xbf, 0x37, 0x37, 0xdd, 0x2e, 0x30, 0x40, 0xdb, -+ 0xbf, 0xec, 0xfe, 0x6c, 0x2c, 0xe9, 0x20, 0xee, 0x89, 0xac, 0x55, 0xaf, -+ 0x03, 0x5a, 0xba, 0x5a, 0x52, 0xfb, 0xbf, 0xb5, 0xae, 0x38, 0x20, 0xa5, -+ 0x68, 0x92, 0x5f, 0xec, 0x17, 0xa9, 0x80, 0x53, 0xf2, 0x3b, 0x0c, 0x09, -+ 0xf3, 0xeb, 0x15, 0x62, 0x8e, 0x39, 0x7b, 0x6b}; -+ -+static const unsigned char prime_safe_6144[] = { -+ 0xb9, 0x0f, 0xc1, 0x41, 0x4a, 0xde, 0x1a, 0x1c, 0x80, 0xa0, 0xd6, 0x39, -+ 0x81, 0x10, 0xf3, 0x09, 0xca, 0xc0, 0x60, 0x8c, 0x5e, 0x8c, 0x17, 0x21, -+ 0xa0, 0x18, 0x50, 0xd6, 0x60, 0x13, 0xfc, 0x38, 0x00, 0x26, 0xd9, 0x71, -+ 0xd2, 0x73, 0xfc, 0x5d, 0x0c, 0xf1, 0x20, 0xce, 0x76, 0x44, 0xbb, 0x8b, -+ 0x5c, 0xc8, 0x5a, 0x59, 0x0c, 0xcd, 0x48, 0xba, 0xbf, 0x86, 0x72, 0xda, -+ 0xf5, 0xbd, 0x7c, 0x1d, 0x41, 0xba, 0xe8, 0x9f, 0x8c, 0xc2, 0x18, 0x27, -+ 0xfa, 0xbc, 0xc6, 0xcf, 0xd8, 0x47, 0xf5, 0xe9, 0x71, 0xcc, 0x37, 0x34, -+ 0xc3, 0x9b, 0x5a, 0xff, 0xc3, 0x0c, 0xab, 0x1d, 0x97, 0x8c, 0x26, 0x95, -+ 0x8c, 0xf1, 0x0a, 0x5d, 0x22, 0x84, 0x5a, 0x7c, 0xf2, 0xd1, 0x8b, 0x7c, -+ 0x6f, 0x17, 0x09, 0x13, 0x00, 0xc9, 0xdf, 0x79, 0xe1, 0x6e, 0xc8, 0xf8, -+ 0xd3, 0xc1, 0xdd, 0xb2, 0xf4, 0x24, 0x2a, 0xfa, 0x5c, 0x66, 0x25, 0x2b, -+ 0x39, 0xd1, 0x39, 0x48, 0xfa, 0x76, 0x4f, 0x57, 0xa3, 0x20, 0xc3, 0x38, -+ 0x2e, 0x85, 0x67, 0x31, 0x92, 0x85, 0x3c, 0x70, 0x23, 0x14, 0xec, 0x6c, -+ 0x85, 0x28, 0xe0, 0x4f, 0xcc, 0xc6, 0x3b, 0xcf, 0x19, 0x30, 0x3b, 0x01, -+ 0xfe, 0x9e, 0x16, 0x65, 0x1c, 0xf4, 0x31, 0x0c, 0x9d, 0x23, 0x40, 0x85, -+ 0x6c, 0xdd, 0xe5, 0xf7, 0x90, 0x25, 0x69, 0x7a, 0x3c, 0xd6, 0xe4, 0x42, -+ 0x6c, 0x87, 0x04, 0x06, 0xa7, 0x82, 0x1d, 0xfc, 0x5e, 0xd9, 0x03, 0x60, -+ 0x20, 0x9a, 0x5c, 0x6a, 0xfe, 0x53, 0x0d, 0x05, 0x92, 0x1b, 0xa1, 0xdb, -+ 0xfa, 0x01, 0x2f, 0x84, 0x89, 0xe0, 0x56, 0x66, 0x7e, 0xe3, 0xe6, 0x99, -+ 0x4d, 0xb3, 0xd2, 0xf0, 0xce, 0xf3, 0xdf, 0x05, 0x0d, 0x57, 0x42, 0xcd, -+ 0xfc, 0x06, 0x3c, 0xe7, 0x11, 0x34, 0x7f, 0x51, 0x8e, 0xb7, 0x24, 0x01, -+ 0xe3, 0x26, 0x47, 0xe7, 0xd1, 0x57, 0x0e, 0x0e, 0xf1, 0x12, 0xc5, 0x79, -+ 0x2d, 0x87, 0x0f, 0xb1, 0x19, 0x6a, 0xd7, 0x44, 0x33, 0x46, 0x4c, 0xbc, -+ 0xc5, 0xc6, 0x24, 0xf8, 0x7c, 0x7a, 0x61, 0xfe, 0x72, 0x95, 0x21, 0xcd, -+ 0xd1, 0x3a, 0xd3, 0x5d, 0x77, 0x76, 0xbd, 0x86, 0xd8, 0xbd, 0x8e, 0x5e, -+ 0xf2, 0xe5, 0x20, 0x01, 0xd9, 0xb4, 0x47, 0xf7, 0x1c, 0x51, 0x70, 0x39, -+ 0x6a, 0xc7, 0xea, 0xed, 0x90, 0xd7, 0xc4, 0xd3, 0xcd, 0x8e, 0x4b, 0xd8, -+ 0x11, 0xf0, 0xd3, 0x66, 0x36, 0x77, 0xe2, 0x16, 0x13, 0xbd, 0xd2, 0x54, -+ 0x4a, 0x1c, 0x61, 0x54, 0x88, 0x1a, 0x69, 0x85, 0x9f, 0x5d, 0xc5, 0xb7, -+ 0x62, 0x7e, 0x72, 0x0a, 0x89, 0x90, 0x24, 0x8f, 0x39, 0xb2, 0xf2, 0xb6, -+ 0x12, 0x8e, 0x50, 0xb4, 0xd3, 0xea, 0xc3, 0xac, 0xea, 0x8d, 0x27, 0x17, -+ 0xbd, 0x07, 0xd2, 0x15, 0x80, 0x49, 0xe0, 0x97, 0x41, 0x16, 0xd6, 0x3b, -+ 0x24, 0xe8, 0x8b, 0xfd, 0xa3, 0x18, 0xbd, 0x52, 0x5d, 0xe2, 0x21, 0xce, -+ 0x7c, 0x6f, 0x10, 0x38, 0x70, 0x64, 0xc4, 0x15, 0xf3, 0x28, 0xc6, 0x66, -+ 0xfc, 0xd1, 0x22, 0x04, 0x80, 0x80, 0xc6, 0xc5, 0x75, 0xf5, 0xdc, 0xb0, -+ 0x40, 0x4b, 0x12, 0xfa, 0xdb, 0xd5, 0x36, 0xcd, 0x31, 0xab, 0xd7, 0x1d, -+ 0x18, 0x07, 0x9d, 0x09, 0x9b, 0x16, 0xa0, 0xfe, 0x1e, 0x6f, 0x3f, 0x34, -+ 0x5a, 0xe6, 0x70, 0x85, 0x98, 0x30, 0xd4, 0x94, 0xc5, 0xf0, 0x36, 0x35, -+ 0xa1, 0xed, 0x46, 0x63, 0x3c, 0x0f, 0xcf, 0xc5, 0x9e, 0x7c, 0x68, 0x25, -+ 0x64, 0x93, 0x30, 0x36, 0x38, 0xb1, 0x99, 0x6c, 0x37, 0xf5, 0xcf, 0x64, -+ 0x4b, 0xef, 0xa6, 0xff, 0x6a, 0xaa, 0xaa, 0xb6, 0x29, 0xed, 0x38, 0x80, -+ 0x1f, 0x58, 0x35, 0x88, 0x3f, 0x01, 0x1c, 0xc8, 0x23, 0x48, 0x37, 0xa7, -+ 0xd2, 0xb1, 0xb1, 0xee, 0x44, 0x59, 0x0a, 0xfb, 0x05, 0xd9, 0xe1, 0x5b, -+ 0x53, 0x34, 0x9d, 0x99, 0x30, 0x28, 0xa9, 0x3b, 0x8e, 0x1b, 0xac, 0x8a, -+ 0x90, 0x91, 0xc9, 0x71, 0x8a, 0xea, 0xb9, 0x11, 0xd5, 0x67, 0x87, 0x4f, -+ 0xdb, 0x27, 0x4f, 0x7f, 0xb8, 0x54, 0x7f, 0x5e, 0x18, 0x08, 0xf7, 0xf3, -+ 0x1c, 0x02, 0x3a, 0x04, 0xde, 0xcc, 0x10, 0x06, 0x7e, 0x15, 0xc3, 0x24, -+ 0x0c, 0xdf, 0x0d, 0xf8, 0x86, 0xc0, 0x4c, 0xab, 0x0f, 0x75, 0x04, 0xbe, -+ 0xf3, 0x90, 0x28, 0xd1, 0x22, 0x17, 0x96, 0xcc, 0x29, 0x11, 0x09, 0xa7, -+ 0x53, 0x42, 0xea, 0x91, 0x51, 0xaf, 0x55, 0xa1, 0x03, 0x67, 0x78, 0x63, -+ 0xb3, 0xb0, 0x0f, 0x59, 0x5d, 0x37, 0xe7, 0x30, 0x8b, 0xca, 0xa0, 0x45, -+ 0x12, 0x7a, 0xa5, 0x09, 0xfb, 0xa6, 0x99, 0xdd, 0xf7, 0xe9, 0x30, 0x5a, -+ 0xc2, 0x9d, 0x0d, 0xdf, 0x39, 0x99, 0x25, 0x0d, 0xb2, 0x57, 0xb6, 0x78, -+ 0x02, 0x30, 0xf8, 0x86, 0xde, 0x79, 0xb4, 0xbe, 0x3e, 0x53, 0xff, 0x74, -+ 0x0f, 0x4d, 0x30, 0x2d, 0xe6, 0x57, 0x4a, 0x57, 0x53, 0x3a, 0x0b, 0x19, -+ 0x86, 0xab, 0x90, 0xe5, 0x33, 0x84, 0x53, 0x7a, 0x17, 0xc5, 0xf1, 0x8c, -+ 0xc3, 0xe4, 0x11, 0x53, 0x2b, 0xb5, 0xb4, 0x8e, 0xe6, 0xd2, 0x04, 0x43, -+ 0x5b, 0x6a, 0x30, 0xc7, 0xca, 0xaf, 0x91, 0xc0, 0x76, 0x43, 0x86, 0x65, -+ 0xee, 0xcd, 0x82, 0xbe, 0xa2, 0xd8, 0x2d, 0xad, 0xeb, 0xb5, 0x1a, 0xb5, -+ 0xbf, 0xa1, 0xe7, 0x93, 0x50, 0x15, 0x08, 0x27, 0x27, 0x3c, 0xcc, 0x53, -+ 0x82, 0x67, 0xd4, 0xf2, 0x0d, 0x26, 0x60, 0x87, 0x05, 0x2e, 0xaa, 0x62, -+ 0x55, 0xcc, 0x9a, 0xee, 0x2c, 0x20, 0x23, 0x14, 0xfa, 0x5c, 0x29, 0x41, -+ 0xe1, 0x89, 0x83, 0x19, 0xc1, 0x36, 0x8c, 0xa4, 0x91, 0xf6, 0x40, 0x37, -+ 0x70, 0x2a, 0x0d, 0x82, 0xbb, 0x56, 0x6e, 0x23, 0x34, 0xb9, 0x6e, 0x33}; -+ -+static const unsigned char prime_safe_8192[] = { -+ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81, -+ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65, -+ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14, -+ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe, -+ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6, -+ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d, -+ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36, -+ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09, -+ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3, -+ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26, -+ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c, -+ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf, -+ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54, -+ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13, -+ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad, -+ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39, -+ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6, -+ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6, -+ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00, -+ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14, -+ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08, -+ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d, -+ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d, -+ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4, -+ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84, -+ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2, -+ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d, -+ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24, -+ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5, -+ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42, -+ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9, -+ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92, -+ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11, -+ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68, -+ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf, -+ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b, -+ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68, -+ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b, -+ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1, -+ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0, -+ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12, -+ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74, -+ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6, -+ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d, -+ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09, -+ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43, -+ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83, -+ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d, -+ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3, -+ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2, -+ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad, -+ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c, -+ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05, -+ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a, -+ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4, -+ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc, -+ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24, -+ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2, -+ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08, -+ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29, -+ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c, -+ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94, -+ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f, -+ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f, -+ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa, -+ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e, -+ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6, -+ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4, -+ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8, -+ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b, -+ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0, -+ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7, -+ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee, -+ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05, -+ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e, -+ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e, -+ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f, -+ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c, -+ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78, -+ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7, -+ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f, -+ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9, -+ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27, -+ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99, -+ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c, -+ 0x72, 0x10, 0xac, 0x73}; -+ -+/* Weak primes with value subprimes. Accepted, but takes more processing -+ * in both modes. */ -+static const unsigned char prime_weak_1024[] = { -+ 0xe4, 0x82, 0x09, 0x4a, 0x6b, 0xbe, 0x9b, 0x51, 0x11, 0xa0, 0x74, 0x25, -+ 0xff, 0x50, 0x1c, 0x0a, 0xd6, 0xd0, 0xbc, 0xd3, 0x24, 0x89, 0x75, 0x74, -+ 0xb3, 0xd6, 0x6b, 0xf4, 0xc7, 0x5f, 0x6a, 0xec, 0x1e, 0x3a, 0x20, 0x02, -+ 0x16, 0x75, 0xcc, 0x44, 0x4a, 0xbf, 0x5b, 0x58, 0xad, 0xfe, 0xb0, 0x18, -+ 0x6a, 0x38, 0x8b, 0xcb, 0xdb, 0xd1, 0x77, 0x42, 0xe3, 0xa3, 0x87, 0x8a, -+ 0x99, 0x2e, 0x11, 0xd8, 0xc9, 0x02, 0x84, 0x1d, 0xd2, 0x67, 0x28, 0xbd, -+ 0x8f, 0xfb, 0x56, 0xf2, 0x63, 0x8a, 0x2c, 0x7c, 0x38, 0xef, 0xa2, 0x0c, -+ 0x6a, 0x36, 0xd0, 0x99, 0x13, 0x47, 0x48, 0x40, 0xe5, 0xcd, 0xdb, 0x04, -+ 0x4c, 0xa2, 0x12, 0x3f, 0x1a, 0x9b, 0x9a, 0x0e, 0xb8, 0x68, 0x7d, 0x01, -+ 0xbc, 0x16, 0x6f, 0x51, 0x64, 0x1d, 0xab, 0x21, 0x75, 0x49, 0x12, 0x36, -+ 0xac, 0x65, 0x8b, 0xf8, 0x87, 0xd9, 0xaf, 0xd1}; -+ -+static const unsigned char subprime_weak_1024[] = { -+ 0xef, 0x0c, 0x17, 0x60, 0xd1, 0x91, 0x8f, 0xea, 0x4d, 0xbe, -+ 0x0a, 0xb2, 0x37, 0xcc, 0x6b, 0xba, 0x97, 0x98, 0x2d, 0x4b}; -+ -+static const unsigned char base_weak_1024[] = { -+ 0x5a, 0x70, 0x8b, 0xe1, 0x1d, 0xed, 0x69, 0x04, 0xd0, 0xdc, 0xda, 0x84, -+ 0x9e, 0x79, 0x56, 0x11, 0x44, 0xdc, 0xf7, 0xb8, 0x84, 0x88, 0x75, 0x67, -+ 0xba, 0x80, 0x5b, 0x7e, 0x50, 0xc1, 0x5c, 0x80, 0x59, 0xaa, 0x55, 0x24, -+ 0x44, 0x6a, 0x8a, 0x31, 0x20, 0x1a, 0xd4, 0xba, 0x5f, 0x32, 0xc6, 0x5d, -+ 0x9d, 0x0e, 0x58, 0xfc, 0xd0, 0x6c, 0x74, 0xea, 0xd9, 0xc6, 0x86, 0x9f, -+ 0x3f, 0x83, 0x0e, 0x73, 0xae, 0x28, 0x40, 0x19, 0x9f, 0x5d, 0x64, 0xc4, -+ 0xae, 0xda, 0x11, 0x3e, 0x3f, 0x44, 0x87, 0xac, 0x41, 0x1e, 0xfa, 0xdb, -+ 0x1f, 0xde, 0x09, 0x7c, 0x54, 0x7c, 0x8a, 0xe0, 0x82, 0xd7, 0x8c, 0xb9, -+ 0x61, 0xa0, 0x10, 0xab, 0xff, 0xe1, 0x1f, 0x8b, 0x9d, 0x51, 0x71, 0xc7, -+ 0xfb, 0xd9, 0xe0, 0x10, 0xc3, 0x7d, 0x88, 0xe9, 0xd2, 0x42, 0xaf, 0xda, -+ 0x77, 0x55, 0x28, 0x07, 0x03, 0x26, 0xb3, 0x77}; -+ -+static const unsigned char prime_weak_2048[] = { -+ 0xb5, 0x08, 0x83, 0x6a, 0x22, 0x39, 0xdf, 0x02, 0xfe, 0x73, 0x6b, 0xfb, -+ 0x0d, 0x4e, 0xad, 0x4b, 0x0f, 0xfd, 0xb2, 0x27, 0xe7, 0xd2, 0x35, 0xd4, -+ 0x83, 0xf2, 0xbc, 0x29, 0xff, 0x50, 0xf7, 0x6b, 0xb7, 0x94, 0x38, 0xff, -+ 0xdc, 0x79, 0x67, 0x9a, 0x80, 0x8b, 0xc2, 0x20, 0x4e, 0x53, 0x02, 0x2a, -+ 0x07, 0xec, 0xa9, 0xbd, 0x22, 0xd1, 0xba, 0x35, 0x31, 0x10, 0x21, 0xb6, -+ 0x4f, 0xe1, 0x94, 0x0b, 0xb0, 0xb3, 0x37, 0x20, 0x0d, 0x6a, 0xd4, 0x91, -+ 0x5c, 0x85, 0xe9, 0xae, 0x8a, 0xf2, 0x94, 0xe7, 0x44, 0xf5, 0xcc, 0x04, -+ 0x82, 0x57, 0x81, 0x21, 0x83, 0x18, 0x48, 0x2d, 0xe3, 0x1c, 0xa1, 0x7f, -+ 0xee, 0x10, 0xb9, 0xe8, 0x40, 0xfc, 0xda, 0x43, 0x7d, 0x18, 0xe4, 0x68, -+ 0x9f, 0xed, 0x5e, 0xc3, 0x1f, 0x80, 0xef, 0x5c, 0x24, 0x5e, 0x68, 0xac, -+ 0x99, 0x9c, 0x74, 0x96, 0x5b, 0xb3, 0xe7, 0xb2, 0x65, 0x78, 0xfb, 0x3c, -+ 0x11, 0x00, 0x04, 0x4b, 0x98, 0x0e, 0x8a, 0x7b, 0x38, 0x08, 0x34, 0xb9, -+ 0x6d, 0x08, 0x65, 0x17, 0x91, 0x49, 0x62, 0x47, 0x64, 0xab, 0xc6, 0xd0, -+ 0xf2, 0xcf, 0x89, 0x07, 0xeb, 0xa3, 0x5d, 0xf3, 0xa2, 0xfb, 0xdd, 0x7b, -+ 0x3e, 0x7e, 0xa2, 0xd7, 0x1a, 0x42, 0xad, 0x74, 0xbd, 0xbb, 0xcf, 0x21, -+ 0x91, 0xd2, 0x6b, 0x1d, 0x9d, 0xa8, 0x05, 0x88, 0x4f, 0xb1, 0x45, 0xa2, -+ 0x86, 0x90, 0x12, 0xfd, 0xcb, 0x25, 0xe1, 0x12, 0x08, 0x47, 0x1d, 0x83, -+ 0x2d, 0x14, 0x42, 0x20, 0x08, 0x31, 0x54, 0x2c, 0x9b, 0x49, 0xf6, 0xb6, -+ 0x2d, 0x25, 0xea, 0x28, 0xbf, 0x13, 0x2b, 0xd3, 0x45, 0x8d, 0x02, 0x9f, -+ 0xa5, 0xaa, 0xeb, 0xc0, 0x48, 0xd1, 0x06, 0xe6, 0x1e, 0xa0, 0x3e, 0x04, -+ 0x20, 0x79, 0x7c, 0xd1, 0xd0, 0xac, 0x61, 0x89, 0x6c, 0x3b, 0x88, 0xa3, -+ 0x54, 0x6c, 0x80, 0x59}; -+ -+static const unsigned char subprime_weak_2048[] = { -+ 0xcd, 0x9d, 0xbf, 0x88, 0xe5, 0xc0, 0x03, 0x16, 0xec, 0x9c, 0xb4, -+ 0x6e, 0x54, 0xd2, 0xbf, 0xdc, 0x05, 0x92, 0xcd, 0x05, 0x87, 0xc9, -+ 0x9c, 0x91, 0x19, 0x54, 0xb6, 0xd7, 0x1e, 0xe1, 0x0a, 0x93}; -+ -+static const unsigned char base_weak_2048[] = { -+ 0x36, 0xc6, 0x6e, 0x3e, 0xe8, 0x44, 0xa0, 0x57, 0x1d, 0x8e, 0x71, 0xb6, -+ 0x6c, 0x24, 0xf6, 0x1d, 0xb6, 0xa5, 0xfd, 0xe3, 0xd6, 0xc5, 0x6b, 0xe8, -+ 0x94, 0x5a, 0x8c, 0x5a, 0xdf, 0x41, 0x51, 0xe6, 0xfb, 0x76, 0x4b, 0x06, -+ 0x4b, 0x03, 0x33, 0x98, 0x15, 0xb5, 0x60, 0x43, 0xc7, 0xc5, 0xb3, 0x4d, -+ 0x58, 0x90, 0xe8, 0x63, 0xc5, 0xad, 0x5f, 0x57, 0xcf, 0x42, 0x26, 0x99, -+ 0xa0, 0x71, 0xc6, 0x73, 0x03, 0xa0, 0x45, 0xd0, 0x87, 0xf0, 0xd8, 0x9a, -+ 0xb2, 0x7d, 0xd7, 0x2d, 0x10, 0x52, 0x04, 0x36, 0x37, 0x4f, 0x9d, 0xb7, -+ 0x66, 0xdc, 0xf5, 0x76, 0xac, 0x87, 0xfe, 0x5a, 0x9d, 0xca, 0x1e, 0xfb, -+ 0x6f, 0x7f, 0xfd, 0x9a, 0xaa, 0x12, 0xcf, 0x7a, 0xdb, 0x15, 0xf3, 0xb2, -+ 0x7b, 0x17, 0xb9, 0xaf, 0x5f, 0xdf, 0x9c, 0x66, 0x29, 0x83, 0x89, 0xf9, -+ 0xf9, 0xf7, 0x4a, 0x04, 0x1d, 0x00, 0xf7, 0x11, 0x98, 0x18, 0x0a, 0xab, -+ 0x47, 0xcc, 0x3e, 0x11, 0xf4, 0xe0, 0x7e, 0xad, 0xa5, 0x67, 0xf8, 0x4b, -+ 0x1b, 0x81, 0x72, 0x8e, 0x5b, 0x49, 0x90, 0x0e, 0x01, 0xc1, 0x7e, 0x8d, -+ 0xfb, 0xa2, 0xe7, 0x92, 0xd0, 0x23, 0xf5, 0x4a, 0xe8, 0xd4, 0x51, 0xc4, -+ 0x89, 0xe8, 0x4a, 0x9f, 0xf6, 0xa2, 0xdc, 0xe2, 0x32, 0x88, 0x56, 0x2c, -+ 0x97, 0x38, 0xdf, 0xd6, 0x4f, 0xfb, 0xf8, 0xbb, 0xee, 0x7a, 0x3a, 0x05, -+ 0xa2, 0x7f, 0xbb, 0x6d, 0xf6, 0xd6, 0x48, 0xf4, 0x6d, 0x23, 0xb3, 0x93, -+ 0x7c, 0xfb, 0xd4, 0x8c, 0xa0, 0x58, 0xbc, 0xdf, 0x1b, 0x35, 0x2a, 0x56, -+ 0x80, 0x7c, 0xc6, 0x28, 0x35, 0xb6, 0x17, 0x5d, 0xa5, 0x15, 0x79, 0x7d, -+ 0x2c, 0x6a, 0xcf, 0xb1, 0xb1, 0x6e, 0xea, 0xd0, 0x4b, 0xfb, 0xa5, 0xbb, -+ 0xb7, 0x9f, 0x74, 0x42, 0xd5, 0xf3, 0x4b, 0x54, 0x40, 0xf0, 0x4c, 0x6b, -+ 0x0f, 0xaf, 0x89, 0x10}; -+ -+static const unsigned char prime_weak_3072[] = { -+ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69, -+ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3, -+ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61, -+ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5, -+ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0, -+ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26, -+ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a, -+ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58, -+ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef, -+ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef, -+ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f, -+ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f, -+ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f, -+ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce, -+ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44, -+ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07, -+ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26, -+ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3, -+ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8, -+ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1, -+ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7, -+ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5, -+ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24, -+ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2, -+ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c, -+ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82, -+ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f, -+ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c, -+ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee, -+ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c, -+ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76, -+ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2d}; -+ -+static const unsigned char subprime_weak_3072[] = { -+ 0xd6, 0xf6, 0xeb, 0x1e, 0x65, 0x44, 0xe1, 0x1a, 0x37, 0x69, 0x8c, -+ 0x60, 0x45, 0xcb, 0xcb, 0x52, 0xe4, 0x88, 0xcb, 0xad, 0xb2, 0x27, -+ 0x18, 0xfa, 0x3a, 0xcf, 0xc6, 0xf9, 0xc3, 0x03, 0xa8, 0xb9}; -+ -+static const unsigned char base_weak_3072[] = { -+ 0x6e, 0x65, 0xcd, 0xd8, 0xbf, 0x8a, 0x5a, 0xa1, 0x05, 0x62, 0xa2, 0x64, -+ 0x88, 0x4a, 0x49, 0x1b, 0x57, 0xa8, 0x0e, 0x2e, 0x28, 0x4a, 0xe3, 0xaa, -+ 0xa7, 0x4e, 0xc7, 0x06, 0xe2, 0xf8, 0x9c, 0xd7, 0x05, 0x05, 0x6e, 0x5b, -+ 0x89, 0xd5, 0xa1, 0x16, 0xda, 0x2a, 0x2f, 0xe6, 0x86, 0xf0, 0x6e, 0xdc, -+ 0xd0, 0xbc, 0x0b, 0x39, 0x90, 0xe3, 0x74, 0x2c, 0x02, 0x6f, 0x7e, 0x32, -+ 0x2d, 0xf6, 0xd7, 0xa2, 0xfb, 0xe9, 0xaf, 0x8b, 0xb3, 0x1c, 0xd0, 0x78, -+ 0x4a, 0x76, 0xf8, 0xbd, 0x03, 0x5b, 0x0c, 0x68, 0x65, 0x23, 0x8a, 0x45, -+ 0xf3, 0x51, 0xe0, 0xe1, 0x96, 0x57, 0x7e, 0x05, 0x6c, 0xae, 0xaf, 0xa6, -+ 0x45, 0xdc, 0xa8, 0x36, 0x69, 0xa5, 0x13, 0x37, 0x4a, 0x16, 0x43, 0x11, -+ 0xab, 0x5b, 0xb6, 0xcf, 0x86, 0xb6, 0xf8, 0x44, 0xb9, 0x76, 0xe7, 0x1e, -+ 0x88, 0x99, 0x6f, 0xfe, 0xfb, 0x5c, 0xdb, 0x59, 0x4c, 0x26, 0xdb, 0x20, -+ 0x20, 0x97, 0x47, 0xda, 0x7b, 0x1d, 0xe9, 0x18, 0x1a, 0x89, 0x07, 0x3b, -+ 0xd1, 0xc8, 0x4c, 0xfd, 0xae, 0x35, 0x4c, 0xa0, 0x42, 0x94, 0x89, 0xc0, -+ 0xae, 0x2f, 0x94, 0x49, 0xd9, 0x7d, 0xb2, 0x4c, 0x50, 0x29, 0x46, 0x14, -+ 0x9a, 0x56, 0x49, 0x7a, 0x09, 0xa8, 0x95, 0x3a, 0x94, 0x06, 0x7c, 0xf0, -+ 0xea, 0x39, 0xcb, 0x33, 0xad, 0x28, 0xd1, 0x55, 0x02, 0xf5, 0x46, 0x0c, -+ 0x92, 0x12, 0x17, 0x05, 0x60, 0x97, 0xcd, 0x2f, 0x18, 0x5e, 0xe3, 0x41, -+ 0xe6, 0x46, 0x69, 0x27, 0x7d, 0x61, 0x00, 0x1e, 0x8d, 0x74, 0xa5, 0xc5, -+ 0xcb, 0xb9, 0xbc, 0x3f, 0x7a, 0x21, 0x23, 0x22, 0x1b, 0x15, 0x50, 0xb9, -+ 0x4b, 0x3b, 0x9f, 0xd5, 0xc0, 0x8c, 0xb9, 0x9d, 0x7e, 0xf4, 0x13, 0xc9, -+ 0x64, 0xe3, 0x7b, 0x44, 0xa7, 0x10, 0xad, 0x3c, 0xaf, 0xf0, 0x07, 0x8d, -+ 0x04, 0xc9, 0xa9, 0x36, 0x10, 0xb9, 0x8d, 0x7d, 0x43, 0x24, 0x7d, 0x8d, -+ 0x3c, 0x74, 0x58, 0x02, 0xb9, 0x4b, 0xe6, 0x6c, 0xa9, 0x9f, 0xdc, 0x50, -+ 0x5f, 0x62, 0x68, 0xc7, 0x14, 0xe7, 0x88, 0x33, 0x3e, 0x41, 0xad, 0x92, -+ 0x9d, 0x15, 0xd4, 0x77, 0xb9, 0xfb, 0x18, 0xd2, 0x8b, 0xb3, 0xc4, 0x0f, -+ 0x26, 0x04, 0xa4, 0xb1, 0xc1, 0x83, 0x96, 0x17, 0x67, 0x52, 0xa5, 0xfb, -+ 0x1b, 0x70, 0x20, 0x1c, 0x8c, 0x24, 0xc4, 0x5c, 0xd7, 0xe2, 0x12, 0xe3, -+ 0x31, 0x10, 0x4e, 0x85, 0xc2, 0xd2, 0x63, 0x3a, 0x75, 0xe0, 0x9e, 0x6f, -+ 0x78, 0x19, 0xb0, 0x40, 0x03, 0x32, 0x75, 0x6f, 0xea, 0x2f, 0x90, 0xb2, -+ 0x48, 0x79, 0xa1, 0xa0, 0x61, 0xf6, 0x13, 0xf3, 0x50, 0xa9, 0xec, 0x90, -+ 0x5d, 0xae, 0x45, 0x4f, 0x1b, 0x80, 0xd3, 0x96, 0x62, 0x05, 0x5b, 0x53, -+ 0x63, 0x99, 0xe5, 0xf2, 0x1b, 0xeb, 0x3e, 0x25, 0x2e, 0x72, 0xdb, 0x1f}; -+ -+static const unsigned char prime_weak_4096[] = { -+ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2, -+ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc, -+ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60, -+ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8, -+ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2, -+ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60, -+ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28, -+ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae, -+ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c, -+ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53, -+ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a, -+ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44, -+ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b, -+ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd, -+ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb, -+ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e, -+ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e, -+ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59, -+ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8, -+ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88, -+ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c, -+ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3, -+ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11, -+ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd, -+ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c, -+ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e, -+ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6, -+ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd, -+ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f, -+ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68, -+ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71, -+ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c, -+ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71, -+ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d, -+ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3, -+ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75, -+ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b, -+ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9, -+ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef, -+ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd, -+ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa, -+ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7, -+ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d}; -+ -+static const unsigned char subprime_weak_4096[] = { -+ 0xcf, 0xd9, 0x38, 0x6d, 0x5b, 0x8d, 0x82, 0x9d, 0xa8, 0xe7, 0x9f, -+ 0x21, 0x46, 0xcc, 0x15, 0xea, 0x61, 0x31, 0x13, 0x5d, 0x50, 0xcd, -+ 0x99, 0x26, 0xf9, 0x44, 0x28, 0x44, 0xc8, 0xae, 0xb7, 0x8f}; -+ -+static const unsigned char base_weak_4096[] = { -+ 0x55, 0xa1, 0x9d, 0x92, 0x16, 0x3d, 0x9c, 0xfa, 0xd7, 0x7c, 0x71, 0xea, -+ 0x29, 0x53, 0x9b, 0xdc, 0x8e, 0xa6, 0xbb, 0x06, 0xd5, 0x00, 0x5d, 0x6c, -+ 0x8e, 0x5d, 0x44, 0xb9, 0x13, 0x4b, 0x20, 0x92, 0x6d, 0x39, 0x9d, 0x34, -+ 0xaf, 0x9b, 0x12, 0x1d, 0xc5, 0xea, 0xb2, 0x89, 0x05, 0xa6, 0x49, 0x9f, -+ 0xd8, 0xf4, 0xba, 0x33, 0xab, 0x28, 0xf2, 0x2f, 0xf6, 0x49, 0x37, 0x0e, -+ 0xb2, 0xc6, 0x41, 0x8c, 0x91, 0x97, 0x07, 0xf8, 0xa3, 0x88, 0x12, 0x6b, -+ 0xe8, 0x85, 0x0e, 0x26, 0x0a, 0x79, 0xe2, 0x48, 0x1c, 0x5c, 0xee, 0x99, -+ 0x4b, 0xd1, 0xf7, 0xe8, 0xff, 0xae, 0x5b, 0xd1, 0xf4, 0x5e, 0x6a, 0x09, -+ 0xc2, 0xa0, 0xc3, 0x14, 0xe3, 0xc6, 0x25, 0x3e, 0xe4, 0xff, 0xd7, 0x38, -+ 0xb4, 0xf4, 0xda, 0xab, 0xde, 0x84, 0x08, 0xd3, 0x53, 0xce, 0xb9, 0x5f, -+ 0x41, 0x4a, 0x02, 0x9f, 0xe1, 0x90, 0x3a, 0x80, 0x2f, 0xc5, 0xbb, 0xcc, -+ 0x92, 0xa8, 0x76, 0xa4, 0x78, 0x32, 0x70, 0x50, 0x21, 0x54, 0x4a, 0x97, -+ 0x4b, 0x8f, 0x2f, 0x61, 0x66, 0x65, 0x57, 0x2e, 0xf3, 0x64, 0x0e, 0x7e, -+ 0xa0, 0xf7, 0xf7, 0x5a, 0x32, 0xd9, 0x88, 0xf7, 0x4c, 0x4b, 0xd6, 0x5a, -+ 0xe1, 0x82, 0xd7, 0x6e, 0x4d, 0xee, 0xa2, 0xf0, 0x4e, 0x3f, 0x26, 0xba, -+ 0xfa, 0xfb, 0xe2, 0x1d, 0x64, 0x19, 0x10, 0x77, 0x99, 0xf4, 0x02, 0x46, -+ 0x30, 0xb0, 0xb1, 0x4b, 0xb2, 0xbd, 0x2c, 0xd4, 0xf8, 0xf2, 0x7f, 0xaf, -+ 0xd6, 0x80, 0xa4, 0x16, 0x72, 0x39, 0x0b, 0x83, 0x7d, 0x1a, 0x03, 0xcf, -+ 0x0c, 0xdc, 0xaa, 0x9c, 0x21, 0x61, 0xef, 0x12, 0x92, 0xc5, 0x71, 0x50, -+ 0x7f, 0x66, 0xda, 0x28, 0x50, 0xfa, 0x18, 0x33, 0xb8, 0x86, 0x50, 0x1a, -+ 0x8e, 0x6b, 0x6f, 0xd3, 0xe2, 0x7d, 0x6e, 0x3f, 0x6d, 0x9b, 0x26, 0x33, -+ 0x98, 0x82, 0x95, 0x2a, 0xdf, 0x11, 0xf8, 0xb6, 0x05, 0x10, 0x3d, 0x39, -+ 0x23, 0x28, 0x4a, 0x35, 0x72, 0xc4, 0x7f, 0x47, 0x5a, 0x0b, 0xcb, 0xed, -+ 0x54, 0xd3, 0x81, 0xdf, 0xd7, 0x0c, 0xf6, 0xbe, 0xca, 0x8e, 0xac, 0x22, -+ 0x67, 0xd4, 0xf9, 0xcb, 0xaf, 0xe6, 0x42, 0x58, 0x97, 0x0f, 0x24, 0xdf, -+ 0xb8, 0x85, 0xbe, 0x34, 0xd7, 0x68, 0xfa, 0xbf, 0xc5, 0xcb, 0x61, 0x8b, -+ 0xbf, 0xa8, 0xf7, 0x64, 0xee, 0xf3, 0x8d, 0xf7, 0x5b, 0x6e, 0xe8, 0x07, -+ 0xa0, 0x6d, 0xb5, 0x75, 0xa2, 0x33, 0x1f, 0xe0, 0x3e, 0x82, 0xc0, 0xef, -+ 0xeb, 0x6a, 0x8a, 0xba, 0x87, 0xb4, 0x44, 0x66, 0xb2, 0xe7, 0x06, 0xa5, -+ 0x5a, 0x02, 0x26, 0xa7, 0x8d, 0x57, 0xa7, 0x28, 0x62, 0x20, 0x0e, 0x3b, -+ 0xff, 0x90, 0xca, 0x9e, 0x95, 0xdf, 0xf3, 0x63, 0x8c, 0xc0, 0xd6, 0x1b, -+ 0xaa, 0x5e, 0x66, 0x54, 0xb2, 0x77, 0x4d, 0xd4, 0xd3, 0x99, 0xeb, 0xba, -+ 0xc1, 0x3c, 0xe3, 0xf7, 0x48, 0x65, 0x9f, 0xb3, 0x0c, 0x96, 0x3f, 0x3b, -+ 0x2f, 0x10, 0x80, 0x8f, 0x59, 0x49, 0xa0, 0x26, 0x68, 0xf9, 0x8e, 0x0b, -+ 0x66, 0x6e, 0xc1, 0x57, 0x77, 0x5d, 0xc7, 0x4b, 0x3b, 0x73, 0xa7, 0x75, -+ 0x80, 0x0d, 0x93, 0x36, 0x62, 0xf5, 0x5f, 0xa0, 0x71, 0x72, 0x54, 0x33, -+ 0x3b, 0xc8, 0xee, 0x68, 0x70, 0xdc, 0x1e, 0x39, 0x04, 0x1e, 0x98, 0xd4, -+ 0x7f, 0x57, 0x0e, 0x5d, 0x6e, 0x3f, 0x27, 0xc1, 0x7d, 0x50, 0x13, 0x5b, -+ 0x31, 0xfe, 0x7b, 0x12, 0xd5, 0x42, 0xda, 0x8d, 0x0e, 0x69, 0xcc, 0xa1, -+ 0xc4, 0x90, 0xf5, 0x37, 0x13, 0x20, 0x42, 0x74, 0xea, 0x79, 0xde, 0x84, -+ 0x6d, 0x8e, 0xcf, 0x57, 0x0b, 0x9f, 0xa6, 0x1d, 0xbe, 0x42, 0xb2, 0x47, -+ 0xf8, 0x7e, 0x51, 0x2e, 0x8b, 0x5e, 0x7d, 0x3d, 0x98, 0x1e, 0x43, 0x2b, -+ 0x32, 0x2f, 0xcb, 0x64, 0xd9, 0x43, 0x2b, 0xae}; -+ -+static const unsigned char prime_weak_6144[] = { -+ 0xa2, 0x24, 0x96, 0xb6, 0x21, 0x68, 0xd5, 0x7e, 0x2c, 0x60, 0x4d, 0xc8, -+ 0x81, 0x59, 0x9c, 0x1c, 0x70, 0xec, 0x24, 0x28, 0xb6, 0x52, 0x36, 0x09, -+ 0x87, 0xaa, 0xc1, 0x5b, 0xe5, 0xa6, 0x3e, 0x88, 0x54, 0x05, 0xe3, 0x09, -+ 0x09, 0xca, 0x6d, 0x9b, 0xc4, 0x8d, 0x26, 0xaf, 0xd7, 0xee, 0x9f, 0x0d, -+ 0xbd, 0x44, 0x8e, 0xfe, 0xcd, 0xf2, 0xe6, 0xde, 0xac, 0xf2, 0x02, 0x37, -+ 0xdc, 0x35, 0xc2, 0xce, 0xcd, 0x5f, 0xc5, 0x87, 0x0f, 0x99, 0xa7, 0xdb, -+ 0x0f, 0x1a, 0xcd, 0x76, 0xaa, 0x4a, 0xa5, 0x09, 0x60, 0x60, 0xe3, 0x58, -+ 0xe4, 0x52, 0x07, 0x1b, 0x42, 0x17, 0x11, 0x50, 0x2b, 0x40, 0x95, 0x8d, -+ 0x48, 0xa0, 0x34, 0x95, 0x25, 0x38, 0xcf, 0x09, 0x94, 0xe6, 0x55, 0x06, -+ 0x8a, 0xde, 0xdc, 0x41, 0x4a, 0xd9, 0x1f, 0x80, 0x82, 0x1d, 0xb8, 0x1e, -+ 0x84, 0x60, 0xde, 0xed, 0x4f, 0xc0, 0xd8, 0x1d, 0x54, 0xda, 0xb3, 0xf3, -+ 0x0e, 0x54, 0x3f, 0x18, 0x88, 0xff, 0x25, 0x31, 0xc6, 0x16, 0xe6, 0x70, -+ 0xfa, 0xc4, 0x08, 0xfc, 0x00, 0x8b, 0xf6, 0x9d, 0x29, 0x8a, 0x59, 0x49, -+ 0xed, 0x5c, 0x34, 0x7a, 0x84, 0x79, 0x40, 0xc1, 0x7e, 0x82, 0x17, 0x36, -+ 0xc8, 0x96, 0xb5, 0xd2, 0xf9, 0xdb, 0xc0, 0x10, 0x9f, 0xf8, 0x95, 0x35, -+ 0x6f, 0xb0, 0xb9, 0x48, 0x88, 0xdc, 0xf0, 0x4d, 0x30, 0xcd, 0x15, 0xfd, -+ 0x2f, 0xba, 0x18, 0xcc, 0x94, 0x50, 0x3f, 0xfe, 0x60, 0x3d, 0x7a, 0x46, -+ 0xef, 0xc4, 0xcd, 0x14, 0xe0, 0xef, 0x97, 0x81, 0xa1, 0x95, 0xe3, 0xa5, -+ 0x91, 0x9a, 0xf7, 0x9f, 0x7c, 0xfa, 0x0c, 0x69, 0xb6, 0xdf, 0xdb, 0xaf, -+ 0x31, 0xd8, 0xa8, 0x77, 0x6a, 0xba, 0xba, 0x80, 0xff, 0x3f, 0x5f, 0x86, -+ 0x9f, 0x80, 0x03, 0x1e, 0xd0, 0x5f, 0x37, 0x50, 0x61, 0xfc, 0x03, 0xd8, -+ 0x93, 0xa1, 0x79, 0x62, 0xfa, 0x92, 0xb8, 0x4a, 0x66, 0x99, 0xd7, 0x85, -+ 0x8d, 0x0f, 0x07, 0x02, 0x03, 0x83, 0x8c, 0x20, 0xa5, 0x9c, 0x2f, 0xfd, -+ 0x22, 0x5a, 0xf0, 0x95, 0x1e, 0xbf, 0x17, 0xf1, 0x3a, 0x40, 0x7f, 0xce, -+ 0x94, 0x62, 0x5f, 0x58, 0xe5, 0xf3, 0x99, 0x8c, 0x38, 0x8f, 0x05, 0x10, -+ 0x68, 0xea, 0x41, 0xb5, 0xc0, 0x6f, 0x4f, 0x63, 0x87, 0x1d, 0x98, 0xc3, -+ 0x31, 0x66, 0x1e, 0x9f, 0x2d, 0x3c, 0x6e, 0x9f, 0xb3, 0xcf, 0x8e, 0x77, -+ 0xf5, 0x3c, 0x51, 0x5a, 0xee, 0x82, 0xa1, 0xc5, 0x53, 0x20, 0x75, 0xd1, -+ 0xa8, 0x02, 0x37, 0x43, 0x08, 0x16, 0x05, 0x01, 0xed, 0xea, 0xf1, 0x52, -+ 0x58, 0x20, 0x94, 0x85, 0x05, 0x2e, 0x48, 0x3f, 0x47, 0x49, 0x4f, 0x01, -+ 0x44, 0xbd, 0x1e, 0x42, 0xea, 0x90, 0x90, 0x23, 0x99, 0x05, 0xfd, 0x37, -+ 0x41, 0x0c, 0x2f, 0xc4, 0x20, 0x04, 0x99, 0xee, 0x0f, 0xbb, 0xc2, 0x6d, -+ 0x0a, 0x7f, 0x24, 0x5a, 0x17, 0xa4, 0xeb, 0x9c, 0x67, 0xfe, 0x64, 0x0d, -+ 0xea, 0xb7, 0x20, 0x48, 0x40, 0x3b, 0x25, 0xed, 0x51, 0x5c, 0xfc, 0x20, -+ 0x18, 0xb6, 0xfc, 0x3e, 0xdb, 0xd9, 0xa1, 0xbd, 0x9e, 0xee, 0xcb, 0x5d, -+ 0x02, 0xfe, 0x7f, 0x42, 0x9d, 0xc9, 0xce, 0xfa, 0xe1, 0xd8, 0xf2, 0x05, -+ 0x67, 0x35, 0x88, 0x4e, 0xd7, 0x70, 0x97, 0x63, 0xb5, 0x0c, 0x60, 0x89, -+ 0xc0, 0xfe, 0x32, 0xd7, 0xae, 0x4b, 0xf1, 0x0a, 0xae, 0x3c, 0xde, 0x18, -+ 0x9c, 0x1d, 0xd2, 0xda, 0xf2, 0x02, 0x8d, 0xf1, 0x07, 0xd6, 0x5e, 0xb7, -+ 0xba, 0xaf, 0x81, 0x97, 0xee, 0xe0, 0x9d, 0x51, 0xf3, 0x1d, 0xc1, 0x5d, -+ 0x43, 0xe2, 0x0b, 0x0c, 0x9c, 0x0d, 0x74, 0x91, 0x20, 0x6f, 0x65, 0xf1, -+ 0xf2, 0x84, 0x02, 0x38, 0xb5, 0xe5, 0x10, 0x21, 0xfc, 0xe6, 0xc3, 0x4b, -+ 0x60, 0x49, 0x6a, 0xf1, 0xd5, 0x50, 0x0f, 0x6f, 0x8b, 0x1e, 0x80, 0xf3, -+ 0x5d, 0x29, 0xee, 0x60, 0xab, 0x26, 0xa5, 0x8c, 0xc4, 0x4c, 0xcb, 0xa6, -+ 0xaa, 0xe3, 0xfe, 0xd1, 0x67, 0x48, 0xb4, 0xfa, 0xbf, 0x57, 0xfe, 0x62, -+ 0x85, 0xa0, 0xac, 0xdc, 0x4e, 0x71, 0x01, 0xcc, 0x12, 0xec, 0x80, 0x95, -+ 0x54, 0xdc, 0x14, 0x9e, 0x20, 0xda, 0x5a, 0xbd, 0xee, 0x76, 0xbe, 0x39, -+ 0xcf, 0xbd, 0x8a, 0xe3, 0x0e, 0x71, 0x85, 0xe4, 0x3c, 0x62, 0x3b, 0xf8, -+ 0x6e, 0x70, 0xd4, 0xd6, 0x2e, 0xe0, 0x5e, 0x11, 0x9d, 0x33, 0xd9, 0x30, -+ 0xff, 0x3b, 0xcc, 0x2a, 0x39, 0xc4, 0x6f, 0xfd, 0xca, 0x88, 0xad, 0x28, -+ 0xa2, 0xe8, 0xa8, 0xd7, 0xe6, 0x08, 0x0d, 0xaf, 0x9d, 0xd8, 0xc8, 0x41, -+ 0x66, 0x84, 0x66, 0x86, 0x2b, 0x81, 0x3b, 0x6c, 0xc6, 0x76, 0x27, 0x6a, -+ 0x0d, 0x96, 0x0e, 0x65, 0x3e, 0xdf, 0xf5, 0x68, 0x04, 0x9d, 0x2d, 0x26, -+ 0x8b, 0xca, 0x0a, 0x79, 0x2a, 0xb4, 0xa0, 0xb3, 0x18, 0x4a, 0xea, 0x6a, -+ 0xd2, 0x14, 0xcd, 0x47, 0x85, 0x9f, 0x86, 0xd7, 0xde, 0xaa, 0x1e, 0x0e, -+ 0x71, 0x13, 0xec, 0xfe, 0x7c, 0x69, 0xbf, 0x22, 0xf0, 0x61, 0x50, 0x97, -+ 0x77, 0xc2, 0x2b, 0x31, 0x89, 0x11, 0xd6, 0x08, 0xb1, 0xd4, 0xce, 0xba, -+ 0xa0, 0x16, 0x9c, 0x2b, 0x8b, 0x3e, 0x17, 0xd8, 0xea, 0xe1, 0xf1, 0x20, -+ 0x7f, 0x3e, 0x76, 0x9f, 0x2f, 0x46, 0xc3, 0xaf, 0xc4, 0xba, 0xc9, 0x63, -+ 0xf7, 0xbb, 0x98, 0x6d, 0x60, 0x16, 0x04, 0x14, 0xc2, 0xed, 0x2e, 0xc3, -+ 0x00, 0x4f, 0x8f, 0x9d, 0xc6, 0xd9, 0xcd, 0xc1, 0xab, 0x4e, 0x67, 0xed, -+ 0xf8, 0xd2, 0x62, 0x13, 0xfa, 0x11, 0x31, 0xbb, 0x08, 0xdd, 0x4e, 0x89, -+ 0x4a, 0xff, 0x07, 0x89, 0xb5, 0x6c, 0xc3, 0xfe, 0x76, 0x6d, 0x10, 0x4c, -+ 0x1e, 0x10, 0x55, 0x22, 0x95, 0xfe, 0x09, 0xa5, 0x6e, 0x73, 0x0c, 0x2b}; -+ -+static const unsigned char subprime_weak_6144[] = { -+ 0xa8, 0x61, 0x65, 0x91, 0xb2, 0x43, 0xe3, 0x04, 0x25, 0x77, 0xb0, -+ 0x5a, 0xc5, 0xb1, 0x50, 0x19, 0x31, 0x2a, 0xd4, 0x79, 0x93, 0xc4, -+ 0x90, 0x9b, 0x27, 0xf1, 0x1e, 0xbb, 0x6e, 0x08, 0x98, 0xb1}; -+ -+static const unsigned char base_weak_6144[] = { -+ 0x34, 0xc2, 0xb2, 0x1f, 0xd9, 0x4e, 0xb6, 0xfd, 0x6c, 0x01, 0x47, 0xb9, -+ 0x50, 0xf1, 0xbe, 0x07, 0x1c, 0xdd, 0x67, 0xa2, 0xf1, 0x7c, 0x0d, 0xe5, -+ 0x9b, 0x7c, 0x9e, 0x0e, 0xd9, 0xf8, 0x81, 0xa1, 0xcf, 0x12, 0x28, 0x69, -+ 0xcd, 0xdf, 0x8a, 0x91, 0xad, 0x53, 0x0e, 0x31, 0x0c, 0xff, 0x4f, 0xaa, -+ 0x4f, 0x24, 0xa3, 0xd8, 0xc5, 0x56, 0xef, 0x21, 0xd6, 0x03, 0xcc, 0x87, -+ 0xab, 0xde, 0x7b, 0xbb, 0xbc, 0x1c, 0x91, 0xd4, 0x1d, 0x08, 0xe8, 0x26, -+ 0xba, 0x6e, 0x0c, 0x17, 0x1f, 0xb1, 0x29, 0x17, 0x04, 0x6c, 0x84, 0xd5, -+ 0x43, 0xc1, 0x35, 0xfd, 0x5a, 0x03, 0xd2, 0x9f, 0x30, 0xf7, 0xa5, 0xd5, -+ 0xb3, 0xc7, 0x5e, 0x00, 0x51, 0x31, 0x49, 0xec, 0x9b, 0xdd, 0x51, 0xee, -+ 0x84, 0xf4, 0x5f, 0xbe, 0x81, 0x23, 0x1e, 0xae, 0x99, 0x08, 0xdb, 0x26, -+ 0x41, 0xea, 0xcb, 0x7f, 0x40, 0xf6, 0x7b, 0x7f, 0xf7, 0x45, 0xcc, 0x7c, -+ 0x05, 0x35, 0xa8, 0x9f, 0x5a, 0x61, 0xf2, 0x71, 0xd4, 0x9b, 0x36, 0x19, -+ 0x69, 0xcd, 0x15, 0x06, 0x7a, 0xd7, 0x65, 0x04, 0x23, 0xa1, 0xf0, 0x18, -+ 0x16, 0xb1, 0x33, 0x45, 0x22, 0x14, 0xce, 0xc2, 0xfa, 0x6f, 0x5e, 0x4e, -+ 0x80, 0xc0, 0x99, 0x82, 0x6c, 0x2e, 0x6e, 0xaa, 0x0f, 0x5d, 0x60, 0xdc, -+ 0xc0, 0x91, 0x8f, 0x8b, 0xdd, 0x6c, 0xd2, 0xc2, 0x2e, 0x7a, 0xb6, 0x97, -+ 0x0a, 0x9c, 0x3c, 0x98, 0xe2, 0xd1, 0x5f, 0x6e, 0x1c, 0xbd, 0xb5, 0xdc, -+ 0x59, 0x3e, 0xb8, 0x94, 0x22, 0x89, 0x80, 0x0f, 0x75, 0x87, 0x18, 0x58, -+ 0x14, 0xb8, 0xa0, 0x80, 0x04, 0x33, 0x31, 0x34, 0x96, 0xd8, 0x0c, 0xc6, -+ 0xfd, 0xd0, 0x2b, 0xee, 0x52, 0xbf, 0x1f, 0x77, 0xfd, 0x18, 0xba, 0x77, -+ 0xb4, 0xf7, 0xcc, 0xc6, 0x5d, 0x50, 0x10, 0x94, 0xd8, 0x99, 0xce, 0x8d, -+ 0x2c, 0xc0, 0xa1, 0xd1, 0x44, 0xde, 0x90, 0x77, 0x45, 0x6a, 0x52, 0xbe, -+ 0x02, 0x8d, 0x21, 0x98, 0x76, 0xc9, 0x78, 0x31, 0x84, 0x21, 0xc6, 0x7d, -+ 0xb5, 0xcd, 0x65, 0x1e, 0x33, 0xea, 0x26, 0xe1, 0x5c, 0x1b, 0x4d, 0x66, -+ 0xc7, 0x08, 0xc9, 0xd5, 0x83, 0x8a, 0x2e, 0x80, 0x1c, 0xb8, 0x4d, 0x5f, -+ 0xf0, 0x28, 0x10, 0x02, 0x08, 0xd4, 0xe9, 0x87, 0xff, 0x5e, 0xe6, 0x39, -+ 0x4a, 0x40, 0xe6, 0x96, 0x64, 0xe5, 0x99, 0xbd, 0x69, 0xd3, 0x9a, 0xc6, -+ 0x0f, 0xea, 0x99, 0x34, 0x16, 0x06, 0x8d, 0xc4, 0xe9, 0x1e, 0x30, 0x31, -+ 0xa3, 0x23, 0xf2, 0xf6, 0x34, 0x65, 0x28, 0xe4, 0x6e, 0xfc, 0x85, 0x27, -+ 0xa2, 0x59, 0xb0, 0x19, 0x32, 0x7b, 0x07, 0x7b, 0x71, 0xa8, 0xb2, 0x9d, -+ 0x49, 0x14, 0xcd, 0xe5, 0x4e, 0x58, 0x34, 0xa8, 0x33, 0x7d, 0x99, 0xb8, -+ 0x48, 0x54, 0x1a, 0xc0, 0xd4, 0xb1, 0xaa, 0x15, 0x00, 0xe8, 0x7e, 0x9e, -+ 0x02, 0xcc, 0xde, 0x93, 0xe8, 0x73, 0x92, 0xf3, 0x3d, 0x99, 0x04, 0x21, -+ 0xc2, 0xa9, 0xb8, 0x1c, 0xfd, 0x9a, 0xfd, 0x30, 0xb4, 0x85, 0x5b, 0xbb, -+ 0x48, 0x0a, 0x7d, 0xfe, 0xc9, 0x49, 0x72, 0xdd, 0xbe, 0x6c, 0x3a, 0x2b, -+ 0x64, 0xc5, 0x85, 0xa8, 0xb4, 0x7c, 0x3a, 0xcb, 0x5f, 0x59, 0x62, 0xd6, -+ 0x2b, 0x62, 0x2d, 0xdb, 0x77, 0x96, 0x29, 0x9b, 0x75, 0x21, 0x4a, 0xaa, -+ 0xff, 0x19, 0xe4, 0x95, 0x2b, 0x7f, 0xec, 0xcb, 0x49, 0xd9, 0xa0, 0x70, -+ 0xc8, 0x5f, 0x0a, 0x5f, 0x27, 0x05, 0xf2, 0xff, 0xaa, 0x94, 0x47, 0x75, -+ 0x22, 0xf0, 0xe9, 0x29, 0x05, 0x45, 0x08, 0xb8, 0x24, 0xa5, 0x89, 0x0a, -+ 0xd4, 0x94, 0xfc, 0xe8, 0x55, 0x67, 0x1f, 0x16, 0x0e, 0x0f, 0xdb, 0xdf, -+ 0xcf, 0x4a, 0xba, 0x8f, 0x57, 0x4a, 0xf2, 0xe7, 0x8c, 0xe1, 0xe9, 0x5c, -+ 0x4a, 0xae, 0x2e, 0x85, 0x47, 0x93, 0x57, 0x6f, 0xb1, 0xea, 0xad, 0xaa, -+ 0x38, 0x52, 0x81, 0xe0, 0x14, 0xed, 0x16, 0xc5, 0xd3, 0xef, 0x70, 0x28, -+ 0x7e, 0x64, 0x52, 0xe2, 0x4a, 0x84, 0xdb, 0x44, 0x77, 0x87, 0x4e, 0x39, -+ 0x89, 0x73, 0x96, 0x3f, 0x5a, 0xfa, 0xb3, 0xa2, 0x88, 0x3d, 0x66, 0x41, -+ 0xbf, 0xdb, 0xa9, 0xb0, 0xbf, 0xec, 0x6f, 0x86, 0x25, 0x7f, 0x58, 0xce, -+ 0xc9, 0xa0, 0x1c, 0x3d, 0xf0, 0x0e, 0x08, 0xa7, 0x6e, 0x85, 0x15, 0x7f, -+ 0x0f, 0x5c, 0x1d, 0xfd, 0xfa, 0x86, 0x02, 0x73, 0x75, 0x21, 0xe4, 0xb4, -+ 0x98, 0x57, 0x87, 0x16, 0xbf, 0xd4, 0xdf, 0xd3, 0x5e, 0x62, 0x3b, 0x52, -+ 0xc4, 0xd6, 0xee, 0xed, 0x07, 0x51, 0x3f, 0x31, 0x50, 0x04, 0xc6, 0x8b, -+ 0xea, 0xfa, 0x04, 0x10, 0x54, 0xa9, 0x1a, 0xf1, 0x5c, 0x5e, 0xb0, 0x3a, -+ 0xf3, 0xcc, 0x65, 0xb1, 0x01, 0x98, 0x8e, 0x96, 0x6d, 0x55, 0x5f, 0x5b, -+ 0xfb, 0x09, 0xfa, 0x1f, 0x4c, 0x03, 0x11, 0x6f, 0xb9, 0x69, 0xfd, 0x8c, -+ 0x7a, 0xf6, 0x16, 0x51, 0x9f, 0xc0, 0xdf, 0x42, 0x91, 0xc8, 0xd5, 0x7c, -+ 0x58, 0xd3, 0xac, 0xdc, 0x53, 0xb4, 0x38, 0xe9, 0xbc, 0x76, 0x1e, 0x9b, -+ 0xf8, 0x53, 0x5c, 0xd2, 0xea, 0x11, 0xa0, 0x7e, 0x24, 0x36, 0x12, 0xff, -+ 0xac, 0x4f, 0x9d, 0x2d, 0xdc, 0x2a, 0x2b, 0xf7, 0xb6, 0x79, 0x1a, 0xa3, -+ 0x59, 0x09, 0x34, 0x56, 0x04, 0x8f, 0xfe, 0x1b, 0x3d, 0xf9, 0x73, 0xd1, -+ 0xc7, 0x30, 0x3d, 0x97, 0xc5, 0x2f, 0x4b, 0x0b, 0x66, 0xad, 0x4b, 0x4a, -+ 0xcd, 0xc9, 0x2d, 0xaa, 0xdd, 0x3a, 0x9a, 0x22, 0x89, 0x4c, 0x8c, 0xc6, -+ 0x1e, 0xbd, 0xa4, 0xbd, 0x43, 0x0b, 0x52, 0xfb, 0xcd, 0x07, 0x04, 0x43, -+ 0x77, 0xf7, 0x11, 0x7a, 0x70, 0x4f, 0x4a, 0xae, 0xb3, 0x7b, 0x99, 0x7e, -+ 0x90, 0x17, 0x8b, 0xca, 0x77, 0xfc, 0x15, 0x4b, 0xda, 0xc1, 0x7c, 0x56}; -+ -+static const unsigned char prime_weak_8192[] = { -+ 0x93, 0xdf, 0x6d, 0x37, 0xdc, 0x2a, 0xa4, 0xab, 0x5d, 0xdc, 0x73, 0x42, -+ 0x12, 0x18, 0x8f, 0x39, 0x47, 0x73, 0xf5, 0x3e, 0xbc, 0x6e, 0x0d, 0x2a, -+ 0x68, 0x5d, 0x53, 0x4f, 0x22, 0x8c, 0xa8, 0xa8, 0x4a, 0xac, 0x6a, 0x60, -+ 0x54, 0xca, 0x1a, 0x75, 0xda, 0x85, 0x02, 0x5e, 0x80, 0xbb, 0x9b, 0x5a, -+ 0x74, 0x96, 0x69, 0xc2, 0x7c, 0x84, 0x1f, 0x76, 0x0d, 0x53, 0xe4, 0x0b, -+ 0x32, 0xf3, 0x4b, 0xf6, 0x92, 0x5b, 0x2c, 0x98, 0x5d, 0xa9, 0x60, 0xdc, -+ 0x17, 0x5b, 0xfb, 0xb5, 0x0e, 0x38, 0xae, 0x63, 0x16, 0x79, 0xa4, 0xc5, -+ 0x76, 0x74, 0x20, 0x97, 0x5b, 0xdc, 0xa9, 0x88, 0xd1, 0x14, 0x46, 0x3e, -+ 0x1d, 0xe6, 0xca, 0xb5, 0x38, 0x57, 0xfd, 0xeb, 0x66, 0x2a, 0xfa, 0x8c, -+ 0x30, 0x07, 0xea, 0xb4, 0xbc, 0x79, 0x33, 0x14, 0xdf, 0x8f, 0x1d, 0x60, -+ 0x47, 0xc7, 0x23, 0xd9, 0x7f, 0xe3, 0x1c, 0x94, 0xa9, 0xbb, 0x2d, 0x1b, -+ 0x37, 0x64, 0x20, 0xcf, 0x68, 0x52, 0x39, 0xd9, 0x6f, 0x23, 0x50, 0xb2, -+ 0x67, 0xc8, 0x47, 0xaa, 0x39, 0x96, 0xd2, 0xfd, 0x9b, 0x9c, 0x86, 0x71, -+ 0xd8, 0x7c, 0x67, 0xb5, 0x7a, 0x9d, 0x4f, 0xf8, 0x8f, 0x34, 0x64, 0xcb, -+ 0xdb, 0x85, 0x11, 0x97, 0x86, 0xf7, 0xa1, 0x19, 0x2a, 0x10, 0x7a, 0xf2, -+ 0x15, 0x1b, 0x0c, 0x6e, 0x64, 0xf1, 0x18, 0x53, 0xf9, 0x9a, 0xdd, 0x7c, -+ 0x0d, 0x7c, 0x3d, 0x39, 0x9c, 0xa3, 0xc5, 0xf8, 0x68, 0x6f, 0xb4, 0x35, -+ 0xf8, 0x1d, 0xb8, 0xc8, 0xab, 0xea, 0x58, 0xf3, 0xbb, 0x78, 0xf3, 0xe2, -+ 0xa6, 0x16, 0xb3, 0x4a, 0x0a, 0x56, 0x5b, 0x44, 0xac, 0xcb, 0x66, 0x5d, -+ 0xa3, 0x62, 0x71, 0x91, 0x05, 0xd4, 0x97, 0x72, 0x33, 0x77, 0x43, 0x31, -+ 0x35, 0x9c, 0x43, 0xb8, 0xd5, 0x85, 0xdb, 0x8e, 0x28, 0xcb, 0x29, 0x98, -+ 0xb7, 0xfe, 0x6a, 0xf6, 0x08, 0x89, 0x82, 0xfc, 0xe6, 0x5d, 0x62, 0x68, -+ 0x55, 0xac, 0x3b, 0x9d, 0x82, 0xcd, 0x06, 0x10, 0x53, 0x93, 0x1d, 0x66, -+ 0x6a, 0xce, 0x63, 0x2c, 0x49, 0x36, 0xf3, 0x0d, 0x1c, 0x3f, 0x24, 0xd0, -+ 0x7f, 0xb2, 0xa0, 0xcf, 0x76, 0x2a, 0x16, 0xa2, 0x6f, 0x6b, 0xf4, 0xfe, -+ 0xb5, 0xca, 0x99, 0x44, 0x7c, 0xfc, 0x3b, 0xc1, 0xe4, 0x09, 0xf5, 0x7b, -+ 0x6d, 0x6c, 0xa1, 0x15, 0x10, 0x00, 0x4c, 0x75, 0x4d, 0x2a, 0x80, 0x95, -+ 0x90, 0x9a, 0x15, 0x5e, 0x77, 0x28, 0x8e, 0x83, 0x40, 0x85, 0x1f, 0x2d, -+ 0x70, 0x17, 0xa0, 0xb0, 0x7d, 0xe5, 0xfa, 0x81, 0x51, 0xbe, 0xb4, 0x16, -+ 0xf6, 0x54, 0x9f, 0x0e, 0xa3, 0xe2, 0x1e, 0x5e, 0x9b, 0x1c, 0xda, 0x0e, -+ 0x9f, 0x93, 0x5c, 0xf4, 0x43, 0xbd, 0x9c, 0x1e, 0x16, 0x67, 0xb5, 0x42, -+ 0x94, 0x70, 0xf8, 0x79, 0x0c, 0x2d, 0x48, 0xc1, 0x24, 0xc5, 0xc6, 0xa9, -+ 0x64, 0x0c, 0x44, 0xec, 0x99, 0xae, 0xb5, 0xe7, 0xc1, 0x24, 0x8a, 0x6c, -+ 0xd1, 0xa2, 0xbf, 0x4c, 0x6b, 0x0b, 0xe9, 0xf0, 0x98, 0x3d, 0xc7, 0x9c, -+ 0xe1, 0x8d, 0x1a, 0xde, 0xc4, 0x44, 0x43, 0xc6, 0xbf, 0x38, 0x62, 0x25, -+ 0x91, 0x42, 0x84, 0x01, 0x28, 0xcb, 0x80, 0xbc, 0x39, 0x4c, 0xc3, 0x3f, -+ 0xf6, 0xdf, 0xe1, 0xe6, 0xc9, 0x77, 0x35, 0x57, 0x2f, 0x89, 0x9d, 0xfa, -+ 0xaf, 0x37, 0xd6, 0x33, 0x71, 0x34, 0xff, 0x52, 0x28, 0xb3, 0x3c, 0x96, -+ 0x68, 0x10, 0x12, 0xc9, 0xbe, 0x18, 0x03, 0xcd, 0xef, 0x27, 0x0a, 0xd1, -+ 0xc9, 0x0e, 0x49, 0x01, 0x22, 0x73, 0xdb, 0x5f, 0x11, 0x75, 0x6d, 0xea, -+ 0x16, 0xda, 0x26, 0x7f, 0x3e, 0x7c, 0xcb, 0x62, 0xcf, 0xcc, 0x8d, 0xd6, -+ 0xea, 0xce, 0x26, 0x44, 0xa4, 0x74, 0x54, 0x4e, 0x2b, 0x15, 0xba, 0x9d, -+ 0xa1, 0x39, 0xe8, 0xfd, 0xe0, 0x29, 0xf0, 0xd7, 0xaa, 0x30, 0x6b, 0xd7, -+ 0x14, 0x3c, 0xa0, 0x04, 0xbc, 0xed, 0x82, 0xcb, 0xc9, 0xdb, 0x4f, 0x20, -+ 0x05, 0x6e, 0x45, 0x79, 0xdd, 0x5b, 0x3d, 0x5e, 0xee, 0xf1, 0xc3, 0xaa, -+ 0xb3, 0xd3, 0x3a, 0x47, 0xac, 0xe3, 0x12, 0xa1, 0xd5, 0xf4, 0x24, 0xe5, -+ 0x6c, 0xe4, 0x9f, 0xb4, 0xca, 0x96, 0x49, 0x51, 0x36, 0x3b, 0xa4, 0xa2, -+ 0xd6, 0x2e, 0x42, 0x23, 0x32, 0x8c, 0xc8, 0x83, 0xea, 0x14, 0xd1, 0x08, -+ 0x09, 0x8f, 0xdb, 0x4c, 0xc2, 0x00, 0x44, 0x06, 0x81, 0xd4, 0x11, 0x5d, -+ 0x2b, 0x1e, 0x37, 0x80, 0xaa, 0xb9, 0x88, 0xfa, 0xab, 0xd2, 0x76, 0x2e, -+ 0x03, 0xb8, 0x3b, 0x0b, 0xfc, 0x01, 0x96, 0xe3, 0x62, 0x00, 0x71, 0x13, -+ 0xe8, 0xfb, 0x78, 0xce, 0x39, 0x06, 0xa1, 0x44, 0xdd, 0x61, 0x6a, 0x56, -+ 0xb2, 0xcd, 0xcb, 0xec, 0x67, 0x24, 0x28, 0x7d, 0x39, 0x80, 0x37, 0xcb, -+ 0x95, 0x49, 0x96, 0xe9, 0x3f, 0xb7, 0x89, 0xeb, 0x11, 0x7c, 0x34, 0x49, -+ 0x36, 0x2c, 0xec, 0x82, 0xb6, 0x3c, 0xa9, 0x9a, 0xd3, 0xb8, 0xab, 0xb9, -+ 0x28, 0x2f, 0x97, 0x71, 0x04, 0xa8, 0x86, 0x2b, 0x43, 0xb6, 0x27, 0x51, -+ 0x8a, 0xe0, 0xa3, 0x98, 0xe7, 0x33, 0x32, 0xfe, 0x18, 0xb9, 0x38, 0x95, -+ 0x78, 0x17, 0xbe, 0x43, 0xa0, 0x08, 0x8b, 0x05, 0x8d, 0x56, 0xd7, 0x4e, -+ 0x61, 0x01, 0x00, 0x05, 0x12, 0x6d, 0x13, 0x95, 0xea, 0xce, 0xdc, 0xbf, -+ 0xc4, 0x74, 0x20, 0x89, 0x28, 0x05, 0xd2, 0x97, 0xc3, 0x35, 0x24, 0x6d, -+ 0x43, 0xdd, 0xe2, 0x9f, 0x15, 0x80, 0xee, 0xdd, 0xcd, 0x8a, 0x88, 0xc5, -+ 0x92, 0xda, 0x1d, 0xd9, 0xd0, 0xb8, 0xfd, 0x18, 0xcc, 0x58, 0x1b, 0xca, -+ 0x3b, 0xcc, 0x9e, 0xcd, 0x53, 0x61, 0x68, 0xf5, 0xbb, 0x2d, 0x02, 0x55, -+ 0x2b, 0x93, 0x9f, 0x18, 0x17, 0x20, 0xb1, 0x54, 0xe0, 0xfe, 0x3e, 0x6a, -+ 0x10, 0x7f, 0xee, 0x60, 0x7c, 0xcb, 0x14, 0x82, 0x68, 0xed, 0x08, 0x07, -+ 0xe7, 0x34, 0xad, 0x27, 0x6f, 0xda, 0x57, 0xe2, 0xa7, 0x4b, 0x7e, 0x7a, -+ 0x2e, 0x95, 0x88, 0x58, 0x3d, 0xe7, 0xdc, 0xa3, 0xf2, 0xe9, 0xf5, 0x95, -+ 0xfd, 0x1c, 0x5f, 0x9e, 0x5c, 0x0c, 0xe8, 0x36, 0xd5, 0x09, 0x35, 0x66, -+ 0x27, 0xb9, 0x13, 0x8a, 0x0e, 0xfa, 0xeb, 0xa6, 0x5b, 0xd6, 0x07, 0x4d, -+ 0xcf, 0x0d, 0x90, 0x71, 0xa1, 0xe5, 0x58, 0x1e, 0x27, 0x69, 0x64, 0x18, -+ 0x22, 0x07, 0x8a, 0x2a, 0xe9, 0x08, 0x00, 0x02, 0x8a, 0x58, 0x38, 0x81, -+ 0x05, 0xd8, 0xe7, 0x5d, 0x3d, 0xe8, 0x2b, 0x17, 0xfa, 0x29, 0x5c, 0xeb, -+ 0x93, 0x0c, 0x0f, 0x29, 0x68, 0x21, 0x93, 0x62, 0xf2, 0xe1, 0x44, 0x38, -+ 0x69, 0x21, 0x57, 0x86, 0x71, 0x6b, 0x3d, 0x12, 0x4e, 0x28, 0xdb, 0x0b, -+ 0xd4, 0x2c, 0xc5, 0xe8, 0x5f, 0x9b, 0xd2, 0x26, 0x08, 0x45, 0xa4, 0xb2, -+ 0xb1, 0x5e, 0xd1, 0x18, 0x3e, 0x62, 0x8d, 0x77, 0xa0, 0x62, 0x07, 0x75, -+ 0x0c, 0x68, 0x7f, 0xab, 0xd2, 0x2c, 0xec, 0x8e, 0xa9, 0x6e, 0x37, 0x3d, -+ 0xdb, 0x33, 0x7a, 0x4a, 0xba, 0x86, 0x25, 0x50, 0x6a, 0x37, 0x1b, 0x9b, -+ 0x91, 0x1a, 0x5f, 0x93, 0x21, 0xea, 0x91, 0xdc, 0x64, 0xb6, 0x07, 0x44, -+ 0x34, 0x79, 0x6a, 0x6a, 0x42, 0x4e, 0xf3, 0xe2, 0xa2, 0x6b, 0xff, 0xcd, -+ 0xd7, 0xc5, 0x69, 0xb9, 0x81, 0x7d, 0x34, 0xb4, 0x5b, 0xb6, 0x83, 0xc3, -+ 0x6b, 0x9a, 0xe1, 0x2e, 0x5e, 0x34, 0x01, 0x21, 0xeb, 0x37, 0xcc, 0xc5, -+ 0x5f, 0x7f, 0xa0, 0xde, 0x0f, 0x79, 0xb7, 0xc3, 0x3b, 0x84, 0x7d, 0xe8, -+ 0x96, 0xfd, 0x32, 0x47, 0x78, 0x3e, 0x22, 0xc8, 0x98, 0xce, 0x7a, 0xef, -+ 0x1d, 0xa6, 0x09, 0x3a, 0xff, 0xf7, 0x68, 0xd9, 0xb8, 0xe9, 0x7e, 0x8a, -+ 0xec, 0x23, 0x01, 0x97}; -+ -+static const unsigned char subprime_weak_8192[] = { -+ 0xe2, 0x48, 0x2e, 0xe9, 0x45, 0x85, 0xe1, 0x01, 0x91, 0x3b, 0xd1, -+ 0x15, 0x16, 0xb4, 0xf5, 0x5b, 0x2c, 0xb4, 0xae, 0x42, 0x61, 0x7a, -+ 0xd9, 0x26, 0x39, 0x12, 0xd2, 0x46, 0xb3, 0x46, 0x9b, 0x5f}; -+ -+static const unsigned char base_weak_8192[] = { -+ 0x78, 0x4d, 0x5d, 0xa1, 0xce, 0x9d, 0x68, 0xae, 0x47, 0x31, 0x81, 0x08, -+ 0x8c, 0x24, 0x38, 0x6a, 0xc8, 0xc7, 0xf4, 0x1c, 0xa1, 0xcb, 0x5d, 0x65, -+ 0x04, 0x6e, 0x0d, 0xbe, 0x55, 0x1d, 0x25, 0xc2, 0xca, 0x74, 0x99, 0x66, -+ 0x67, 0x75, 0x00, 0xd6, 0x12, 0x90, 0x7f, 0x44, 0x56, 0x40, 0x98, 0x23, -+ 0x30, 0x87, 0x7b, 0x02, 0x86, 0xc1, 0xb3, 0x1b, 0x83, 0x82, 0xdb, 0x5b, -+ 0xa6, 0x72, 0x90, 0x77, 0xf9, 0x63, 0x9d, 0xb4, 0xe0, 0x83, 0x5e, 0x04, -+ 0x1d, 0x7b, 0x25, 0x68, 0x67, 0xa4, 0xb2, 0x4e, 0x5a, 0xde, 0x1f, 0x48, -+ 0x01, 0x10, 0xde, 0xde, 0xa9, 0xc3, 0x14, 0xc5, 0x9c, 0xda, 0xbe, 0xd9, -+ 0x19, 0x91, 0x43, 0x4a, 0xaa, 0x77, 0xcc, 0xbb, 0xe0, 0xe7, 0x71, 0xa9, -+ 0xa2, 0x73, 0x4f, 0xf6, 0x88, 0xe0, 0xc6, 0x5d, 0x1a, 0xc9, 0x80, 0x6b, -+ 0x47, 0x98, 0x76, 0xb4, 0x6c, 0xfe, 0xc8, 0xdf, 0x65, 0x42, 0x3d, 0x11, -+ 0x60, 0x09, 0x32, 0xb3, 0x35, 0xc4, 0x97, 0x4c, 0xae, 0xd3, 0x3a, 0x0c, -+ 0x2b, 0x44, 0xe6, 0x21, 0x01, 0xf3, 0xbf, 0x3d, 0xb7, 0x18, 0x31, 0x28, -+ 0x88, 0x9e, 0xad, 0x06, 0xc4, 0xb8, 0x0a, 0x26, 0x09, 0xff, 0xe7, 0xf4, -+ 0xab, 0xd9, 0x28, 0x94, 0x02, 0xe6, 0x58, 0x65, 0xf4, 0x47, 0x3f, 0x4c, -+ 0x9e, 0xd8, 0x68, 0xed, 0x65, 0x39, 0x5b, 0x04, 0x6a, 0x1d, 0x21, 0xba, -+ 0xef, 0xbd, 0xdc, 0x15, 0x69, 0xb2, 0x24, 0x6c, 0x23, 0x98, 0xdd, 0x22, -+ 0xa0, 0x90, 0x48, 0xc1, 0xcc, 0xc6, 0xb4, 0xc9, 0x19, 0x8c, 0x23, 0x89, -+ 0x0b, 0x3b, 0x66, 0x0f, 0xfb, 0x45, 0xe6, 0x05, 0x7d, 0x57, 0xd3, 0x58, -+ 0x6c, 0xe5, 0x36, 0xaa, 0x05, 0xcf, 0xa6, 0x2d, 0x5a, 0x40, 0x96, 0x12, -+ 0x1e, 0xea, 0x34, 0x11, 0x94, 0x76, 0x47, 0xc8, 0x87, 0x3d, 0xb9, 0xe8, -+ 0x83, 0x6b, 0xfe, 0x83, 0xc6, 0xa3, 0x38, 0xe1, 0x06, 0xc3, 0xb0, 0xeb, -+ 0x53, 0x07, 0x75, 0x20, 0x60, 0xc2, 0xee, 0x1e, 0x95, 0xb4, 0xc1, 0xc5, -+ 0xe0, 0x1b, 0x47, 0xbb, 0xf9, 0x48, 0x6a, 0x68, 0x09, 0xab, 0xd2, 0x6e, -+ 0x29, 0x74, 0xed, 0x61, 0x0e, 0x12, 0xe2, 0x89, 0x15, 0x4f, 0xe2, 0xa1, -+ 0x50, 0xbd, 0x81, 0x49, 0xf0, 0xc4, 0x17, 0xe5, 0xb3, 0x35, 0x0b, 0xfa, -+ 0x59, 0x9f, 0x18, 0x84, 0xba, 0x74, 0xf2, 0xb8, 0x8f, 0xdf, 0x7c, 0x3e, -+ 0x36, 0x67, 0x84, 0xb7, 0x85, 0x50, 0x51, 0x64, 0x2a, 0xca, 0x8f, 0x6b, -+ 0xc8, 0xd1, 0x88, 0x0f, 0x64, 0x9a, 0x4a, 0xbd, 0x9b, 0x5f, 0x11, 0xd0, -+ 0x80, 0xba, 0x5d, 0x2e, 0x63, 0xc1, 0xe3, 0x58, 0xc1, 0xf3, 0xe3, 0x88, -+ 0xa7, 0xe6, 0xb2, 0x3c, 0xdf, 0x9d, 0xfa, 0xed, 0x5c, 0x6f, 0x86, 0x3b, -+ 0x25, 0x0f, 0x0e, 0xff, 0x0b, 0x88, 0x1c, 0xe9, 0xeb, 0xe5, 0x75, 0xee, -+ 0x50, 0xdf, 0x7c, 0xb0, 0xf2, 0x09, 0x78, 0x47, 0x60, 0x76, 0x3b, 0x44, -+ 0x5a, 0x9d, 0xf2, 0x5c, 0x68, 0xf9, 0x03, 0x88, 0x6a, 0x9f, 0x6a, 0x73, -+ 0x85, 0xc9, 0xe7, 0x5e, 0xbf, 0xac, 0x9e, 0x7a, 0x13, 0x53, 0x40, 0x65, -+ 0x65, 0x41, 0x02, 0x38, 0x5e, 0x05, 0xac, 0xbc, 0xc5, 0xff, 0xc5, 0x35, -+ 0x6c, 0x2b, 0x76, 0xac, 0xc5, 0xcc, 0x1e, 0x28, 0x53, 0x88, 0xab, 0x58, -+ 0x36, 0x7a, 0x99, 0xeb, 0x68, 0x7a, 0xdc, 0xd5, 0xc5, 0xaf, 0x84, 0xad, -+ 0x43, 0x0b, 0x3f, 0x3c, 0xbf, 0x87, 0x33, 0x45, 0xc6, 0x62, 0xf3, 0xac, -+ 0xff, 0x58, 0x82, 0x86, 0x9a, 0x3d, 0x05, 0xa0, 0xd2, 0xbb, 0x6d, 0x19, -+ 0x09, 0x09, 0x01, 0xeb, 0x8f, 0xd6, 0xf8, 0x13, 0xf6, 0x2f, 0xce, 0x0c, -+ 0x01, 0xe1, 0xcd, 0x56, 0xad, 0xf7, 0xd6, 0xe3, 0xf3, 0xfe, 0x5b, 0x61, -+ 0x40, 0x3d, 0x6b, 0x9b, 0xca, 0x44, 0xda, 0xac, 0xf5, 0xc0, 0x9f, 0xb5, -+ 0x23, 0x77, 0x70, 0x72, 0x83, 0xf4, 0xb8, 0x15, 0x66, 0x59, 0xc6, 0x72, -+ 0xea, 0xba, 0xa7, 0x1f, 0xd8, 0x27, 0xd3, 0x52, 0xdf, 0xec, 0x7c, 0x1d, -+ 0x3e, 0x60, 0x98, 0xb1, 0x30, 0xb8, 0x00, 0x37, 0x1a, 0x2d, 0xe9, 0xdb, -+ 0x62, 0x7f, 0xa9, 0x37, 0x9d, 0xf9, 0x82, 0x10, 0x98, 0xed, 0xc5, 0xc7, -+ 0xc7, 0xe6, 0x6e, 0xe8, 0x0f, 0xa8, 0x7e, 0xac, 0x30, 0xf8, 0x75, 0x95, -+ 0xc8, 0x56, 0x3b, 0xbb, 0x6f, 0x69, 0x48, 0x84, 0xb5, 0x4e, 0x8d, 0x68, -+ 0xdf, 0x2a, 0x1d, 0xf5, 0xd6, 0xd8, 0x00, 0x6f, 0x29, 0xea, 0x66, 0xb1, -+ 0xcb, 0xf3, 0xdb, 0x5e, 0x55, 0x9f, 0x13, 0x67, 0x22, 0xc3, 0x02, 0x74, -+ 0xc8, 0x69, 0x6b, 0xe5, 0x23, 0x83, 0x27, 0x20, 0x91, 0xda, 0xb3, 0x4a, -+ 0xe4, 0x92, 0xc9, 0x25, 0x76, 0x16, 0xf9, 0xfc, 0x74, 0xec, 0x95, 0xd9, -+ 0x61, 0x5f, 0x03, 0xac, 0x94, 0x2f, 0x4d, 0x00, 0xce, 0x97, 0xb7, 0x18, -+ 0x60, 0x10, 0x44, 0x1a, 0x48, 0xb2, 0x86, 0x02, 0x18, 0xac, 0x68, 0x61, -+ 0x73, 0x5e, 0x13, 0xd1, 0xd4, 0x66, 0x71, 0x8b, 0x1d, 0xbc, 0x08, 0xa2, -+ 0x45, 0xac, 0xe2, 0x06, 0xea, 0xe7, 0xb2, 0x8a, 0x27, 0x25, 0xb8, 0xa2, -+ 0xaf, 0x03, 0xc0, 0x0d, 0x90, 0x34, 0x90, 0x60, 0x55, 0x5f, 0x71, 0x94, -+ 0x8d, 0xfa, 0x5d, 0x91, 0x96, 0x3e, 0x7a, 0x2a, 0x4f, 0x50, 0x3f, 0x48, -+ 0xc2, 0x31, 0xd2, 0xa9, 0x29, 0x8a, 0x0a, 0x41, 0x50, 0xf2, 0x7d, 0x9b, -+ 0x52, 0xc9, 0xdf, 0x69, 0xfb, 0x6a, 0x1e, 0xee, 0xf2, 0x44, 0x3e, 0xe5, -+ 0x48, 0xad, 0x24, 0x3b, 0xac, 0xad, 0x62, 0x4f, 0xc8, 0x30, 0x1d, 0x7e, -+ 0x42, 0x4b, 0x52, 0x53, 0xca, 0x16, 0x27, 0x37, 0x76, 0x8f, 0x95, 0x7c, -+ 0xd1, 0xcd, 0x39, 0xac, 0x30, 0xc0, 0x1d, 0x15, 0xe4, 0x80, 0xc2, 0x43, -+ 0x6d, 0x77, 0x5d, 0x27, 0x4a, 0xad, 0xf4, 0x64, 0x56, 0xfd, 0x0b, 0x3a, -+ 0xaf, 0xb7, 0x63, 0x03, 0x44, 0x86, 0x4d, 0x72, 0x03, 0xd9, 0x91, 0xb9, -+ 0x06, 0xc0, 0x3f, 0x7a, 0xd7, 0xb6, 0x17, 0xd5, 0xb3, 0x2a, 0x13, 0x93, -+ 0x9d, 0x45, 0xfa, 0x70, 0xe7, 0x3a, 0xcd, 0x5e, 0xad, 0x7c, 0x70, 0x96, -+ 0x84, 0x91, 0xfd, 0x1c, 0x2b, 0xa2, 0x68, 0x7c, 0xc4, 0x8f, 0xa0, 0x2f, -+ 0x02, 0x6e, 0x4f, 0xd5, 0xe9, 0xb8, 0xbf, 0x52, 0x85, 0xd3, 0xdd, 0xbb, -+ 0x43, 0x73, 0x58, 0xd9, 0xa4, 0xb0, 0x08, 0x25, 0x16, 0xe3, 0x13, 0xc9, -+ 0x98, 0x26, 0x79, 0x91, 0xf8, 0x67, 0x2f, 0x05, 0x10, 0x8f, 0x03, 0xe5, -+ 0x26, 0x5c, 0xcb, 0x99, 0x97, 0xb7, 0xc9, 0x19, 0x4d, 0x4c, 0x9f, 0xc6, -+ 0xcc, 0x24, 0xfb, 0xe2, 0x83, 0x59, 0xbb, 0x9f, 0x25, 0x14, 0xf0, 0x92, -+ 0x3a, 0xcc, 0xc7, 0xcf, 0x66, 0xea, 0x43, 0x48, 0x8a, 0x23, 0xcb, 0xec, -+ 0xf5, 0x60, 0x7e, 0x81, 0x72, 0x94, 0x44, 0xfd, 0x33, 0x38, 0xfc, 0xbd, -+ 0xcf, 0x91, 0xe7, 0x22, 0x19, 0x8f, 0x1e, 0x0a, 0x8c, 0x08, 0x8c, 0xf1, -+ 0x39, 0x7d, 0xd4, 0xf1, 0xb3, 0xa0, 0x9d, 0xae, 0x9e, 0x8e, 0x24, 0xd7, -+ 0x37, 0x39, 0x9b, 0x93, 0xd7, 0x89, 0x1c, 0x04, 0x1b, 0x3e, 0x84, 0x5d, -+ 0xc6, 0x75, 0x36, 0x64, 0x08, 0x06, 0x0d, 0xdd, 0x83, 0x8c, 0xf4, 0xc4, -+ 0xe1, 0x11, 0xe1, 0x14, 0x49, 0xb1, 0x32, 0xce, 0x6a, 0x6c, 0x39, 0x0d, -+ 0xf9, 0x35, 0x1b, 0x95, 0x4b, 0xe1, 0x65, 0x0c, 0xa6, 0xac, 0x69, 0x27, -+ 0x98, 0xfa, 0x34, 0xf1, 0x30, 0x35, 0xb6, 0xe4, 0xc4, 0x55, 0x2d, 0xa8, -+ 0x5c, 0xcb, 0x6c, 0xcd, 0x66, 0x65, 0xe2, 0x94, 0xb2, 0xb1, 0xf4, 0x52, -+ 0x75, 0xed, 0x32, 0x8c, 0x08, 0xa1, 0x86, 0x53, 0x01, 0x6f, 0x52, 0x78, -+ 0xda, 0x20, 0x6e, 0x6a}; -+/* Calculated subprimes to verify primes are safe primes */ -+ -+/* q=(p-1)/2 for prime prime_ike_1536 */ -+static const unsigned char sub2_prime_ike_1536[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_2048 */ -+static const unsigned char sub2_prime_ike_2048[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_2048 */ -+static const unsigned char sub2_prime_tls_2048[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_3072 */ -+static const unsigned char sub2_prime_ike_3072[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_3072 */ -+static const unsigned char sub2_prime_tls_3072[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_4096 */ -+static const unsigned char sub2_prime_ike_4096[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_4096 */ -+static const unsigned char sub2_prime_tls_4096[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5, -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_6144 */ -+static const unsigned char sub2_prime_ike_6144[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, -+ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, -+ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, -+ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, -+ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, -+ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, -+ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, -+ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, -+ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, -+ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, -+ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, -+ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, -+ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, -+ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, -+ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, -+ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, -+ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, -+ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, -+ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, -+ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, -+ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, -+ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, -+ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_6144 */ -+static const unsigned char sub2_prime_tls_6144[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, -+ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, -+ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, -+ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, -+ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, -+ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, -+ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, -+ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, -+ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, -+ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, -+ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, -+ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, -+ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, -+ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, -+ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, -+ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, -+ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, -+ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, -+ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, -+ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, -+ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, -+ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, -+ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_8192 */ -+static const unsigned char sub2_prime_ike_8192[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, -+ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, -+ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, -+ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, -+ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, -+ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, -+ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, -+ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, -+ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, -+ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, -+ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, -+ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, -+ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, -+ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, -+ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, -+ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, -+ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, -+ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, -+ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, -+ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, -+ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, -+ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, -+ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2, -+ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68, -+ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80, -+ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49, -+ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4, -+ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65, -+ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c, -+ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4, -+ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35, -+ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf, -+ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d, -+ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc, -+ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b, -+ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62, -+ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50, -+ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1, -+ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9, -+ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17, -+ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23, -+ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71, -+ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38, -+ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_8192 */ -+static const unsigned char sub2_prime_tls_8192[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, -+ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, -+ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, -+ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, -+ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, -+ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, -+ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, -+ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, -+ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, -+ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, -+ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, -+ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, -+ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, -+ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, -+ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, -+ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, -+ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, -+ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, -+ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, -+ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, -+ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, -+ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, -+ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c, -+ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7, -+ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f, -+ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1, -+ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32, -+ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c, -+ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41, -+ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60, -+ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11, -+ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98, -+ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96, -+ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b, -+ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc, -+ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a, -+ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b, -+ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff, -+ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18, -+ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c, -+ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86, -+ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83, -+ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46, -+ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_1536 */ -+static const unsigned char sub2_prime_safe_1536[] = { -+ 0x7b, 0xb3, 0x98, 0xe4, 0x22, 0xb5, 0x6c, 0xf5, 0x29, 0x85, 0x90, 0xe3, -+ 0xa5, 0x7d, 0x40, 0xb3, 0x3b, 0x2e, 0x75, 0x5b, 0xfa, 0x88, 0x99, 0x36, -+ 0xe9, 0xa6, 0x3d, 0x56, 0x1c, 0x8b, 0x8d, 0x43, 0xdc, 0x00, 0x6b, 0x88, -+ 0xe2, 0xfe, 0xf0, 0xf1, 0xb2, 0xa6, 0x0f, 0xa1, 0x12, 0x20, 0x8f, 0x49, -+ 0x21, 0x5f, 0xdb, 0x32, 0x87, 0x39, 0x41, 0xc5, 0x5c, 0x41, 0x53, 0x27, -+ 0xcf, 0x65, 0x27, 0xe8, 0xd8, 0x89, 0xe1, 0x7d, 0x33, 0xd0, 0xb5, 0x03, -+ 0x27, 0xd7, 0xb7, 0x0b, 0x6c, 0xca, 0x6c, 0x6d, 0x71, 0xb3, 0x31, 0x00, -+ 0x8f, 0xc1, 0x47, 0x88, 0x70, 0x17, 0x9e, 0x51, 0xa1, 0x54, 0x5d, 0xca, -+ 0x19, 0x3c, 0xbc, 0xbf, 0xcb, 0xfc, 0x1d, 0x18, 0xd5, 0x0a, 0x63, 0xff, -+ 0x09, 0xcb, 0x3b, 0x8a, 0xdf, 0xa3, 0x90, 0x2b, 0x88, 0xf0, 0x27, 0xed, -+ 0x3f, 0x54, 0x8c, 0xa4, 0xd0, 0xc6, 0x94, 0xbb, 0x45, 0x69, 0xcd, 0xd8, -+ 0x5f, 0x28, 0x61, 0x92, 0xc1, 0x7c, 0xf1, 0x90, 0xc6, 0x7e, 0xd3, 0x28, -+ 0xf2, 0x9b, 0x3f, 0x41, 0x5b, 0x48, 0x22, 0xf0, 0xea, 0xb9, 0x2b, 0x5f, -+ 0x62, 0xb3, 0x9e, 0x89, 0x8d, 0x1c, 0xbf, 0xcc, 0x19, 0xfe, 0x5a, 0x3d, -+ 0xd2, 0x1c, 0x38, 0xc3, 0xcb, 0x37, 0x73, 0x3d, 0xbb, 0xd9, 0x32, 0xfe, -+ 0xef, 0x93, 0xc9, 0x86, 0x1e, 0x30, 0x6f, 0xf2, 0x99, 0xff, 0x6b, 0xa5, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_2048 */ -+static const unsigned char sub2_prime_safe_2048[] = { -+ 0x70, 0xd1, 0xb7, 0x24, 0xb4, 0x83, 0x8e, 0x2f, 0xda, 0x0a, 0x9a, 0xa3, -+ 0x4c, 0xa9, 0x68, 0x27, 0x7f, 0xa7, 0x26, 0x58, 0xf0, 0xac, 0xf6, 0x97, -+ 0x38, 0xf9, 0xc0, 0x0a, 0x2a, 0x68, 0x7e, 0x41, 0x90, 0x14, 0x8a, 0x90, -+ 0xd3, 0x2f, 0x88, 0x40, 0xab, 0xfa, 0x17, 0x24, 0xd9, 0x68, 0x9b, 0xf4, -+ 0x35, 0x5f, 0xb9, 0x7c, 0xaa, 0xa7, 0x4f, 0x57, 0x10, 0x62, 0xdb, 0x62, -+ 0xc8, 0xbc, 0x86, 0xd1, 0x6e, 0xda, 0x5d, 0xa8, 0x27, 0x10, 0x65, 0x45, -+ 0x47, 0xc1, 0x1a, 0x5c, 0xb5, 0x1f, 0x4d, 0x33, 0xe1, 0x3f, 0x41, 0xfb, -+ 0x60, 0x56, 0xf1, 0xe5, 0x00, 0x6b, 0x08, 0xc4, 0x4e, 0x63, 0xcf, 0xda, -+ 0x1e, 0xa9, 0xd2, 0xad, 0x4b, 0xa2, 0x26, 0xf3, 0xae, 0x6a, 0xbb, 0x40, -+ 0x7c, 0x06, 0x66, 0xd3, 0x2a, 0xf1, 0x2f, 0xe7, 0xfa, 0x23, 0x52, 0x63, -+ 0x87, 0xe0, 0xc0, 0x42, 0x32, 0xa3, 0x46, 0x43, 0xe9, 0x4c, 0xc1, 0x6f, -+ 0xc7, 0x00, 0x44, 0xf9, 0x86, 0xea, 0xe0, 0x2a, 0x4a, 0x63, 0x51, 0xc9, -+ 0x07, 0xc8, 0x88, 0x77, 0x51, 0xb2, 0xa2, 0x5b, 0xb6, 0xf4, 0x11, 0xfc, -+ 0xbf, 0xc8, 0xb1, 0x32, 0x84, 0xc7, 0x50, 0x99, 0xea, 0x6b, 0x2a, 0x85, -+ 0x60, 0x74, 0x33, 0x38, 0x02, 0xe8, 0x09, 0x1a, 0x60, 0xfe, 0xe7, 0x3a, -+ 0xd2, 0x3a, 0xf0, 0xa3, 0x50, 0x84, 0x5a, 0x29, 0x7f, 0x12, 0xd2, 0x62, -+ 0xa7, 0x91, 0x82, 0x3f, 0x50, 0x96, 0x79, 0xab, 0x65, 0xfd, 0x3d, 0x5e, -+ 0x22, 0xe6, 0x3c, 0x59, 0x94, 0x79, 0xf2, 0xea, 0x93, 0x2b, 0x13, 0xc3, -+ 0x35, 0x2b, 0x35, 0xc3, 0xab, 0x07, 0x62, 0x1e, 0x76, 0xff, 0xe5, 0xcb, -+ 0x5a, 0x09, 0x8e, 0xa6, 0x9c, 0x27, 0x34, 0x9a, 0x28, 0xbd, 0x42, 0x98, -+ 0xda, 0x40, 0x6d, 0x20, 0xf1, 0xee, 0x17, 0x29, 0xec, 0x38, 0x9f, 0x66, -+ 0x1b, 0xc5, 0x40, 0x19, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_3072 */ -+static const unsigned char sub2_prime_safe_3072[] = { -+ 0x43, 0xb3, 0x6f, 0xfb, 0xf6, 0x24, 0xb5, 0x4d, 0x3e, 0x4b, 0x14, 0x57, -+ 0x33, 0x9c, 0x55, 0xfd, 0x7f, 0x2e, 0x23, 0x3d, 0xf7, 0xf4, 0x8c, 0x53, -+ 0x3b, 0x59, 0x72, 0x87, 0x5f, 0x5c, 0x79, 0x40, 0x1b, 0x04, 0xc1, 0x22, -+ 0x3d, 0xf4, 0x74, 0x66, 0x44, 0x93, 0xb4, 0x02, 0xf0, 0x70, 0x9b, 0xeb, -+ 0xdf, 0xed, 0x86, 0x7b, 0x24, 0x29, 0x0b, 0x9f, 0xba, 0xe2, 0xa7, 0x5a, -+ 0x1e, 0xfc, 0x26, 0x75, 0x5a, 0x05, 0x83, 0x02, 0x0a, 0xc4, 0xbe, 0x5d, -+ 0x79, 0xfa, 0xef, 0x33, 0x37, 0x3e, 0x98, 0x62, 0x10, 0x02, 0xed, 0x19, -+ 0x07, 0xff, 0xbc, 0xb8, 0xa2, 0x4d, 0x88, 0x07, 0xf8, 0xdd, 0x98, 0xef, -+ 0x33, 0xc8, 0x75, 0x3b, 0xd6, 0xb2, 0xeb, 0x82, 0xba, 0xd5, 0xb3, 0x79, -+ 0x73, 0x29, 0x56, 0x79, 0x55, 0x53, 0xe9, 0x22, 0xec, 0xe3, 0x21, 0x1c, -+ 0x93, 0x8f, 0xa3, 0x42, 0x56, 0xbc, 0x5a, 0x7d, 0x42, 0x7c, 0x4d, 0x9f, -+ 0x65, 0xe0, 0xcc, 0xf2, 0x9a, 0xa1, 0x13, 0x02, 0xf5, 0x56, 0x28, 0x82, -+ 0x27, 0xc5, 0x4c, 0x12, 0xd3, 0xa3, 0x55, 0xbd, 0xf6, 0xdc, 0x54, 0x85, -+ 0x92, 0x11, 0xc1, 0x91, 0x8b, 0x43, 0xb2, 0x48, 0x86, 0x5f, 0x8f, 0xde, -+ 0x76, 0x25, 0x6e, 0x89, 0x15, 0x86, 0x54, 0x9c, 0xcb, 0x62, 0x61, 0xe7, -+ 0xd2, 0x9c, 0x20, 0x06, 0xb7, 0x68, 0x7d, 0x05, 0x06, 0x1f, 0x74, 0xba, -+ 0x85, 0xb8, 0x14, 0x34, 0x5e, 0x7e, 0xfb, 0x61, 0x4d, 0x2c, 0xc8, 0x90, -+ 0x2e, 0x38, 0x7f, 0x18, 0xd3, 0x28, 0x43, 0xcd, 0x35, 0x30, 0x90, 0x16, -+ 0x3b, 0xc2, 0x40, 0xd4, 0x1f, 0x64, 0xd4, 0x39, 0x58, 0x29, 0xa1, 0xc2, -+ 0x8e, 0x4d, 0x9d, 0x6e, 0xf7, 0x84, 0xbe, 0xe3, 0xb4, 0x63, 0x77, 0x84, -+ 0x67, 0x23, 0xd0, 0x6e, 0x2d, 0xed, 0x97, 0x96, 0x9a, 0x71, 0xef, 0x4a, -+ 0xfb, 0x35, 0xb6, 0xae, 0xc8, 0xdf, 0x22, 0xf7, 0x16, 0x82, 0x49, 0xbc, -+ 0x63, 0xd2, 0x24, 0xe6, 0x38, 0xd4, 0x2e, 0xec, 0x45, 0x3f, 0x4f, 0x27, -+ 0x88, 0x64, 0xa0, 0xe8, 0xb1, 0x60, 0xb8, 0x24, 0x5a, 0x89, 0x08, 0x91, -+ 0xd3, 0x72, 0x6f, 0xb2, 0x56, 0x6c, 0xf2, 0x1b, 0xe1, 0x5c, 0x91, 0xd3, -+ 0xa0, 0x75, 0x3f, 0xaa, 0x71, 0xf7, 0xb8, 0xc0, 0xda, 0x73, 0x82, 0x88, -+ 0x6b, 0x15, 0xea, 0x88, 0xc2, 0x2d, 0x34, 0xd2, 0xd6, 0x29, 0x36, 0xd4, -+ 0x3c, 0x93, 0xff, 0x8e, 0x01, 0x68, 0xb1, 0x1b, 0x01, 0xd1, 0x54, 0xa3, -+ 0x36, 0x27, 0xe5, 0x2c, 0x79, 0x59, 0x76, 0xc8, 0xda, 0x4f, 0x2d, 0xee, -+ 0xfc, 0xcc, 0xdb, 0x46, 0xb8, 0x1a, 0x05, 0x62, 0xa6, 0xeb, 0xe7, 0x45, -+ 0xf8, 0xa8, 0x12, 0xc4, 0xff, 0xf3, 0xf9, 0x0f, 0x5c, 0x90, 0xd9, 0xc5, -+ 0xe4, 0x21, 0x3e, 0x13, 0x77, 0xa6, 0x18, 0x46, 0xb0, 0x5b, 0x92, 0xfd, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_4096 */ -+static const unsigned char sub2_prime_safe_4096[] = { -+ 0x45, 0xef, 0xe0, 0xd1, 0xf2, 0x5e, 0x8e, 0x58, 0xfa, 0x58, 0xa8, 0xe9, -+ 0xc5, 0x67, 0x1e, 0x99, 0xac, 0x40, 0x51, 0x8e, 0x3e, 0x06, 0xde, 0xc7, -+ 0x5e, 0xd9, 0xf3, 0xcf, 0x6a, 0x6f, 0x03, 0x7e, 0x4c, 0x57, 0x80, 0xa1, -+ 0xc9, 0x96, 0x7e, 0x7d, 0xc9, 0x40, 0x70, 0x37, 0x7c, 0xfb, 0x55, 0xb9, -+ 0xcb, 0x46, 0xbf, 0x60, 0x75, 0x93, 0x36, 0x06, 0x29, 0x83, 0x4f, 0x99, -+ 0x25, 0xd6, 0xa9, 0xea, 0xdf, 0xc8, 0x9a, 0x8b, 0x7e, 0xbf, 0xdd, 0x18, -+ 0x5b, 0x5a, 0x44, 0x08, 0x0f, 0xad, 0x60, 0x31, 0x7c, 0xbf, 0xb8, 0xcd, -+ 0xda, 0x88, 0x25, 0xcc, 0xe8, 0x78, 0x74, 0xe1, 0x77, 0x1a, 0x92, 0x75, -+ 0xe6, 0x77, 0x03, 0x5f, 0xd0, 0x02, 0xf2, 0x30, 0xd2, 0x53, 0x4c, 0x11, -+ 0xe8, 0x72, 0x45, 0x30, 0xe5, 0x02, 0xc5, 0x36, 0x4c, 0x7d, 0x41, 0xe1, -+ 0xa8, 0x3e, 0xaa, 0x9d, 0x97, 0x6a, 0xd6, 0x0a, 0x30, 0xc3, 0x68, 0xda, -+ 0xe7, 0xe0, 0x6e, 0x34, 0xa5, 0xb6, 0x25, 0x62, 0xeb, 0xff, 0x70, 0x74, -+ 0x0d, 0x32, 0x08, 0xed, 0xab, 0x78, 0x0e, 0x4a, 0xae, 0x68, 0xb5, 0x5c, -+ 0xfb, 0x71, 0x00, 0x7a, 0x11, 0x01, 0x81, 0x95, 0x5e, 0x4e, 0x41, 0x75, -+ 0xc4, 0x8d, 0x6e, 0xca, 0x32, 0x81, 0x22, 0x30, 0xbb, 0x60, 0xd7, 0x6c, -+ 0x65, 0x7e, 0xb3, 0x7a, 0x4b, 0x73, 0xbc, 0xff, 0x1d, 0x4c, 0x78, 0xc0, -+ 0x01, 0x7d, 0x21, 0x5b, 0xd7, 0x75, 0x9c, 0x94, 0x61, 0xdc, 0xe7, 0x46, -+ 0x38, 0xf5, 0x0a, 0x3a, 0x43, 0x36, 0x13, 0x6a, 0x8a, 0x90, 0xcb, 0x86, -+ 0x41, 0x46, 0xc0, 0xc2, 0x62, 0xa3, 0x88, 0x03, 0x33, 0xd4, 0x2f, 0xd8, -+ 0xe2, 0x99, 0x6e, 0x3f, 0xf3, 0x30, 0xf2, 0xf5, 0xcf, 0x54, 0xb0, 0xcc, -+ 0xa1, 0xd4, 0xc5, 0xf6, 0xd7, 0xf2, 0x10, 0xf7, 0xc7, 0x3c, 0x2d, 0x30, -+ 0xaa, 0xce, 0xa1, 0xed, 0xbb, 0xd5, 0x5d, 0x8c, 0xf5, 0x27, 0xa4, 0xa9, -+ 0xc0, 0x67, 0x3e, 0x4d, 0x75, 0x53, 0x49, 0xac, 0x6a, 0x55, 0xfa, 0x74, -+ 0xb0, 0x3e, 0xe5, 0x59, 0x4b, 0xd2, 0xf0, 0x49, 0x67, 0x76, 0x2b, 0xde, -+ 0x62, 0x82, 0xbb, 0x08, 0xbc, 0x81, 0xf0, 0xd9, 0x4c, 0xe0, 0x90, 0xea, -+ 0x42, 0xf3, 0xb7, 0xe4, 0xac, 0x74, 0x0e, 0x06, 0xe4, 0x48, 0x22, 0x26, -+ 0x2c, 0x2a, 0xcd, 0x77, 0x6f, 0x31, 0x07, 0x59, 0x71, 0xde, 0x75, 0xa8, -+ 0xa0, 0x02, 0xb8, 0xff, 0x5a, 0x74, 0xf3, 0x7b, 0x07, 0x6b, 0xdd, 0x8d, -+ 0xdc, 0x4c, 0xf4, 0x64, 0xed, 0x4f, 0xef, 0x1e, 0x09, 0xec, 0x8b, 0x22, -+ 0x9e, 0xd6, 0x71, 0x04, 0xe1, 0xc3, 0xdd, 0x9c, 0xc6, 0x37, 0x88, 0xb0, -+ 0x43, 0x8f, 0xd7, 0xd3, 0xee, 0x09, 0x47, 0xbe, 0xa6, 0x2f, 0x2b, 0x61, -+ 0xb1, 0x6e, 0xee, 0x81, 0xaa, 0xcf, 0x12, 0x36, 0x62, 0xb6, 0x5c, 0x07, -+ 0x57, 0x88, 0xea, 0x8f, 0x35, 0x1b, 0x4e, 0x65, 0x23, 0x1a, 0x09, 0x95, -+ 0xe8, 0xd1, 0x9a, 0x16, 0x41, 0x8d, 0x92, 0xe6, 0x0b, 0x80, 0xce, 0x34, -+ 0x29, 0xdb, 0xc3, 0xf6, 0x87, 0x24, 0x6b, 0xb4, 0xfc, 0xe4, 0x0e, 0xc5, -+ 0xb8, 0xfa, 0x37, 0xe8, 0xd8, 0xea, 0xb8, 0x50, 0x6b, 0xb8, 0x9e, 0xcf, -+ 0xfe, 0x7d, 0x1a, 0xb4, 0x92, 0xf9, 0x9c, 0xbc, 0xd6, 0xbd, 0x80, 0xe2, -+ 0xb3, 0x52, 0xf8, 0x63, 0x8e, 0x5b, 0x28, 0xf2, 0x81, 0x15, 0xe7, 0xe0, -+ 0x95, 0x48, 0xce, 0xd2, 0xdf, 0x9b, 0x9b, 0xee, 0x97, 0x18, 0x20, 0x6d, -+ 0xdf, 0xf6, 0x7f, 0x36, 0x16, 0x74, 0x90, 0x77, 0x44, 0xd6, 0x2a, 0xd7, -+ 0x81, 0xad, 0x5d, 0x2d, 0x29, 0x7d, 0xdf, 0xda, 0xd7, 0x1c, 0x10, 0x52, -+ 0xb4, 0x49, 0x2f, 0xf6, 0x0b, 0xd4, 0xc0, 0x29, 0xf9, 0x1d, 0x86, 0x04, -+ 0xf9, 0xf5, 0x8a, 0xb1, 0x47, 0x1c, 0xbd, 0xb5, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_6144 */ -+static const unsigned char sub2_prime_safe_6144[] = { -+ 0x5c, 0x87, 0xe0, 0xa0, 0xa5, 0x6f, 0x0d, 0x0e, 0x40, 0x50, 0x6b, 0x1c, -+ 0xc0, 0x88, 0x79, 0x84, 0xe5, 0x60, 0x30, 0x46, 0x2f, 0x46, 0x0b, 0x90, -+ 0xd0, 0x0c, 0x28, 0x6b, 0x30, 0x09, 0xfe, 0x1c, 0x00, 0x13, 0x6c, 0xb8, -+ 0xe9, 0x39, 0xfe, 0x2e, 0x86, 0x78, 0x90, 0x67, 0x3b, 0x22, 0x5d, 0xc5, -+ 0xae, 0x64, 0x2d, 0x2c, 0x86, 0x66, 0xa4, 0x5d, 0x5f, 0xc3, 0x39, 0x6d, -+ 0x7a, 0xde, 0xbe, 0x0e, 0xa0, 0xdd, 0x74, 0x4f, 0xc6, 0x61, 0x0c, 0x13, -+ 0xfd, 0x5e, 0x63, 0x67, 0xec, 0x23, 0xfa, 0xf4, 0xb8, 0xe6, 0x1b, 0x9a, -+ 0x61, 0xcd, 0xad, 0x7f, 0xe1, 0x86, 0x55, 0x8e, 0xcb, 0xc6, 0x13, 0x4a, -+ 0xc6, 0x78, 0x85, 0x2e, 0x91, 0x42, 0x2d, 0x3e, 0x79, 0x68, 0xc5, 0xbe, -+ 0x37, 0x8b, 0x84, 0x89, 0x80, 0x64, 0xef, 0xbc, 0xf0, 0xb7, 0x64, 0x7c, -+ 0x69, 0xe0, 0xee, 0xd9, 0x7a, 0x12, 0x15, 0x7d, 0x2e, 0x33, 0x12, 0x95, -+ 0x9c, 0xe8, 0x9c, 0xa4, 0x7d, 0x3b, 0x27, 0xab, 0xd1, 0x90, 0x61, 0x9c, -+ 0x17, 0x42, 0xb3, 0x98, 0xc9, 0x42, 0x9e, 0x38, 0x11, 0x8a, 0x76, 0x36, -+ 0x42, 0x94, 0x70, 0x27, 0xe6, 0x63, 0x1d, 0xe7, 0x8c, 0x98, 0x1d, 0x80, -+ 0xff, 0x4f, 0x0b, 0x32, 0x8e, 0x7a, 0x18, 0x86, 0x4e, 0x91, 0xa0, 0x42, -+ 0xb6, 0x6e, 0xf2, 0xfb, 0xc8, 0x12, 0xb4, 0xbd, 0x1e, 0x6b, 0x72, 0x21, -+ 0x36, 0x43, 0x82, 0x03, 0x53, 0xc1, 0x0e, 0xfe, 0x2f, 0x6c, 0x81, 0xb0, -+ 0x10, 0x4d, 0x2e, 0x35, 0x7f, 0x29, 0x86, 0x82, 0xc9, 0x0d, 0xd0, 0xed, -+ 0xfd, 0x00, 0x97, 0xc2, 0x44, 0xf0, 0x2b, 0x33, 0x3f, 0x71, 0xf3, 0x4c, -+ 0xa6, 0xd9, 0xe9, 0x78, 0x67, 0x79, 0xef, 0x82, 0x86, 0xab, 0xa1, 0x66, -+ 0xfe, 0x03, 0x1e, 0x73, 0x88, 0x9a, 0x3f, 0xa8, 0xc7, 0x5b, 0x92, 0x00, -+ 0xf1, 0x93, 0x23, 0xf3, 0xe8, 0xab, 0x87, 0x07, 0x78, 0x89, 0x62, 0xbc, -+ 0x96, 0xc3, 0x87, 0xd8, 0x8c, 0xb5, 0x6b, 0xa2, 0x19, 0xa3, 0x26, 0x5e, -+ 0x62, 0xe3, 0x12, 0x7c, 0x3e, 0x3d, 0x30, 0xff, 0x39, 0x4a, 0x90, 0xe6, -+ 0xe8, 0x9d, 0x69, 0xae, 0xbb, 0xbb, 0x5e, 0xc3, 0x6c, 0x5e, 0xc7, 0x2f, -+ 0x79, 0x72, 0x90, 0x00, 0xec, 0xda, 0x23, 0xfb, 0x8e, 0x28, 0xb8, 0x1c, -+ 0xb5, 0x63, 0xf5, 0x76, 0xc8, 0x6b, 0xe2, 0x69, 0xe6, 0xc7, 0x25, 0xec, -+ 0x08, 0xf8, 0x69, 0xb3, 0x1b, 0x3b, 0xf1, 0x0b, 0x09, 0xde, 0xe9, 0x2a, -+ 0x25, 0x0e, 0x30, 0xaa, 0x44, 0x0d, 0x34, 0xc2, 0xcf, 0xae, 0xe2, 0xdb, -+ 0xb1, 0x3f, 0x39, 0x05, 0x44, 0xc8, 0x12, 0x47, 0x9c, 0xd9, 0x79, 0x5b, -+ 0x09, 0x47, 0x28, 0x5a, 0x69, 0xf5, 0x61, 0xd6, 0x75, 0x46, 0x93, 0x8b, -+ 0xde, 0x83, 0xe9, 0x0a, 0xc0, 0x24, 0xf0, 0x4b, 0xa0, 0x8b, 0x6b, 0x1d, -+ 0x92, 0x74, 0x45, 0xfe, 0xd1, 0x8c, 0x5e, 0xa9, 0x2e, 0xf1, 0x10, 0xe7, -+ 0x3e, 0x37, 0x88, 0x1c, 0x38, 0x32, 0x62, 0x0a, 0xf9, 0x94, 0x63, 0x33, -+ 0x7e, 0x68, 0x91, 0x02, 0x40, 0x40, 0x63, 0x62, 0xba, 0xfa, 0xee, 0x58, -+ 0x20, 0x25, 0x89, 0x7d, 0x6d, 0xea, 0x9b, 0x66, 0x98, 0xd5, 0xeb, 0x8e, -+ 0x8c, 0x03, 0xce, 0x84, 0xcd, 0x8b, 0x50, 0x7f, 0x0f, 0x37, 0x9f, 0x9a, -+ 0x2d, 0x73, 0x38, 0x42, 0xcc, 0x18, 0x6a, 0x4a, 0x62, 0xf8, 0x1b, 0x1a, -+ 0xd0, 0xf6, 0xa3, 0x31, 0x9e, 0x07, 0xe7, 0xe2, 0xcf, 0x3e, 0x34, 0x12, -+ 0xb2, 0x49, 0x98, 0x1b, 0x1c, 0x58, 0xcc, 0xb6, 0x1b, 0xfa, 0xe7, 0xb2, -+ 0x25, 0xf7, 0xd3, 0x7f, 0xb5, 0x55, 0x55, 0x5b, 0x14, 0xf6, 0x9c, 0x40, -+ 0x0f, 0xac, 0x1a, 0xc4, 0x1f, 0x80, 0x8e, 0x64, 0x11, 0xa4, 0x1b, 0xd3, -+ 0xe9, 0x58, 0xd8, 0xf7, 0x22, 0x2c, 0x85, 0x7d, 0x82, 0xec, 0xf0, 0xad, -+ 0xa9, 0x9a, 0x4e, 0xcc, 0x98, 0x14, 0x54, 0x9d, 0xc7, 0x0d, 0xd6, 0x45, -+ 0x48, 0x48, 0xe4, 0xb8, 0xc5, 0x75, 0x5c, 0x88, 0xea, 0xb3, 0xc3, 0xa7, -+ 0xed, 0x93, 0xa7, 0xbf, 0xdc, 0x2a, 0x3f, 0xaf, 0x0c, 0x04, 0x7b, 0xf9, -+ 0x8e, 0x01, 0x1d, 0x02, 0x6f, 0x66, 0x08, 0x03, 0x3f, 0x0a, 0xe1, 0x92, -+ 0x06, 0x6f, 0x86, 0xfc, 0x43, 0x60, 0x26, 0x55, 0x87, 0xba, 0x82, 0x5f, -+ 0x79, 0xc8, 0x14, 0x68, 0x91, 0x0b, 0xcb, 0x66, 0x14, 0x88, 0x84, 0xd3, -+ 0xa9, 0xa1, 0x75, 0x48, 0xa8, 0xd7, 0xaa, 0xd0, 0x81, 0xb3, 0xbc, 0x31, -+ 0xd9, 0xd8, 0x07, 0xac, 0xae, 0x9b, 0xf3, 0x98, 0x45, 0xe5, 0x50, 0x22, -+ 0x89, 0x3d, 0x52, 0x84, 0xfd, 0xd3, 0x4c, 0xee, 0xfb, 0xf4, 0x98, 0x2d, -+ 0x61, 0x4e, 0x86, 0xef, 0x9c, 0xcc, 0x92, 0x86, 0xd9, 0x2b, 0xdb, 0x3c, -+ 0x01, 0x18, 0x7c, 0x43, 0x6f, 0x3c, 0xda, 0x5f, 0x1f, 0x29, 0xff, 0xba, -+ 0x07, 0xa6, 0x98, 0x16, 0xf3, 0x2b, 0xa5, 0x2b, 0xa9, 0x9d, 0x05, 0x8c, -+ 0xc3, 0x55, 0xc8, 0x72, 0x99, 0xc2, 0x29, 0xbd, 0x0b, 0xe2, 0xf8, 0xc6, -+ 0x61, 0xf2, 0x08, 0xa9, 0x95, 0xda, 0xda, 0x47, 0x73, 0x69, 0x02, 0x21, -+ 0xad, 0xb5, 0x18, 0x63, 0xe5, 0x57, 0xc8, 0xe0, 0x3b, 0x21, 0xc3, 0x32, -+ 0xf7, 0x66, 0xc1, 0x5f, 0x51, 0x6c, 0x16, 0xd6, 0xf5, 0xda, 0x8d, 0x5a, -+ 0xdf, 0xd0, 0xf3, 0xc9, 0xa8, 0x0a, 0x84, 0x13, 0x93, 0x9e, 0x66, 0x29, -+ 0xc1, 0x33, 0xea, 0x79, 0x06, 0x93, 0x30, 0x43, 0x82, 0x97, 0x55, 0x31, -+ 0x2a, 0xe6, 0x4d, 0x77, 0x16, 0x10, 0x11, 0x8a, 0x7d, 0x2e, 0x14, 0xa0, -+ 0xf0, 0xc4, 0xc1, 0x8c, 0xe0, 0x9b, 0x46, 0x52, 0x48, 0xfb, 0x20, 0x1b, -+ 0xb8, 0x15, 0x06, 0xc1, 0x5d, 0xab, 0x37, 0x11, 0x9a, 0x5c, 0xb7, 0x19, -+}; -+ -+/* q=(p-1)/2 for prime prime_safe_8192 */ -+static const unsigned char sub2_prime_safe_8192[] = { -+ 0x4d, 0xd3, 0xcd, 0xd1, 0x43, 0x2a, 0x73, 0xcc, 0x88, 0xad, 0x9a, 0xc0, -+ 0xea, 0xbd, 0x45, 0x37, 0x26, 0xa6, 0xb0, 0xae, 0xe9, 0xe7, 0x86, 0x32, -+ 0xbf, 0x6d, 0x6c, 0x67, 0x14, 0x56, 0x50, 0x1c, 0x40, 0xf7, 0x50, 0x8a, -+ 0x12, 0x90, 0xb3, 0xb3, 0x1d, 0x36, 0x07, 0xc0, 0x1e, 0xc4, 0xbc, 0xff, -+ 0x38, 0xa1, 0xab, 0xe1, 0xd4, 0xaa, 0x0f, 0x10, 0x45, 0x77, 0x07, 0xd3, -+ 0x45, 0xc4, 0x40, 0x9e, 0xf4, 0x2e, 0x20, 0x23, 0x82, 0xef, 0xec, 0x36, -+ 0xcc, 0x32, 0x8b, 0x54, 0xfc, 0xe2, 0x46, 0x01, 0x5d, 0x57, 0x35, 0x9b, -+ 0x3b, 0x64, 0xfd, 0x47, 0x68, 0x6b, 0xcd, 0x1e, 0x65, 0xe8, 0xa2, 0x04, -+ 0xeb, 0xa7, 0x94, 0x28, 0xca, 0x49, 0x2d, 0x81, 0x59, 0x5e, 0xbc, 0x69, -+ 0xe1, 0x3b, 0x01, 0x8a, 0x8b, 0x85, 0xaa, 0x84, 0x01, 0x21, 0x4f, 0x13, -+ 0x2b, 0x19, 0xb9, 0x73, 0x5e, 0x87, 0x7c, 0x9e, 0x96, 0x59, 0xc5, 0x26, -+ 0x33, 0x8b, 0xfe, 0xf4, 0x81, 0xd6, 0xc6, 0x1a, 0x42, 0x72, 0xc1, 0xef, -+ 0xce, 0x02, 0x49, 0x81, 0x93, 0x0c, 0xe0, 0xf8, 0x92, 0x34, 0x7b, 0x2a, -+ 0x4b, 0x67, 0x1c, 0x28, 0xde, 0xb6, 0x1e, 0xce, 0x06, 0x6c, 0x37, 0x09, -+ 0xa6, 0x45, 0xfb, 0x1a, 0x57, 0x6c, 0x42, 0x8e, 0x8e, 0xc7, 0x61, 0x56, -+ 0xd5, 0xd1, 0x62, 0xa0, 0x3b, 0x3f, 0x97, 0x97, 0x1c, 0x7a, 0x35, 0x1c, -+ 0x99, 0x9e, 0x8b, 0xe7, 0x0f, 0xf4, 0xe1, 0xc6, 0xcf, 0x72, 0xdf, 0x6b, -+ 0x56, 0xcd, 0x11, 0xec, 0x03, 0x79, 0xbe, 0x1c, 0xea, 0xd7, 0x2b, 0xdb, -+ 0x72, 0xe1, 0xcd, 0x45, 0x46, 0x37, 0x69, 0xe0, 0x8d, 0x32, 0x09, 0x00, -+ 0x0c, 0x29, 0xe5, 0x19, 0x44, 0x47, 0x60, 0x2f, 0x96, 0xd9, 0x1e, 0x8a, -+ 0x0d, 0xac, 0x2e, 0x10, 0x74, 0x29, 0x72, 0x94, 0x20, 0xde, 0x4f, 0x04, -+ 0x14, 0xd5, 0xd2, 0xa1, 0xcc, 0x87, 0x6b, 0x95, 0x5c, 0xdc, 0x32, 0x4e, -+ 0xc1, 0xf1, 0x8d, 0x13, 0x2c, 0xb2, 0xf9, 0x06, 0x64, 0xe2, 0xc7, 0x86, -+ 0xe7, 0xd0, 0x8c, 0x7e, 0x45, 0xbb, 0xf4, 0xf0, 0x8c, 0xbd, 0x81, 0xea, -+ 0x1b, 0xc6, 0xae, 0x9b, 0x95, 0xd6, 0xac, 0x2f, 0x39, 0xb9, 0x67, 0x42, -+ 0x72, 0xe4, 0xba, 0x8e, 0xf9, 0xac, 0x21, 0x3b, 0xff, 0x29, 0xd0, 0x61, -+ 0x33, 0x10, 0xd7, 0xf1, 0x30, 0xe9, 0x42, 0x59, 0x81, 0xa6, 0xec, 0x3e, -+ 0xc2, 0xf0, 0xd4, 0x50, 0x24, 0x2e, 0x8d, 0x54, 0xd6, 0x60, 0xb4, 0x92, -+ 0x63, 0x7d, 0x5a, 0x91, 0x1f, 0x51, 0xc6, 0x9a, 0x94, 0xe7, 0xcd, 0x72, -+ 0xc2, 0x1d, 0x85, 0x93, 0x9b, 0x3f, 0x4e, 0xd3, 0x58, 0x22, 0xb0, 0x21, -+ 0x0f, 0x25, 0x92, 0x68, 0x9b, 0x45, 0xb8, 0x68, 0xca, 0xaa, 0x0a, 0x5c, -+ 0xa3, 0x9e, 0xc6, 0xf2, 0x2f, 0xc0, 0x8d, 0x10, 0x8b, 0x8b, 0xdf, 0xc9, -+ 0x11, 0x26, 0x3b, 0x98, 0x6e, 0x4e, 0x42, 0x73, 0x34, 0x66, 0x6b, 0x08, -+ 0x82, 0x7f, 0xb8, 0xc3, 0x59, 0xd4, 0xcd, 0x89, 0xca, 0x9a, 0xfe, 0xb4, -+ 0x14, 0x4d, 0xb7, 0xae, 0x7b, 0xb3, 0x54, 0x37, 0xc4, 0x87, 0xc9, 0x6f, -+ 0xa9, 0x12, 0x1f, 0xed, 0x97, 0xa0, 0x09, 0x19, 0x52, 0x7f, 0x97, 0x25, -+ 0xdc, 0x50, 0x73, 0xe4, 0xe5, 0xcc, 0x09, 0xfc, 0xe9, 0x7d, 0x41, 0x34, -+ 0x59, 0x47, 0xe9, 0x8b, 0xc6, 0x49, 0xfa, 0xc0, 0x72, 0x2d, 0x19, 0x8d, -+ 0xb5, 0x6c, 0x5f, 0x9b, 0xd3, 0xf0, 0xb1, 0x8e, 0xb5, 0x61, 0xfd, 0x50, -+ 0x97, 0xe0, 0xb9, 0x2a, 0xea, 0xf1, 0x33, 0x9d, 0xb5, 0x9d, 0x54, 0x58, -+ 0x2a, 0x02, 0x0e, 0xdd, 0xe0, 0xf2, 0x9d, 0x29, 0x58, 0xb3, 0x85, 0x89, -+ 0x1f, 0x66, 0xd4, 0xcd, 0x07, 0x5d, 0xd1, 0xba, 0xb6, 0xb7, 0xbb, 0xba, -+ 0x32, 0x71, 0x8b, 0x46, 0x52, 0xdd, 0x76, 0x28, 0xb9, 0xe7, 0x25, 0xf3, -+ 0x37, 0x9e, 0x8a, 0xab, 0x21, 0xf0, 0x8b, 0xbb, 0xb3, 0x55, 0xee, 0x4e, -+ 0xcd, 0x88, 0x2e, 0xe2, 0x74, 0x8f, 0x55, 0x16, 0x8a, 0xdd, 0xe2, 0x04, -+ 0xa3, 0x18, 0x70, 0xdc, 0x49, 0x4a, 0x2f, 0xdb, 0xf3, 0xbf, 0x4b, 0xa1, -+ 0xe0, 0x24, 0x2d, 0xd7, 0xf5, 0x3a, 0x57, 0x46, 0x3c, 0xb5, 0xb3, 0x41, -+ 0xb1, 0x44, 0x0b, 0xd2, 0x2b, 0x2e, 0xac, 0x7d, 0xb6, 0x1c, 0x2b, 0xa6, -+ 0xf7, 0xeb, 0x9b, 0x22, 0x1c, 0xad, 0xd5, 0xca, 0x72, 0x04, 0x18, 0x69, -+ 0x96, 0x2c, 0xd0, 0x19, 0x71, 0x38, 0xcc, 0xf6, 0x33, 0x2f, 0x7b, 0xf1, -+ 0x4e, 0x0c, 0xb4, 0xb9, 0x37, 0xed, 0x9f, 0x66, 0x0c, 0xad, 0x7e, 0xd6, -+ 0xeb, 0x37, 0x4e, 0x83, 0xe0, 0x32, 0x80, 0xba, 0xee, 0x9b, 0x8d, 0xce, -+ 0x2f, 0x49, 0x99, 0x7c, 0x3f, 0x32, 0xea, 0xda, 0x8a, 0x9a, 0xd6, 0x82, -+ 0xda, 0xe9, 0x12, 0xe3, 0xb8, 0xad, 0x72, 0x5b, 0xac, 0x35, 0x61, 0xad, -+ 0x6c, 0xea, 0x77, 0x19, 0x5a, 0x85, 0xad, 0x95, 0x66, 0xc0, 0x67, 0x6a, -+ 0x16, 0xe4, 0x84, 0xca, 0x7a, 0xf9, 0x3e, 0x57, 0xdd, 0x2d, 0x69, 0xee, -+ 0x66, 0xeb, 0xfb, 0xf5, 0x21, 0x71, 0x61, 0x1a, 0x10, 0xdc, 0x8a, 0x92, -+ 0x74, 0x19, 0x35, 0xb7, 0xd8, 0x76, 0xbb, 0x2f, 0x22, 0xdf, 0x81, 0x51, -+ 0x5c, 0x1e, 0x52, 0xfa, 0xba, 0x71, 0x8c, 0x44, 0x90, 0xa7, 0x53, 0x04, -+ 0x51, 0xd2, 0xc9, 0xb4, 0xa4, 0x4b, 0x5e, 0xa3, 0xe9, 0xf5, 0xb3, 0x94, -+ 0xd4, 0x5d, 0xdf, 0x3c, 0x02, 0xfd, 0x23, 0x44, 0xa7, 0x06, 0x71, 0x36, -+ 0x5d, 0xf2, 0xfc, 0x5d, 0x72, 0xae, 0x94, 0xf3, 0xee, 0xb8, 0xbf, 0x4a, -+ 0x6b, 0xab, 0x06, 0x1e, 0x6f, 0x2f, 0xde, 0x6e, 0x07, 0xc7, 0x6b, 0x37, -+ 0x85, 0x03, 0xdc, 0x03, 0x92, 0x31, 0x26, 0x76, 0xa2, 0xa7, 0x86, 0xcf, -+ 0x97, 0x41, 0xb5, 0x75, 0xde, 0x7f, 0xd4, 0xf9, 0x39, 0xd9, 0xad, 0xd5, -+ 0x56, 0x76, 0xd6, 0x44, 0x51, 0x06, 0xc6, 0xc7, 0xda, 0x7b, 0xb9, 0x8f, -+ 0x60, 0x17, 0x69, 0xa2, 0x8a, 0xa5, 0xa5, 0x73, 0xea, 0x77, 0xd8, 0xe3, -+ 0x69, 0xc7, 0xfc, 0x12, 0x09, 0x19, 0x9f, 0x47, 0x4a, 0xde, 0x40, 0xda, -+ 0x6a, 0x68, 0x89, 0xde, 0x3f, 0x12, 0xda, 0x2d, 0xff, 0x8a, 0xdd, 0x7c, -+ 0x4d, 0x76, 0x3c, 0x72, 0x31, 0xe3, 0x93, 0x6a, 0xc4, 0x9e, 0xb1, 0xad, -+ 0xbe, 0x43, 0x31, 0x9a, 0x03, 0x14, 0x11, 0x84, 0x7f, 0xb6, 0xde, 0xf0, -+ 0x3a, 0xd9, 0xb8, 0x89, 0x13, 0x31, 0xe5, 0x49, 0x9b, 0x43, 0x75, 0xfb, -+ 0xa4, 0x68, 0xcb, 0x7a, 0x01, 0x1f, 0x2e, 0xb4, 0xba, 0xaf, 0x4a, 0xf7, -+ 0x19, 0x5c, 0xdd, 0x2a, 0xe2, 0xa1, 0x3a, 0x00, 0x70, 0x87, 0x8b, 0x02, -+ 0xb1, 0x1e, 0x2c, 0x65, 0xf0, 0x6a, 0x54, 0xf2, 0x8d, 0x1d, 0xc2, 0x3f, -+ 0x0c, 0xc3, 0xd6, 0xb3, 0xe6, 0xcd, 0xcb, 0xd8, 0x19, 0x6b, 0xdc, 0x0f, -+ 0x4b, 0x34, 0xba, 0x87, 0xb0, 0xb4, 0xd9, 0xe4, 0xe7, 0x39, 0xbe, 0x2f, -+ 0xea, 0x84, 0x6f, 0xea, 0x03, 0xba, 0xb0, 0x6b, 0xa8, 0x29, 0x73, 0xae, -+ 0x37, 0x82, 0x2c, 0xb2, 0xde, 0xb8, 0x4c, 0x8a, 0xfc, 0xde, 0x1a, 0x3c, -+ 0x35, 0x32, 0x56, 0x2f, 0x83, 0xe1, 0x44, 0xc4, 0x7f, 0x08, 0xbd, 0x7b, -+ 0x9e, 0xdf, 0x41, 0xff, 0xf5, 0x8e, 0xa9, 0x5f, 0x6a, 0x04, 0xb8, 0x87, -+ 0xbe, 0x4a, 0x8c, 0xf9, 0x25, 0xfa, 0xa2, 0x31, 0xf9, 0x76, 0x1f, 0xfc, -+ 0xf2, 0x7d, 0xdf, 0x12, 0x59, 0x0c, 0x29, 0xe7, 0x0b, 0x20, 0x0f, 0x13, -+ 0xb1, 0x4c, 0xc9, 0xe4, 0xa4, 0xc7, 0xcc, 0x06, 0xec, 0x39, 0xb2, 0xcc, -+ 0xd6, 0x7f, 0xff, 0x11, 0x35, 0x68, 0xfd, 0xd0, 0xf2, 0x73, 0xd5, 0x9e, -+ 0x39, 0x08, 0x56, 0x39, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_1024 */ -+static const unsigned char sub2_prime_weak_1024[] = { -+ 0x72, 0x41, 0x04, 0xa5, 0x35, 0xdf, 0x4d, 0xa8, 0x88, 0xd0, 0x3a, 0x12, -+ 0xff, 0xa8, 0x0e, 0x05, 0x6b, 0x68, 0x5e, 0x69, 0x92, 0x44, 0xba, 0xba, -+ 0x59, 0xeb, 0x35, 0xfa, 0x63, 0xaf, 0xb5, 0x76, 0x0f, 0x1d, 0x10, 0x01, -+ 0x0b, 0x3a, 0xe6, 0x22, 0x25, 0x5f, 0xad, 0xac, 0x56, 0xff, 0x58, 0x0c, -+ 0x35, 0x1c, 0x45, 0xe5, 0xed, 0xe8, 0xbb, 0xa1, 0x71, 0xd1, 0xc3, 0xc5, -+ 0x4c, 0x97, 0x08, 0xec, 0x64, 0x81, 0x42, 0x0e, 0xe9, 0x33, 0x94, 0x5e, -+ 0xc7, 0xfd, 0xab, 0x79, 0x31, 0xc5, 0x16, 0x3e, 0x1c, 0x77, 0xd1, 0x06, -+ 0x35, 0x1b, 0x68, 0x4c, 0x89, 0xa3, 0xa4, 0x20, 0x72, 0xe6, 0xed, 0x82, -+ 0x26, 0x51, 0x09, 0x1f, 0x8d, 0x4d, 0xcd, 0x07, 0x5c, 0x34, 0x3e, 0x80, -+ 0xde, 0x0b, 0x37, 0xa8, 0xb2, 0x0e, 0xd5, 0x90, 0xba, 0xa4, 0x89, 0x1b, -+ 0x56, 0x32, 0xc5, 0xfc, 0x43, 0xec, 0xd7, 0xe8, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_2048 */ -+static const unsigned char sub2_prime_weak_2048[] = { -+ 0x5a, 0x84, 0x41, 0xb5, 0x11, 0x1c, 0xef, 0x81, 0x7f, 0x39, 0xb5, 0xfd, -+ 0x86, 0xa7, 0x56, 0xa5, 0x87, 0xfe, 0xd9, 0x13, 0xf3, 0xe9, 0x1a, 0xea, -+ 0x41, 0xf9, 0x5e, 0x14, 0xff, 0xa8, 0x7b, 0xb5, 0xdb, 0xca, 0x1c, 0x7f, -+ 0xee, 0x3c, 0xb3, 0xcd, 0x40, 0x45, 0xe1, 0x10, 0x27, 0x29, 0x81, 0x15, -+ 0x03, 0xf6, 0x54, 0xde, 0x91, 0x68, 0xdd, 0x1a, 0x98, 0x88, 0x10, 0xdb, -+ 0x27, 0xf0, 0xca, 0x05, 0xd8, 0x59, 0x9b, 0x90, 0x06, 0xb5, 0x6a, 0x48, -+ 0xae, 0x42, 0xf4, 0xd7, 0x45, 0x79, 0x4a, 0x73, 0xa2, 0x7a, 0xe6, 0x02, -+ 0x41, 0x2b, 0xc0, 0x90, 0xc1, 0x8c, 0x24, 0x16, 0xf1, 0x8e, 0x50, 0xbf, -+ 0xf7, 0x08, 0x5c, 0xf4, 0x20, 0x7e, 0x6d, 0x21, 0xbe, 0x8c, 0x72, 0x34, -+ 0x4f, 0xf6, 0xaf, 0x61, 0x8f, 0xc0, 0x77, 0xae, 0x12, 0x2f, 0x34, 0x56, -+ 0x4c, 0xce, 0x3a, 0x4b, 0x2d, 0xd9, 0xf3, 0xd9, 0x32, 0xbc, 0x7d, 0x9e, -+ 0x08, 0x80, 0x02, 0x25, 0xcc, 0x07, 0x45, 0x3d, 0x9c, 0x04, 0x1a, 0x5c, -+ 0xb6, 0x84, 0x32, 0x8b, 0xc8, 0xa4, 0xb1, 0x23, 0xb2, 0x55, 0xe3, 0x68, -+ 0x79, 0x67, 0xc4, 0x83, 0xf5, 0xd1, 0xae, 0xf9, 0xd1, 0x7d, 0xee, 0xbd, -+ 0x9f, 0x3f, 0x51, 0x6b, 0x8d, 0x21, 0x56, 0xba, 0x5e, 0xdd, 0xe7, 0x90, -+ 0xc8, 0xe9, 0x35, 0x8e, 0xce, 0xd4, 0x02, 0xc4, 0x27, 0xd8, 0xa2, 0xd1, -+ 0x43, 0x48, 0x09, 0x7e, 0xe5, 0x92, 0xf0, 0x89, 0x04, 0x23, 0x8e, 0xc1, -+ 0x96, 0x8a, 0x21, 0x10, 0x04, 0x18, 0xaa, 0x16, 0x4d, 0xa4, 0xfb, 0x5b, -+ 0x16, 0x92, 0xf5, 0x14, 0x5f, 0x89, 0x95, 0xe9, 0xa2, 0xc6, 0x81, 0x4f, -+ 0xd2, 0xd5, 0x75, 0xe0, 0x24, 0x68, 0x83, 0x73, 0x0f, 0x50, 0x1f, 0x02, -+ 0x10, 0x3c, 0xbe, 0x68, 0xe8, 0x56, 0x30, 0xc4, 0xb6, 0x1d, 0xc4, 0x51, -+ 0xaa, 0x36, 0x40, 0x2c, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_3072 */ -+static const unsigned char sub2_prime_weak_3072[] = { -+ 0x4a, 0x19, 0x63, 0xa3, 0xa8, 0xd1, 0x81, 0xcd, 0xf9, 0x28, 0xae, 0x34, -+ 0xd7, 0x82, 0x9e, 0x3b, 0x31, 0x51, 0x76, 0x2d, 0x66, 0x6f, 0xc0, 0x79, -+ 0x96, 0xe7, 0x52, 0xd2, 0xcf, 0x16, 0xd5, 0xaf, 0xc8, 0xde, 0xc9, 0xb0, -+ 0xeb, 0xbd, 0xb8, 0xb7, 0xf9, 0xc9, 0x5f, 0xd4, 0x7e, 0x66, 0x80, 0x7a, -+ 0xa4, 0x84, 0x00, 0x46, 0x69, 0x7f, 0x25, 0x6c, 0x15, 0xb7, 0x21, 0x60, -+ 0x6c, 0x51, 0x45, 0x95, 0x8c, 0x01, 0x56, 0xf4, 0x27, 0x22, 0x04, 0x93, -+ 0x50, 0xd0, 0xe5, 0x4c, 0xf1, 0xec, 0xcd, 0x43, 0x9e, 0x41, 0xb5, 0x0d, -+ 0x3d, 0xb0, 0x5d, 0x3c, 0x06, 0x3c, 0xa8, 0x0f, 0xef, 0x20, 0x0a, 0x2c, -+ 0x0c, 0x54, 0x95, 0xba, 0x08, 0xda, 0x32, 0xff, 0x4e, 0x81, 0xd2, 0x77, -+ 0xef, 0xba, 0x47, 0x66, 0xbd, 0xea, 0x79, 0x94, 0x3a, 0xd9, 0x18, 0xf7, -+ 0xcc, 0xb2, 0xe5, 0xad, 0x3b, 0xe5, 0x51, 0x12, 0x94, 0x57, 0x7d, 0x4f, -+ 0xf5, 0xed, 0x66, 0x1a, 0x3d, 0x90, 0xeb, 0xed, 0xaa, 0x20, 0x73, 0x17, -+ 0xed, 0xe0, 0x67, 0x6e, 0x72, 0xe4, 0x93, 0xcb, 0xcc, 0xce, 0x01, 0x27, -+ 0x92, 0x44, 0x49, 0xef, 0xd4, 0xe3, 0x9f, 0x08, 0x64, 0x55, 0x35, 0x67, -+ 0x6d, 0x23, 0x4a, 0x46, 0x56, 0x8f, 0x78, 0xe5, 0xe9, 0xe6, 0xa1, 0xa2, -+ 0x5a, 0x10, 0x48, 0xcf, 0x7b, 0x68, 0x81, 0xf7, 0xe1, 0x02, 0x7b, 0x83, -+ 0xed, 0xd6, 0x51, 0x14, 0x46, 0x3e, 0x8e, 0xae, 0x96, 0x2d, 0x7e, 0x13, -+ 0x2d, 0x85, 0xac, 0x5c, 0xcd, 0x23, 0xf4, 0xd0, 0x6f, 0xd2, 0xad, 0x79, -+ 0xf2, 0xeb, 0x75, 0xb4, 0xda, 0xa7, 0x5e, 0x38, 0xe0, 0x6b, 0x4d, 0xdc, -+ 0x20, 0x1d, 0xe2, 0xb9, 0x2e, 0xa6, 0x8d, 0x8b, 0x9e, 0x9b, 0x52, 0x58, -+ 0x8a, 0xd3, 0xcd, 0x39, 0x75, 0xf9, 0x4f, 0x20, 0x68, 0xde, 0x1a, 0xe3, -+ 0xe8, 0x8d, 0x47, 0x8e, 0x15, 0xaf, 0x6c, 0x59, 0x9d, 0xa2, 0x57, 0x7a, -+ 0xc0, 0xe8, 0x45, 0x1b, 0xd5, 0xdd, 0x11, 0x5e, 0x16, 0xc4, 0x17, 0x92, -+ 0x5d, 0xd8, 0x0d, 0x54, 0xaf, 0x83, 0x88, 0x36, 0xe3, 0x5d, 0x9e, 0x51, -+ 0x33, 0x7c, 0xdc, 0xca, 0xeb, 0x2f, 0x46, 0x67, 0x02, 0x6e, 0x59, 0xa6, -+ 0x5e, 0x74, 0xe2, 0xe5, 0x8c, 0xcb, 0xf1, 0x50, 0x84, 0x9c, 0x6b, 0xc1, -+ 0x53, 0x5f, 0xe4, 0x8a, 0x92, 0xf8, 0x96, 0x3b, 0xfe, 0x5e, 0xfd, 0x3f, -+ 0xc9, 0x7f, 0x6b, 0x18, 0x81, 0x91, 0x96, 0x8b, 0x97, 0xa8, 0xcf, 0x2e, -+ 0x58, 0xb4, 0x60, 0x1f, 0xa1, 0x4c, 0x80, 0x2a, 0x99, 0xb4, 0x6b, 0xf7, -+ 0x28, 0xbe, 0x9f, 0x01, 0xa7, 0x81, 0x2f, 0x93, 0xee, 0x8b, 0x8c, 0x36, -+ 0x0f, 0x4e, 0xc8, 0xb2, 0xfc, 0x6b, 0xd3, 0x4f, 0xd0, 0xdd, 0x54, 0x3b, -+ 0x72, 0x6c, 0x7a, 0x2c, 0xc8, 0x0b, 0x33, 0xc4, 0x61, 0x54, 0xf2, 0x16, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_4096 */ -+static const unsigned char sub2_prime_weak_4096[] = { -+ 0x7f, 0xa8, 0x69, 0xe6, 0x44, 0x8b, 0xaf, 0x5b, 0x7c, 0x51, 0xd8, 0x71, -+ 0x7c, 0xcf, 0x8b, 0xd0, 0xc9, 0x2b, 0x0a, 0x89, 0x89, 0x4f, 0x8c, 0x6e, -+ 0x03, 0x80, 0x61, 0x24, 0xe4, 0xec, 0xea, 0x05, 0x71, 0xeb, 0xfb, 0x30, -+ 0x10, 0xd4, 0xbd, 0xe0, 0x07, 0x87, 0x57, 0x1f, 0x3b, 0xbb, 0xa4, 0x6c, -+ 0x7e, 0xa1, 0x76, 0x5a, 0xd7, 0x00, 0x55, 0xe7, 0x68, 0x88, 0xe5, 0x69, -+ 0x32, 0x2d, 0x51, 0xb5, 0xdd, 0x68, 0xc9, 0xf5, 0x6d, 0x69, 0x50, 0x30, -+ 0x1c, 0x85, 0x9a, 0x27, 0x86, 0x78, 0xd8, 0x29, 0x3a, 0xa8, 0x9e, 0x94, -+ 0x01, 0x5a, 0xde, 0xa1, 0x4c, 0x10, 0x53, 0xa1, 0x5c, 0x90, 0xcd, 0x57, -+ 0x5b, 0x20, 0xbd, 0xb8, 0x71, 0xec, 0xd7, 0xc0, 0x8d, 0x60, 0x9c, 0xce, -+ 0x29, 0x2b, 0x65, 0x86, 0xb5, 0x33, 0xb7, 0x9e, 0x89, 0x3b, 0x39, 0xa9, -+ 0xca, 0x96, 0xe0, 0x82, 0x6d, 0xc1, 0xf2, 0x68, 0x5f, 0x16, 0xd3, 0x3d, -+ 0x07, 0xc0, 0x0d, 0xe8, 0x0b, 0x0a, 0x1d, 0x70, 0x24, 0x7d, 0x7a, 0xa2, -+ 0x54, 0x70, 0x5f, 0xcc, 0x70, 0xab, 0x75, 0x3b, 0x5b, 0x71, 0x51, 0xad, -+ 0x8a, 0xbc, 0x88, 0x58, 0x20, 0xee, 0x14, 0x87, 0x8f, 0x1b, 0xb4, 0xe6, -+ 0x89, 0xdf, 0x16, 0xf0, 0x39, 0x9c, 0x34, 0x76, 0xa8, 0x35, 0x68, 0x7d, -+ 0xe5, 0x8b, 0x9d, 0x2c, 0xfd, 0xf6, 0x5d, 0x3a, 0xdb, 0x27, 0x17, 0xb7, -+ 0x4b, 0xcc, 0x07, 0x3c, 0x92, 0xee, 0xec, 0x7a, 0x9a, 0x5a, 0x50, 0x3f, -+ 0x5d, 0x34, 0x3e, 0x27, 0xfd, 0xf0, 0x4b, 0xa3, 0x28, 0x0f, 0x25, 0x2c, -+ 0xce, 0x6e, 0x1a, 0x71, 0x15, 0x5a, 0xe4, 0x2c, 0x4a, 0x24, 0x4f, 0xdc, -+ 0x1b, 0x65, 0xe7, 0x1b, 0x58, 0xbe, 0x72, 0xc6, 0xad, 0xa1, 0xeb, 0xc4, -+ 0x6f, 0xd7, 0x68, 0x64, 0xa1, 0x2f, 0x85, 0x71, 0xb1, 0x88, 0xe2, 0x86, -+ 0x40, 0x2a, 0xac, 0x6b, 0xf9, 0x28, 0xb7, 0x59, 0xbf, 0x4e, 0x8e, 0x61, -+ 0xb0, 0xac, 0xae, 0x23, 0xea, 0x4c, 0xe0, 0x33, 0xfd, 0xd9, 0x6b, 0x08, -+ 0xed, 0x49, 0x2d, 0xb5, 0xe9, 0x38, 0x5b, 0xb4, 0xb9, 0x73, 0x83, 0x6e, -+ 0xa0, 0x56, 0x40, 0xa8, 0x8e, 0xa9, 0x3d, 0x22, 0x9c, 0x44, 0x93, 0x96, -+ 0x62, 0x25, 0xbf, 0x2f, 0x3c, 0xf7, 0xc2, 0x35, 0x12, 0x26, 0xce, 0x4f, -+ 0x65, 0x3a, 0xae, 0x03, 0x36, 0xe8, 0x29, 0x74, 0xed, 0x4f, 0xa3, 0x5b, -+ 0x31, 0x0e, 0xd9, 0xec, 0xf9, 0x3e, 0xeb, 0x61, 0x3d, 0x24, 0xbe, 0x6e, -+ 0xcd, 0xd5, 0x61, 0xc2, 0x05, 0x84, 0x19, 0xdc, 0x40, 0x61, 0x89, 0x47, -+ 0xd6, 0xd6, 0x07, 0xbf, 0xd7, 0xac, 0xb0, 0x86, 0xcc, 0x60, 0xfc, 0xb4, -+ 0x61, 0x8d, 0x88, 0x04, 0x62, 0x19, 0x9e, 0x52, 0x71, 0x6a, 0xf5, 0xb8, -+ 0xae, 0x8c, 0xbf, 0x02, 0xe5, 0x4d, 0x7a, 0xdd, 0xb8, 0xaa, 0xc1, 0xce, -+ 0x12, 0xa8, 0x1a, 0xbf, 0x96, 0xf5, 0xf9, 0x06, 0xf6, 0x9e, 0x5c, 0x38, -+ 0xde, 0x84, 0x7a, 0xc4, 0xbf, 0x2f, 0x1c, 0x20, 0x6b, 0xf6, 0xbb, 0xc6, -+ 0xbd, 0x76, 0x95, 0x4f, 0xfe, 0x00, 0xfa, 0x71, 0x67, 0xed, 0x46, 0x51, -+ 0xab, 0xee, 0x0a, 0x6b, 0x50, 0xec, 0xcb, 0xdc, 0xf3, 0x7e, 0x24, 0x3a, -+ 0xa1, 0xde, 0x9d, 0xc8, 0x8b, 0x9e, 0x19, 0xe5, 0x67, 0x14, 0x84, 0x8d, -+ 0xf4, 0x4e, 0xdb, 0x3a, 0x02, 0xaf, 0x17, 0x52, 0x8e, 0xbf, 0x9d, 0x54, -+ 0x96, 0x7b, 0x26, 0xa0, 0xc8, 0x5e, 0x2b, 0x0c, 0x29, 0x01, 0x48, 0x77, -+ 0xb8, 0xff, 0x9f, 0x06, 0x7c, 0x00, 0x02, 0x03, 0xea, 0x90, 0x13, 0x6e, -+ 0xae, 0x58, 0x9b, 0x81, 0x90, 0x06, 0x5a, 0x5b, 0x1c, 0xa4, 0xa4, 0xd5, -+ 0x73, 0xcc, 0x00, 0xd1, 0x17, 0x05, 0x19, 0xc1, 0x4f, 0x5c, 0x92, 0x5b, -+ 0xc0, 0x6f, 0xe9, 0xef, 0x82, 0x72, 0x28, 0x4e, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_6144 */ -+static const unsigned char sub2_prime_weak_6144[] = { -+ 0x51, 0x12, 0x4b, 0x5b, 0x10, 0xb4, 0x6a, 0xbf, 0x16, 0x30, 0x26, 0xe4, -+ 0x40, 0xac, 0xce, 0x0e, 0x38, 0x76, 0x12, 0x14, 0x5b, 0x29, 0x1b, 0x04, -+ 0xc3, 0xd5, 0x60, 0xad, 0xf2, 0xd3, 0x1f, 0x44, 0x2a, 0x02, 0xf1, 0x84, -+ 0x84, 0xe5, 0x36, 0xcd, 0xe2, 0x46, 0x93, 0x57, 0xeb, 0xf7, 0x4f, 0x86, -+ 0xde, 0xa2, 0x47, 0x7f, 0x66, 0xf9, 0x73, 0x6f, 0x56, 0x79, 0x01, 0x1b, -+ 0xee, 0x1a, 0xe1, 0x67, 0x66, 0xaf, 0xe2, 0xc3, 0x87, 0xcc, 0xd3, 0xed, -+ 0x87, 0x8d, 0x66, 0xbb, 0x55, 0x25, 0x52, 0x84, 0xb0, 0x30, 0x71, 0xac, -+ 0x72, 0x29, 0x03, 0x8d, 0xa1, 0x0b, 0x88, 0xa8, 0x15, 0xa0, 0x4a, 0xc6, -+ 0xa4, 0x50, 0x1a, 0x4a, 0x92, 0x9c, 0x67, 0x84, 0xca, 0x73, 0x2a, 0x83, -+ 0x45, 0x6f, 0x6e, 0x20, 0xa5, 0x6c, 0x8f, 0xc0, 0x41, 0x0e, 0xdc, 0x0f, -+ 0x42, 0x30, 0x6f, 0x76, 0xa7, 0xe0, 0x6c, 0x0e, 0xaa, 0x6d, 0x59, 0xf9, -+ 0x87, 0x2a, 0x1f, 0x8c, 0x44, 0x7f, 0x92, 0x98, 0xe3, 0x0b, 0x73, 0x38, -+ 0x7d, 0x62, 0x04, 0x7e, 0x00, 0x45, 0xfb, 0x4e, 0x94, 0xc5, 0x2c, 0xa4, -+ 0xf6, 0xae, 0x1a, 0x3d, 0x42, 0x3c, 0xa0, 0x60, 0xbf, 0x41, 0x0b, 0x9b, -+ 0x64, 0x4b, 0x5a, 0xe9, 0x7c, 0xed, 0xe0, 0x08, 0x4f, 0xfc, 0x4a, 0x9a, -+ 0xb7, 0xd8, 0x5c, 0xa4, 0x44, 0x6e, 0x78, 0x26, 0x98, 0x66, 0x8a, 0xfe, -+ 0x97, 0xdd, 0x0c, 0x66, 0x4a, 0x28, 0x1f, 0xff, 0x30, 0x1e, 0xbd, 0x23, -+ 0x77, 0xe2, 0x66, 0x8a, 0x70, 0x77, 0xcb, 0xc0, 0xd0, 0xca, 0xf1, 0xd2, -+ 0xc8, 0xcd, 0x7b, 0xcf, 0xbe, 0x7d, 0x06, 0x34, 0xdb, 0x6f, 0xed, 0xd7, -+ 0x98, 0xec, 0x54, 0x3b, 0xb5, 0x5d, 0x5d, 0x40, 0x7f, 0x9f, 0xaf, 0xc3, -+ 0x4f, 0xc0, 0x01, 0x8f, 0x68, 0x2f, 0x9b, 0xa8, 0x30, 0xfe, 0x01, 0xec, -+ 0x49, 0xd0, 0xbc, 0xb1, 0x7d, 0x49, 0x5c, 0x25, 0x33, 0x4c, 0xeb, 0xc2, -+ 0xc6, 0x87, 0x83, 0x81, 0x01, 0xc1, 0xc6, 0x10, 0x52, 0xce, 0x17, 0xfe, -+ 0x91, 0x2d, 0x78, 0x4a, 0x8f, 0x5f, 0x8b, 0xf8, 0x9d, 0x20, 0x3f, 0xe7, -+ 0x4a, 0x31, 0x2f, 0xac, 0x72, 0xf9, 0xcc, 0xc6, 0x1c, 0x47, 0x82, 0x88, -+ 0x34, 0x75, 0x20, 0xda, 0xe0, 0x37, 0xa7, 0xb1, 0xc3, 0x8e, 0xcc, 0x61, -+ 0x98, 0xb3, 0x0f, 0x4f, 0x96, 0x9e, 0x37, 0x4f, 0xd9, 0xe7, 0xc7, 0x3b, -+ 0xfa, 0x9e, 0x28, 0xad, 0x77, 0x41, 0x50, 0xe2, 0xa9, 0x90, 0x3a, 0xe8, -+ 0xd4, 0x01, 0x1b, 0xa1, 0x84, 0x0b, 0x02, 0x80, 0xf6, 0xf5, 0x78, 0xa9, -+ 0x2c, 0x10, 0x4a, 0x42, 0x82, 0x97, 0x24, 0x1f, 0xa3, 0xa4, 0xa7, 0x80, -+ 0xa2, 0x5e, 0x8f, 0x21, 0x75, 0x48, 0x48, 0x11, 0xcc, 0x82, 0xfe, 0x9b, -+ 0xa0, 0x86, 0x17, 0xe2, 0x10, 0x02, 0x4c, 0xf7, 0x07, 0xdd, 0xe1, 0x36, -+ 0x85, 0x3f, 0x92, 0x2d, 0x0b, 0xd2, 0x75, 0xce, 0x33, 0xff, 0x32, 0x06, -+ 0xf5, 0x5b, 0x90, 0x24, 0x20, 0x1d, 0x92, 0xf6, 0xa8, 0xae, 0x7e, 0x10, -+ 0x0c, 0x5b, 0x7e, 0x1f, 0x6d, 0xec, 0xd0, 0xde, 0xcf, 0x77, 0x65, 0xae, -+ 0x81, 0x7f, 0x3f, 0xa1, 0x4e, 0xe4, 0xe7, 0x7d, 0x70, 0xec, 0x79, 0x02, -+ 0xb3, 0x9a, 0xc4, 0x27, 0x6b, 0xb8, 0x4b, 0xb1, 0xda, 0x86, 0x30, 0x44, -+ 0xe0, 0x7f, 0x19, 0x6b, 0xd7, 0x25, 0xf8, 0x85, 0x57, 0x1e, 0x6f, 0x0c, -+ 0x4e, 0x0e, 0xe9, 0x6d, 0x79, 0x01, 0x46, 0xf8, 0x83, 0xeb, 0x2f, 0x5b, -+ 0xdd, 0x57, 0xc0, 0xcb, 0xf7, 0x70, 0x4e, 0xa8, 0xf9, 0x8e, 0xe0, 0xae, -+ 0xa1, 0xf1, 0x05, 0x86, 0x4e, 0x06, 0xba, 0x48, 0x90, 0x37, 0xb2, 0xf8, -+ 0xf9, 0x42, 0x01, 0x1c, 0x5a, 0xf2, 0x88, 0x10, 0xfe, 0x73, 0x61, 0xa5, -+ 0xb0, 0x24, 0xb5, 0x78, 0xea, 0xa8, 0x07, 0xb7, 0xc5, 0x8f, 0x40, 0x79, -+ 0xae, 0x94, 0xf7, 0x30, 0x55, 0x93, 0x52, 0xc6, 0x62, 0x26, 0x65, 0xd3, -+ 0x55, 0x71, 0xff, 0x68, 0xb3, 0xa4, 0x5a, 0x7d, 0x5f, 0xab, 0xff, 0x31, -+ 0x42, 0xd0, 0x56, 0x6e, 0x27, 0x38, 0x80, 0xe6, 0x09, 0x76, 0x40, 0x4a, -+ 0xaa, 0x6e, 0x0a, 0x4f, 0x10, 0x6d, 0x2d, 0x5e, 0xf7, 0x3b, 0x5f, 0x1c, -+ 0xe7, 0xde, 0xc5, 0x71, 0x87, 0x38, 0xc2, 0xf2, 0x1e, 0x31, 0x1d, 0xfc, -+ 0x37, 0x38, 0x6a, 0x6b, 0x17, 0x70, 0x2f, 0x08, 0xce, 0x99, 0xec, 0x98, -+ 0x7f, 0x9d, 0xe6, 0x15, 0x1c, 0xe2, 0x37, 0xfe, 0xe5, 0x44, 0x56, 0x94, -+ 0x51, 0x74, 0x54, 0x6b, 0xf3, 0x04, 0x06, 0xd7, 0xce, 0xec, 0x64, 0x20, -+ 0xb3, 0x42, 0x33, 0x43, 0x15, 0xc0, 0x9d, 0xb6, 0x63, 0x3b, 0x13, 0xb5, -+ 0x06, 0xcb, 0x07, 0x32, 0x9f, 0x6f, 0xfa, 0xb4, 0x02, 0x4e, 0x96, 0x93, -+ 0x45, 0xe5, 0x05, 0x3c, 0x95, 0x5a, 0x50, 0x59, 0x8c, 0x25, 0x75, 0x35, -+ 0x69, 0x0a, 0x66, 0xa3, 0xc2, 0xcf, 0xc3, 0x6b, 0xef, 0x55, 0x0f, 0x07, -+ 0x38, 0x89, 0xf6, 0x7f, 0x3e, 0x34, 0xdf, 0x91, 0x78, 0x30, 0xa8, 0x4b, -+ 0xbb, 0xe1, 0x15, 0x98, 0xc4, 0x88, 0xeb, 0x04, 0x58, 0xea, 0x67, 0x5d, -+ 0x50, 0x0b, 0x4e, 0x15, 0xc5, 0x9f, 0x0b, 0xec, 0x75, 0x70, 0xf8, 0x90, -+ 0x3f, 0x9f, 0x3b, 0x4f, 0x97, 0xa3, 0x61, 0xd7, 0xe2, 0x5d, 0x64, 0xb1, -+ 0xfb, 0xdd, 0xcc, 0x36, 0xb0, 0x0b, 0x02, 0x0a, 0x61, 0x76, 0x97, 0x61, -+ 0x80, 0x27, 0xc7, 0xce, 0xe3, 0x6c, 0xe6, 0xe0, 0xd5, 0xa7, 0x33, 0xf6, -+ 0xfc, 0x69, 0x31, 0x09, 0xfd, 0x08, 0x98, 0xdd, 0x84, 0x6e, 0xa7, 0x44, -+ 0xa5, 0x7f, 0x83, 0xc4, 0xda, 0xb6, 0x61, 0xff, 0x3b, 0x36, 0x88, 0x26, -+ 0x0f, 0x08, 0x2a, 0x91, 0x4a, 0xff, 0x04, 0xd2, 0xb7, 0x39, 0x86, 0x15, -+}; -+ -+/* q=(p-1)/2 for prime prime_weak_8192 */ -+static const unsigned char sub2_prime_weak_8192[] = { -+ 0x49, 0xef, 0xb6, 0x9b, 0xee, 0x15, 0x52, 0x55, 0xae, 0xee, 0x39, 0xa1, -+ 0x09, 0x0c, 0x47, 0x9c, 0xa3, 0xb9, 0xfa, 0x9f, 0x5e, 0x37, 0x06, 0x95, -+ 0x34, 0x2e, 0xa9, 0xa7, 0x91, 0x46, 0x54, 0x54, 0x25, 0x56, 0x35, 0x30, -+ 0x2a, 0x65, 0x0d, 0x3a, 0xed, 0x42, 0x81, 0x2f, 0x40, 0x5d, 0xcd, 0xad, -+ 0x3a, 0x4b, 0x34, 0xe1, 0x3e, 0x42, 0x0f, 0xbb, 0x06, 0xa9, 0xf2, 0x05, -+ 0x99, 0x79, 0xa5, 0xfb, 0x49, 0x2d, 0x96, 0x4c, 0x2e, 0xd4, 0xb0, 0x6e, -+ 0x0b, 0xad, 0xfd, 0xda, 0x87, 0x1c, 0x57, 0x31, 0x8b, 0x3c, 0xd2, 0x62, -+ 0xbb, 0x3a, 0x10, 0x4b, 0xad, 0xee, 0x54, 0xc4, 0x68, 0x8a, 0x23, 0x1f, -+ 0x0e, 0xf3, 0x65, 0x5a, 0x9c, 0x2b, 0xfe, 0xf5, 0xb3, 0x15, 0x7d, 0x46, -+ 0x18, 0x03, 0xf5, 0x5a, 0x5e, 0x3c, 0x99, 0x8a, 0x6f, 0xc7, 0x8e, 0xb0, -+ 0x23, 0xe3, 0x91, 0xec, 0xbf, 0xf1, 0x8e, 0x4a, 0x54, 0xdd, 0x96, 0x8d, -+ 0x9b, 0xb2, 0x10, 0x67, 0xb4, 0x29, 0x1c, 0xec, 0xb7, 0x91, 0xa8, 0x59, -+ 0x33, 0xe4, 0x23, 0xd5, 0x1c, 0xcb, 0x69, 0x7e, 0xcd, 0xce, 0x43, 0x38, -+ 0xec, 0x3e, 0x33, 0xda, 0xbd, 0x4e, 0xa7, 0xfc, 0x47, 0x9a, 0x32, 0x65, -+ 0xed, 0xc2, 0x88, 0xcb, 0xc3, 0x7b, 0xd0, 0x8c, 0x95, 0x08, 0x3d, 0x79, -+ 0x0a, 0x8d, 0x86, 0x37, 0x32, 0x78, 0x8c, 0x29, 0xfc, 0xcd, 0x6e, 0xbe, -+ 0x06, 0xbe, 0x1e, 0x9c, 0xce, 0x51, 0xe2, 0xfc, 0x34, 0x37, 0xda, 0x1a, -+ 0xfc, 0x0e, 0xdc, 0x64, 0x55, 0xf5, 0x2c, 0x79, 0xdd, 0xbc, 0x79, 0xf1, -+ 0x53, 0x0b, 0x59, 0xa5, 0x05, 0x2b, 0x2d, 0xa2, 0x56, 0x65, 0xb3, 0x2e, -+ 0xd1, 0xb1, 0x38, 0xc8, 0x82, 0xea, 0x4b, 0xb9, 0x19, 0xbb, 0xa1, 0x98, -+ 0x9a, 0xce, 0x21, 0xdc, 0x6a, 0xc2, 0xed, 0xc7, 0x14, 0x65, 0x94, 0xcc, -+ 0x5b, 0xff, 0x35, 0x7b, 0x04, 0x44, 0xc1, 0x7e, 0x73, 0x2e, 0xb1, 0x34, -+ 0x2a, 0xd6, 0x1d, 0xce, 0xc1, 0x66, 0x83, 0x08, 0x29, 0xc9, 0x8e, 0xb3, -+ 0x35, 0x67, 0x31, 0x96, 0x24, 0x9b, 0x79, 0x86, 0x8e, 0x1f, 0x92, 0x68, -+ 0x3f, 0xd9, 0x50, 0x67, 0xbb, 0x15, 0x0b, 0x51, 0x37, 0xb5, 0xfa, 0x7f, -+ 0x5a, 0xe5, 0x4c, 0xa2, 0x3e, 0x7e, 0x1d, 0xe0, 0xf2, 0x04, 0xfa, 0xbd, -+ 0xb6, 0xb6, 0x50, 0x8a, 0x88, 0x00, 0x26, 0x3a, 0xa6, 0x95, 0x40, 0x4a, -+ 0xc8, 0x4d, 0x0a, 0xaf, 0x3b, 0x94, 0x47, 0x41, 0xa0, 0x42, 0x8f, 0x96, -+ 0xb8, 0x0b, 0xd0, 0x58, 0x3e, 0xf2, 0xfd, 0x40, 0xa8, 0xdf, 0x5a, 0x0b, -+ 0x7b, 0x2a, 0x4f, 0x87, 0x51, 0xf1, 0x0f, 0x2f, 0x4d, 0x8e, 0x6d, 0x07, -+ 0x4f, 0xc9, 0xae, 0x7a, 0x21, 0xde, 0xce, 0x0f, 0x0b, 0x33, 0xda, 0xa1, -+ 0x4a, 0x38, 0x7c, 0x3c, 0x86, 0x16, 0xa4, 0x60, 0x92, 0x62, 0xe3, 0x54, -+ 0xb2, 0x06, 0x22, 0x76, 0x4c, 0xd7, 0x5a, 0xf3, 0xe0, 0x92, 0x45, 0x36, -+ 0x68, 0xd1, 0x5f, 0xa6, 0x35, 0x85, 0xf4, 0xf8, 0x4c, 0x1e, 0xe3, 0xce, -+ 0x70, 0xc6, 0x8d, 0x6f, 0x62, 0x22, 0x21, 0xe3, 0x5f, 0x9c, 0x31, 0x12, -+ 0xc8, 0xa1, 0x42, 0x00, 0x94, 0x65, 0xc0, 0x5e, 0x1c, 0xa6, 0x61, 0x9f, -+ 0xfb, 0x6f, 0xf0, 0xf3, 0x64, 0xbb, 0x9a, 0xab, 0x97, 0xc4, 0xce, 0xfd, -+ 0x57, 0x9b, 0xeb, 0x19, 0xb8, 0x9a, 0x7f, 0xa9, 0x14, 0x59, 0x9e, 0x4b, -+ 0x34, 0x08, 0x09, 0x64, 0xdf, 0x0c, 0x01, 0xe6, 0xf7, 0x93, 0x85, 0x68, -+ 0xe4, 0x87, 0x24, 0x80, 0x91, 0x39, 0xed, 0xaf, 0x88, 0xba, 0xb6, 0xf5, -+ 0x0b, 0x6d, 0x13, 0x3f, 0x9f, 0x3e, 0x65, 0xb1, 0x67, 0xe6, 0x46, 0xeb, -+ 0x75, 0x67, 0x13, 0x22, 0x52, 0x3a, 0x2a, 0x27, 0x15, 0x8a, 0xdd, 0x4e, -+ 0xd0, 0x9c, 0xf4, 0x7e, 0xf0, 0x14, 0xf8, 0x6b, 0xd5, 0x18, 0x35, 0xeb, -+ 0x8a, 0x1e, 0x50, 0x02, 0x5e, 0x76, 0xc1, 0x65, 0xe4, 0xed, 0xa7, 0x90, -+ 0x02, 0xb7, 0x22, 0xbc, 0xee, 0xad, 0x9e, 0xaf, 0x77, 0x78, 0xe1, 0xd5, -+ 0x59, 0xe9, 0x9d, 0x23, 0xd6, 0x71, 0x89, 0x50, 0xea, 0xfa, 0x12, 0x72, -+ 0xb6, 0x72, 0x4f, 0xda, 0x65, 0x4b, 0x24, 0xa8, 0x9b, 0x1d, 0xd2, 0x51, -+ 0x6b, 0x17, 0x21, 0x11, 0x99, 0x46, 0x64, 0x41, 0xf5, 0x0a, 0x68, 0x84, -+ 0x04, 0xc7, 0xed, 0xa6, 0x61, 0x00, 0x22, 0x03, 0x40, 0xea, 0x08, 0xae, -+ 0x95, 0x8f, 0x1b, 0xc0, 0x55, 0x5c, 0xc4, 0x7d, 0x55, 0xe9, 0x3b, 0x17, -+ 0x01, 0xdc, 0x1d, 0x85, 0xfe, 0x00, 0xcb, 0x71, 0xb1, 0x00, 0x38, 0x89, -+ 0xf4, 0x7d, 0xbc, 0x67, 0x1c, 0x83, 0x50, 0xa2, 0x6e, 0xb0, 0xb5, 0x2b, -+ 0x59, 0x66, 0xe5, 0xf6, 0x33, 0x92, 0x14, 0x3e, 0x9c, 0xc0, 0x1b, 0xe5, -+ 0xca, 0xa4, 0xcb, 0x74, 0x9f, 0xdb, 0xc4, 0xf5, 0x88, 0xbe, 0x1a, 0x24, -+ 0x9b, 0x16, 0x76, 0x41, 0x5b, 0x1e, 0x54, 0xcd, 0x69, 0xdc, 0x55, 0xdc, -+ 0x94, 0x17, 0xcb, 0xb8, 0x82, 0x54, 0x43, 0x15, 0xa1, 0xdb, 0x13, 0xa8, -+ 0xc5, 0x70, 0x51, 0xcc, 0x73, 0x99, 0x99, 0x7f, 0x0c, 0x5c, 0x9c, 0x4a, -+ 0xbc, 0x0b, 0xdf, 0x21, 0xd0, 0x04, 0x45, 0x82, 0xc6, 0xab, 0x6b, 0xa7, -+ 0x30, 0x80, 0x80, 0x02, 0x89, 0x36, 0x89, 0xca, 0xf5, 0x67, 0x6e, 0x5f, -+ 0xe2, 0x3a, 0x10, 0x44, 0x94, 0x02, 0xe9, 0x4b, 0xe1, 0x9a, 0x92, 0x36, -+ 0xa1, 0xee, 0xf1, 0x4f, 0x8a, 0xc0, 0x77, 0x6e, 0xe6, 0xc5, 0x44, 0x62, -+ 0xc9, 0x6d, 0x0e, 0xec, 0xe8, 0x5c, 0x7e, 0x8c, 0x66, 0x2c, 0x0d, 0xe5, -+ 0x1d, 0xe6, 0x4f, 0x66, 0xa9, 0xb0, 0xb4, 0x7a, 0xdd, 0x96, 0x81, 0x2a, -+ 0x95, 0xc9, 0xcf, 0x8c, 0x0b, 0x90, 0x58, 0xaa, 0x70, 0x7f, 0x1f, 0x35, -+ 0x08, 0x3f, 0xf7, 0x30, 0x3e, 0x65, 0x8a, 0x41, 0x34, 0x76, 0x84, 0x03, -+ 0xf3, 0x9a, 0x56, 0x93, 0xb7, 0xed, 0x2b, 0xf1, 0x53, 0xa5, 0xbf, 0x3d, -+ 0x17, 0x4a, 0xc4, 0x2c, 0x1e, 0xf3, 0xee, 0x51, 0xf9, 0x74, 0xfa, 0xca, -+ 0xfe, 0x8e, 0x2f, 0xcf, 0x2e, 0x06, 0x74, 0x1b, 0x6a, 0x84, 0x9a, 0xb3, -+ 0x13, 0xdc, 0x89, 0xc5, 0x07, 0x7d, 0x75, 0xd3, 0x2d, 0xeb, 0x03, 0xa6, -+ 0xe7, 0x86, 0xc8, 0x38, 0xd0, 0xf2, 0xac, 0x0f, 0x13, 0xb4, 0xb2, 0x0c, -+ 0x11, 0x03, 0xc5, 0x15, 0x74, 0x84, 0x00, 0x01, 0x45, 0x2c, 0x1c, 0x40, -+ 0x82, 0xec, 0x73, 0xae, 0x9e, 0xf4, 0x15, 0x8b, 0xfd, 0x14, 0xae, 0x75, -+ 0xc9, 0x86, 0x07, 0x94, 0xb4, 0x10, 0xc9, 0xb1, 0x79, 0x70, 0xa2, 0x1c, -+ 0x34, 0x90, 0xab, 0xc3, 0x38, 0xb5, 0x9e, 0x89, 0x27, 0x14, 0x6d, 0x85, -+ 0xea, 0x16, 0x62, 0xf4, 0x2f, 0xcd, 0xe9, 0x13, 0x04, 0x22, 0xd2, 0x59, -+ 0x58, 0xaf, 0x68, 0x8c, 0x1f, 0x31, 0x46, 0xbb, 0xd0, 0x31, 0x03, 0xba, -+ 0x86, 0x34, 0x3f, 0xd5, 0xe9, 0x16, 0x76, 0x47, 0x54, 0xb7, 0x1b, 0x9e, -+ 0xed, 0x99, 0xbd, 0x25, 0x5d, 0x43, 0x12, 0xa8, 0x35, 0x1b, 0x8d, 0xcd, -+ 0xc8, 0x8d, 0x2f, 0xc9, 0x90, 0xf5, 0x48, 0xee, 0x32, 0x5b, 0x03, 0xa2, -+ 0x1a, 0x3c, 0xb5, 0x35, 0x21, 0x27, 0x79, 0xf1, 0x51, 0x35, 0xff, 0xe6, -+ 0xeb, 0xe2, 0xb4, 0xdc, 0xc0, 0xbe, 0x9a, 0x5a, 0x2d, 0xdb, 0x41, 0xe1, -+ 0xb5, 0xcd, 0x70, 0x97, 0x2f, 0x1a, 0x00, 0x90, 0xf5, 0x9b, 0xe6, 0x62, -+ 0xaf, 0xbf, 0xd0, 0x6f, 0x07, 0xbc, 0xdb, 0xe1, 0x9d, 0xc2, 0x3e, 0xf4, -+ 0x4b, 0x7e, 0x99, 0x23, 0xbc, 0x1f, 0x11, 0x64, 0x4c, 0x67, 0x3d, 0x77, -+ 0x8e, 0xd3, 0x04, 0x9d, 0x7f, 0xfb, 0xb4, 0x6c, 0xdc, 0x74, 0xbf, 0x45, -+ 0x76, 0x11, 0x80, 0xcb, -+}; -+ -+/* Public keys in known small subgroups - fails in all modes */ -+static const unsigned char pub_key_zero[] = {0}; -+static const unsigned char pub_key_one[] = {1}; -+ -+static const unsigned char pub_key_minus_1_ike_1536[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}; -+ -+static const unsigned char pub_key_minus_1_safe_2048[] = { -+ 0xe1, 0xa3, 0x6e, 0x49, 0x69, 0x07, 0x1c, 0x5f, 0xb4, 0x15, 0x35, 0x46, -+ 0x99, 0x52, 0xd0, 0x4e, 0xff, 0x4e, 0x4c, 0xb1, 0xe1, 0x59, 0xed, 0x2e, -+ 0x71, 0xf3, 0x80, 0x14, 0x54, 0xd0, 0xfc, 0x83, 0x20, 0x29, 0x15, 0x21, -+ 0xa6, 0x5f, 0x10, 0x81, 0x57, 0xf4, 0x2e, 0x49, 0xb2, 0xd1, 0x37, 0xe8, -+ 0x6a, 0xbf, 0x72, 0xf9, 0x55, 0x4e, 0x9e, 0xae, 0x20, 0xc5, 0xb6, 0xc5, -+ 0x91, 0x79, 0x0d, 0xa2, 0xdd, 0xb4, 0xbb, 0x50, 0x4e, 0x20, 0xca, 0x8a, -+ 0x8f, 0x82, 0x34, 0xb9, 0x6a, 0x3e, 0x9a, 0x67, 0xc2, 0x7e, 0x83, 0xf6, -+ 0xc0, 0xad, 0xe3, 0xca, 0x00, 0xd6, 0x11, 0x88, 0x9c, 0xc7, 0x9f, 0xb4, -+ 0x3d, 0x53, 0xa5, 0x5a, 0x97, 0x44, 0x4d, 0xe7, 0x5c, 0xd5, 0x76, 0x80, -+ 0xf8, 0x0c, 0xcd, 0xa6, 0x55, 0xe2, 0x5f, 0xcf, 0xf4, 0x46, 0xa4, 0xc7, -+ 0x0f, 0xc1, 0x80, 0x84, 0x65, 0x46, 0x8c, 0x87, 0xd2, 0x99, 0x82, 0xdf, -+ 0x8e, 0x00, 0x89, 0xf3, 0x0d, 0xd5, 0xc0, 0x54, 0x94, 0xc6, 0xa3, 0x92, -+ 0x0f, 0x91, 0x10, 0xee, 0xa3, 0x65, 0x44, 0xb7, 0x6d, 0xe8, 0x23, 0xf9, -+ 0x7f, 0x91, 0x62, 0x65, 0x09, 0x8e, 0xa1, 0x33, 0xd4, 0xd6, 0x55, 0x0a, -+ 0xc0, 0xe8, 0x66, 0x70, 0x05, 0xd0, 0x12, 0x34, 0xc1, 0xfd, 0xce, 0x75, -+ 0xa4, 0x75, 0xe1, 0x46, 0xa1, 0x08, 0xb4, 0x52, 0xfe, 0x25, 0xa4, 0xc5, -+ 0x4f, 0x23, 0x04, 0x7e, 0xa1, 0x2c, 0xf3, 0x56, 0xcb, 0xfa, 0x7a, 0xbc, -+ 0x45, 0xcc, 0x78, 0xb3, 0x28, 0xf3, 0xe5, 0xd5, 0x26, 0x56, 0x27, 0x86, -+ 0x6a, 0x56, 0x6b, 0x87, 0x56, 0x0e, 0xc4, 0x3c, 0xed, 0xff, 0xcb, 0x96, -+ 0xb4, 0x13, 0x1d, 0x4d, 0x38, 0x4e, 0x69, 0x34, 0x51, 0x7a, 0x85, 0x31, -+ 0xb4, 0x80, 0xda, 0x41, 0xe3, 0xdc, 0x2e, 0x53, 0xd8, 0x71, 0x3e, 0xcc, -+ 0x37, 0x8a, 0x80, 0x32}; -+ -+static const unsigned char pub_key_minus_1_weak_3072[] = { -+ 0x94, 0x32, 0xc7, 0x47, 0x51, 0xa3, 0x03, 0x9b, 0xf2, 0x51, 0x5c, 0x69, -+ 0xaf, 0x05, 0x3c, 0x76, 0x62, 0xa2, 0xec, 0x5a, 0xcc, 0xdf, 0x80, 0xf3, -+ 0x2d, 0xce, 0xa5, 0xa5, 0x9e, 0x2d, 0xab, 0x5f, 0x91, 0xbd, 0x93, 0x61, -+ 0xd7, 0x7b, 0x71, 0x6f, 0xf3, 0x92, 0xbf, 0xa8, 0xfc, 0xcd, 0x00, 0xf5, -+ 0x49, 0x08, 0x00, 0x8c, 0xd2, 0xfe, 0x4a, 0xd8, 0x2b, 0x6e, 0x42, 0xc0, -+ 0xd8, 0xa2, 0x8b, 0x2b, 0x18, 0x02, 0xad, 0xe8, 0x4e, 0x44, 0x09, 0x26, -+ 0xa1, 0xa1, 0xca, 0x99, 0xe3, 0xd9, 0x9a, 0x87, 0x3c, 0x83, 0x6a, 0x1a, -+ 0x7b, 0x60, 0xba, 0x78, 0x0c, 0x79, 0x50, 0x1f, 0xde, 0x40, 0x14, 0x58, -+ 0x18, 0xa9, 0x2b, 0x74, 0x11, 0xb4, 0x65, 0xfe, 0x9d, 0x03, 0xa4, 0xef, -+ 0xdf, 0x74, 0x8e, 0xcd, 0x7b, 0xd4, 0xf3, 0x28, 0x75, 0xb2, 0x31, 0xef, -+ 0x99, 0x65, 0xcb, 0x5a, 0x77, 0xca, 0xa2, 0x25, 0x28, 0xae, 0xfa, 0x9f, -+ 0xeb, 0xda, 0xcc, 0x34, 0x7b, 0x21, 0xd7, 0xdb, 0x54, 0x40, 0xe6, 0x2f, -+ 0xdb, 0xc0, 0xce, 0xdc, 0xe5, 0xc9, 0x27, 0x97, 0x99, 0x9c, 0x02, 0x4f, -+ 0x24, 0x88, 0x93, 0xdf, 0xa9, 0xc7, 0x3e, 0x10, 0xc8, 0xaa, 0x6a, 0xce, -+ 0xda, 0x46, 0x94, 0x8c, 0xad, 0x1e, 0xf1, 0xcb, 0xd3, 0xcd, 0x43, 0x44, -+ 0xb4, 0x20, 0x91, 0x9e, 0xf6, 0xd1, 0x03, 0xef, 0xc2, 0x04, 0xf7, 0x07, -+ 0xdb, 0xac, 0xa2, 0x28, 0x8c, 0x7d, 0x1d, 0x5d, 0x2c, 0x5a, 0xfc, 0x26, -+ 0x5b, 0x0b, 0x58, 0xb9, 0x9a, 0x47, 0xe9, 0xa0, 0xdf, 0xa5, 0x5a, 0xf3, -+ 0xe5, 0xd6, 0xeb, 0x69, 0xb5, 0x4e, 0xbc, 0x71, 0xc0, 0xd6, 0x9b, 0xb8, -+ 0x40, 0x3b, 0xc5, 0x72, 0x5d, 0x4d, 0x1b, 0x17, 0x3d, 0x36, 0xa4, 0xb1, -+ 0x15, 0xa7, 0x9a, 0x72, 0xeb, 0xf2, 0x9e, 0x40, 0xd1, 0xbc, 0x35, 0xc7, -+ 0xd1, 0x1a, 0x8f, 0x1c, 0x2b, 0x5e, 0xd8, 0xb3, 0x3b, 0x44, 0xae, 0xf5, -+ 0x81, 0xd0, 0x8a, 0x37, 0xab, 0xba, 0x22, 0xbc, 0x2d, 0x88, 0x2f, 0x24, -+ 0xbb, 0xb0, 0x1a, 0xa9, 0x5f, 0x07, 0x10, 0x6d, 0xc6, 0xbb, 0x3c, 0xa2, -+ 0x66, 0xf9, 0xb9, 0x95, 0xd6, 0x5e, 0x8c, 0xce, 0x04, 0xdc, 0xb3, 0x4c, -+ 0xbc, 0xe9, 0xc5, 0xcb, 0x19, 0x97, 0xe2, 0xa1, 0x09, 0x38, 0xd7, 0x82, -+ 0xa6, 0xbf, 0xc9, 0x15, 0x25, 0xf1, 0x2c, 0x77, 0xfc, 0xbd, 0xfa, 0x7f, -+ 0x92, 0xfe, 0xd6, 0x31, 0x03, 0x23, 0x2d, 0x17, 0x2f, 0x51, 0x9e, 0x5c, -+ 0xb1, 0x68, 0xc0, 0x3f, 0x42, 0x99, 0x00, 0x55, 0x33, 0x68, 0xd7, 0xee, -+ 0x51, 0x7d, 0x3e, 0x03, 0x4f, 0x02, 0x5f, 0x27, 0xdd, 0x17, 0x18, 0x6c, -+ 0x1e, 0x9d, 0x91, 0x65, 0xf8, 0xd7, 0xa6, 0x9f, 0xa1, 0xba, 0xa8, 0x76, -+ 0xe4, 0xd8, 0xf4, 0x59, 0x90, 0x16, 0x67, 0x88, 0xc2, 0xa9, 0xe4, 0x2c}; -+ -+static const unsigned char pub_key_minus_1_weak_4096[] = { -+ 0xff, 0x50, 0xd3, 0xcc, 0x89, 0x17, 0x5e, 0xb6, 0xf8, 0xa3, 0xb0, 0xe2, -+ 0xf9, 0x9f, 0x17, 0xa1, 0x92, 0x56, 0x15, 0x13, 0x12, 0x9f, 0x18, 0xdc, -+ 0x07, 0x00, 0xc2, 0x49, 0xc9, 0xd9, 0xd4, 0x0a, 0xe3, 0xd7, 0xf6, 0x60, -+ 0x21, 0xa9, 0x7b, 0xc0, 0x0f, 0x0e, 0xae, 0x3e, 0x77, 0x77, 0x48, 0xd8, -+ 0xfd, 0x42, 0xec, 0xb5, 0xae, 0x00, 0xab, 0xce, 0xd1, 0x11, 0xca, 0xd2, -+ 0x64, 0x5a, 0xa3, 0x6b, 0xba, 0xd1, 0x93, 0xea, 0xda, 0xd2, 0xa0, 0x60, -+ 0x39, 0x0b, 0x34, 0x4f, 0x0c, 0xf1, 0xb0, 0x52, 0x75, 0x51, 0x3d, 0x28, -+ 0x02, 0xb5, 0xbd, 0x42, 0x98, 0x20, 0xa7, 0x42, 0xb9, 0x21, 0x9a, 0xae, -+ 0xb6, 0x41, 0x7b, 0x70, 0xe3, 0xd9, 0xaf, 0x81, 0x1a, 0xc1, 0x39, 0x9c, -+ 0x52, 0x56, 0xcb, 0x0d, 0x6a, 0x67, 0x6f, 0x3d, 0x12, 0x76, 0x73, 0x53, -+ 0x95, 0x2d, 0xc1, 0x04, 0xdb, 0x83, 0xe4, 0xd0, 0xbe, 0x2d, 0xa6, 0x7a, -+ 0x0f, 0x80, 0x1b, 0xd0, 0x16, 0x14, 0x3a, 0xe0, 0x48, 0xfa, 0xf5, 0x44, -+ 0xa8, 0xe0, 0xbf, 0x98, 0xe1, 0x56, 0xea, 0x76, 0xb6, 0xe2, 0xa3, 0x5b, -+ 0x15, 0x79, 0x10, 0xb0, 0x41, 0xdc, 0x29, 0x0f, 0x1e, 0x37, 0x69, 0xcd, -+ 0x13, 0xbe, 0x2d, 0xe0, 0x73, 0x38, 0x68, 0xed, 0x50, 0x6a, 0xd0, 0xfb, -+ 0xcb, 0x17, 0x3a, 0x59, 0xfb, 0xec, 0xba, 0x75, 0xb6, 0x4e, 0x2f, 0x6e, -+ 0x97, 0x98, 0x0e, 0x79, 0x25, 0xdd, 0xd8, 0xf5, 0x34, 0xb4, 0xa0, 0x7e, -+ 0xba, 0x68, 0x7c, 0x4f, 0xfb, 0xe0, 0x97, 0x46, 0x50, 0x1e, 0x4a, 0x59, -+ 0x9c, 0xdc, 0x34, 0xe2, 0x2a, 0xb5, 0xc8, 0x58, 0x94, 0x48, 0x9f, 0xb8, -+ 0x36, 0xcb, 0xce, 0x36, 0xb1, 0x7c, 0xe5, 0x8d, 0x5b, 0x43, 0xd7, 0x88, -+ 0xdf, 0xae, 0xd0, 0xc9, 0x42, 0x5f, 0x0a, 0xe3, 0x63, 0x11, 0xc5, 0x0c, -+ 0x80, 0x55, 0x58, 0xd7, 0xf2, 0x51, 0x6e, 0xb3, 0x7e, 0x9d, 0x1c, 0xc3, -+ 0x61, 0x59, 0x5c, 0x47, 0xd4, 0x99, 0xc0, 0x67, 0xfb, 0xb2, 0xd6, 0x11, -+ 0xda, 0x92, 0x5b, 0x6b, 0xd2, 0x70, 0xb7, 0x69, 0x72, 0xe7, 0x06, 0xdd, -+ 0x40, 0xac, 0x81, 0x51, 0x1d, 0x52, 0x7a, 0x45, 0x38, 0x89, 0x27, 0x2c, -+ 0xc4, 0x4b, 0x7e, 0x5e, 0x79, 0xef, 0x84, 0x6a, 0x24, 0x4d, 0x9c, 0x9e, -+ 0xca, 0x75, 0x5c, 0x06, 0x6d, 0xd0, 0x52, 0xe9, 0xda, 0x9f, 0x46, 0xb6, -+ 0x62, 0x1d, 0xb3, 0xd9, 0xf2, 0x7d, 0xd6, 0xc2, 0x7a, 0x49, 0x7c, 0xdd, -+ 0x9b, 0xaa, 0xc3, 0x84, 0x0b, 0x08, 0x33, 0xb8, 0x80, 0xc3, 0x12, 0x8f, -+ 0xad, 0xac, 0x0f, 0x7f, 0xaf, 0x59, 0x61, 0x0d, 0x98, 0xc1, 0xf9, 0x68, -+ 0xc3, 0x1b, 0x10, 0x08, 0xc4, 0x33, 0x3c, 0xa4, 0xe2, 0xd5, 0xeb, 0x71, -+ 0x5d, 0x19, 0x7e, 0x05, 0xca, 0x9a, 0xf5, 0xbb, 0x71, 0x55, 0x83, 0x9c, -+ 0x25, 0x50, 0x35, 0x7f, 0x2d, 0xeb, 0xf2, 0x0d, 0xed, 0x3c, 0xb8, 0x71, -+ 0xbd, 0x08, 0xf5, 0x89, 0x7e, 0x5e, 0x38, 0x40, 0xd7, 0xed, 0x77, 0x8d, -+ 0x7a, 0xed, 0x2a, 0x9f, 0xfc, 0x01, 0xf4, 0xe2, 0xcf, 0xda, 0x8c, 0xa3, -+ 0x57, 0xdc, 0x14, 0xd6, 0xa1, 0xd9, 0x97, 0xb9, 0xe6, 0xfc, 0x48, 0x75, -+ 0x43, 0xbd, 0x3b, 0x91, 0x17, 0x3c, 0x33, 0xca, 0xce, 0x29, 0x09, 0x1b, -+ 0xe8, 0x9d, 0xb6, 0x74, 0x05, 0x5e, 0x2e, 0xa5, 0x1d, 0x7f, 0x3a, 0xa9, -+ 0x2c, 0xf6, 0x4d, 0x41, 0x90, 0xbc, 0x56, 0x18, 0x52, 0x02, 0x90, 0xef, -+ 0x71, 0xff, 0x3e, 0x0c, 0xf8, 0x00, 0x04, 0x07, 0xd5, 0x20, 0x26, 0xdd, -+ 0x5c, 0xb1, 0x37, 0x03, 0x20, 0x0c, 0xb4, 0xb6, 0x39, 0x49, 0x49, 0xaa, -+ 0xe7, 0x98, 0x01, 0xa2, 0x2e, 0x0a, 0x33, 0x82, 0x9e, 0xb9, 0x24, 0xb7, -+ 0x80, 0xdf, 0xd3, 0xdf, 0x04, 0xe4, 0x50, 0x9d}; -+ -+static const unsigned char pub_key_minus_1_tls_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, -+ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, -+ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, -+ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, -+ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, -+ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, -+ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, -+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, -+ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, -+ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, -+ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, -+ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}; -+ -+static const unsigned char pub_key_minus_1_safe_8192[] = { -+ 0x9b, 0xa7, 0x9b, 0xa2, 0x86, 0x54, 0xe7, 0x99, 0x11, 0x5b, 0x35, 0x81, -+ 0xd5, 0x7a, 0x8a, 0x6e, 0x4d, 0x4d, 0x61, 0x5d, 0xd3, 0xcf, 0x0c, 0x65, -+ 0x7e, 0xda, 0xd8, 0xce, 0x28, 0xac, 0xa0, 0x38, 0x81, 0xee, 0xa1, 0x14, -+ 0x25, 0x21, 0x67, 0x66, 0x3a, 0x6c, 0x0f, 0x80, 0x3d, 0x89, 0x79, 0xfe, -+ 0x71, 0x43, 0x57, 0xc3, 0xa9, 0x54, 0x1e, 0x20, 0x8a, 0xee, 0x0f, 0xa6, -+ 0x8b, 0x88, 0x81, 0x3d, 0xe8, 0x5c, 0x40, 0x47, 0x05, 0xdf, 0xd8, 0x6d, -+ 0x98, 0x65, 0x16, 0xa9, 0xf9, 0xc4, 0x8c, 0x02, 0xba, 0xae, 0x6b, 0x36, -+ 0x76, 0xc9, 0xfa, 0x8e, 0xd0, 0xd7, 0x9a, 0x3c, 0xcb, 0xd1, 0x44, 0x09, -+ 0xd7, 0x4f, 0x28, 0x51, 0x94, 0x92, 0x5b, 0x02, 0xb2, 0xbd, 0x78, 0xd3, -+ 0xc2, 0x76, 0x03, 0x15, 0x17, 0x0b, 0x55, 0x08, 0x02, 0x42, 0x9e, 0x26, -+ 0x56, 0x33, 0x72, 0xe6, 0xbd, 0x0e, 0xf9, 0x3d, 0x2c, 0xb3, 0x8a, 0x4c, -+ 0x67, 0x17, 0xfd, 0xe9, 0x03, 0xad, 0x8c, 0x34, 0x84, 0xe5, 0x83, 0xdf, -+ 0x9c, 0x04, 0x93, 0x03, 0x26, 0x19, 0xc1, 0xf1, 0x24, 0x68, 0xf6, 0x54, -+ 0x96, 0xce, 0x38, 0x51, 0xbd, 0x6c, 0x3d, 0x9c, 0x0c, 0xd8, 0x6e, 0x13, -+ 0x4c, 0x8b, 0xf6, 0x34, 0xae, 0xd8, 0x85, 0x1d, 0x1d, 0x8e, 0xc2, 0xad, -+ 0xab, 0xa2, 0xc5, 0x40, 0x76, 0x7f, 0x2f, 0x2e, 0x38, 0xf4, 0x6a, 0x39, -+ 0x33, 0x3d, 0x17, 0xce, 0x1f, 0xe9, 0xc3, 0x8d, 0x9e, 0xe5, 0xbe, 0xd6, -+ 0xad, 0x9a, 0x23, 0xd8, 0x06, 0xf3, 0x7c, 0x39, 0xd5, 0xae, 0x57, 0xb6, -+ 0xe5, 0xc3, 0x9a, 0x8a, 0x8c, 0x6e, 0xd3, 0xc1, 0x1a, 0x64, 0x12, 0x00, -+ 0x18, 0x53, 0xca, 0x32, 0x88, 0x8e, 0xc0, 0x5f, 0x2d, 0xb2, 0x3d, 0x14, -+ 0x1b, 0x58, 0x5c, 0x20, 0xe8, 0x52, 0xe5, 0x28, 0x41, 0xbc, 0x9e, 0x08, -+ 0x29, 0xab, 0xa5, 0x43, 0x99, 0x0e, 0xd7, 0x2a, 0xb9, 0xb8, 0x64, 0x9d, -+ 0x83, 0xe3, 0x1a, 0x26, 0x59, 0x65, 0xf2, 0x0c, 0xc9, 0xc5, 0x8f, 0x0d, -+ 0xcf, 0xa1, 0x18, 0xfc, 0x8b, 0x77, 0xe9, 0xe1, 0x19, 0x7b, 0x03, 0xd4, -+ 0x37, 0x8d, 0x5d, 0x37, 0x2b, 0xad, 0x58, 0x5e, 0x73, 0x72, 0xce, 0x84, -+ 0xe5, 0xc9, 0x75, 0x1d, 0xf3, 0x58, 0x42, 0x77, 0xfe, 0x53, 0xa0, 0xc2, -+ 0x66, 0x21, 0xaf, 0xe2, 0x61, 0xd2, 0x84, 0xb3, 0x03, 0x4d, 0xd8, 0x7d, -+ 0x85, 0xe1, 0xa8, 0xa0, 0x48, 0x5d, 0x1a, 0xa9, 0xac, 0xc1, 0x69, 0x24, -+ 0xc6, 0xfa, 0xb5, 0x22, 0x3e, 0xa3, 0x8d, 0x35, 0x29, 0xcf, 0x9a, 0xe5, -+ 0x84, 0x3b, 0x0b, 0x27, 0x36, 0x7e, 0x9d, 0xa6, 0xb0, 0x45, 0x60, 0x42, -+ 0x1e, 0x4b, 0x24, 0xd1, 0x36, 0x8b, 0x70, 0xd1, 0x95, 0x54, 0x14, 0xb9, -+ 0x47, 0x3d, 0x8d, 0xe4, 0x5f, 0x81, 0x1a, 0x21, 0x17, 0x17, 0xbf, 0x92, -+ 0x22, 0x4c, 0x77, 0x30, 0xdc, 0x9c, 0x84, 0xe6, 0x68, 0xcc, 0xd6, 0x11, -+ 0x04, 0xff, 0x71, 0x86, 0xb3, 0xa9, 0x9b, 0x13, 0x95, 0x35, 0xfd, 0x68, -+ 0x28, 0x9b, 0x6f, 0x5c, 0xf7, 0x66, 0xa8, 0x6f, 0x89, 0x0f, 0x92, 0xdf, -+ 0x52, 0x24, 0x3f, 0xdb, 0x2f, 0x40, 0x12, 0x32, 0xa4, 0xff, 0x2e, 0x4b, -+ 0xb8, 0xa0, 0xe7, 0xc9, 0xcb, 0x98, 0x13, 0xf9, 0xd2, 0xfa, 0x82, 0x68, -+ 0xb2, 0x8f, 0xd3, 0x17, 0x8c, 0x93, 0xf5, 0x80, 0xe4, 0x5a, 0x33, 0x1b, -+ 0x6a, 0xd8, 0xbf, 0x37, 0xa7, 0xe1, 0x63, 0x1d, 0x6a, 0xc3, 0xfa, 0xa1, -+ 0x2f, 0xc1, 0x72, 0x55, 0xd5, 0xe2, 0x67, 0x3b, 0x6b, 0x3a, 0xa8, 0xb0, -+ 0x54, 0x04, 0x1d, 0xbb, 0xc1, 0xe5, 0x3a, 0x52, 0xb1, 0x67, 0x0b, 0x12, -+ 0x3e, 0xcd, 0xa9, 0x9a, 0x0e, 0xbb, 0xa3, 0x75, 0x6d, 0x6f, 0x77, 0x74, -+ 0x64, 0xe3, 0x16, 0x8c, 0xa5, 0xba, 0xec, 0x51, 0x73, 0xce, 0x4b, 0xe6, -+ 0x6f, 0x3d, 0x15, 0x56, 0x43, 0xe1, 0x17, 0x77, 0x66, 0xab, 0xdc, 0x9d, -+ 0x9b, 0x10, 0x5d, 0xc4, 0xe9, 0x1e, 0xaa, 0x2d, 0x15, 0xbb, 0xc4, 0x09, -+ 0x46, 0x30, 0xe1, 0xb8, 0x92, 0x94, 0x5f, 0xb7, 0xe7, 0x7e, 0x97, 0x43, -+ 0xc0, 0x48, 0x5b, 0xaf, 0xea, 0x74, 0xae, 0x8c, 0x79, 0x6b, 0x66, 0x83, -+ 0x62, 0x88, 0x17, 0xa4, 0x56, 0x5d, 0x58, 0xfb, 0x6c, 0x38, 0x57, 0x4d, -+ 0xef, 0xd7, 0x36, 0x44, 0x39, 0x5b, 0xab, 0x94, 0xe4, 0x08, 0x30, 0xd3, -+ 0x2c, 0x59, 0xa0, 0x32, 0xe2, 0x71, 0x99, 0xec, 0x66, 0x5e, 0xf7, 0xe2, -+ 0x9c, 0x19, 0x69, 0x72, 0x6f, 0xdb, 0x3e, 0xcc, 0x19, 0x5a, 0xfd, 0xad, -+ 0xd6, 0x6e, 0x9d, 0x07, 0xc0, 0x65, 0x01, 0x75, 0xdd, 0x37, 0x1b, 0x9c, -+ 0x5e, 0x93, 0x32, 0xf8, 0x7e, 0x65, 0xd5, 0xb5, 0x15, 0x35, 0xad, 0x05, -+ 0xb5, 0xd2, 0x25, 0xc7, 0x71, 0x5a, 0xe4, 0xb7, 0x58, 0x6a, 0xc3, 0x5a, -+ 0xd9, 0xd4, 0xee, 0x32, 0xb5, 0x0b, 0x5b, 0x2a, 0xcd, 0x80, 0xce, 0xd4, -+ 0x2d, 0xc9, 0x09, 0x94, 0xf5, 0xf2, 0x7c, 0xaf, 0xba, 0x5a, 0xd3, 0xdc, -+ 0xcd, 0xd7, 0xf7, 0xea, 0x42, 0xe2, 0xc2, 0x34, 0x21, 0xb9, 0x15, 0x24, -+ 0xe8, 0x32, 0x6b, 0x6f, 0xb0, 0xed, 0x76, 0x5e, 0x45, 0xbf, 0x02, 0xa2, -+ 0xb8, 0x3c, 0xa5, 0xf5, 0x74, 0xe3, 0x18, 0x89, 0x21, 0x4e, 0xa6, 0x08, -+ 0xa3, 0xa5, 0x93, 0x69, 0x48, 0x96, 0xbd, 0x47, 0xd3, 0xeb, 0x67, 0x29, -+ 0xa8, 0xbb, 0xbe, 0x78, 0x05, 0xfa, 0x46, 0x89, 0x4e, 0x0c, 0xe2, 0x6c, -+ 0xbb, 0xe5, 0xf8, 0xba, 0xe5, 0x5d, 0x29, 0xe7, 0xdd, 0x71, 0x7e, 0x94, -+ 0xd7, 0x56, 0x0c, 0x3c, 0xde, 0x5f, 0xbc, 0xdc, 0x0f, 0x8e, 0xd6, 0x6f, -+ 0x0a, 0x07, 0xb8, 0x07, 0x24, 0x62, 0x4c, 0xed, 0x45, 0x4f, 0x0d, 0x9f, -+ 0x2e, 0x83, 0x6a, 0xeb, 0xbc, 0xff, 0xa9, 0xf2, 0x73, 0xb3, 0x5b, 0xaa, -+ 0xac, 0xed, 0xac, 0x88, 0xa2, 0x0d, 0x8d, 0x8f, 0xb4, 0xf7, 0x73, 0x1e, -+ 0xc0, 0x2e, 0xd3, 0x45, 0x15, 0x4b, 0x4a, 0xe7, 0xd4, 0xef, 0xb1, 0xc6, -+ 0xd3, 0x8f, 0xf8, 0x24, 0x12, 0x33, 0x3e, 0x8e, 0x95, 0xbc, 0x81, 0xb4, -+ 0xd4, 0xd1, 0x13, 0xbc, 0x7e, 0x25, 0xb4, 0x5b, 0xff, 0x15, 0xba, 0xf8, -+ 0x9a, 0xec, 0x78, 0xe4, 0x63, 0xc7, 0x26, 0xd5, 0x89, 0x3d, 0x63, 0x5b, -+ 0x7c, 0x86, 0x63, 0x34, 0x06, 0x28, 0x23, 0x08, 0xff, 0x6d, 0xbd, 0xe0, -+ 0x75, 0xb3, 0x71, 0x12, 0x26, 0x63, 0xca, 0x93, 0x36, 0x86, 0xeb, 0xf7, -+ 0x48, 0xd1, 0x96, 0xf4, 0x02, 0x3e, 0x5d, 0x69, 0x75, 0x5e, 0x95, 0xee, -+ 0x32, 0xb9, 0xba, 0x55, 0xc5, 0x42, 0x74, 0x00, 0xe1, 0x0f, 0x16, 0x05, -+ 0x62, 0x3c, 0x58, 0xcb, 0xe0, 0xd4, 0xa9, 0xe5, 0x1a, 0x3b, 0x84, 0x7e, -+ 0x19, 0x87, 0xad, 0x67, 0xcd, 0x9b, 0x97, 0xb0, 0x32, 0xd7, 0xb8, 0x1e, -+ 0x96, 0x69, 0x75, 0x0f, 0x61, 0x69, 0xb3, 0xc9, 0xce, 0x73, 0x7c, 0x5f, -+ 0xd5, 0x08, 0xdf, 0xd4, 0x07, 0x75, 0x60, 0xd7, 0x50, 0x52, 0xe7, 0x5c, -+ 0x6f, 0x04, 0x59, 0x65, 0xbd, 0x70, 0x99, 0x15, 0xf9, 0xbc, 0x34, 0x78, -+ 0x6a, 0x64, 0xac, 0x5f, 0x07, 0xc2, 0x89, 0x88, 0xfe, 0x11, 0x7a, 0xf7, -+ 0x3d, 0xbe, 0x83, 0xff, 0xeb, 0x1d, 0x52, 0xbe, 0xd4, 0x09, 0x71, 0x0f, -+ 0x7c, 0x95, 0x19, 0xf2, 0x4b, 0xf5, 0x44, 0x63, 0xf2, 0xec, 0x3f, 0xf9, -+ 0xe4, 0xfb, 0xbe, 0x24, 0xb2, 0x18, 0x53, 0xce, 0x16, 0x40, 0x1e, 0x27, -+ 0x62, 0x99, 0x93, 0xc9, 0x49, 0x8f, 0x98, 0x0d, 0xd8, 0x73, 0x65, 0x99, -+ 0xac, 0xff, 0xfe, 0x22, 0x6a, 0xd1, 0xfb, 0xa1, 0xe4, 0xe7, 0xab, 0x3c, -+ 0x72, 0x10, 0xac, 0x72}; -+ -+/* Public keys in small subgroups of weak primes - fails in all modes*/ -+static const unsigned char pub_key_bad_weak_1024[] = {3}; -+static const unsigned char pub_key_bad_weak_2048[] = {3}; -+static const unsigned char pub_key_bad_weak_3072[] = {3}; -+static const unsigned char pub_key_bad_weak_4096[] = {3}; -+static const unsigned char pub_key_bad_weak_6144[] = {3}; -+static const unsigned char pub_key_bad_weak_8192[] = {3}; -+ -+#ifdef notdef -+/* Public keys not in group g of safe primes. - fails in fips mode */ -+static const unsigned char pub_key_bad_safe_1536[] = {3}; -+static const unsigned char pub_key_bad_safe_2048[] = {3}; -+static const unsigned char pub_key_bad_safe_3072[] = {3}; -+static const unsigned char pub_key_bad_safe_4096[] = {3}; -+static const unsigned char pub_key_bad_safe_6144[] = {3}; -+static const unsigned char pub_key_bad_safe_8192[] = {3}; -+#endif -+ -+enum DhParamType { -+ TLS_APPROVED, -+ IKE_APPROVED, -+ SAFE_PRIME, -+ SAFE_PRIME_WITH_SUBPRIME, -+ KNOWN_SUBPRIME, -+ WRONG_SUBPRIME, -+ UNKNOWN_SUBPRIME, -+ BAD_PUB_KEY -+}; -+ -+enum DhKeyClass { -+ CLASS_1536 = 0, -+ CLASS_2048, -+ CLASS_3072, -+ CLASS_4096, -+ CLASS_6144, -+ CLASS_8192, -+ CLASS_LAST -+}; -+const DhKeyClass CLASS_FIRST = CLASS_1536; -+ -+const unsigned char *reference_prime[CLASS_LAST] = { -+ prime_ike_1536, prime_tls_2048, prime_tls_3072, -+ prime_ike_4096, prime_ike_6144, prime_tls_8192}; -+ -+const size_t reference_prime_len[CLASS_LAST] = { -+ sizeof(prime_ike_1536), sizeof(prime_tls_2048), sizeof(prime_tls_3072), -+ sizeof(prime_ike_4096), sizeof(prime_ike_6144), sizeof(prime_tls_8192)}; -+ -+struct DhTestVector { -+ const char *id; -+ SECItem p; -+ SECItem g; -+ SECItem q; -+ SECItem pub_key; -+ DhParamType param_type; -+ DhKeyClass key_class; -+}; -+ -+static const unsigned char g2[] = {2}; -+static const unsigned char g3[] = {3}; -+ -+static const DhTestVector DH_TEST_VECTORS[] = { -+ /* test our approved primes, the pass in all modes and configurations */ -+ {"IKE 1536", -+ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_1536}, -+ {"IKE 2048", -+ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_2048}, -+ {"TLS 3048", -+ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_2048}, -+ {"IKE 3072", -+ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_3072}, -+ {"TLS 3072", -+ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_3072}, -+ {"IKE 4096", -+ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_4096}, -+ {"TLS 4096", -+ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_4096}, -+ {"IKE 6144", -+ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_6144}, -+ {"TLS 6144", -+ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_6144}, -+ {"IKE 8192", -+ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_8192}, -+ {"TLS 8192", -+ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_8192}, -+ /* approved primes with explicit subprimes.These should pass without -+ * the need to verify the primes and subprimes for primality */ -+ {"IKE 1536 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_1536, -+ sizeof(sub2_prime_ike_1536)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_1536}, -+ {"IKE 2048 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_2048, -+ sizeof(sub2_prime_ike_2048)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_2048}, -+ {"TLS 2048 with subprime", -+ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_2048, -+ sizeof(sub2_prime_tls_2048)}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_2048}, -+ {"IKE 3072 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_3072, sizeof(prime_ike_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_3072, -+ sizeof(sub2_prime_ike_3072)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_3072}, -+ {"TLS 3072 with subprime", -+ {siBuffer, (unsigned char *)prime_tls_3072, sizeof(prime_tls_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_3072, -+ sizeof(sub2_prime_tls_3072)}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_3072}, -+ {"IKE 4096 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_4096, sizeof(prime_ike_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_4096, -+ sizeof(sub2_prime_ike_4096)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_4096}, -+ {"TLS 4096 with subprime", -+ {siBuffer, (unsigned char *)prime_tls_4096, sizeof(prime_tls_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_4096, -+ sizeof(sub2_prime_tls_4096)}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_4096}, -+ {"IKE 6144 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_6144, sizeof(prime_ike_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_6144, -+ sizeof(sub2_prime_ike_6144)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_6144}, -+ {"TLS 6144 with subprime", -+ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_6144, -+ sizeof(sub2_prime_tls_6144)}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_6144}, -+ {"IKE 8192 with subprime", -+ {siBuffer, (unsigned char *)prime_ike_8192, sizeof(prime_ike_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_ike_8192, -+ sizeof(sub2_prime_ike_8192)}, -+ {siBuffer, NULL, 0}, -+ IKE_APPROVED, -+ CLASS_8192}, -+ {"TLS 8192 with subprime", -+ {siBuffer, (unsigned char *)prime_tls_8192, sizeof(prime_tls_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_8192, -+ sizeof(sub2_prime_tls_8192)}, -+ {siBuffer, NULL, 0}, -+ TLS_APPROVED, -+ CLASS_8192}, -+ /* test our non-approved safe primes. This primes should pass in -+ * non-FIPS and fail in FIPS. They should pass without checks */ -+ {"Safe Prime 1536", -+ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_1536}, -+ {"Safe Prime 2048", -+ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, -+ {siBuffer, (unsigned char *)g3, sizeof(g3)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_2048}, -+ {"Safe Prime 3072", -+ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_3072}, -+ {"Safe Prime 4096", -+ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_4096}, -+ {"Safe Prime 6144", -+ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)}, -+ {siBuffer, (unsigned char *)g3, sizeof(g3)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_6144}, -+ {"Safe Prime 8192", -+ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, -+ {siBuffer, (unsigned char *)g3, sizeof(g3)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME, -+ CLASS_8192}, -+ /* test our non-approved safe primes. This primes should pass in -+ * non-FIPS and fail in FIPS. In non-FIPS, they need checks */ -+ {"Safe Prime 1536 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_1536, sizeof(prime_safe_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_1536, -+ sizeof(sub2_prime_safe_1536)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_1536}, -+ {"Safe Prime 2048 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_2048, -+ sizeof(sub2_prime_safe_2048)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_2048}, -+ {"Safe Prime 3072 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_3072, sizeof(prime_safe_3072)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_3072, -+ sizeof(sub2_prime_safe_3072)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_3072}, -+ {"Safe Prime 4096 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_4096, sizeof(prime_safe_4096)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_4096, -+ sizeof(sub2_prime_safe_4096)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_4096}, -+ {"Safe Prime 6144 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_6144, sizeof(prime_safe_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_6144, -+ sizeof(sub2_prime_safe_6144)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_6144}, -+ {"Safe Prime 8192 with Subprime", -+ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_8192, -+ sizeof(sub2_prime_safe_8192)}, -+ {siBuffer, NULL, 0}, -+ SAFE_PRIME_WITH_SUBPRIME, -+ CLASS_8192}, -+ /* test "weak" primes with "unknown" subprimes. We use -+ * the same primes as the known subprimes, but we don't -+ * include the subprime in the test. These primes should -+ * pass in non-FIPS mode and fail in FIPS mode */ -+ {"Weak Prime 1024 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, -+ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_1536}, -+ {"Weak Prime 2048 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, -+ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_2048}, -+ {"Weak Prime 3072 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, -+ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_3072}, -+ {"Weak Prime 4096 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, -+ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_4096}, -+ {"Weak Prime 6144 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, -+ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_6144}, -+ {"Weak Prime 8192 Unknown Subprime", -+ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, -+ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, NULL, 0}, -+ UNKNOWN_SUBPRIME, -+ CLASS_8192}, -+ /* test "weak" primes with known subprimes. These primes should -+ * pass in non-FIPS and fail in FIPS. In non-FIPS they should have full -+ * checks. */ -+ {"Weak Prime 1024 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, -+ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, -+ {siBuffer, (unsigned char *)subprime_weak_1024, -+ sizeof(subprime_weak_1024)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_1536}, -+ {"Weak Prime 2048 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, -+ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, -+ {siBuffer, (unsigned char *)subprime_weak_2048, -+ sizeof(subprime_weak_2048)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_2048}, -+ {"Weak Prime 3072 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, -+ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, -+ {siBuffer, (unsigned char *)subprime_weak_3072, -+ sizeof(subprime_weak_3072)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_3072}, -+ {"Weak Prime 4096 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, -+ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, -+ {siBuffer, (unsigned char *)subprime_weak_4096, -+ sizeof(subprime_weak_4096)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_4096}, -+ {"Weak Prime 6144 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, -+ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, -+ {siBuffer, (unsigned char *)subprime_weak_6144, -+ sizeof(subprime_weak_6144)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_6144}, -+ {"Weak Prime 8192 Known Subprime", -+ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, -+ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, -+ {siBuffer, (unsigned char *)subprime_weak_8192, -+ sizeof(subprime_weak_8192)}, -+ {siBuffer, NULL, 0}, -+ KNOWN_SUBPRIME, -+ CLASS_8192}, -+ /* test "weak" primes as if they were safe primes. These primes should -+ * faill in all modes. */ -+ {"Weak Prime 1024 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, -+ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_1024, -+ sizeof(sub2_prime_weak_1024)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_1536}, -+ {"Weak Prime 2048 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, -+ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_2048, -+ sizeof(sub2_prime_weak_2048)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_2048}, -+ {"Weak Prime 3072 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, -+ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_3072, -+ sizeof(sub2_prime_weak_3072)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_3072}, -+ {"Weak Prime 4096 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, -+ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_4096, -+ sizeof(sub2_prime_weak_4096)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_4096}, -+ {"Weak Prime 6144 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, -+ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_6144, -+ sizeof(sub2_prime_weak_6144)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_6144}, -+ {"Weak Prime 8192 Wrong Subprime", -+ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, -+ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, -+ {siBuffer, (unsigned char *)sub2_prime_weak_8192, -+ sizeof(sub2_prime_weak_8192)}, -+ {siBuffer, NULL, 0}, -+ WRONG_SUBPRIME, -+ CLASS_8192}, -+ /******** Now test various invalid public keys */ -+ /* first known small subgroups of safe primes. These test should -+ * fail in all modes with all primes */ -+ {"Pubkey = 0 IKE 1536", -+ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, (unsigned char *)pub_key_zero, sizeof(pub_key_zero)}, -+ BAD_PUB_KEY, -+ CLASS_1536}, -+ {"PubKey = 1 TLS 2048", -+ {siBuffer, (unsigned char *)prime_tls_2048, sizeof(prime_tls_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, (unsigned char *)pub_key_one, sizeof(pub_key_one)}, -+ BAD_PUB_KEY, -+ CLASS_2048}, -+ {"Pubkey == -1 IKE 1536", -+ {siBuffer, (unsigned char *)prime_ike_1536, sizeof(prime_ike_1536)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, (unsigned char *)pub_key_minus_1_ike_1536, -+ sizeof(pub_key_minus_1_ike_1536)}, -+ BAD_PUB_KEY, -+ CLASS_1536}, -+ {"Pubkey = -1 SAFE 2048 WITH SUBPRIME", -+ {siBuffer, (unsigned char *)prime_safe_2048, sizeof(prime_safe_2048)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_safe_2048, -+ sizeof(sub2_prime_safe_2048)}, -+ {siBuffer, (unsigned char *)pub_key_minus_1_safe_2048, -+ sizeof(pub_key_minus_1_safe_2048)}, -+ BAD_PUB_KEY, -+ CLASS_2048}, -+ {"Pubkey = -1 WEAK 3072 KNOWN SUBPRIME", -+ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, -+ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, -+ {siBuffer, (unsigned char *)subprime_weak_3072, -+ sizeof(subprime_weak_3072)}, -+ {siBuffer, (unsigned char *)pub_key_minus_1_weak_3072, -+ sizeof(pub_key_minus_1_weak_3072)}, -+ BAD_PUB_KEY, -+ CLASS_3072}, -+ {"Pubkey = -1 WEAK 4096 UNKNOWN SUBPRIME", -+ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, -+ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, -+ {siBuffer, NULL, 0}, -+ {siBuffer, (unsigned char *)pub_key_minus_1_weak_4096, -+ sizeof(pub_key_minus_1_weak_4096)}, -+ BAD_PUB_KEY, -+ CLASS_4096}, -+ {"Pubkey = -1 TLS 6144 WITH SUBPRIME", -+ {siBuffer, (unsigned char *)prime_tls_6144, sizeof(prime_tls_6144)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, (unsigned char *)sub2_prime_tls_6144, -+ sizeof(sub2_prime_tls_6144)}, -+ {siBuffer, (unsigned char *)pub_key_minus_1_tls_6144, -+ sizeof(pub_key_minus_1_tls_6144)}, -+ BAD_PUB_KEY, -+ CLASS_6144}, -+ {"Pubkey = -1 SAFE 8192", -+ {siBuffer, (unsigned char *)prime_safe_8192, sizeof(prime_safe_8192)}, -+ {siBuffer, (unsigned char *)g2, sizeof(g2)}, -+ {siBuffer, NULL, 0 }, -+ {siBuffer, (unsigned char *)pub_key_minus_1_safe_8192, -+ sizeof(pub_key_minus_1_safe_8192)}, -+ BAD_PUB_KEY, -+ CLASS_8192}, -+ /* y is a known small subgroups of weak primes (which known subprimes). -+ * These test should fail in all modes with all primes */ -+ {"Pubkey small subgroup Weak 1024 prime", -+ {siBuffer, (unsigned char *)prime_weak_1024, sizeof(prime_weak_1024)}, -+ {siBuffer, (unsigned char *)base_weak_1024, sizeof(base_weak_1024)}, -+ {siBuffer, (unsigned char *)subprime_weak_1024, -+ sizeof(subprime_weak_1024)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_1024, -+ sizeof(pub_key_bad_weak_1024)}, -+ BAD_PUB_KEY, -+ CLASS_1536}, -+ {"Pubkey small subgroup Weak 2048 prime", -+ {siBuffer, (unsigned char *)prime_weak_2048, sizeof(prime_weak_2048)}, -+ {siBuffer, (unsigned char *)base_weak_2048, sizeof(base_weak_2048)}, -+ {siBuffer, (unsigned char *)subprime_weak_2048, -+ sizeof(subprime_weak_2048)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_2048, -+ sizeof(pub_key_bad_weak_2048)}, -+ BAD_PUB_KEY, -+ CLASS_2048}, -+ {"Pubkey small subgroup Weak 3072 prime", -+ {siBuffer, (unsigned char *)prime_weak_3072, sizeof(prime_weak_3072)}, -+ {siBuffer, (unsigned char *)base_weak_3072, sizeof(base_weak_3072)}, -+ {siBuffer, (unsigned char *)subprime_weak_3072, -+ sizeof(subprime_weak_3072)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_3072, -+ sizeof(pub_key_bad_weak_3072)}, -+ BAD_PUB_KEY, -+ CLASS_3072}, -+ {"Pubkey small subgroup Weak 4096 prime", -+ {siBuffer, (unsigned char *)prime_weak_4096, sizeof(prime_weak_4096)}, -+ {siBuffer, (unsigned char *)base_weak_4096, sizeof(base_weak_4096)}, -+ {siBuffer, (unsigned char *)subprime_weak_4096, -+ sizeof(subprime_weak_4096)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_4096, -+ sizeof(pub_key_bad_weak_4096)}, -+ BAD_PUB_KEY, -+ CLASS_4096}, -+ {"Pubkey small subgroup Weak 6144 prime", -+ {siBuffer, (unsigned char *)prime_weak_6144, sizeof(prime_weak_6144)}, -+ {siBuffer, (unsigned char *)base_weak_6144, sizeof(base_weak_6144)}, -+ {siBuffer, (unsigned char *)subprime_weak_6144, -+ sizeof(subprime_weak_6144)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_6144, -+ sizeof(pub_key_bad_weak_6144)}, -+ BAD_PUB_KEY, -+ CLASS_6144}, -+ {"Pubkey small subgroup Weak 8192 prime", -+ {siBuffer, (unsigned char *)prime_weak_8192, sizeof(prime_weak_8192)}, -+ {siBuffer, (unsigned char *)base_weak_8192, sizeof(base_weak_8192)}, -+ {siBuffer, (unsigned char *)subprime_weak_8192, -+ sizeof(subprime_weak_8192)}, -+ {siBuffer, (unsigned char *)pub_key_bad_weak_8192, -+ sizeof(pub_key_bad_weak_8192)}, -+ BAD_PUB_KEY, -+ CLASS_8192}}; -+}; -diff --git a/gtests/softoken_gtest/softoken_gtest.cc b/gtests/softoken_gtest/softoken_gtest.cc ---- a/gtests/softoken_gtest/softoken_gtest.cc -+++ b/gtests/softoken_gtest/softoken_gtest.cc -@@ -6,20 +6,24 @@ - #include "secmod.h" - #include "secerr.h" - - #include "nss_scoped_ptrs.h" - #include "util.h" - - #define GTEST_HAS_RTTI 0 - #include "gtest/gtest.h" -+#include "databuffer.h" - #include -+#include -+using namespace std::chrono; -+ -+#include "softoken_dh_vectors.h" - - namespace nss_test { -- - class SoftokenTest : public ::testing::Test { - protected: - SoftokenTest() : mNSSDBDir("SoftokenTest.d-") {} - SoftokenTest(const std::string &prefix) : mNSSDBDir(prefix) {} - - virtual void SetUp() { - std::string nssInitArg("sql:"); - nssInitArg.append(mNSSDBDir.GetUTF8Path()); -@@ -522,35 +526,260 @@ TEST_F(SoftokenNoDBTest, NeedUserInitNoD - ASSERT_TRUE(slot); - EXPECT_EQ(PR_FALSE, PK11_NeedUserInit(slot.get())); - - // When shutting down in here we have to release the slot first. - slot = nullptr; - ASSERT_EQ(SECSuccess, NSS_Shutdown()); - } - -+SECStatus test_dh_value(const PQGParams *params, const SECItem *pub_key_value, -+ PRBool genFailOK, time_t *time) { -+ SECKEYDHParams dh_params; -+ dh_params.base = params->base; -+ dh_params.prime = params->prime; -+ -+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); -+ EXPECT_TRUE(slot); -+ if (!slot) return SECFailure; -+ -+ /* create a private/public key pair in with the given params */ -+ SECKEYPublicKey *pub_tmp = nullptr; -+ ScopedSECKEYPrivateKey priv_key( -+ PK11_GenerateKeyPair(slot.get(), CKM_DH_PKCS_KEY_PAIR_GEN, &dh_params, -+ &pub_tmp, PR_FALSE, PR_TRUE, nullptr)); -+ if ((genFailOK) && -+ ((priv_key.get() == nullptr) || (pub_tmp == nullptr))) { -+ return SECFailure; -+ } -+ EXPECT_NE(nullptr, priv_key.get()) << "PK11_GenerateKeyPair failed: " -+ << PORT_ErrorToName(PORT_GetError()); -+ EXPECT_NE(nullptr, pub_tmp); -+ if ((priv_key.get() == nullptr) || (pub_tmp == nullptr)) return SECFailure; -+ ScopedSECKEYPublicKey pub_key(pub_tmp); -+ ScopedSECKEYPublicKey peer_pub_key_manager(nullptr); -+ SECKEYPublicKey *peer_pub_key = pub_key.get(); -+ -+ /* if a subprime has been given set it on the PKCS #11 key */ -+ if (params->subPrime.data != nullptr) { -+ SECStatus rv; -+ EXPECT_EQ(SECSuccess, rv = PK11_WriteRawAttribute( -+ PK11_TypePrivKey, priv_key.get(), CKA_SUBPRIME, -+ (SECItem *)¶ms->subPrime)) -+ << "PK11_WriteRawAttribute failed: " -+ << PORT_ErrorToString(PORT_GetError()); -+ if (rv != SECSuccess) { -+ return rv; -+ } -+ } -+ -+ /* find if we weren't passed a public value in, use the -+ * one we just generated */ -+ if (pub_key_value && pub_key_value->data) { -+ peer_pub_key = SECKEY_CopyPublicKey(pub_key.get()); -+ EXPECT_NE(nullptr, peer_pub_key); -+ if (peer_pub_key == nullptr) { -+ return SECFailure; -+ } -+ peer_pub_key->u.dh.publicValue = *pub_key_value; -+ peer_pub_key_manager.reset(peer_pub_key); -+ } -+ -+ /* now do the derive. time it and return the time if -+ * the caller requested it. */ -+ auto start = high_resolution_clock::now(); -+ ScopedPK11SymKey derivedKey(PK11_PubDerive( -+ priv_key.get(), peer_pub_key, PR_FALSE, nullptr, nullptr, -+ CKM_DH_PKCS_DERIVE, CKM_HKDF_DERIVE, CKA_DERIVE, 32, nullptr)); -+ auto stop = high_resolution_clock::now(); -+ if (!derivedKey) { -+ std::cerr << "PK11_PubDerive failed: " -+ << PORT_ErrorToString(PORT_GetError()) << std::endl; -+ } -+ -+ if (time) { -+ auto duration = duration_cast(stop - start); -+ *time = duration.count(); -+ } -+ return derivedKey ? SECSuccess : SECFailure; -+} -+ -+class SoftokenDhTest : public SoftokenTest { -+ protected: -+ SoftokenDhTest() : SoftokenTest("SoftokenDhTest.d-") {} -+ time_t reference_time[CLASS_LAST] = {0}; -+ -+ virtual void SetUp() { -+ SoftokenTest::SetUp(); -+ -+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); -+ ASSERT_TRUE(slot); -+ -+ time_t time; -+ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) { -+ PQGParams params; -+ params.prime.data = (unsigned char *)reference_prime[i]; -+ params.prime.len = reference_prime_len[i]; -+ params.base.data = (unsigned char *)g2; -+ params.base.len = sizeof(g2); -+ params.subPrime.data = nullptr; -+ params.subPrime.len = 0; -+ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); -+ reference_time[i] = time + 2 * time; -+ } -+ }; -+}; -+ -+const char *param_value(DhParamType param_type) { -+ switch (param_type) { -+ case TLS_APPROVED: -+ return "TLS_APPROVED"; -+ case IKE_APPROVED: -+ return "IKE_APPROVED"; -+ case SAFE_PRIME: -+ return "SAFE_PRIME"; -+ case SAFE_PRIME_WITH_SUBPRIME: -+ return "SAFE_PRIME_WITH_SUBPRIME"; -+ case KNOWN_SUBPRIME: -+ return "KNOWN_SUBPRIME"; -+ case UNKNOWN_SUBPRIME: -+ return "UNKNOWN_SUBPRIME"; -+ case WRONG_SUBPRIME: -+ return "WRONG_SUBPRIME"; -+ case BAD_PUB_KEY: -+ return "BAD_PUB_KEY"; -+ } -+ return "**Invalid**"; -+} -+ -+const char *key_value(DhKeyClass key_class) { -+ switch (key_class) { -+ case CLASS_1536: -+ return "CLASS_1536"; -+ case CLASS_2048: -+ return "CLASS_2048"; -+ case CLASS_3072: -+ return "CLASS_3072"; -+ case CLASS_4096: -+ return "CLASS_4096"; -+ case CLASS_6144: -+ return "CLASS_6144"; -+ case CLASS_8192: -+ return "CLASS_8192"; -+ case CLASS_LAST: -+ break; -+ } -+ return "**Invalid**"; -+} -+ -+class SoftokenDhValidate : public SoftokenDhTest, -+ public ::testing::WithParamInterface { -+}; -+ -+/* test the DH validation process. In non-fips mode, only BAD_PUB_KEY tests -+ * should fail */ -+TEST_P(SoftokenDhValidate, DhVectors) { -+ const DhTestVector dhTestValues = GetParam(); -+ std::string testId = (char *)(dhTestValues.id); -+ std::string err = "Test(" + testId + ") failed"; -+ SECStatus rv; -+ time_t time; -+ -+ PQGParams params; -+ params.prime = dhTestValues.p; -+ params.base = dhTestValues.g; -+ params.subPrime = dhTestValues.q; -+ -+ std::cerr << "Test: " + testId << std::endl -+ << "param_type: " << param_value(dhTestValues.param_type) -+ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl -+ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len) -+ << std::endl -+ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len) -+ << std::endl -+ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len) -+ << std::endl -+ << "pub_key: " -+ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len) -+ << std::endl; -+ rv = test_dh_value(¶ms, &dhTestValues.pub_key, PR_FALSE, &time); -+ -+ switch (dhTestValues.param_type) { -+ case TLS_APPROVED: -+ case IKE_APPROVED: -+ case SAFE_PRIME: -+ case UNKNOWN_SUBPRIME: -+ EXPECT_EQ(SECSuccess, rv) << err; -+ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; -+ break; -+ case KNOWN_SUBPRIME: -+ case SAFE_PRIME_WITH_SUBPRIME: -+ EXPECT_EQ(SECSuccess, rv) << err; -+ EXPECT_GT(time, reference_time[dhTestValues.key_class]) << err; -+ break; -+ case WRONG_SUBPRIME: -+ case BAD_PUB_KEY: -+ EXPECT_EQ(SECFailure, rv) << err; -+ break; -+ } -+} -+ -+INSTANTIATE_TEST_CASE_P(DhValidateCases, SoftokenDhValidate, -+ ::testing::ValuesIn(DH_TEST_VECTORS)); -+ - #ifndef NSS_FIPS_DISABLED - - class SoftokenFipsTest : public SoftokenTest { - protected: - SoftokenFipsTest() : SoftokenTest("SoftokenFipsTest.d-") {} -+ SoftokenFipsTest(const std::string &prefix) : SoftokenTest(prefix) {} - - virtual void SetUp() { - SoftokenTest::SetUp(); - - // Turn on FIPS mode (code borrowed from FipsMode in modutil/pk11.c) - char *internal_name; - ASSERT_FALSE(PK11_IsFIPS()); - internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); -- ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name)); -+ ASSERT_EQ(SECSuccess, SECMOD_DeleteInternalModule(internal_name)) -+ << PORT_ErrorToName(PORT_GetError()); - PR_smprintf_free(internal_name); - ASSERT_TRUE(PK11_IsFIPS()); - } - }; - -+class SoftokenFipsDhTest : public SoftokenFipsTest { -+ protected: -+ SoftokenFipsDhTest() : SoftokenFipsTest("SoftokenFipsDhTest.d-") {} -+ time_t reference_time[CLASS_LAST] = {0}; -+ -+ virtual void SetUp() { -+ SoftokenFipsTest::SetUp(); -+ -+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); -+ ASSERT_TRUE(slot); -+ -+ ASSERT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "")); -+ ASSERT_EQ(SECSuccess, PK11_Authenticate(slot.get(), PR_FALSE, nullptr)); -+ -+ time_t time; -+ for (int i = CLASS_FIRST; i < CLASS_LAST; i++) { -+ PQGParams params; -+ params.prime.data = (unsigned char *)reference_prime[i]; -+ params.prime.len = reference_prime_len[i]; -+ params.base.data = (unsigned char *)g2; -+ params.base.len = sizeof(g2); -+ params.subPrime.data = nullptr; -+ params.subPrime.len = 0; -+ ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); -+ reference_time[i] = time + 2 * time; -+ } -+ }; -+}; -+ - const std::vector kFipsPasswordCases[] = { - // FIPS level1 -> level1 -> level1 - {"", "", ""}, - // FIPS level1 -> level1 -> level2 - {"", "", "strong-_123"}, - // FIXME: this should work: FIPS level1 -> level2 -> level2 - // {"", "strong-_123", "strong-_456"}, - // FIPS level2 -> level2 -> level2 -@@ -608,22 +837,78 @@ TEST_P(SoftokenFipsBadPasswordTest, SetB - rv = PK11_ChangePW(slot.get(), (*prev_it).c_str(), (*it).c_str()); - if (it + 1 == passwords.end()) - EXPECT_EQ(SECFailure, rv); - else - EXPECT_EQ(SECSuccess, rv); - } - } - -+class SoftokenFipsDhValidate -+ : public SoftokenFipsDhTest, -+ public ::testing::WithParamInterface {}; -+ -+/* test the DH validation process. In fips mode, primes with unknown -+ * subprimes, and all sorts of bad public keys should fail */ -+TEST_P(SoftokenFipsDhValidate, DhVectors) { -+ const DhTestVector dhTestValues = GetParam(); -+ std::string testId = (char *)(dhTestValues.id); -+ std::string err = "Test(" + testId + ") failed"; -+ time_t time; -+ PRBool genFailOK = PR_FALSE; -+ SECStatus rv; -+ -+ PQGParams params; -+ params.prime = dhTestValues.p; -+ params.base = dhTestValues.g; -+ params.subPrime = dhTestValues.q; -+ std::cerr << "Test:" + testId << std::endl -+ << "param_type: " << param_value(dhTestValues.param_type) -+ << ", key_class: " << key_value(dhTestValues.key_class) << std::endl -+ << "p: " << DataBuffer(dhTestValues.p.data, dhTestValues.p.len) -+ << std::endl -+ << "g: " << DataBuffer(dhTestValues.g.data, dhTestValues.g.len) -+ << std::endl -+ << "q: " << DataBuffer(dhTestValues.q.data, dhTestValues.q.len) -+ << std::endl -+ << "pub_key: " -+ << DataBuffer(dhTestValues.pub_key.data, dhTestValues.pub_key.len) -+ << std::endl; -+ -+ if ((dhTestValues.param_type != TLS_APPROVED) && -+ (dhTestValues.param_type != IKE_APPROVED)) { -+ genFailOK = PR_TRUE; -+ } -+ rv = test_dh_value(¶ms, &dhTestValues.pub_key, genFailOK, &time); -+ -+ switch (dhTestValues.param_type) { -+ case TLS_APPROVED: -+ case IKE_APPROVED: -+ EXPECT_EQ(SECSuccess, rv) << err; -+ EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; -+ break; -+ case SAFE_PRIME: -+ case SAFE_PRIME_WITH_SUBPRIME: -+ case KNOWN_SUBPRIME: -+ case UNKNOWN_SUBPRIME: -+ case WRONG_SUBPRIME: -+ case BAD_PUB_KEY: -+ EXPECT_EQ(SECFailure, rv) << err; -+ break; -+ } -+} -+ - INSTANTIATE_TEST_CASE_P(FipsPasswordCases, SoftokenFipsPasswordTest, - ::testing::ValuesIn(kFipsPasswordCases)); - - INSTANTIATE_TEST_CASE_P(BadFipsPasswordCases, SoftokenFipsBadPasswordTest, - ::testing::ValuesIn(kFipsPasswordBadCases)); - -+INSTANTIATE_TEST_CASE_P(FipsDhCases, SoftokenFipsDhValidate, -+ ::testing::ValuesIn(DH_TEST_VECTORS)); - #endif - - } // namespace nss_test - - int main(int argc, char **argv) { - ::testing::InitGoogleTest(&argc, argv); - - return RUN_ALL_TESTS(); -diff --git a/gtests/softoken_gtest/softoken_gtest.gyp b/gtests/softoken_gtest/softoken_gtest.gyp ---- a/gtests/softoken_gtest/softoken_gtest.gyp -+++ b/gtests/softoken_gtest/softoken_gtest.gyp -@@ -11,16 +11,17 @@ - 'target_name': 'softoken_gtest', - 'type': 'executable', - 'sources': [ - 'softoken_gtest.cc', - 'softoken_nssckbi_testlib_gtest.cc', - ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports', -+ '<(DEPTH)/cpputil/cpputil.gyp:cpputil', - '<(DEPTH)/lib/util/util.gyp:nssutil3', - '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', - ], - 'conditions': [ - [ 'static_libs==1', { - 'dependencies': [ - '<(DEPTH)/lib/nss/nss.gyp:nss_static', - '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', -diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h ---- a/lib/freebl/blapi.h -+++ b/lib/freebl/blapi.h -@@ -375,16 +375,20 @@ extern SECStatus KEA_Derive(SECItem *pri - SECItem *derivedSecret); - - /* - * verify that a KEA or DSA public key is a valid key for this prime and - * subprime domain. - */ - extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime); - -+/* verify a value is prime */ -+PRBool KEA_PrimeCheck(SECItem *prime); -+ -+ - /**************************************** - * J-PAKE key transport - */ - - /* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x - * using the specified hash algorithm and signer ID. The signature is - * returned in the values gv and r. testRandom must be NULL for a PRNG - * generated random committment to be used in the sigature. When testRandom -diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c ---- a/lib/freebl/dh.c -+++ b/lib/freebl/dh.c -@@ -12,16 +12,17 @@ - - #include "prerr.h" - #include "secerr.h" - - #include "blapi.h" - #include "blapii.h" - #include "secitem.h" - #include "mpi.h" -+#include "mpprime.h" - #include "secmpi.h" - - #define KEA_DERIVED_SECRET_LEN 128 - - /* Lengths are in bytes. */ - static unsigned int - dh_GetSecretKeyLen(unsigned int primeLen) - { -@@ -73,17 +74,17 @@ DH_GenParam(int primeLen, DHParams **par - MP_DIGITS(&psub1) = 0; - MP_DIGITS(&test) = 0; - CHECK_MPI_OK(mp_init(&p)); - CHECK_MPI_OK(mp_init(&q)); - CHECK_MPI_OK(mp_init(&a)); - CHECK_MPI_OK(mp_init(&h)); - CHECK_MPI_OK(mp_init(&psub1)); - CHECK_MPI_OK(mp_init(&test)); -- /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */ -+ /* generate prime with MPI, uses Miller-Rabin to generate safe prime. */ - CHECK_SEC_OK(generate_prime(&p, primeLen)); - /* construct Sophie-Germain prime q = (p-1)/2. */ - CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1)); - CHECK_MPI_OK(mp_div_2(&psub1, &q)); - /* construct a generator from the prime. */ - ab = PORT_Alloc(primeLen); - if (!ab) { - PORT_SetError(SEC_ERROR_NO_MEMORY); -@@ -252,27 +253,27 @@ DH_Derive(SECItem *publicValue, - /* number of bytes in the derived secret */ - len = mp_unsigned_octet_size(&ZZ); - if (len <= 0) { - err = MP_BADARG; - goto cleanup; - } - - /* -- * We check to make sure that ZZ is not equal to 1 or -1 mod p. -+ * We check to make sure that ZZ is not equal to 0, 1 or -1 mod p. - * This helps guard against small subgroup attacks, since an attacker -- * using a subgroup of size N will produce 1 or -1 with probability 1/N. -+ * using a subgroup of size N will produce 0, 1 or -1 with probability 1/N. - * When the protocol is executed within a properly large subgroup, the - * probability of this result will be negligibly small. For example, -- * with a strong prime of the form 2p+1, the probability will be 1/p. -+ * with a safe prime of the form 2q+1, the probability will be 1/q. - * - * We return MP_BADARG because this is probably the result of a bad - * public value or a bad prime having been provided. - */ -- if (mp_cmp_d(&ZZ, 1) == 0 || -+ if (mp_cmp_d(&ZZ,0) == 0 || mp_cmp_d(&ZZ, 1) == 0 || - mp_cmp(&ZZ, &psub1) == 0) { - err = MP_BADARG; - goto cleanup; - } - - /* allocate a buffer which can hold the entire derived secret. */ - secret = PORT_Alloc(len); - if (secret == NULL) { -@@ -408,16 +409,44 @@ cleanup: - MP_TO_SEC_ERROR(err); - if (derivedSecret->data) - PORT_ZFree(derivedSecret->data, derivedSecret->len); - return SECFailure; - } - return SECSuccess; - } - -+/* Test counts based on the fact the prime and subprime -+ * were given to us */ -+static int -+dh_prime_testcount(int prime_length) -+{ -+ if (prime_length < 1024) { -+ return 50; -+ } else if (prime_length < 2048) { -+ return 40; -+ } else if (prime_length < 3072) { -+ return 56; -+ } -+ return 64; -+} -+ -+PRBool -+KEA_PrimeCheck(SECItem *prime) -+{ -+ mp_int p; -+ mp_err err=0; -+ MP_DIGITS(&p) = 0; -+ CHECK_MPI_OK(mp_init(&p)); -+ SECITEM_TO_MPINT(*prime, &p); -+ CHECK_MPI_OK(mpp_pprime(&p, dh_prime_testcount(prime->len))); -+cleanup: -+ return err ? PR_FALSE : PR_TRUE; -+} -+ - PRBool - KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) - { - mp_int p, q, y, r; - mp_err err; - int cmp = 1; /* default is false */ - if (!Y || !prime || !subPrime) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); -diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c ---- a/lib/freebl/ldvector.c -+++ b/lib/freebl/ldvector.c -@@ -348,19 +348,22 @@ static const struct FREEBLVectorStr vect - CMAC_Finish, - CMAC_Destroy, - - /* End of version 3.022 */ - ChaCha20Poly1305_Encrypt, - ChaCha20Poly1305_Decrypt, - AES_AEAD, - AESKeyWrap_EncryptKWP, -- AESKeyWrap_DecryptKWP -+ AESKeyWrap_DecryptKWP, - - /* End of version 3.023 */ -+ KEA_PrimeCheck -+ -+ /* End of version 3.024 */ - }; - - const FREEBLVector* - FREEBL_GetVector(void) - { - #ifdef FREEBL_NO_DEPEND - SECStatus rv; - #endif -diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c ---- a/lib/freebl/loader.c -+++ b/lib/freebl/loader.c -@@ -231,16 +231,24 @@ KEA_Derive(SECItem *prime, SECItem *publ - PRBool - KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime) - { - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return PR_FALSE; - return (vector->p_KEA_Verify)(Y, prime, subPrime); - } - -+PRBool -+KEA_PrimeCheck(SECItem *prime) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return PR_FALSE; -+ return (vector->p_KEA_PrimeCheck)(prime); -+} -+ - RC4Context * - RC4_CreateContext(const unsigned char *key, int len) - { - if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) - return NULL; - return (vector->p_RC4_CreateContext)(key, len); - } - -diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h ---- a/lib/freebl/loader.h -+++ b/lib/freebl/loader.h -@@ -5,17 +5,17 @@ - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - #ifndef _LOADER_H_ - #define _LOADER_H_ 1 - - #include "blapi.h" - --#define FREEBL_VERSION 0x0323 -+#define FREEBL_VERSION 0x0324 - - struct FREEBLVectorStr { - - unsigned short length; /* of this struct in bytes */ - unsigned short version; /* of this struct. */ - - RSAPrivateKey *(*p_RSA_NewKey)(int keySizeInBits, - SECItem *publicExponent); -@@ -807,16 +807,20 @@ struct FREEBLVectorStr { - unsigned char *output, - unsigned int *outputLen, - unsigned int maxOutputLen, - const unsigned char *input, - unsigned int inputLen); - - /* Version 3.023 came to here */ - -+ PRBool (*p_KEA_PrimeCheck)(SECItem *prime); -+ /* Version 3.024 came to here */ -+ -+ - /* Add new function pointers at the end of this struct and bump - * FREEBL_VERSION at the beginning of this file. */ - }; - - typedef struct FREEBLVectorStr FREEBLVector; - - #ifdef FREEBL_LOWHASH - #include "nsslowhash.h" -diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn ---- a/lib/softoken/manifest.mn -+++ b/lib/softoken/manifest.mn -@@ -39,16 +39,17 @@ CSRCS = \ - lowkey.c \ - lowpbe.c \ - padbuf.c \ - pkcs11.c \ - pkcs11c.c \ - pkcs11u.c \ - sdb.c \ - sftkdb.c \ -+ sftkdhverify.c \ - sftkhmac.c \ - sftkike.c \ - sftkmessage.c \ - sftkpars.c \ - sftkpwd.c \ - softkver.c \ - tlsprf.c \ - jpakesftk.c \ -diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c ---- a/lib/softoken/pkcs11.c -+++ b/lib/softoken/pkcs11.c -@@ -1191,16 +1191,21 @@ sftk_handlePrivateKeyObject(SFTKSession - return CKR_TEMPLATE_INCOMPLETE; - } - if (!sftk_hasAttribute(object, CKA_BASE)) { - return CKR_TEMPLATE_INCOMPLETE; - } - if (!sftk_hasAttribute(object, CKA_VALUE)) { - return CKR_TEMPLATE_INCOMPLETE; - } -+ /* allow subprime to be set after the fact */ -+ crv = sftk_defaultAttribute(object, CKA_SUBPRIME, NULL, 0); -+ if (crv != CKR_OK) { -+ return crv; -+ } - encrypt = CK_FALSE; - recover = CK_FALSE; - wrap = CK_FALSE; - break; - case CKK_EC: - if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) { - return CKR_TEMPLATE_INCOMPLETE; - } -diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c ---- a/lib/softoken/pkcs11c.c -+++ b/lib/softoken/pkcs11c.c -@@ -4738,31 +4738,37 @@ loser: - * - * This function returns - * CKR_OK if pairwise consistency check passed - * CKR_GENERAL_ERROR if pairwise consistency check failed - * other error codes if paiswise consistency check could not be - * performed, for example, CKR_HOST_MEMORY. - */ - static CK_RV --sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, -+sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, SFTKSlot *slot, - SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType) - { - /* - * Key type Mechanism type - * -------------------------------- - * For encrypt/decrypt: CKK_RSA => CKM_RSA_PKCS - * others => CKM_INVALID_MECHANISM - * - * For sign/verify: CKK_RSA => CKM_RSA_PKCS - * CKK_DSA => CKM_DSA - * CKK_EC => CKM_ECDSA - * others => CKM_INVALID_MECHANISM - * - * None of these mechanisms has a parameter. -+ * -+ * For derive CKK_DH => CKM_DH_PKCS_DERIVE -+ * CKK_EC => CKM_ECDH1_DERIVE -+ * others => CKM_INVALID_MECHANISM -+ * -+ * The parameters for these mechanisms is the public key. - */ - CK_MECHANISM mech = { 0, NULL, 0 }; - - CK_ULONG modulusLen = 0; - CK_ULONG subPrimeLen = 0; - PRBool isEncryptable = PR_FALSE; - PRBool canSignVerify = PR_FALSE; - PRBool isDerivable = PR_FALSE; -@@ -5012,34 +5018,116 @@ sftk_PairwiseConsistencyCheck(CK_SESSION - - /**********************************************/ - /* Pairwise Consistency Check for Derivation */ - /**********************************************/ - - isDerivable = sftk_isTrue(privateKey, CKA_DERIVE); - - if (isDerivable) { -- /* -- * We are not doing consistency check for Diffie-Hellman Key - -- * otherwise it would be here -- * This is also true for Elliptic Curve Diffie-Hellman keys -- * NOTE: EC keys are currently subjected to pairwise -- * consistency check for signing/verification. -- */ -- /* -- * FIPS 140-2 had the following pairwise consistency test for -- * public and private keys used for key agreement: -- * If the keys are used to perform key agreement, then the -- * cryptographic module shall create a second, compatible -- * key pair. The cryptographic module shall perform both -- * sides of the key agreement algorithm and shall compare -- * the resulting shared values. If the shared values are -- * not equal, the test shall fail. -- * This test was removed in Change Notice 3. -- */ -+ SFTKAttribute *pubAttribute = NULL; -+ CK_OBJECT_HANDLE newKey; -+ PRBool isFIPS = (slot->slotID == FIPS_SLOT_ID); -+ CK_RV crv2; -+ CK_OBJECT_CLASS secret = CKO_SECRET_KEY; -+ CK_KEY_TYPE generic = CKK_GENERIC_SECRET; -+ CK_ULONG keyLen = 128; -+ CK_BBOOL ckTrue = CK_TRUE; -+ CK_ATTRIBUTE template[] = { -+ { CKA_CLASS, &secret, sizeof(secret) }, -+ { CKA_KEY_TYPE, &generic, sizeof(generic) }, -+ { CKA_VALUE_LEN, &keyLen, sizeof(keyLen) }, -+ { CKA_DERIVE, &ckTrue, sizeof(ckTrue) } -+ }; -+ CK_ULONG templateCount = PR_ARRAY_SIZE(template); -+ CK_ECDH1_DERIVE_PARAMS ecParams; -+ -+ crv = CKR_OK; /*paranoia, already get's set before we drop to the end */ -+ /* FIPS 140-2 requires we verify that the resulting key is a valid key. -+ * The easiest way to do this is to do a derive operation, which checks -+ * the validity of the key */ -+ -+ switch (keyType) { -+ case CKK_DH: -+ mech.mechanism = CKM_DH_PKCS_DERIVE; -+ pubAttribute = sftk_FindAttribute(publicKey, CKA_VALUE); -+ if (pubAttribute == NULL) { -+ return CKR_DEVICE_ERROR; -+ } -+ mech.pParameter = pubAttribute->attrib.pValue; -+ mech.ulParameterLen = pubAttribute->attrib.ulValueLen; -+ break; -+ case CKK_EC: -+ mech.mechanism = CKM_ECDH1_DERIVE; -+ pubAttribute = sftk_FindAttribute(publicKey, CKA_EC_POINT); -+ if (pubAttribute == NULL) { -+ return CKR_DEVICE_ERROR; -+ } -+ ecParams.kdf = CKD_NULL; -+ ecParams.ulSharedDataLen = 0; -+ ecParams.pSharedData = NULL; -+ ecParams.ulPublicDataLen = pubAttribute->attrib.ulValueLen; -+ ecParams.pPublicData = pubAttribute->attrib.pValue; -+ mech.pParameter = &ecParams; -+ mech.ulParameterLen = sizeof(ecParams); -+ break; -+ default: -+ return CKR_DEVICE_ERROR; -+ } -+ -+ crv = NSC_DeriveKey(hSession, &mech, privateKey->handle, template, templateCount, &newKey); -+ if (crv != CKR_OK) { -+ sftk_FreeAttribute(pubAttribute); -+ return crv; -+ } -+ /* FIPS requires full validation, but in fipx mode NSC_Derive -+ * only does partial validation with approved primes, now handle -+ * full validation */ -+ if (isFIPS && keyType == CKK_DH) { -+ SECItem pubKey; -+ SECItem prime; -+ SECItem subPrime; -+ const SECItem *subPrimePtr = &subPrime; -+ -+ pubKey.data = pubAttribute->attrib.pValue; -+ pubKey.len = pubAttribute->attrib.ulValueLen; -+ prime.data = subPrime.data = NULL; -+ prime.len = subPrime.len = 0; -+ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); -+ if (crv != CKR_OK) { -+ goto done; -+ } -+ crv = sftk_Attribute2SecItem(NULL, &prime, privateKey, CKA_PRIME); -+ /* we ignore the return code an only look at the length */ -+ if (subPrime.len == 0) { -+ /* subprime not supplied, In this case look it up. -+ * This only works with approved primes, but in FIPS mode -+ * that's the only kine of prime that will get here */ -+ subPrimePtr = sftk_VerifyDH_Prime(&prime); -+ if (subPrimePtr == NULL) { -+ crv = CKR_GENERAL_ERROR; -+ goto done; -+ } -+ } -+ if (!KEA_Verify(&pubKey, &prime, (SECItem *)subPrimePtr)) { -+ crv = CKR_GENERAL_ERROR; -+ } -+done: -+ PORT_Free(subPrime.data); -+ PORT_Free(prime.data); -+ } -+ /* clean up before we return */ -+ sftk_FreeAttribute(pubAttribute); -+ crv2 = NSC_DestroyObject(hSession, newKey); -+ if (crv != CKR_OK) { -+ return crv; -+ } -+ if (crv2 != CKR_OK) { -+ return crv2; -+ } - } - - return CKR_OK; - } - - /* NSC_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. */ - CK_RV -@@ -5573,17 +5661,17 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS - } - if (crv == CKR_OK && !sftk_isTrue(publicKey, CKA_EXTRACTABLE)) { - crv = sftk_forceAttribute(publicKey, CKA_NEVER_EXTRACTABLE, - &cktrue, sizeof(CK_BBOOL)); - } - - if (crv == CKR_OK) { - /* Perform FIPS 140-2 pairwise consistency check. */ -- crv = sftk_PairwiseConsistencyCheck(hSession, -+ crv = sftk_PairwiseConsistencyCheck(hSession, slot, - publicKey, privateKey, key_type); - if (crv != CKR_OK) { - if (sftk_audit_enabled) { - char msg[128]; - PR_snprintf(msg, sizeof msg, - "C_GenerateKeyPair(hSession=0x%08lX, " - "pMechanism->mechanism=0x%08lX)=0x%08lX " - "self-test: pair-wise consistency test failed", -@@ -8176,50 +8264,110 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - SHA512_HashBuf(key_block, (const unsigned char *)att->attrib.pValue, - att->attrib.ulValueLen); - - crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize); - break; - - case CKM_DH_PKCS_DERIVE: { - SECItem derived, dhPublic; -- SECItem dhPrime, dhSubPrime, dhValue; -+ SECItem dhPrime, dhValue; -+ const SECItem *subPrime; - /* sourceKey - values for the local existing low key */ - /* get prime and value attributes */ - crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME); - if (crv != CKR_OK) - break; -- crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); -- if (crv != CKR_OK) { -- PORT_Free(dhPrime.data); -- break; -- } - - dhPublic.data = pMechanism->pParameter; - dhPublic.len = pMechanism->ulParameterLen; - -- /* If the caller bothered to provide Q, use Q to validate -- * the public key. */ -- crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, sourceKey, CKA_SUBPRIME); -- if (crv == CKR_OK) { -- rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime); -- PORT_Free(dhSubPrime.data); -- if (rv != SECSuccess) { -+ /* if the prime is an approved prime, we can skip all the other -+ * checks. */ -+ subPrime = sftk_VerifyDH_Prime(&dhPrime); -+ if (subPrime == NULL) { -+ SECItem dhSubPrime; -+ /* In FIPS mode we only accept approved primes */ -+ if (isFIPS) { - crv = CKR_ARGUMENTS_BAD; - PORT_Free(dhPrime.data); -- PORT_Free(dhValue.data); - break; - } -+ /* If the caller set the subprime value, it means that -+ * either the caller knows the subprime value and wants us -+ * to validate the key against the subprime, or that the -+ * caller wants us to verify that the prime is a safe prime -+ * by passing in subprime = (prime-1)/2 */ -+ dhSubPrime.data = NULL; -+ dhSubPrime.len = 0; -+ crv = sftk_Attribute2SecItem(NULL, &dhSubPrime, -+ sourceKey, CKA_SUBPRIME); -+ /* we ignore the value of crv here, We treat a valid -+ * return of len = 0 and a failure to find a subrime the same -+ * NOTE: we free the subprime in both cases depending on -+ * PORT_Free of NULL to be a noop */ -+ if (dhSubPrime.len != 0) { -+ PRBool isSafe = PR_FALSE; -+ -+ -+ /* Callers can set dhSubPrime to q=(p-1)/2 to force -+ * checks for safe primes. If so we only need to check -+ * q and p for primality and skip the group test. */ -+ rv = sftk_IsSafePrime(&dhPrime, &dhSubPrime, &isSafe); -+ if (rv != SECSuccess) { -+ /* either p or q was even and therefore not prime, -+ * we can stop processing here and fail now */ -+ crv = CKR_ARGUMENTS_BAD; -+ PORT_Free(dhPrime.data); -+ PORT_Free(dhSubPrime.data); -+ break; -+ } -+ -+ /* first make sure the primes are really prime */ -+ if (!KEA_PrimeCheck(&dhPrime)) { -+ crv = CKR_ARGUMENTS_BAD; -+ PORT_Free(dhPrime.data); -+ PORT_Free(dhSubPrime.data); -+ break; -+ } -+ if (!KEA_PrimeCheck(&dhSubPrime)) { -+ crv = CKR_ARGUMENTS_BAD; -+ PORT_Free(dhPrime.data); -+ PORT_Free(dhSubPrime.data); -+ break; -+ } -+ if (!isSafe) { -+ /* With safe primes, there is only one other small -+ * subgroup. As long as y isn't 0, 1, or -1 mod p, -+ * any other y is safe. Only do the full check for -+ * non-safe primes */ -+ if (!KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime)) { -+ crv = CKR_ARGUMENTS_BAD; -+ PORT_Free(dhPrime.data); -+ PORT_Free(dhSubPrime.data); -+ break; -+ } -+ } -+ } -+ /* checks are complete, no need for the subPrime any longer */ -+ PORT_Free(dhSubPrime.data); -+ } -+ -+ /* now that the prime is validated, get the private value */ -+ crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE); -+ if (crv != CKR_OK) { -+ PORT_Free(dhPrime.data); -+ break; - } - - /* calculate private value - oct */ - rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize); - - PORT_Free(dhPrime.data); -- PORT_Free(dhValue.data); -+ PORT_ZFree(dhValue.data, dhValue.len); - - if (rv == SECSuccess) { - sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len); - PORT_ZFree(derived.data, derived.len); - crv = CKR_OK; - } else - crv = CKR_HOST_MEMORY; - -diff --git a/lib/softoken/pkcs11i.h b/lib/softoken/pkcs11i.h ---- a/lib/softoken/pkcs11i.h -+++ b/lib/softoken/pkcs11i.h -@@ -909,11 +909,18 @@ void sftk_MAC_Destroy(sftk_MACCtx *ctx, - unsigned int sftk_CKRVToMask(CK_RV rv); - CK_RV sftk_CheckCBCPadding(CK_BYTE_PTR pBuf, unsigned int bufLen, - unsigned int blockSize, unsigned int *outPadSize); - - /* NIST 800-108 (kbkdf.c) implementations */ - extern CK_RV kbkdf_Dispatch(CK_MECHANISM_TYPE mech, CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, SFTKObject *base_key, SFTKObject *ret_key, CK_ULONG keySize); - char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args); - -+/* dh verify functions */ -+/* verify that dhPrime matches one of our known primes, and if so return -+ * it's subprime value */ -+const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime); -+/* check if dhSubPrime claims dhPrime is a safe prime. */ -+SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); -+ - SEC_END_PROTOS - - #endif /* _PKCS11I_H_ */ -diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c ---- a/lib/softoken/pkcs11u.c -+++ b/lib/softoken/pkcs11u.c -@@ -711,17 +711,16 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type, - case CKA_CLASS: - case CKA_CERTIFICATE_TYPE: - case CKA_KEY_TYPE: - case CKA_MODULUS: - case CKA_MODULUS_BITS: - case CKA_PUBLIC_EXPONENT: - case CKA_PRIVATE_EXPONENT: - case CKA_PRIME: -- case CKA_SUBPRIME: - case CKA_BASE: - case CKA_PRIME_1: - case CKA_PRIME_2: - case CKA_EXPONENT_1: - case CKA_EXPONENT_2: - case CKA_COEFFICIENT: - case CKA_VALUE_LEN: - case CKA_ALWAYS_SENSITIVE: -@@ -762,16 +761,21 @@ sftk_modifyType(CK_ATTRIBUTE_TYPE type, - mtype = SFTK_ALWAYS; - break; - - /* DEPENDS ON CLASS */ - case CKA_VALUE: - mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER; - break; - -+ case CKA_SUBPRIME: -+ /* allow the CKA_SUBPRIME to be added to dh private keys */ -+ mtype = (inClass == CKO_PRIVATE_KEY) ? SFTK_ALWAYS : SFTK_NEVER; -+ break; -+ - case CKA_SUBJECT: - mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS; - break; - default: - break; - } - return mtype; - } -diff --git a/lib/softoken/sftkdhverify.c b/lib/softoken/sftkdhverify.c -new file mode 100644 ---- /dev/null -+++ b/lib/softoken/sftkdhverify.c -@@ -0,0 +1,1283 @@ -+ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+/* -+ * This file makes sure a prime given to us matches one of the known -+ * approved primes for diffie-helman. -+ * -+ * It also checks if a prime is a safe prime for the case -+ * where we don't match an approved prime. -+ */ -+#include "seccomon.h" -+#include "secitem.h" -+#include "secerr.h" -+#include "blapi.h" -+ -+/* IKE 1536 prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } */ -+static const unsigned char prime_ike_1536[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* IKE 2048 prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 */ -+static const unsigned char prime_ike_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* TLS 2048 prime is: 2^2048 - 2^1984 + {[2^1918 * e] + 560316 } * 2^64 - 1 */ -+static const unsigned char prime_tls_2048[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* IKE 3072 prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } */ -+static const unsigned char prime_ike_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* TLS 3072 prime is: 2^3072 - 2^3008 + {[2^2942 * e] + 2625351} * 2^64 - 1 */ -+static const unsigned char prime_tls_3072[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0xC6, 0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* IKE 4096 prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } */ -+static const unsigned char prime_ike_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* TLS 4096 prime is: 2^4096 - 2^4032 + {[2^3966 * e] + 5736041} * 2^64 - 1 */ -+static const unsigned char prime_tls_4096[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* IKE 6144 prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } */ -+static const unsigned char prime_ike_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, -+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, -+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, -+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, -+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, -+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, -+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, -+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, -+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, -+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* TLS 6144 prime is: 2^6144 - 2^6080 + {[2^6014 * e] + 15705020} * 2^64 - 1 */ -+static const unsigned char prime_tls_6144[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, -+ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, -+ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, -+ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, -+ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, -+ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, -+ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, -+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, -+ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, -+ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, -+ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, -+ 0xD0, 0xE4, 0x0E, 0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* IKE 8192 prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } */ -+static const unsigned char prime_ike_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, -+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, -+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, -+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, -+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, -+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, -+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, -+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, -+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, -+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, -+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, -+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, -+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, -+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, -+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, -+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, -+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, -+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, -+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, -+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, -+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, -+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, -+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, -+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, -+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, -+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, -+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, -+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, -+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, -+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, -+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, -+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, -+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, -+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, -+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, -+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, -+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, -+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, -+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, -+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, -+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, -+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, -+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, -+ 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, -+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, -+ 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, -+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, -+ 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, -+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, -+ 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, -+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, -+ 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, -+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, -+ 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, -+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, -+ 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, -+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, -+ 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, -+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, -+ 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, -+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, -+ 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, -+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, -+ 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, -+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, -+ 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, -+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, -+ 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, -+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, -+ 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, -+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, -+ 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, -+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, -+ 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, -+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, -+ 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, -+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, -+ 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, -+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, -+ 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, -+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, -+ 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, -+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, -+ 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, -+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* TLS 8192 prime is: 2^8192 - 2^8128 + {[2^8062 * e] + 10965728} * 2^64 - 1 */ -+static const unsigned char prime_tls_8192[] = { -+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, -+ 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, -+ 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, 0xE1, 0x36, 0x41, -+ 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, -+ 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, 0xF6, 0x81, 0xB2, 0x02, -+ 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, -+ 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, -+ 0x3D, 0xED, 0x1A, 0xF3, 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, -+ 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, -+ 0xF3, 0xEF, 0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, -+ 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, -+ 0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, -+ 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, 0x42, 0xA3, -+ 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, -+ 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, 0x9E, 0x02, 0xFC, 0xE1, -+ 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, -+ 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, -+ 0xEE, 0xF2, 0x81, 0x83, 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, -+ 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, -+ 0x7D, 0x16, 0x83, 0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, -+ 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, -+ 0x65, 0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, -+ 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, 0x26, -+ 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, -+ 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, 0x13, 0x0C, 0x93, -+ 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, -+ 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, 0x5C, 0xAE, 0x82, 0xAB, -+ 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, -+ 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, -+ 0xD5, 0xC4, 0x48, 0x4E, 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, -+ 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, -+ 0x66, 0x9E, 0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, -+ 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, -+ 0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, -+ 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, 0xC8, 0x86, -+ 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, -+ 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, 0x6D, 0xC7, 0x78, 0xF9, -+ 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, -+ 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, -+ 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, -+ 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, -+ 0xF4, 0x41, 0x82, 0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, -+ 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, -+ 0x38, 0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, -+ 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, 0x64, -+ 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, -+ 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, 0x1F, 0x5C, 0x3E, -+ 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, -+ 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, 0xB8, 0x55, 0x32, 0x2E, -+ 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, -+ 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, -+ 0x18, 0x30, 0x23, 0xC3, 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, -+ 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, -+ 0x77, 0xCA, 0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, -+ 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, -+ 0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, -+ 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, 0x2C, 0x31, -+ 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, -+ 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, 0x8C, 0xCF, 0x2D, 0xD5, -+ 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, -+ 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, -+ 0x9A, 0xDB, 0x1E, 0x69, 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, -+ 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, -+ 0xCF, 0xF4, 0x6A, 0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, -+ 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, -+ 0xC9, 0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, -+ 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, 0x42, -+ 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, -+ 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, 0x38, 0x88, 0x39, -+ 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, -+ 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, 0x59, 0x16, 0x0C, 0xC0, -+ 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, -+ 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, -+ 0x09, 0x70, 0x3F, 0xEE, 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, -+ 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, -+ 0x50, 0xC1, 0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, -+ 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, -+ 0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, -+ 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, 0x5D, 0xFE, -+ 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, -+ 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, 0x2F, 0x74, 0x1E, 0xF8, -+ 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, -+ 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, -+ 0xA9, 0xF4, 0x61, 0x4E, 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, -+ 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, -+ 0xFF, 0xFF, 0xFF, 0xFF -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_1536 */ -+static const unsigned char subprime_ike_1536_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x11, 0xb9, 0x93, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_2048 */ -+static const unsigned char subprime_ike_2048_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x56, 0x55, 0x34, 0x7f, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_2048 */ -+static const unsigned char subprime_tls_2048_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_3072 */ -+static const unsigned char subprime_ike_3072_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x9d, 0x69, 0x65, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_3072 */ -+static const unsigned char subprime_tls_3072_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x63, 0x17, 0x1b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_4096 */ -+static const unsigned char subprime_ike_4096_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x03, 0x18, 0xcc, -+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_4096 */ -+static const unsigned char subprime_tls_4096_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x32, 0xaf, 0xb5, -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_6144 */ -+static const unsigned char subprime_ike_6144_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, -+ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, -+ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, -+ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, -+ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, -+ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, -+ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, -+ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, -+ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, -+ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, -+ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, -+ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, -+ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, -+ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, -+ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, -+ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, -+ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, -+ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, -+ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, -+ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, -+ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, -+ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, -+ 0x36, 0xe6, 0x20, 0x12, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_6144 */ -+static const unsigned char subprime_tls_6144_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, -+ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, -+ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, -+ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, -+ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, -+ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, -+ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, -+ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, -+ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, -+ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, -+ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, -+ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, -+ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, -+ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, -+ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, -+ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, -+ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, -+ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, -+ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, -+ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, -+ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, -+ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, -+ 0x68, 0x72, 0x07, 0x32, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_ike_8192 */ -+static const unsigned char subprime_ike_8192_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4, 0x87, 0xed, 0x51, -+ 0x10, 0xb4, 0x61, 0x1a, 0x62, 0x63, 0x31, 0x45, 0xc0, 0x6e, 0x0e, 0x68, -+ 0x94, 0x81, 0x27, 0x04, 0x45, 0x33, 0xe6, 0x3a, 0x01, 0x05, 0xdf, 0x53, -+ 0x1d, 0x89, 0xcd, 0x91, 0x28, 0xa5, 0x04, 0x3c, 0xc7, 0x1a, 0x02, 0x6e, -+ 0xf7, 0xca, 0x8c, 0xd9, 0xe6, 0x9d, 0x21, 0x8d, 0x98, 0x15, 0x85, 0x36, -+ 0xf9, 0x2f, 0x8a, 0x1b, 0xa7, 0xf0, 0x9a, 0xb6, 0xb6, 0xa8, 0xe1, 0x22, -+ 0xf2, 0x42, 0xda, 0xbb, 0x31, 0x2f, 0x3f, 0x63, 0x7a, 0x26, 0x21, 0x74, -+ 0xd3, 0x1b, 0xf6, 0xb5, 0x85, 0xff, 0xae, 0x5b, 0x7a, 0x03, 0x5b, 0xf6, -+ 0xf7, 0x1c, 0x35, 0xfd, 0xad, 0x44, 0xcf, 0xd2, 0xd7, 0x4f, 0x92, 0x08, -+ 0xbe, 0x25, 0x8f, 0xf3, 0x24, 0x94, 0x33, 0x28, 0xf6, 0x72, 0x2d, 0x9e, -+ 0xe1, 0x00, 0x3e, 0x5c, 0x50, 0xb1, 0xdf, 0x82, 0xcc, 0x6d, 0x24, 0x1b, -+ 0x0e, 0x2a, 0xe9, 0xcd, 0x34, 0x8b, 0x1f, 0xd4, 0x7e, 0x92, 0x67, 0xaf, -+ 0xc1, 0xb2, 0xae, 0x91, 0xee, 0x51, 0xd6, 0xcb, 0x0e, 0x31, 0x79, 0xab, -+ 0x10, 0x42, 0xa9, 0x5d, 0xcf, 0x6a, 0x94, 0x83, 0xb8, 0x4b, 0x4b, 0x36, -+ 0xb3, 0x86, 0x1a, 0xa7, 0x25, 0x5e, 0x4c, 0x02, 0x78, 0xba, 0x36, 0x04, -+ 0x65, 0x0c, 0x10, 0xbe, 0x19, 0x48, 0x2f, 0x23, 0x17, 0x1b, 0x67, 0x1d, -+ 0xf1, 0xcf, 0x3b, 0x96, 0x0c, 0x07, 0x43, 0x01, 0xcd, 0x93, 0xc1, 0xd1, -+ 0x76, 0x03, 0xd1, 0x47, 0xda, 0xe2, 0xae, 0xf8, 0x37, 0xa6, 0x29, 0x64, -+ 0xef, 0x15, 0xe5, 0xfb, 0x4a, 0xac, 0x0b, 0x8c, 0x1c, 0xca, 0xa4, 0xbe, -+ 0x75, 0x4a, 0xb5, 0x72, 0x8a, 0xe9, 0x13, 0x0c, 0x4c, 0x7d, 0x02, 0x88, -+ 0x0a, 0xb9, 0x47, 0x2d, 0x45, 0x55, 0x62, 0x16, 0xd6, 0x99, 0x8b, 0x86, -+ 0x82, 0x28, 0x3d, 0x19, 0xd4, 0x2a, 0x90, 0xd5, 0xef, 0x8e, 0x5d, 0x32, -+ 0x76, 0x7d, 0xc2, 0x82, 0x2c, 0x6d, 0xf7, 0x85, 0x45, 0x75, 0x38, 0xab, -+ 0xae, 0x83, 0x06, 0x3e, 0xd9, 0xcb, 0x87, 0xc2, 0xd3, 0x70, 0xf2, 0x63, -+ 0xd5, 0xfa, 0xd7, 0x46, 0x6d, 0x84, 0x99, 0xeb, 0x8f, 0x46, 0x4a, 0x70, -+ 0x25, 0x12, 0xb0, 0xce, 0xe7, 0x71, 0xe9, 0x13, 0x0d, 0x69, 0x77, 0x35, -+ 0xf8, 0x97, 0xfd, 0x03, 0x6c, 0xc5, 0x04, 0x32, 0x6c, 0x3b, 0x01, 0x39, -+ 0x9f, 0x64, 0x35, 0x32, 0x29, 0x0f, 0x95, 0x8c, 0x0b, 0xbd, 0x90, 0x06, -+ 0x5d, 0xf0, 0x8b, 0xab, 0xbd, 0x30, 0xae, 0xb6, 0x3b, 0x84, 0xc4, 0x60, -+ 0x5d, 0x6c, 0xa3, 0x71, 0x04, 0x71, 0x27, 0xd0, 0x3a, 0x72, 0xd5, 0x98, -+ 0xa1, 0xed, 0xad, 0xfe, 0x70, 0x7e, 0x88, 0x47, 0x25, 0xc1, 0x68, 0x90, -+ 0x54, 0x90, 0x84, 0x00, 0x8d, 0x39, 0x1e, 0x09, 0x53, 0xc3, 0xf3, 0x6b, -+ 0xc4, 0x38, 0xcd, 0x08, 0x5e, 0xdd, 0x2d, 0x93, 0x4c, 0xe1, 0x93, 0x8c, -+ 0x35, 0x7a, 0x71, 0x1e, 0x0d, 0x4a, 0x34, 0x1a, 0x5b, 0x0a, 0x85, 0xed, -+ 0x12, 0xc1, 0xf4, 0xe5, 0x15, 0x6a, 0x26, 0x74, 0x6d, 0xdd, 0xe1, 0x6d, -+ 0x82, 0x6f, 0x47, 0x7c, 0x97, 0x47, 0x7e, 0x0a, 0x0f, 0xdf, 0x65, 0x53, -+ 0x14, 0x3e, 0x2c, 0xa3, 0xa7, 0x35, 0xe0, 0x2e, 0xcc, 0xd9, 0x4b, 0x27, -+ 0xd0, 0x48, 0x61, 0xd1, 0x11, 0x9d, 0xd0, 0xc3, 0x28, 0xad, 0xf3, 0xf6, -+ 0x8f, 0xb0, 0x94, 0xb8, 0x67, 0x71, 0x6b, 0xd7, 0xdc, 0x0d, 0xee, 0xbb, -+ 0x10, 0xb8, 0x24, 0x0e, 0x68, 0x03, 0x48, 0x93, 0xea, 0xd8, 0x2d, 0x54, -+ 0xc9, 0xda, 0x75, 0x4c, 0x46, 0xc7, 0xee, 0xe0, 0xc3, 0x7f, 0xdb, 0xee, -+ 0x48, 0x53, 0x60, 0x47, 0xa6, 0xfa, 0x1a, 0xe4, 0x9a, 0x01, 0x42, 0x49, -+ 0x1b, 0x61, 0xfd, 0x5a, 0x69, 0x3e, 0x38, 0x13, 0x60, 0xea, 0x6e, 0x59, -+ 0x30, 0x13, 0x23, 0x6f, 0x64, 0xba, 0x8f, 0x3b, 0x1e, 0xdd, 0x1b, 0xde, -+ 0xfc, 0x7f, 0xca, 0x03, 0x56, 0xcf, 0x29, 0x87, 0x72, 0xed, 0x9c, 0x17, -+ 0xa0, 0x98, 0x00, 0xd7, 0x58, 0x35, 0x29, 0xf6, 0xc8, 0x13, 0xec, 0x18, -+ 0x8b, 0xcb, 0x93, 0xd8, 0x43, 0x2d, 0x44, 0x8c, 0x6d, 0x1f, 0x6d, 0xf5, -+ 0xe7, 0xcd, 0x8a, 0x76, 0xa2, 0x67, 0x36, 0x5d, 0x67, 0x6a, 0x5d, 0x8d, -+ 0xed, 0xbf, 0x8a, 0x23, 0xf3, 0x66, 0x12, 0xa5, 0x99, 0x90, 0x28, 0xa8, -+ 0x95, 0xeb, 0xd7, 0xa1, 0x37, 0xdc, 0x7a, 0x00, 0x9b, 0xc6, 0x69, 0x5f, -+ 0xac, 0xc1, 0xe5, 0x00, 0xe3, 0x25, 0xc9, 0x76, 0x78, 0x19, 0x75, 0x0a, -+ 0xe8, 0xb9, 0x0e, 0x81, 0xfa, 0x41, 0x6b, 0xe7, 0x37, 0x3a, 0x7f, 0x7b, -+ 0x6a, 0xaf, 0x38, 0x17, 0xa3, 0x4c, 0x06, 0x41, 0x5a, 0xd4, 0x20, 0x18, -+ 0xc8, 0x05, 0x8e, 0x4f, 0x2c, 0xf3, 0xe4, 0xbf, 0xdf, 0x63, 0xf4, 0x79, -+ 0x91, 0xd4, 0xbd, 0x3f, 0x1b, 0x66, 0x44, 0x5f, 0x07, 0x8e, 0xa2, 0xdb, -+ 0xff, 0xac, 0x2d, 0x62, 0xa5, 0xea, 0x03, 0xd9, 0x15, 0xa0, 0xaa, 0x55, -+ 0x66, 0x47, 0xb6, 0xbf, 0x5f, 0xa4, 0x70, 0xec, 0x0a, 0x66, 0x2f, 0x69, -+ 0x07, 0xc0, 0x1b, 0xf0, 0x53, 0xcb, 0x8a, 0xf7, 0x79, 0x4d, 0xf1, 0x94, -+ 0x03, 0x50, 0xea, 0xc5, 0xdb, 0xe2, 0xed, 0x3b, 0x7a, 0xa8, 0x55, 0x1e, -+ 0xc5, 0x0f, 0xdf, 0xf8, 0x75, 0x8c, 0xe6, 0x58, 0xd1, 0x89, 0xea, 0xae, -+ 0x6d, 0x2b, 0x64, 0xf6, 0x17, 0x79, 0x4b, 0x19, 0x1c, 0x3f, 0xf4, 0x6b, -+ 0xb7, 0x1e, 0x02, 0x34, 0x02, 0x1f, 0x47, 0xb3, 0x1f, 0xa4, 0x30, 0x77, -+ 0x09, 0x5f, 0x96, 0xad, 0x85, 0xba, 0x3a, 0x6b, 0x73, 0x4a, 0x7c, 0x8f, -+ 0x36, 0xdf, 0x08, 0xac, 0xba, 0x51, 0xc9, 0x37, 0x89, 0x7f, 0x72, 0xf2, -+ 0x1c, 0x3b, 0xbe, 0x5b, 0x54, 0x99, 0x6f, 0xc6, 0x6c, 0x5f, 0x62, 0x68, -+ 0x39, 0xdc, 0x98, 0xdd, 0x1d, 0xe4, 0x19, 0x5b, 0x46, 0xce, 0xe9, 0x80, -+ 0x3a, 0x0f, 0xd3, 0xdf, 0xc5, 0x7e, 0x23, 0xf6, 0x92, 0xbb, 0x7b, 0x49, -+ 0xb5, 0xd2, 0x12, 0x33, 0x1d, 0x55, 0xb1, 0xce, 0x2d, 0x72, 0x7a, 0xb4, -+ 0x1a, 0x11, 0xda, 0x3a, 0x15, 0xf8, 0xe4, 0xbc, 0x11, 0xc7, 0x8b, 0x65, -+ 0xf1, 0xce, 0xb2, 0x96, 0xf1, 0xfe, 0xdc, 0x5f, 0x7e, 0x42, 0x45, 0x6c, -+ 0x91, 0x11, 0x17, 0x02, 0x52, 0x01, 0xbe, 0x03, 0x89, 0xf5, 0xab, 0xd4, -+ 0x0d, 0x11, 0xf8, 0x63, 0x9a, 0x39, 0xfe, 0x32, 0x36, 0x75, 0x18, 0x35, -+ 0xa5, 0xe5, 0xe4, 0x43, 0x17, 0xc1, 0xc2, 0xee, 0xfd, 0x4e, 0xa5, 0xbf, -+ 0xd1, 0x60, 0x43, 0xf4, 0x3c, 0xb4, 0x19, 0x81, 0xf6, 0xad, 0xee, 0x9d, -+ 0x03, 0x15, 0x9e, 0x7a, 0xd9, 0xd1, 0x3c, 0x53, 0x36, 0x95, 0x09, 0xfc, -+ 0x1f, 0xa2, 0x7c, 0x16, 0xef, 0x98, 0x87, 0x70, 0x3a, 0x55, 0xb5, 0x1b, -+ 0x22, 0xcb, 0xf4, 0x4c, 0xd0, 0x12, 0xae, 0xe0, 0xb2, 0x79, 0x8e, 0x62, -+ 0x84, 0x23, 0x42, 0x8e, 0xfc, 0xd5, 0xa4, 0x0c, 0xae, 0xf6, 0xbf, 0x50, -+ 0xd8, 0xea, 0x88, 0x5e, 0xbf, 0x73, 0xa6, 0xb9, 0xfd, 0x79, 0xb5, 0xe1, -+ 0x8f, 0x67, 0xd1, 0x34, 0x1a, 0xc8, 0x23, 0x7a, 0x75, 0xc3, 0xcf, 0xc9, -+ 0x20, 0x04, 0xa1, 0xc5, 0xa4, 0x0e, 0x36, 0x6b, 0xc4, 0x4d, 0x00, 0x17, -+ 0x6a, 0xf7, 0x1c, 0x15, 0xe4, 0x8c, 0x86, 0xd3, 0x7e, 0x01, 0x37, 0x23, -+ 0xca, 0xac, 0x72, 0x23, 0xab, 0x3b, 0xf4, 0xd5, 0x4f, 0x18, 0x28, 0x71, -+ 0x3b, 0x2b, 0x4a, 0x6f, 0xe4, 0x0f, 0xab, 0x74, 0x40, 0x5c, 0xb7, 0x38, -+ 0xb0, 0x64, 0xc0, 0x6e, 0xcc, 0x76, 0xe9, 0xef, 0xff, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+/* q=(p-1)/2 for prime prime_tls_8192 */ -+static const unsigned char subprime_tls_8192_data[] = { -+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c, -+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78, -+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20, -+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c, -+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01, -+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0, -+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa, -+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a, -+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed, -+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a, -+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1, -+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd, -+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51, -+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c, -+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70, -+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0, -+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19, -+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9, -+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1, -+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd, -+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x8f, 0xe7, 0xee, 0x6f, 0x1a, 0xad, 0x9d, -+ 0xb2, 0x8c, 0x81, 0xad, 0xde, 0x1a, 0x7a, 0x6f, 0x7c, 0xce, 0x01, 0x1c, -+ 0x30, 0xda, 0x37, 0xe4, 0xeb, 0x73, 0x64, 0x83, 0xbd, 0x6c, 0x8e, 0x93, -+ 0x48, 0xfb, 0xfb, 0xf7, 0x2c, 0xc6, 0x58, 0x7d, 0x60, 0xc3, 0x6c, 0x8e, -+ 0x57, 0x7f, 0x09, 0x84, 0xc2, 0x89, 0xc9, 0x38, 0x5a, 0x09, 0x86, 0x49, -+ 0xde, 0x21, 0xbc, 0xa2, 0x7a, 0x7e, 0xa2, 0x29, 0x71, 0x6b, 0xa6, 0xe9, -+ 0xb2, 0x79, 0x71, 0x0f, 0x38, 0xfa, 0xa5, 0xff, 0xae, 0x57, 0x41, 0x55, -+ 0xce, 0x4e, 0xfb, 0x4f, 0x74, 0x36, 0x95, 0xe2, 0x91, 0x1b, 0x1d, 0x06, -+ 0xd5, 0xe2, 0x90, 0xcb, 0xcd, 0x86, 0xf5, 0x6d, 0x0e, 0xdf, 0xcd, 0x21, -+ 0x6a, 0xe2, 0x24, 0x27, 0x05, 0x5e, 0x68, 0x35, 0xfd, 0x29, 0xee, 0xf7, -+ 0x9e, 0x0d, 0x90, 0x77, 0x1f, 0xea, 0xce, 0xbe, 0x12, 0xf2, 0x0e, 0x95, -+ 0xb3, 0x4f, 0x0f, 0x78, 0xb7, 0x37, 0xa9, 0x61, 0x8b, 0x26, 0xfa, 0x7d, -+ 0xbc, 0x98, 0x74, 0xf2, 0x72, 0xc4, 0x2b, 0xdb, 0x56, 0x3e, 0xaf, 0xa1, -+ 0x6b, 0x4f, 0xb6, 0x8c, 0x3b, 0xb1, 0xe7, 0x8e, 0xaa, 0x81, 0xa0, 0x02, -+ 0x43, 0xfa, 0xad, 0xd2, 0xbf, 0x18, 0xe6, 0x3d, 0x38, 0x9a, 0xe4, 0x43, -+ 0x77, 0xda, 0x18, 0xc5, 0x76, 0xb5, 0x0f, 0x00, 0x96, 0xcf, 0x34, 0x19, -+ 0x54, 0x83, 0xb0, 0x05, 0x48, 0xc0, 0x98, 0x62, 0x36, 0xe3, 0xbc, 0x7c, -+ 0xb8, 0xd6, 0x80, 0x1c, 0x04, 0x94, 0xcc, 0xd1, 0x99, 0xe5, 0xc5, 0xbd, -+ 0x0d, 0x0e, 0xdc, 0x9e, 0xb8, 0xa0, 0x00, 0x1e, 0x15, 0x27, 0x67, 0x54, -+ 0xfc, 0xc6, 0x85, 0x66, 0x05, 0x41, 0x48, 0xe6, 0xe7, 0x64, 0xbe, 0xe7, -+ 0xc7, 0x64, 0xda, 0xad, 0x3f, 0xc4, 0x52, 0x35, 0xa6, 0xda, 0xd4, 0x28, -+ 0xfa, 0x20, 0xc1, 0x70, 0xe3, 0x45, 0x00, 0x3f, 0x2f, 0x06, 0xec, 0x81, -+ 0x05, 0xfe, 0xb2, 0x5b, 0x22, 0x81, 0xb6, 0x3d, 0x27, 0x33, 0xbe, 0x96, -+ 0x1c, 0x29, 0x95, 0x1d, 0x11, 0xdd, 0x22, 0x21, 0x65, 0x7a, 0x9f, 0x53, -+ 0x1d, 0xda, 0x2a, 0x19, 0x4d, 0xbb, 0x12, 0x64, 0x48, 0xbd, 0xee, 0xb2, -+ 0x58, 0xe0, 0x7e, 0xa6, 0x59, 0xc7, 0x46, 0x19, 0xa6, 0x38, 0x0e, 0x1d, -+ 0x66, 0xd6, 0x83, 0x2b, 0xfe, 0x67, 0xf6, 0x38, 0xcd, 0x8f, 0xae, 0x1f, -+ 0x27, 0x23, 0x02, 0x0f, 0x9c, 0x40, 0xa3, 0xfd, 0xa6, 0x7e, 0xda, 0x3b, -+ 0xd2, 0x92, 0x38, 0xfb, 0xd4, 0xd4, 0xb4, 0x88, 0x5c, 0x2a, 0x99, 0x17, -+ 0x6d, 0xb1, 0xa0, 0x6c, 0x50, 0x07, 0x78, 0x49, 0x1a, 0x82, 0x88, 0xf1, -+ 0x85, 0x5f, 0x60, 0xff, 0xfc, 0xf1, 0xd1, 0x37, 0x3f, 0xd9, 0x4f, 0xc6, -+ 0x0c, 0x18, 0x11, 0xe1, 0xac, 0x3f, 0x1c, 0x6d, 0x00, 0x3b, 0xec, 0xda, -+ 0x3b, 0x1f, 0x27, 0x25, 0xca, 0x59, 0x5d, 0xe0, 0xca, 0x63, 0x32, 0x8f, -+ 0x3b, 0xe5, 0x7c, 0xc9, 0x77, 0x55, 0x60, 0x11, 0x95, 0x14, 0x0d, 0xfb, -+ 0x59, 0xd3, 0x9c, 0xe0, 0x91, 0x30, 0x8b, 0x41, 0x05, 0x74, 0x6d, 0xac, -+ 0x23, 0xd3, 0x3e, 0x5f, 0x7c, 0xe4, 0x84, 0x8d, 0xa3, 0x16, 0xa9, 0xc6, -+ 0x6b, 0x95, 0x81, 0xba, 0x35, 0x73, 0xbf, 0xaf, 0x31, 0x14, 0x96, 0x18, -+ 0x8a, 0xb1, 0x54, 0x23, 0x28, 0x2e, 0xe4, 0x16, 0xdc, 0x2a, 0x19, 0xc5, -+ 0x72, 0x4f, 0xa9, 0x1a, 0xe4, 0xad, 0xc8, 0x8b, 0xc6, 0x67, 0x96, 0xea, -+ 0xe5, 0x67, 0x7a, 0x01, 0xf6, 0x4e, 0x8c, 0x08, 0x63, 0x13, 0x95, 0x82, -+ 0x2d, 0x9d, 0xb8, 0xfc, 0xee, 0x35, 0xc0, 0x6b, 0x1f, 0xee, 0xa5, 0x47, -+ 0x4d, 0x6d, 0x8f, 0x34, 0xb1, 0x53, 0x4a, 0x93, 0x6a, 0x18, 0xb0, 0xe0, -+ 0xd2, 0x0e, 0xab, 0x86, 0xbc, 0x9c, 0x6d, 0x6a, 0x52, 0x07, 0x19, 0x4e, -+ 0x67, 0xfa, 0x35, 0x55, 0x1b, 0x56, 0x80, 0x26, 0x7b, 0x00, 0x64, 0x1c, -+ 0x0f, 0x21, 0x2d, 0x18, 0xec, 0xa8, 0xd7, 0x32, 0x7e, 0xd9, 0x1f, 0xe7, -+ 0x64, 0xa8, 0x4e, 0xa1, 0xb4, 0x3f, 0xf5, 0xb4, 0xf6, 0xe8, 0xe6, 0x2f, -+ 0x05, 0xc6, 0x61, 0xde, 0xfb, 0x25, 0x88, 0x77, 0xc3, 0x5b, 0x18, 0xa1, -+ 0x51, 0xd5, 0xc4, 0x14, 0xaa, 0xad, 0x97, 0xba, 0x3e, 0x49, 0x93, 0x32, -+ 0xe5, 0x96, 0x07, 0x8e, 0x60, 0x0d, 0xeb, 0x81, 0x14, 0x9c, 0x44, 0x1c, -+ 0xe9, 0x57, 0x82, 0xf2, 0x2a, 0x28, 0x25, 0x63, 0xc5, 0xba, 0xc1, 0x41, -+ 0x14, 0x23, 0x60, 0x5d, 0x1a, 0xe1, 0xaf, 0xae, 0x2c, 0x8b, 0x06, 0x60, -+ 0x23, 0x7e, 0xc1, 0x28, 0xaa, 0x0f, 0xe3, 0x46, 0x4e, 0x43, 0x58, 0x11, -+ 0x5d, 0xb8, 0x4c, 0xc3, 0xb5, 0x23, 0x07, 0x3a, 0x28, 0xd4, 0x54, 0x98, -+ 0x84, 0xb8, 0x1f, 0xf7, 0x0e, 0x10, 0xbf, 0x36, 0x1c, 0x13, 0x72, 0x96, -+ 0x28, 0xd5, 0x34, 0x8f, 0x07, 0x21, 0x1e, 0x7e, 0x4c, 0xf4, 0xf1, 0x8b, -+ 0x28, 0x60, 0x90, 0xbd, 0xb1, 0x24, 0x0b, 0x66, 0xd6, 0xcd, 0x4a, 0xfc, -+ 0xea, 0xdc, 0x00, 0xca, 0x44, 0x6c, 0xe0, 0x50, 0x50, 0xff, 0x18, 0x3a, -+ 0xd2, 0xbb, 0xf1, 0x18, 0xc1, 0xfc, 0x0e, 0xa5, 0x1f, 0x97, 0xd2, 0x2b, -+ 0x8f, 0x7e, 0x46, 0x70, 0x5d, 0x45, 0x27, 0xf4, 0x5b, 0x42, 0xae, 0xff, -+ 0x39, 0x58, 0x53, 0x37, 0x6f, 0x69, 0x7d, 0xd5, 0xfd, 0xf2, 0xc5, 0x18, -+ 0x7d, 0x7d, 0x5f, 0x0e, 0x2e, 0xb8, 0xd4, 0x3f, 0x17, 0xba, 0x0f, 0x7c, -+ 0x60, 0xff, 0x43, 0x7f, 0x53, 0x5d, 0xfe, 0xf2, 0x98, 0x33, 0xbf, 0x86, -+ 0xcb, 0xe8, 0x8e, 0xa4, 0xfb, 0xd4, 0x22, 0x1e, 0x84, 0x11, 0x72, 0x83, -+ 0x54, 0xfa, 0x30, 0xa7, 0x00, 0x8f, 0x15, 0x4a, 0x41, 0xc7, 0xfc, 0x46, -+ 0x6b, 0x46, 0x45, 0xdb, 0xe2, 0xe3, 0x21, 0x26, 0x7f, 0xff, 0xff, 0xff, -+ 0xff, 0xff, 0xff, 0xff, -+}; -+ -+static const SECItem subprime_ike_1536= -+ { siBuffer, -+ (unsigned char *)subprime_ike_1536_data, -+ sizeof(subprime_ike_1536_data) }; -+static const SECItem subprime_ike_2048= -+ { siBuffer, -+ (unsigned char *) subprime_ike_2048_data, -+ sizeof(subprime_ike_2048_data) }; -+static const SECItem subprime_ike_3072= -+ { siBuffer, -+ (unsigned char *) subprime_ike_3072_data, -+ sizeof(subprime_ike_3072_data) }; -+static const SECItem subprime_ike_4096= -+ { siBuffer, -+ (unsigned char *) subprime_ike_4096_data, -+ sizeof(subprime_ike_4096_data) }; -+static const SECItem subprime_ike_6144= -+ { siBuffer, -+ (unsigned char *) subprime_ike_6144_data, -+ sizeof(subprime_ike_6144_data) }; -+static const SECItem subprime_ike_8192= -+ { siBuffer, -+ (unsigned char *) subprime_ike_8192_data, -+ sizeof(subprime_ike_8192_data) }; -+static const SECItem subprime_tls_2048= -+ { siBuffer, -+ (unsigned char *) subprime_tls_2048_data, -+ sizeof(subprime_tls_2048_data) }; -+static const SECItem subprime_tls_3072= -+ { siBuffer, -+ (unsigned char *) subprime_tls_3072_data, -+ sizeof(subprime_tls_3072_data) }; -+static const SECItem subprime_tls_4096= -+ { siBuffer, -+ (unsigned char *) subprime_tls_4096_data, -+ sizeof(subprime_tls_4096_data) }; -+static const SECItem subprime_tls_6144= -+ { siBuffer, -+ (unsigned char *) subprime_tls_6144_data, -+ sizeof(subprime_tls_6144_data) }; -+static const SECItem subprime_tls_8192= -+ { siBuffer, -+ (unsigned char *) subprime_tls_8192_data, -+ sizeof(subprime_tls_8192_data) }; -+ -+/* -+ * verify that dhPrime matches one of our known primes -+ */ -+const SECItem * -+sftk_VerifyDH_Prime(SECItem *dhPrime) -+{ -+ /* use the length to decide which primes to check */ -+ switch (dhPrime->len) { -+ case 1536 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_ike_1536, -+ sizeof(prime_ike_1536)) == 0) { -+ return &subprime_ike_1536; -+ } -+ break; -+ case 2048 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_tls_2048, -+ sizeof(prime_tls_2048)) == 0) { -+ return &subprime_tls_2048; -+ } -+ if (PORT_Memcmp(dhPrime->data, prime_ike_2048, -+ sizeof(prime_ike_2048)) == 0) { -+ return &subprime_ike_2048; -+ } -+ break; -+ case 3072 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_tls_3072, -+ sizeof(prime_tls_3072)) == 0) { -+ return &subprime_tls_3072; -+ } -+ if (PORT_Memcmp(dhPrime->data, prime_ike_3072, -+ sizeof(prime_ike_3072)) == 0) { -+ return &subprime_ike_3072; -+ } -+ break; -+ case 4096 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_tls_4096, -+ sizeof(prime_tls_4096)) == 0) { -+ return &subprime_tls_4096; -+ } -+ if (PORT_Memcmp(dhPrime->data, prime_ike_4096, -+ sizeof(prime_ike_4096)) == 0) { -+ return &subprime_ike_4096; -+ } -+ break; -+ case 6144 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_tls_6144, -+ sizeof(prime_tls_6144)) == 0) { -+ return &subprime_tls_6144; -+ } -+ if (PORT_Memcmp(dhPrime->data, prime_ike_6144, -+ sizeof(prime_ike_6144)) == 0) { -+ return &subprime_ike_6144; -+ } -+ break; -+ case 8192 / PR_BITS_PER_BYTE: -+ if (PORT_Memcmp(dhPrime->data, prime_tls_8192, -+ sizeof(prime_tls_8192)) == 0) { -+ return &subprime_tls_8192; -+ } -+ if (PORT_Memcmp(dhPrime->data, prime_ike_8192, -+ sizeof(prime_ike_8192)) == 0) { -+ return &subprime_ike_8192; -+ } -+ break; -+ } -+ /* no match found, return an error */ -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return NULL; -+} -+ -+ -+/* Use the provided subPrime to see if dhPrime is a safe prime. We'll check -+ * primality of those values later. */ -+SECStatus -+sftk_IsSafePrime(const SECItem *dhPrime, const SECItem *dhSubPrime, PRBool *isSafe) -+{ -+ int i; -+ unsigned char carry = 0; -+ int offset = 0, subPrimeLen = dhPrime->len; -+ *isSafe = PR_FALSE; -+ -+ /* Both dhPrime and dhSubPrime should be odd */ -+ if (((dhPrime->data[dhPrime->len - 1] & 0x1) != 1) && ((dhSubPrime->data[dhSubPrime->len - 1] & 0x1) != 1)) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return SECFailure; -+ } -+ -+ /* subPrime is p-1/2, which means subPrime is 1 bit shorter than p. -+ * It's length in bytes is the same unless the high byte of p == 1 or 0. -+ */ -+ if (dhPrime->data[0] <= 1) { -+ subPrimeLen--; -+ offset++; -+ carry = (dhPrime->data[0]) << 7; -+ } -+ -+ /* if subprime len is notlong enough it is not a strong prime */ -+ if (dhSubPrime->len != subPrimeLen) { -+ return SECSuccess; -+ } -+ -+ /* does the subprime match q == (p-1)/2 */ -+ for (i = 0; i < subPrimeLen; i++) { -+ if (dhSubPrime->data[i] != -+ (carry | ((dhPrime->data[i + offset] >> 1) & 0x7f))) { -+ return SECSuccess; -+ } -+ carry = ((dhPrime->data[i + offset] & 1) << 7) & 0x80; -+ } -+ /* subPrime for p claims to be q=(p-1)/2. So the caller thinks p -+ * is a strong prime, just need to check primality of p and q to verify */ -+ *isSafe = PR_TRUE; -+ return SECSuccess; -+} -diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp ---- a/lib/softoken/softoken.gyp -+++ b/lib/softoken/softoken.gyp -@@ -51,16 +51,17 @@ - 'kbkdf.c', - 'lowkey.c', - 'lowpbe.c', - 'padbuf.c', - 'pkcs11.c', - 'pkcs11c.c', - 'pkcs11u.c', - 'sdb.c', -+ 'sftkdhverify.c', - 'sftkdb.c', - 'sftkhmac.c', - 'sftkike.c', - 'sftkmessage.c', - 'sftkpars.c', - 'sftkpwd.c', - 'softkver.c', - 'tlsprf.c' diff --git a/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch b/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch deleted file mode 100644 index 5e452d4..0000000 --- a/SOURCES/nss-3.53.1-fix-deadlock-in-init-context.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/lib/pk11wrap/pk11cxt.c b/lib/pk11wrap/pk11cxt.c ---- a/lib/pk11wrap/pk11cxt.c -+++ b/lib/pk11wrap/pk11cxt.c -@@ -52,16 +52,37 @@ PK11_ExitContextMonitor(PK11Context *cx) - if ((cx->ownSession) && (cx->slot->isThreadSafe)) { - /* Should this use monitors instead? */ - PZ_Unlock(cx->sessionLock); - } else { - PK11_ExitSlotMonitor(cx->slot); - } - } - -+static void -+pk11_releaseSlotMonitor(PK11Context *cx) -+{ -+ if ((cx->ownSession) && (cx->slot->isThreadSafe)) { -+ return; -+ } else { -+ PK11_ExitSlotMonitor(cx->slot); -+ } -+} -+ -+static void -+pk11_reacquireSlotMonitor(PK11Context *cx) -+{ -+ if ((cx->ownSession) && (cx->slot->isThreadSafe)) { -+ return; -+ } else { -+ PK11_EnterSlotMonitor(cx->slot); -+ } -+} -+ -+ - /* - * Free up a Cipher Context - */ - void - PK11_DestroyContext(PK11Context *context, PRBool freeit) - { - pk11_CloseSession(context->slot, context->session, context->ownSession); - /* initialize the critical fields of the context */ -@@ -166,27 +187,33 @@ pk11_contextInitMessage(PK11Context *con - context->simulate_message = PR_FALSE; - /* check that we can do the Message interface. We need to check - * for either 1) are we using a PKCS #11 v3 interface and 2) is the - * Message flag set on the mechanism. If either is false we simulate - * the message interface for the Encrypt and Decrypt cases using the - * PKCS #11 V2 interface. - * Sign and verify do not have V2 interfaces, so we go ahead and fail - * if those cases */ -+ /* release the monitor before calling DoesMechanism */ -+ pk11_releaseSlotMonitor(context); - if ((version.major >= 3) && - PK11_DoesMechanismFlag(slot, (mech)->mechanism, flags)) { -+ /* restore it before calling the init function */ -+ pk11_reacquireSlotMonitor(context); - crv = (*initFunc)((context)->session, (mech), (key)->objectID); - if ((crv == CKR_FUNCTION_NOT_SUPPORTED) || - (crv == CKR_MECHANISM_INVALID)) { - /* we have a 3.0 interface, and the flag was set (or ignored) - * but the implementation was not there, use the V2 interface */ - crv = (scrv); - context->simulate_message = PR_TRUE; - } - } else { -+ /* restore the monitor */ -+ pk11_reacquireSlotMonitor(context); - crv = (scrv); - context->simulate_message = PR_TRUE; - } - return crv; - } - - /* - * Context initialization. Used by all flavors of CreateContext diff --git a/SOURCES/nss-3.53.1-no-small-primes.patch b/SOURCES/nss-3.53.1-no-small-primes.patch deleted file mode 100644 index c297c43..0000000 --- a/SOURCES/nss-3.53.1-no-small-primes.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes ./gtests/softoken_gtest/softoken_dh_vectors.h ---- ./gtests/softoken_gtest/softoken_dh_vectors.h.no-small-primes 2020-10-04 00:52:25.008998541 +0300 -+++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2020-10-04 00:54:50.095503256 +0300 -@@ -2869,7 +2869,7 @@ static const DhTestVector DH_TEST_VECTOR - {siBuffer, (unsigned char *)g2, sizeof(g2)}, - {siBuffer, NULL, 0}, - {siBuffer, NULL, 0}, -- IKE_APPROVED, -+ SAFE_PRIME, - CLASS_1536}, - {"IKE 2048", - {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, -@@ -2949,7 +2949,7 @@ static const DhTestVector DH_TEST_VECTOR - {siBuffer, (unsigned char *)sub2_prime_ike_1536, - sizeof(sub2_prime_ike_1536)}, - {siBuffer, NULL, 0}, -- IKE_APPROVED, -+ SAFE_PRIME, - CLASS_1536}, - {"IKE 2048 with subprime", - {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, diff --git a/SOURCES/nss-3.53.1-remove-timing-tests.patch b/SOURCES/nss-3.53.1-remove-timing-tests.patch deleted file mode 100644 index 33b88ba..0000000 --- a/SOURCES/nss-3.53.1-remove-timing-tests.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up ./gtests/softoken_gtest/softoken_gtest.cc.remove_timing_test ./gtests/softoken_gtest/softoken_gtest.cc ---- ./gtests/softoken_gtest/softoken_gtest.cc.remove_timing_test 2020-07-30 08:34:30.404750663 -0700 -+++ ./gtests/softoken_gtest/softoken_gtest.cc 2020-07-30 08:43:39.640495618 -0700 -@@ -605,11 +605,14 @@ SECStatus test_dh_value(const PQGParams - class SoftokenDhTest : public SoftokenTest { - protected: - SoftokenDhTest() : SoftokenTest("SoftokenDhTest.d-") {} -+#ifdef NSS_USE_REFERENCE_TIME - time_t reference_time[CLASS_LAST] = {0}; -+#endif - - virtual void SetUp() { - SoftokenTest::SetUp(); - -+#ifdef NSS_USE_REFERENCE_TIME - ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); - ASSERT_TRUE(slot); - -@@ -625,6 +628,7 @@ class SoftokenDhTest : public SoftokenTe - ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); - reference_time[i] = time + 2 * time; - } -+#endif - }; - }; - -@@ -708,12 +712,16 @@ TEST_P(SoftokenDhValidate, DhVectors) { - case SAFE_PRIME: - case UNKNOWN_SUBPRIME: - EXPECT_EQ(SECSuccess, rv) << err; -+#ifdef NSS_USE_REFERENCE_TIME - EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; -+#endif - break; - case KNOWN_SUBPRIME: - case SAFE_PRIME_WITH_SUBPRIME: - EXPECT_EQ(SECSuccess, rv) << err; -+#ifdef NSS_USE_REFERENCE_TIME - EXPECT_GT(time, reference_time[dhTestValues.key_class]) << err; -+#endif - break; - case WRONG_SUBPRIME: - case BAD_PUB_KEY: -@@ -749,7 +757,9 @@ class SoftokenFipsTest : public Softoken - class SoftokenFipsDhTest : public SoftokenFipsTest { - protected: - SoftokenFipsDhTest() : SoftokenFipsTest("SoftokenFipsDhTest.d-") {} -+#ifdef NSS_USE_REFERENCE_TIME - time_t reference_time[CLASS_LAST] = {0}; -+#endif - - virtual void SetUp() { - SoftokenFipsTest::SetUp(); -@@ -760,6 +770,7 @@ class SoftokenFipsDhTest : public Softok - ASSERT_EQ(SECSuccess, PK11_InitPin(slot.get(), nullptr, "")); - ASSERT_EQ(SECSuccess, PK11_Authenticate(slot.get(), PR_FALSE, nullptr)); - -+#ifdef NSS_USE_REFERENCE_TIME - time_t time; - for (int i = CLASS_FIRST; i < CLASS_LAST; i++) { - PQGParams params; -@@ -772,6 +783,7 @@ class SoftokenFipsDhTest : public Softok - ASSERT_EQ(SECSuccess, test_dh_value(¶ms, nullptr, PR_FALSE, &time)); - reference_time[i] = time + 2 * time; - } -+#endif - }; - }; - -@@ -883,7 +895,9 @@ TEST_P(SoftokenFipsDhValidate, DhVectors - case TLS_APPROVED: - case IKE_APPROVED: - EXPECT_EQ(SECSuccess, rv) << err; -+#ifdef NSS_USE_REFERENCE_TIME - EXPECT_LE(time, reference_time[dhTestValues.key_class]) << err; -+#endif - break; - case SAFE_PRIME: - case SAFE_PRIME_WITH_SUBPRIME: diff --git a/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch b/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch deleted file mode 100644 index 3902f9f..0000000 --- a/SOURCES/nss-3.53.1-tls-flood-CVE-2020-25648.patch +++ /dev/null @@ -1,161 +0,0 @@ - -# HG changeset patch -# User Daiki Ueno -# Date 1602524521 0 -# Node ID 57bbefa793232586d27cee83e74411171e128361 -# Parent 6e3bc17f05086854ffd2b06f7fae9371f7a0c174 -Bug 1641480, TLS 1.3: tighten CCS handling in compatibility mode, r=mt - -This makes the server reject CCS when the client doesn't indicate the -use of the middlebox compatibility mode with a non-empty -ClientHello.legacy_session_id, or it sends multiple CCS in a row. - -original patch: -Differential Revision: https://phabricator.services.mozilla.com/D79994 - -# Modified for nss-3.53.1 by rrelyea -diff -up ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc ---- ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood 2020-06-16 15:50:59.000000000 -0700 -+++ ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2021-02-18 10:54:28.170458465 -0800 -@@ -348,6 +348,85 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph - client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); - } - -+// The server rejects a ChangeCipherSpec if the client advertises an -+// empty session ID. -+TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { -+ EnsureTlsSetup(); -+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -+ -+ StartConnect(); -+ client_->Handshake(); // Send ClientHello -+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS -+ -+ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -+ server_->Handshake(); // Consume ClientHello and CCS -+ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+} -+ -+// The server rejects multiple ChangeCipherSpec even if the client -+// indicates compatibility mode with non-empty session ID. -+TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) { -+ EnsureTlsSetup(); -+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -+ EnableCompatMode(); -+ -+ StartConnect(); -+ client_->Handshake(); // Send ClientHello -+ // Send CCS twice in a row -+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -+ -+ server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -+ server_->Handshake(); // Consume ClientHello and CCS. -+ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+} -+ -+// The client rejects a ChangeCipherSpec if it advertises an empty -+// session ID. -+TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { -+ EnsureTlsSetup(); -+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -+ -+ // To replace Finished with a CCS below -+ auto filter = MakeTlsFilter(server_); -+ filter->SetHandshakeTypes({kTlsHandshakeFinished}); -+ filter->EnableDecryption(); -+ -+ StartConnect(); -+ client_->Handshake(); // Send ClientHello -+ server_->Handshake(); // Consume ClientHello, and -+ // send ServerHello..CertificateVerify -+ // Send CCS -+ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -+ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -+ client_->Handshake(); // Consume ClientHello and CCS -+ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+} -+ -+// The client rejects multiple ChangeCipherSpec in a row even if the -+// client indicates compatibility mode with non-empty session ID. -+TEST_F(Tls13CompatTest, ChangeCipherSpecAfterServerHelloTwice) { -+ EnsureTlsSetup(); -+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -+ EnableCompatMode(); -+ -+ // To replace Finished with a CCS below -+ auto filter = MakeTlsFilter(server_); -+ filter->SetHandshakeTypes({kTlsHandshakeFinished}); -+ filter->EnableDecryption(); -+ -+ StartConnect(); -+ client_->Handshake(); // Send ClientHello -+ server_->Handshake(); // Consume ClientHello, and -+ // send ServerHello..CertificateVerify -+ // the ServerHello is followed by CCS -+ // Send another CCS -+ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -+ client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -+ client_->Handshake(); // Consume ClientHello and CCS -+ client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+} -+ - // If we negotiate 1.2, we abort. - TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHello12) { - EnsureTlsSetup(); -diff -up ./lib/ssl/ssl3con.c.tls-flood ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.tls-flood 2021-02-18 10:54:28.152458362 -0800 -+++ ./lib/ssl/ssl3con.c 2021-02-18 10:59:46.699353968 -0800 -@@ -6621,7 +6621,11 @@ ssl_CheckServerSessionIdCorrectness(sslS - - /* TLS 1.3: We sent a session ID. The server's should match. */ - if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { -- return sidMatch; -+ if (sidMatch) { -+ ss->ssl3.hs.allowCcs = PR_TRUE; -+ return PR_TRUE; -+ } -+ return PR_FALSE; - } - - /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ -@@ -8640,6 +8644,7 @@ ssl3_HandleClientHello(sslSocket *ss, PR - errCode = PORT_GetError(); - goto alert_loser; - } -+ ss->ssl3.hs.allowCcs = PR_TRUE; - } - - /* TLS 1.3 requires that compression include only null. */ -@@ -13005,8 +13010,15 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip - ss->ssl3.hs.ws != idle_handshake && - cText->buf->len == 1 && - cText->buf->buf[0] == change_cipher_spec_choice) { -- /* Ignore the CCS. */ -- return SECSuccess; -+ if (ss->ssl3.hs.allowCcs) { -+ /* Ignore the first CCS. */ -+ ss->ssl3.hs.allowCcs = PR_FALSE; -+ return SECSuccess; -+ } -+ -+ /* Compatibility mode is not negotiated. */ -+ alert = unexpected_message; -+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); - } - - if (IS_DTLS(ss) || -diff -up ./lib/ssl/sslimpl.h.tls-flood ./lib/ssl/sslimpl.h ---- ./lib/ssl/sslimpl.h.tls-flood 2021-02-18 10:54:28.172458477 -0800 -+++ ./lib/ssl/sslimpl.h 2021-02-18 11:01:43.100051582 -0800 -@@ -712,6 +712,10 @@ typedef struct SSL3HandshakeStateStr { - * or received. */ - PRBool receivedCcs; /* A server received ChangeCipherSpec - * before the handshake started. */ -+ PRBool allowCcs; /* A server allows ChangeCipherSpec -+ * as the middlebox compatibility mode -+ * is explicitly indicarted by -+ * legacy_session_id in TLS 1.3 ClientHello. */ - PRBool clientCertRequested; /* True if CertificateRequest received. */ - ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def - * we use for TLS 1.3 */ diff --git a/SOURCES/nss-3.53.1-tls-flood-update.patch b/SOURCES/nss-3.53.1-tls-flood-update.patch deleted file mode 100644 index 3dd8f11..0000000 --- a/SOURCES/nss-3.53.1-tls-flood-update.patch +++ /dev/null @@ -1,131 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1603691171 -3600 -# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f -# Parent 6f79a76958129dc09c353c288f115fd9a51ab7d4 -Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt - -Summary: -This flips the meaning of the flag for checking excessive CCS -messages, so it only rejects multiple CCS messages while the first CCS -message is always accepted. - -Reviewers: mt - -Reviewed By: mt - -Bug #: 1672703 - -Differential Revision: https://phabricator.services.mozilla.com/D94603 -updated by rrelyea for NSS 3.53 - -diff -up ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood-update ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc ---- ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc.tls-flood-update 2021-02-22 09:57:04.632375045 -0800 -+++ ./gtests/ssl_gtest/ssl_tls13compat_unittest.cc 2021-02-22 09:57:04.635375062 -0800 -@@ -348,8 +348,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph - client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); - } - --// The server rejects a ChangeCipherSpec if the client advertises an --// empty session ID. -+// The server accepts a ChangeCipherSpec even if the client advertises -+// an empty session ID. - TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { - EnsureTlsSetup(); - ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -@@ -358,9 +358,8 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph - client_->Handshake(); // Send ClientHello - client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS - -- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -- server_->Handshake(); // Consume ClientHello and CCS -- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ Handshake(); -+ CheckConnected(); - } - - // The server rejects multiple ChangeCipherSpec even if the client -@@ -381,7 +380,7 @@ TEST_F(Tls13CompatTest, ChangeCipherSpec - server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); - } - --// The client rejects a ChangeCipherSpec if it advertises an empty -+// The client accepts a ChangeCipherSpec even if it advertises an empty - // session ID. - TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { - EnsureTlsSetup(); -@@ -398,9 +397,10 @@ TEST_F(TlsConnectStreamTls13, ChangeCiph - // send ServerHello..CertificateVerify - // Send CCS - server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -- client_->Handshake(); // Consume ClientHello and CCS -- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ -+ // No alert is sent from the client. As Finished is dropped, we -+ // can't use Handshake() and CheckConnected(). -+ client_->Handshake(); - } - - // The client rejects multiple ChangeCipherSpec in a row even if the -diff -up ./lib/ssl/ssl3con.c.tls-flood-update ./lib/ssl/ssl3con.c ---- ./lib/ssl/ssl3con.c.tls-flood-update 2021-02-22 09:57:04.633375051 -0800 -+++ ./lib/ssl/ssl3con.c 2021-02-22 10:00:18.659488889 -0800 -@@ -6621,11 +6621,7 @@ ssl_CheckServerSessionIdCorrectness(sslS - - /* TLS 1.3: We sent a session ID. The server's should match. */ - if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { -- if (sidMatch) { -- ss->ssl3.hs.allowCcs = PR_TRUE; -- return PR_TRUE; -- } -- return PR_FALSE; -+ return sidMatch; - } - - /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ -@@ -8644,7 +8640,6 @@ ssl3_HandleClientHello(sslSocket *ss, PR - errCode = PORT_GetError(); - goto alert_loser; - } -- ss->ssl3.hs.allowCcs = PR_TRUE; - } - - /* TLS 1.3 requires that compression include only null. */ -@@ -13010,15 +13005,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip - ss->ssl3.hs.ws != idle_handshake && - cText->buf->len == 1 && - cText->buf->buf[0] == change_cipher_spec_choice) { -- if (ss->ssl3.hs.allowCcs) { -- /* Ignore the first CCS. */ -- ss->ssl3.hs.allowCcs = PR_FALSE; -+ if (!ss->ssl3.hs.rejectCcs) { -+ /* Allow only the first CCS. */ -+ ss->ssl3.hs.rejectCcs = PR_TRUE; - return SECSuccess; -+ } else { -+ alert = unexpected_message; -+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); - } -- -- /* Compatibility mode is not negotiated. */ -- alert = unexpected_message; -- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); - } - - if (IS_DTLS(ss) || -diff -up ./lib/ssl/sslimpl.h.tls-flood-update ./lib/ssl/sslimpl.h ---- ./lib/ssl/sslimpl.h.tls-flood-update 2021-02-22 09:57:04.637375073 -0800 -+++ ./lib/ssl/sslimpl.h 2021-02-22 10:01:46.451003953 -0800 -@@ -712,10 +712,7 @@ typedef struct SSL3HandshakeStateStr { - * or received. */ - PRBool receivedCcs; /* A server received ChangeCipherSpec - * before the handshake started. */ -- PRBool allowCcs; /* A server allows ChangeCipherSpec -- * as the middlebox compatibility mode -- * is explicitly indicarted by -- * legacy_session_id in TLS 1.3 ClientHello. */ -+ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */ - PRBool clientCertRequested; /* True if CertificateRequest received. */ - ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def - * we use for TLS 1.3 */ diff --git a/SOURCES/nss-3.63-profile_fix.patch b/SOURCES/nss-3.63-profile_fix.patch deleted file mode 100644 index 64c54c2..0000000 --- a/SOURCES/nss-3.63-profile_fix.patch +++ /dev/null @@ -1,55 +0,0 @@ - -# HG changeset patch -# User Robert Relyea -# Date 1614193447 28800 -# Node ID d827295ca19058d6b73692be38d528fd6ae9ab08 -# Parent 80793a75363d262804531f064a1936bf0fbd3d82 -Bug 1694392 NSS does not work with PKCS #11 modules not supporting profiles -r=ueno,bbeurdouche - -User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0 - -Steps to reproduce: - -Using NSS with PKCS #11 library that returns CKR_ATTRIBUTE_VALUE_INVALID when searching for CKA_CLASS = CKO_PROFILE. - -Actual results: - -PK11_InitToken calls pk11_ReadProfileList and passes on failures. Thus, if the profiles cannot be read the token cannot be initialized. -pk11_ReadProfileList in turn uses pk11_FindObjectsByTemplate to search for CKO_PROFILE objects. This function fails if C_FindObjectsInit fails. -However, it should be perfectly ok that C_FindObjectsInit fails if CKO_PROFILE is not known. In fact, CKR_ATTRIBUTE_VALUE_INVALID is a valid return code here since the library does not know (yet) the value CKO_PROFILE for CKA_CLASS and since the CKA_CLASS is a fixed list it the standard allows to return this error code. - -Expected results: - -PK11_InitToken should complete successfully. - -Differential Revision: https://phabricator.services.mozilla.com/D106167 - -diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c ---- a/lib/pk11wrap/pk11slot.c -+++ b/lib/pk11wrap/pk11slot.c -@@ -1364,20 +1364,19 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo - if (!slot->isThreadSafe) - PK11_ExitSlotMonitor(slot); - } - - status = nssToken_Refresh(slot->nssToken); - if (status != PR_SUCCESS) - return SECFailure; - -- rv = pk11_ReadProfileList(slot); -- if (rv != SECSuccess) { -- return SECFailure; -- } -+ /* Not all tokens have profile objects or even recognize what profile -+ * objects are it's OK for pk11_ReadProfileList to fail */ -+ (void) pk11_ReadProfileList(slot); - - if (!(slot->isInternal) && (slot->hasRandom)) { - /* if this slot has a random number generater, use it to add entropy - * to the internal slot. */ - PK11SlotInfo *int_slot = PK11_GetInternalSlot(); - - if (int_slot) { - unsigned char random_bytes[32]; - diff --git a/SOURCES/nss-3.66-disable-external-host-test.patch b/SOURCES/nss-3.66-disable-external-host-test.patch new file mode 100644 index 0000000..7f04502 --- /dev/null +++ b/SOURCES/nss-3.66-disable-external-host-test.patch @@ -0,0 +1,14 @@ +diff -up ./tests/ssl/ssl.sh.brew ./tests/ssl/ssl.sh +--- ./tests/ssl/ssl.sh.brew 2021-06-12 11:37:46.153265942 -0700 ++++ ./tests/ssl/ssl.sh 2021-06-12 11:39:43.069925034 -0700 +@@ -1641,7 +1641,9 @@ ssl_run_tests() + if [ "${TEST_MODE}" = "SHARED_DB" ] ; then + ssl_policy_listsuites + ssl_policy_selfserv +- ssl_policy_pkix_ocsp ++ # requires access to external servers, which fails ++ # when running in brew ++ #ssl_policy_pkix_ocsp + ssl_policy + fi + ;; diff --git a/SOURCES/nss-3.66-no-combo-tests.patch b/SOURCES/nss-3.66-no-combo-tests.patch new file mode 100644 index 0000000..32f7c35 --- /dev/null +++ b/SOURCES/nss-3.66-no-combo-tests.patch @@ -0,0 +1,217 @@ +diff -up ./gtests/freebl_gtest/rsa_unittest.cc.oldsoft ./gtests/freebl_gtest/rsa_unittest.cc +--- ./gtests/freebl_gtest/rsa_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/freebl_gtest/rsa_unittest.cc 2021-06-11 19:06:57.778552974 +0000 +@@ -9,6 +9,7 @@ + + #include "blapi.h" + #include "secitem.h" ++#include "prenv.h" + + template + struct ScopedDelete { +@@ -76,6 +77,13 @@ TEST_F(RSATest, DecryptBlockTestErrors) + in_small, sizeof(in_small)); + EXPECT_EQ(SECFailure, rv); + ++ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env) { ++ std::cerr << "Skipping RSA blapi DecryptBlockTestErrors because of" ++ << " semantic differences between old and new softoken." ++ << std::endl; ++ } ++ + uint8_t in[256] = {0}; + // This should fail because the padding checks will fail, + // however, mitigations for Bleichenbacher attacks transform failures +diff -up ./gtests/pk11_gtest/pk11_ike_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_ike_unittest.cc +--- ./gtests/pk11_gtest/pk11_ike_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/pk11_gtest/pk11_ike_unittest.cc 2021-06-11 19:41:20.381137781 +0000 +@@ -12,8 +12,10 @@ + #include "pk11pub.h" + #include "secerr.h" + #include "sechash.h" ++#include "hasht.h" + #include "util.h" + #include "databuffer.h" ++#include "prenv.h" + + #include "testvectors/ike-sha1-vectors.h" + #include "testvectors/ike-sha256-vectors.h" +@@ -23,6 +25,24 @@ + + namespace nss_test { + ++unsigned mech_to_size(CK_MECHANISM_TYPE mech) { ++ switch (mech) { ++ case CKM_SHA_1_HMAC: ++ return SHA1_LENGTH; ++ case CKM_SHA256_HMAC: ++ return SHA256_LENGTH; ++ case CKM_SHA384_HMAC: ++ return SHA384_LENGTH; ++ case CKM_SHA512_HMAC: ++ return SHA512_LENGTH; ++ case CKM_AES_XCBC_MAC: ++ return AES_BLOCK_SIZE; ++ default: ++ break; ++ } ++ return 0; ++} ++ + class Pkcs11IkeTest : public ::testing::TestWithParam< + std::tuple> { + protected: +@@ -59,6 +79,7 @@ class Pkcs11IkeTest : public ::testing:: + ScopedPK11SymKey gxy_key = nullptr; + ScopedPK11SymKey prev_key = nullptr; + ScopedPK11SymKey ikm = ImportKey(ikm_item); ++ unsigned hashsize = mech_to_size(prf_mech); + + // IKE_PRF structure (used in cases 1, 2 and 3) + CK_NSS_IKE_PRF_DERIVE_PARAMS nss_ike_prf_params = { +@@ -148,6 +169,14 @@ class Pkcs11IkeTest : public ::testing:: + ScopedPK11SymKey okm = ScopedPK11SymKey( + PK11_Derive(ikm.get(), derive_mech, ¶ms_item, + CKM_GENERIC_SECRET_KEY_GEN, CKA_DERIVE, vec.size)); ++ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env && (derive_mech == CKM_NSS_IKE1_APP_B_PRF_DERIVE) && ++ (vec.size <= hashsize)) { ++ std::cerr << "Skipping Test #" << std::to_string(vec.id) ++ << ". Old tokens process APP B Prf for small keys incorrectly" ++ << std::endl; ++ return; ++ } + if (vec.valid) { + ASSERT_NE(nullptr, okm.get()) << msg; + ASSERT_EQ(SECSuccess, PK11_ExtractKeyValue(okm.get())) << msg; +diff -up ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc +--- ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/pk11_gtest/pk11_rsaencrypt_unittest.cc 2021-06-11 19:06:57.779552981 +0000 +@@ -14,6 +14,7 @@ + #include "nss_scoped_ptrs.h" + #include "pk11pub.h" + #include "databuffer.h" ++#include "prenv.h" + + #include "testvectors/rsa_pkcs1_2048_test-vectors.h" + #include "testvectors/rsa_pkcs1_3072_test-vectors.h" +@@ -45,6 +46,14 @@ class RsaDecryptWycheproofTest + rv = PK11_PrivDecryptPKCS1(priv_key.get(), decrypted.data(), &decrypted_len, + decrypted.size(), vec.ct.data(), vec.ct.size()); + ++ // semantics changed since the old softken ++ char *env = PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env && vec.valid && (rv == SECFailure)) { ++ std::cerr << "Skipping Decrypt test. Old softoken failed on bad data," ++ << "New softoken generates fake data" << std::endl; ++ return; ++ } ++ + if (vec.valid) { + EXPECT_EQ(SECSuccess, rv); + decrypted.resize(decrypted_len); +diff -up ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc +--- ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/pk11_gtest/pk11_rsaoaep_unittest.cc 2021-06-11 19:06:57.780552988 +0000 +@@ -13,6 +13,7 @@ + #include "nss.h" + #include "nss_scoped_ptrs.h" + #include "pk11pub.h" ++#include "prenv.h" + + #include "testvectors/rsa_oaep_2048_sha1_mgf1sha1-vectors.h" + #include "testvectors/rsa_oaep_2048_sha256_mgf1sha1-vectors.h" +@@ -161,6 +162,12 @@ TEST(Pkcs11RsaOaepTest, TestOaepWrapUnwr + rv = PK11_ExtractKeyValue(to_wrap.get()); + ASSERT_EQ(rv, SECSuccess); + ++ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env) { ++ std::cerr << "Skipping OAEP test, not supported in old softoken\n"; ++ return; ++ } ++ + // References owned by PKCS#11 layer; no need to scope and free. + SECItem* expectedItem = PK11_GetKeyData(to_wrap.get()); + +diff -up ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.oldsoft ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc +--- ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc 2021-06-11 19:06:57.781552995 +0000 +@@ -16,6 +16,7 @@ + #include "secerr.h" + #include "sechash.h" + #include "pk11_signature_test.h" ++#include "prenv.h" + + #include "testvectors/rsa_signature_2048_sha224-vectors.h" + #include "testvectors/rsa_signature_2048_sha256-vectors.h" +@@ -175,6 +176,13 @@ TEST(RsaPkcs1Test, Pkcs1MinimumPadding) + SECItem hash_item = {siBuffer, toUcharPtr(hash.data()), + static_cast(hash.len())}; + SECItem sig_item = {siBuffer, toUcharPtr(sig.data()), sig_len}; ++ ++ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env) { ++ std::cerr << "Skipping pkcs1 padding test, not supported in old softoken\n"; ++ return; ++ } ++ + rv = VFY_VerifyDigestDirect(&hash_item, short_pub.get(), &sig_item, + SEC_OID_PKCS1_RSA_ENCRYPTION, SEC_OID_SHA512, + nullptr); +diff -up ./gtests/pk11_gtest/pk11_signature_test.cc.oldsoft ./gtests/pk11_gtest/pk11_signature_test.cc +--- ./gtests/pk11_gtest/pk11_signature_test.cc.oldsoft 2021-05-28 09:50:43.000000000 +0000 ++++ ./gtests/pk11_gtest/pk11_signature_test.cc 2021-06-11 19:06:57.781552995 +0000 +@@ -4,6 +4,7 @@ + + #include + #include "nss.h" ++#include "prenv.h" + #include "pk11pub.h" + #include "sechash.h" + #include "prerror.h" +@@ -77,6 +78,25 @@ bool Pk11SignatureTest::SignData(ScopedS + EXPECT_LT(0, (int)sigLen); + sig->Allocate(static_cast(sigLen)); + ++ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env != NULL) { ++ std::cerr << "Skipping combo mechanism 0x" << std::hex << combo_ ++ << ", no token support.\n"; ++ DataBuffer hash; ++ if (!ComputeHash(data, &hash)) { ++ ADD_FAILURE() << "Failed to compute hash"; ++ return false; ++ } ++ if (!SignHashedData(privKey, hash, sig)) { ++ ADD_FAILURE() << "Failed to sign hashed data"; ++ return false; ++ } ++ ++ return true; ++ } else { ++ std::cerr << "PR_GetEnvSecure(\"NSS_OLD_SOFTOKEN\") return null!!!\n"; ++ } ++ + // test the hash and verify interface */ + PK11Context* context = PK11_CreateContextByPrivKey( + combo_, CKA_SIGN, privKey.get(), parameters()); +@@ -160,6 +180,17 @@ void Pk11SignatureTest::Verify(const Pkc + EXPECT_EQ(rv, valid ? SECSuccess : SECFailure); + } + ++ /* old softokens don't understand all the new combo mechanism. */ ++ /* skip it */ ++ char *env=PR_GetEnvSecure("NSS_OLD_SOFTOKEN"); ++ if (env != NULL) { ++ std::cerr << "Skipping combo mechanism 0x" << std::hex << combo_ ++ << ", no token support.\n"; ++ return; ++ } else { ++ std::cerr << "PR_GetEnvSecure(\"NSS_OLD_SOFTOKEN\") return null!!!\n"; ++ } ++ + // test the hash and verify interface */ + PK11Context* context = PK11_CreateContextByPubKey( + combo_, CKA_VERIFY, pubKey.get(), parameters(), NULL); diff --git a/SOURCES/nss-3.66-no-small-primes.patch b/SOURCES/nss-3.66-no-small-primes.patch new file mode 100644 index 0000000..31be316 --- /dev/null +++ b/SOURCES/nss-3.66-no-small-primes.patch @@ -0,0 +1,86 @@ +diff -up ./gtests/softoken_gtest/softoken_dh_vectors.h.orig ./gtests/softoken_gtest/softoken_dh_vectors.h +--- ./gtests/softoken_gtest/softoken_dh_vectors.h.orig 2021-06-02 16:57:50.557008790 -0700 ++++ ./gtests/softoken_gtest/softoken_dh_vectors.h 2021-06-02 16:59:52.781735096 -0700 +@@ -2872,7 +2872,7 @@ static const DhTestVector DH_TEST_VECTOR + {siBuffer, (unsigned char *)g2, sizeof(g2)}, + {siBuffer, NULL, 0}, + {siBuffer, NULL, 0}, +- IKE_APPROVED, ++ SAFE_PRIME, + CLASS_1536}, + {"IKE 2048", + {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, +@@ -2952,7 +2952,7 @@ static const DhTestVector DH_TEST_VECTOR + {siBuffer, (unsigned char *)sub2_prime_ike_1536, + sizeof(sub2_prime_ike_1536)}, + {siBuffer, NULL, 0}, +- IKE_APPROVED, ++ SAFE_PRIME, + CLASS_1536}, + {"IKE 2048 with subprime", + {siBuffer, (unsigned char *)prime_ike_2048, sizeof(prime_ike_2048)}, +diff -up ./lib/softoken/pkcs11c.c.orig ./lib/softoken/pkcs11c.c +--- ./lib/softoken/pkcs11c.c.orig 2021-05-28 02:50:43.000000000 -0700 ++++ ./lib/softoken/pkcs11c.c 2021-06-02 16:52:01.196932757 -0700 +@@ -5193,7 +5193,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION + /* subprime not supplied, In this case look it up. + * This only works with approved primes, but in FIPS mode + * that's the only kine of prime that will get here */ +- subPrimePtr = sftk_VerifyDH_Prime(&prime); ++ subPrimePtr = sftk_VerifyDH_Prime(&prime,isFIPS); + if (subPrimePtr == NULL) { + crv = CKR_GENERAL_ERROR; + goto done; +@@ -8351,7 +8351,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + + /* if the prime is an approved prime, we can skip all the other + * checks. */ +- subPrime = sftk_VerifyDH_Prime(&dhPrime); ++ subPrime = sftk_VerifyDH_Prime(&dhPrime,isFIPS); + if (subPrime == NULL) { + SECItem dhSubPrime; + /* If the caller set the subprime value, it means that +diff -up ./lib/softoken/pkcs11i.h.orig ./lib/softoken/pkcs11i.h +--- ./lib/softoken/pkcs11i.h.orig 2021-06-02 16:52:01.196932757 -0700 ++++ ./lib/softoken/pkcs11i.h 2021-06-02 16:52:54.281248207 -0700 +@@ -946,7 +946,7 @@ char **NSC_ModuleDBFunc(unsigned long fu + /* dh verify functions */ + /* verify that dhPrime matches one of our known primes, and if so return + * it's subprime value */ +-const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime); ++const SECItem *sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS); + /* check if dhSubPrime claims dhPrime is a safe prime. */ + SECStatus sftk_IsSafePrime(SECItem *dhPrime, SECItem *dhSubPrime, PRBool *isSafe); + /* map an operation Attribute to a Mechanism flag */ +diff -up ./lib/softoken/pkcs11u.c.orig ./lib/softoken/pkcs11u.c +--- ./lib/softoken/pkcs11u.c.orig 2021-06-02 16:54:23.387777705 -0700 ++++ ./lib/softoken/pkcs11u.c 2021-06-02 16:54:51.012941866 -0700 +@@ -2312,7 +2312,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME + if (crv != CKR_OK) { + return PR_FALSE; + } +- dhSubPrime = sftk_VerifyDH_Prime(&dhPrime); ++ dhSubPrime = sftk_VerifyDH_Prime(&dhPrime, PR_TRUE); + SECITEM_ZfreeItem(&dhPrime, PR_FALSE); + return (dhSubPrime) ? PR_TRUE : PR_FALSE; + } +diff -up ./lib/softoken/sftkdhverify.c.orig ./lib/softoken/sftkdhverify.c +--- ./lib/softoken/sftkdhverify.c.orig 2021-05-28 02:50:43.000000000 -0700 ++++ ./lib/softoken/sftkdhverify.c 2021-06-02 16:52:01.196932757 -0700 +@@ -1171,11 +1171,15 @@ static const SECItem subprime_tls_8192 = + * verify that dhPrime matches one of our known primes + */ + const SECItem * +-sftk_VerifyDH_Prime(SECItem *dhPrime) ++sftk_VerifyDH_Prime(SECItem *dhPrime, PRBool isFIPS) + { + /* use the length to decide which primes to check */ + switch (dhPrime->len) { + case 1536 / PR_BITS_PER_BYTE: ++ /* don't accept 1536 bit primes in FIPS mode */ ++ if (isFIPS) { ++ break; ++ } + if (PORT_Memcmp(dhPrime->data, prime_ike_1536, + sizeof(prime_ike_1536)) == 0) { + return &subprime_ike_1536; diff --git a/SOURCES/nss-3.66-restore-old-pkcs12-default.patch b/SOURCES/nss-3.66-restore-old-pkcs12-default.patch new file mode 100644 index 0000000..54f020c --- /dev/null +++ b/SOURCES/nss-3.66-restore-old-pkcs12-default.patch @@ -0,0 +1,44 @@ +diff -up ./cmd/pk12util/pk12util.c.orig ./cmd/pk12util/pk12util.c +--- ./cmd/pk12util/pk12util.c.orig 2021-05-28 02:50:43.000000000 -0700 ++++ ./cmd/pk12util/pk12util.c 2021-06-15 17:05:37.200262345 -0700 +@@ -1031,9 +1031,11 @@ main(int argc, char **argv) + char *export_file = NULL; + char *dbprefix = ""; + SECStatus rv; +- SECOidTag cipher = SEC_OID_AES_256_CBC; +- SECOidTag hash = SEC_OID_SHA256; +- SECOidTag certCipher = SEC_OID_AES_128_CBC; ++ SECOidTag cipher = ++ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC; ++ SECOidTag hash = SEC_OID_SHA1; ++ SECOidTag certCipher = ++ SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC; + int keyLen = 0; + int certKeyLen = 0; + secuCommand pk12util; +@@ -1147,6 +1149,9 @@ main(int argc, char **argv) + } + } + ++ if (PK11_IsFIPS()) { ++ certCipher = SEC_OID_UNKNOWN; ++ } + if (pk12util.options[opt_CertCipher].activated) { + char *cipherString = pk12util.options[opt_CertCipher].arg; + +diff -up ./tests/tools/tools.sh.orig ./tests/tools/tools.sh +--- ./tests/tools/tools.sh.orig 2021-06-15 17:06:27.650564449 -0700 ++++ ./tests/tools/tools.sh 2021-06-15 17:07:59.934117192 -0700 +@@ -47,9 +47,9 @@ + "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC" + + # if we change the defaults in pk12util, update these variables +- export CERT_ENCRYPTION_DEFAULT="AES-128-CBC" +- export KEY_ENCRYPTION_DEFAULT="AES-256-CBC" +- export HASH_DEFAULT="SHA-256" ++ export CERT_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1And40BitRc2Cbc} ++ export KEY_ENCRYPTION_DEFAULT=${pkcs12v2pbeWithSha1AndTripleDESCBC} ++ export HASH_DEFAULT="SHA-1" + + export PKCS5v1_PBE_CIPHERS="${pkcs5pbeWithMD2AndDEScbc},\ + ${pkcs5pbeWithMD5AndDEScbc},\ diff --git a/SOURCES/nss-3.67-fix-pkcs12-policy.patch b/SOURCES/nss-3.67-fix-pkcs12-policy.patch new file mode 100644 index 0000000..26912a5 --- /dev/null +++ b/SOURCES/nss-3.67-fix-pkcs12-policy.patch @@ -0,0 +1,22 @@ +diff -up ./lib/pkcs12/p12plcy.c.policy_enable_fix ./lib/pkcs12/p12plcy.c +--- ./lib/pkcs12/p12plcy.c.policy_enable_fix 2021-09-21 15:58:46.013861285 -0700 ++++ ./lib/pkcs12/p12plcy.c 2021-09-21 15:59:06.440987853 -0700 +@@ -85,17 +85,12 @@ SECStatus + SEC_PKCS12EnableCipher(long which, int on) + { + int i; +- SECStatus rv; + PRUint32 set = on ? NSS_USE_ALG_IN_PKCS12 : 0; + PRUint32 clear = on ? 0 : NSS_USE_ALG_IN_PKCS12; + + for (i = 0; pkcs12SuiteMaps[i].suite != 0L; i++) { + if (pkcs12SuiteMaps[i].suite == (unsigned long)which) { +- rv = NSS_SetAlgorithmPolicy(pkcs12SuiteMaps[i].algTag, set, clear); +- /* could fail if the policy has been locked */ +- if (rv != SECSuccess) { +- return rv; +- } ++ return NSS_SetAlgorithmPolicy(pkcs12SuiteMaps[i].algTag, set, clear); + } + } + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); diff --git a/SOURCES/nss-3.67-fix-sdb-timeout.patch b/SOURCES/nss-3.67-fix-sdb-timeout.patch new file mode 100644 index 0000000..120cb5b --- /dev/null +++ b/SOURCES/nss-3.67-fix-sdb-timeout.patch @@ -0,0 +1,63 @@ +diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c +--- a/lib/softoken/sdb.c ++++ b/lib/softoken/sdb.c +@@ -1519,16 +1519,18 @@ sdb_Begin(SDB *sdb) + + sqlerr = sqlite3_prepare_v2(sqlDB, BEGIN_CMD, -1, &stmt, NULL); + + do { + sqlerr = sqlite3_step(stmt); + if (sqlerr == SQLITE_BUSY) { + PR_Sleep(SDB_BUSY_RETRY_TIME); + } ++ /* don't retry BEGIN transaction*/ ++ retry = 0; + } while (!sdb_done(sqlerr, &retry)); + + if (stmt) { + sqlite3_reset(stmt); + sqlite3_finalize(stmt); + } + + loser: +diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c +--- a/lib/softoken/sftkdb.c ++++ b/lib/softoken/sftkdb.c +@@ -1521,17 +1521,17 @@ sftkdb_DestroyObject(SFTKDBHandle *handl + if (handle == NULL) { + return CKR_TOKEN_WRITE_PROTECTED; + } + db = SFTK_GET_SDB(handle); + objectID &= SFTK_OBJ_ID_MASK; + + crv = (*db->sdb_Begin)(db); + if (crv != CKR_OK) { +- goto loser; ++ return crv; + } + crv = (*db->sdb_DestroyObject)(db, objectID); + if (crv != CKR_OK) { + goto loser; + } + /* if the database supports meta data, delete any old signatures + * that we may have added */ + if ((db->sdb_flags & SDB_HAS_META) == SDB_HAS_META) { +@@ -2456,17 +2456,17 @@ sftkdb_Update(SFTKDBHandle *handle, SECI + return CKR_OK; + } + /* + * put the whole update under a transaction. This allows us to handle + * any possible race conditions between with the updateID check. + */ + crv = (*handle->db->sdb_Begin)(handle->db); + if (crv != CKR_OK) { +- goto loser; ++ return crv; + } + inTransaction = PR_TRUE; + + /* some one else has already updated this db */ + if (sftkdb_hasUpdate(sftkdb_TypeString(handle), + handle->db, handle->updateID)) { + crv = CKR_OK; + goto done; diff --git a/SOURCES/nss-3.67-fix-ssl-alerts.patch b/SOURCES/nss-3.67-fix-ssl-alerts.patch new file mode 100644 index 0000000..10cdaf5 --- /dev/null +++ b/SOURCES/nss-3.67-fix-ssl-alerts.patch @@ -0,0 +1,122 @@ +diff -up ./lib/ssl/ssl3con.c.alert-fix ./lib/ssl/ssl3con.c +--- ./lib/ssl/ssl3con.c.alert-fix 2021-06-10 05:33:12.000000000 -0700 ++++ ./lib/ssl/ssl3con.c 2021-07-06 17:08:25.894018521 -0700 +@@ -4319,7 +4319,11 @@ ssl_SignatureSchemeValid(SSLSignatureSch + if (!ssl_IsSupportedSignatureScheme(scheme)) { + return PR_FALSE; + } +- if (!ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { ++ /* if we are purposefully passed SEC_OID_UNKOWN, it means ++ * we not checking the scheme against a potential key, so skip ++ * the call */ ++ if ((spkiOid != SEC_OID_UNKNOWN) && ++ !ssl_SignatureSchemeMatchesSpkiOid(scheme, spkiOid)) { + return PR_FALSE; + } + if (isTls13) { +@@ -4517,7 +4521,8 @@ ssl_CheckSignatureSchemeConsistency(sslS + } + + /* Verify that the signature scheme matches the signing key. */ +- if (!ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { ++ if ((spkiOid == SEC_OID_UNKNOWN) || ++ !ssl_SignatureSchemeValid(scheme, spkiOid, isTLS13)) { + PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + return SECFailure; + } +@@ -4533,6 +4538,7 @@ ssl_CheckSignatureSchemeConsistency(sslS + PRBool + ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme) + { ++ PRBool isSupported = PR_FALSE; + switch (scheme) { + case ssl_sig_rsa_pkcs1_sha1: + case ssl_sig_rsa_pkcs1_sha256: +@@ -4552,7 +4558,8 @@ ssl_IsSupportedSignatureScheme(SSLSignat + case ssl_sig_dsa_sha384: + case ssl_sig_dsa_sha512: + case ssl_sig_ecdsa_sha1: +- return PR_TRUE; ++ isSupported = PR_TRUE; ++ break; + + case ssl_sig_rsa_pkcs1_sha1md5: + case ssl_sig_none: +@@ -4560,7 +4567,19 @@ ssl_IsSupportedSignatureScheme(SSLSignat + case ssl_sig_ed448: + return PR_FALSE; + } +- return PR_FALSE; ++ if (isSupported) { ++ SECOidTag hashOID = ssl3_HashTypeToOID(ssl_SignatureSchemeToHashType(scheme)); ++ PRUint32 policy; ++ const PRUint32 sigSchemePolicy= ++ NSS_USE_ALG_IN_SSL_KX|NSS_USE_ALG_IN_SIGNATURE; ++ /* check hash policy */ ++ if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) && ++ ((policy & sigSchemePolicy) != sigSchemePolicy)) { ++ return PR_FALSE; ++ } ++ /* check algorithm policy */ ++ } ++ return isSupported; + } + + PRBool +@@ -6533,6 +6552,9 @@ ssl_PickSignatureScheme(sslSocket *ss, + } + + spkiOid = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm); ++ if (spkiOid == SEC_OID_UNKNOWN) { ++ goto loser; ++ } + + /* Now we have to search based on the key type. Go through our preferred + * schemes in order and find the first that can be used. */ +@@ -6547,6 +6569,7 @@ ssl_PickSignatureScheme(sslSocket *ss, + } + } + ++loser: + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } +@@ -7700,7 +7723,8 @@ ssl_ParseSignatureSchemes(const sslSocke + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } +- if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) { ++ if (ssl_SignatureSchemeValid((SSLSignatureScheme)tmp, SEC_OID_UNKNOWN, ++ (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3)) {; + schemes[numSupported++] = (SSLSignatureScheme)tmp; + } + } +@@ -10286,7 +10310,12 @@ ssl3_HandleCertificateVerify(sslSocket * + PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_record); + rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme); + if (rv != SECSuccess) { +- goto loser; /* malformed or unsupported. */ ++ errCode = PORT_GetError(); ++ /* unsupported == illegal_parameter, others == handshake_failure. */ ++ if (errCode == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) { ++ desc = illegal_parameter; ++ } ++ goto alert_loser; + } + rv = ssl_CheckSignatureSchemeConsistency( + ss, sigScheme, &ss->sec.peerCert->subjectPublicKeyInfo); +diff -up ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix ./gtests/ssl_gtest/ssl_extension_unittest.cc +--- ./gtests/ssl_gtest/ssl_extension_unittest.cc.alert-fix 2021-07-07 11:32:11.634376932 -0700 ++++ ./gtests/ssl_gtest/ssl_extension_unittest.cc 2021-07-07 11:33:30.595841110 -0700 +@@ -428,7 +428,10 @@ TEST_P(TlsExtensionTest12Plus, Signature + } + + TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) { +- const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00}; // sha-256, rsa ++ // make sure the test uses an algorithm that is legal for ++ // tls 1.3 (or tls 1.3 will through and illegalParameter ++ // instead of a decode error) ++ const uint8_t val[] = {0x00, 0x02, 0x08, 0x09, 0x00}; // sha-256, rsa-pss-pss + DataBuffer extension(val, sizeof(val)); + ClientHelloErrorTest(std::make_shared( + client_, ssl_signature_algorithms_xtn, extension)); diff --git a/SOURCES/nss-3.67-revert-sql-manage-change.patch b/SOURCES/nss-3.67-revert-sql-manage-change.patch new file mode 100644 index 0000000..40abcc6 --- /dev/null +++ b/SOURCES/nss-3.67-revert-sql-manage-change.patch @@ -0,0 +1,2917 @@ +# HG changeset patch +# User Robert Relyea +# Date 1621548343 25200 +# Thu May 20 15:05:43 2021 -0700 +# Node ID da25615e92c86aa6bd376fd86bf110d15999eb3c +# Parent 2300e178c90fe6d3e170cf7d96556fce6d6b48e7 +Bug 1712184 NSS tools manpages need to be updated to reflect that sqlite is the default database. + +This patch does 2 things: + +1) update certutil.xml pk12util.xml modutil.xml and signver.xml to reflect the fact +the the sql database is default. Many of these also has examples of specifying +sql:dirname which is now the default. I did not replace them with dbm:dirname since +we don't want to encourage regressing back. The one exception is in the paragraph +explaining how to get to the old database format. + +2) I ran make in the diretory to update the .1 and .html files generated from the .xml +files. There are a number of old updates to the .xml files which haven't been picked +up in their corresponding html or man page files. This updates are included in this +patch. + +It is really only necessary to review the changes to the .xml files, the rest were +reviewed when their patches were applied. + +bob + +Differential Revision: https://phabricator.services.mozilla.com/D115658 + +diff --git a/doc/certutil.xml b/doc/certutil.xml +--- a/doc/certutil.xml ++++ b/doc/certutil.xml +@@ -203,17 +203,17 @@ If this option is not used, the validity + + Specify the database directory containing the certificate and key database files. + certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). + NSS recognizes the following prefixes: + + sql: requests the newer database + dbm: requests the legacy database + +- If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default. ++ If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then sql: is the default. + + + + + --dump-ext-val OID + For single cert, print binary DER encoding of extension OID. + + +@@ -843,23 +843,23 @@ Comma separated list of one or more of t + + secmod.db or pkcs11.txt + + + + + These databases must be created before certificates or keys can be generated. + +-certutil -N -d [sql:]directory ++certutil -N -d directory + + Creating a Certificate Request + + A certificate request contains most or all of the information that is used to generate the final certificate. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review). Once the request is approved, then the certificate is generated. + +-$ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d [sql:]directory [-p phone] [-o output-file] [-a] ++$ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d directory [-p phone] [-o output-file] [-a] + + The command options requires four arguments: + + + + + to specify either the key type to generate or, when renewing a certificate, the existing key pair to use + +@@ -881,27 +881,27 @@ Comma separated list of one or more of t + + + + The new certificate request can be output in ASCII format () or can be written to a specified file (). + + + For example: + +-$ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d sql:$HOME/nssdb -p 650-555-0123 -a -o cert.cer ++$ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d $HOME/nssdb -p 650-555-0123 -a -o cert.cer + + Generating key. This may take a few moments... + + + + Creating a Certificate + + A valid certificate must be issued by a trusted CA. This can be done by specifying a CA certificate () that is stored in the certificate database. If a CA key pair is not available, you can create a self-signed certificate using the argument with the command option. + +-$ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID] ++$ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID] + + The series of numbers and options set certificate extensions that can be added to the certificate when it is generated by the CA. Interactive prompts will result. + + + For example, this creates a self-signed certificate: + + $ certutil -S -s "CN=Example CA" -n my-ca-cert -x -t "C,C,C" -1 -2 -5 -m 3650 + +@@ -911,55 +911,55 @@ The interative prompts for key usage and + From there, new certificates can reference the self-signed certificate: + + $ certutil -S -s "CN=My Server Cert" -n my-server-cert -c "my-ca-cert" -t ",," -1 -5 -6 -8 -m 730 + + Generating a Certificate from a Certificate Request + + When a certificate request is created, a certificate can be generated by using the request and then referencing a certificate authority signing certificate (the issuer specified in the argument). The issuing certificate must be in the certificate database in the specified directory. + +-certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d [sql:]directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] ++certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] + + For example: + +-$ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d sql:$HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com ++$ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d $HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com + + Listing Certificates + + The command option lists all of the certificates listed in the certificate database. The path to the directory () is required. + +-$ certutil -L -d sql:/home/my/sharednssdb ++$ certutil -L -d /home/my/sharednssdb + + Certificate Nickname Trust Attributes + SSL,S/MIME,JAR/XPI + + CA Administrator of Instance pki-ca1's Example Domain ID u,u,u + TPS Administrator's Example Domain ID u,u,u + Google Internet Authority ,, + Certificate Authority - Example Domain CT,C,C + + Using additional arguments with can return and print the information for a single, specific certificate. For example, the argument passes the certificate name, while the argument prints the certificate in ASCII format: + + +-$ certutil -L -d sql:$HOME/nssdb -a -n my-ca-cert ++$ certutil -L -d $HOME/nssdb -a -n my-ca-cert + -----BEGIN CERTIFICATE----- + MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh + bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV + BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz + JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x + XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk + 0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB + AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B + AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09 + XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF + ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg== + -----END CERTIFICATE----- + + For a human-readable display +-$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert ++$ certutil -L -d $HOME/nssdb -n my-ca-cert + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3650 (0xe42) + Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption + Issuer: "CN=Example CA" + Validity: + Not Before: Wed Mar 13 19:10:29 2013 +@@ -1022,17 +1022,17 @@ Certificate: + + Listing Keys + + Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the key database. + + + To list all keys in the database, use the command option and the (required) argument to give the path to the directory. + +-$ certutil -K -d sql:$HOME/nssdb ++$ certutil -K -d $HOME/nssdb + certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services " + < 0> rsa 455a6673bde9375c2887ec8bf8016b3f9f35861d Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + < 1> rsa 40defeeb522ade11090eacebaaf1196a172127df Example Domain Administrator Cert + < 2> rsa 1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5 John Smith user cert + + There are ways to narrow the keys listed in the search results: + + +@@ -1052,111 +1052,111 @@ certutil: Checking token "NSS Certificat + + + + + Listing Security Modules + + The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The command option lists all of the security modules listed in the secmod.db database. The path to the directory () is required. + +-$ certutil -U -d sql:/home/my/sharednssdb ++$ certutil -U -d /home/my/sharednssdb + + slot: NSS User Private Key and Certificate Services + token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 + + slot: NSS Internal Cryptographic Services + token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 + + Adding Certificates to the Database + + Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the command option. + +-certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file] ++certutil -A -n certname -t trustargs -d directory [-a] [-i input-file] + + For example: + +-$ certutil -A -n "CN=My SSL Certificate" -t ",," -d sql:/home/my/sharednssdb -i /home/example-certs/cert.cer ++$ certutil -A -n "CN=My SSL Certificate" -t ",," -d /home/my/sharednssdb -i /home/example-certs/cert.cer + + A related command option, , is used specifically to add email certificates to the certificate database. The command has the same arguments as the command. The trust arguments for certificates have the format SSL,S/MIME,Code-signing, so the middle trust settings relate most to email certificates (though the others can be set). For example: + +-$ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d sql:/home/my/sharednssdb -i /home/example-certs/email.cer ++$ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d /home/my/sharednssdb -i /home/example-certs/email.cer + + Deleting Certificates to the Database + + Certificates can be deleted from a database using the option. The only required options are to give the security database directory and to identify the certificate nickname. + +-certutil -D -d [sql:]directory -n "nickname" ++certutil -D -d directory -n "nickname" + + For example: + +-$ certutil -D -d sql:/home/my/sharednssdb -n "my-ssl-cert" ++$ certutil -D -d /home/my/sharednssdb -n "my-ssl-cert" + + Validating Certificates + + A certificate contains an expiration date in itself, and expired certificates are easily rejected. However, certificates can also be revoked before they hit their expiration date. Checking whether a certificate has been revoked requires validating the certificate. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for. Validation is carried out by the command option. + +-certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d [sql:]directory ++certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d directory + + For example, to validate an email certificate: + +-$ certutil -V -n "John Smith's Email Cert" -e -u S,R -d sql:/home/my/sharednssdb ++$ certutil -V -n "John Smith's Email Cert" -e -u S,R -d /home/my/sharednssdb + + Modifying Certificate Trust Settings + + The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database. This is especially useful for CA certificates, but it can be performed for any type of certificate. + +-certutil -M -n certificate-name -t trust-args -d [sql:]directory ++certutil -M -n certificate-name -t trust-args -d directory + + For example: + +-$ certutil -M -n "My CA Certificate" -d sql:/home/my/sharednssdb -t "CT,CT,CT" ++$ certutil -M -n "My CA Certificate" -d /home/my/sharednssdb -t "CT,CT,CT" + + Printing the Certificate Chain + + Certificates can be issued in chains because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain: + +-$ certutil -d sql:/home/my/sharednssdb -O -n "jsmith@example.com" ++$ certutil -d /home/my/sharednssdb -O -n "jsmith@example.com" + "Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA] + + "Thawte Personal Freemail Issuing CA - Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA] + + "(null)" [E=jsmith@example.com,CN=Thawte Freemail Member] + + Resetting a Token + + The device which stores certificates -- both external hardware devices and internal software databases -- can be blanked and reused. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name () as well as any directory path. If there is no external token used, the default value is internal. + +-certutil -T -d [sql:]directory -h token-name -0 security-officer-password ++certutil -T -d directory -h token-name -0 security-officer-password + + Many networks have dedicated personnel who handle changes to security tokens (the security officer). This person must supply the password to access the specified token. For example: + +-$ certutil -T -d sql:/home/my/sharednssdb -h nethsm -0 secret ++$ certutil -T -d /home/my/sharednssdb -h nethsm -0 secret + + Upgrading or Merging the Security Databases + + Many networks or applications may be using older BerkeleyDB versions of the certificate database (cert8.db). Databases can be upgraded to the new SQLite version of the database (cert9.db) using the command option or existing databases can be merged with the new cert9.db databases using the command. + + + The command must give information about the original database and then use the standard arguments (like ) to give the information about the new databases. The command also requires information that the tool uses for the process to upgrade and write over the original database. + +-certutil --upgrade-merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file] ++certutil --upgrade-merge -d directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file] + + For example: + +-$ certutil --upgrade-merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal ++$ certutil --upgrade-merge -d /home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal + + The command only requires information about the location of the original database; since it doesn't change the format of the database, it can write over information without performing interim step. + +-certutil --merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file] ++certutil --merge -d directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file] + + For example: + +-$ certutil --merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- ++$ certutil --merge -d /home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- + + Running certutil Commands from a Batch File + + A series of commands can be run sequentially from a text file with the command option. The only argument for this specifies the input file. + + $ certutil -B -i /path/to/batch-file + + +@@ -1202,27 +1202,26 @@ BerkeleyDB. These new databases provide + + pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory + + + + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example: ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: + +-$ certutil -L -d sql:/home/my/sharednssdb ++$ certutil -L -d dbm:/home/my/sharednssdb + +-To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: +-export NSS_DEFAULT_DB_TYPE="sql" ++To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: ++export NSS_DEFAULT_DB_TYPE="dbm" + + This line can be set added to the ~/.bashrc file to make the change permanent. + +-Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + + + + https://wiki.mozilla.org/NSS_Shared_DB_Howto + + + For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki: + +diff --git a/doc/html/certutil.html b/doc/html/certutil.html +--- a/doc/html/certutil.html ++++ b/doc/html/certutil.html +@@ -1,21 +1,21 @@ +-CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

--rename

Change the database nickname of a certificate.

-E

Add an email certificate to the certificate database.

-F

Delete a private key and the associated certificate from a database. Specify the key to delete with the -n argument or the -k argument. Specify the database from which to delete the key with the + -d argument. +

+ Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair.

-G

Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.

-H

Display a list of the command options and arguments.

-K

List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).

-L

List all the certificates, or display information about a named certificate, in a certificate database. + Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.

-M

Modify a certificate's trust attributes using the values of the -t argument.

-N

Create new certificate and key databases.

-O

Print the certificate chain.

-R

Create a certificate request file that can be submitted to a Certificate Authority (CA) for processing into a finished certificate. Output defaults to standard out unless you use -o output-file argument. + + Use the -a argument to specify ASCII output.

-S

Create an individual certificate and add it to a certificate database.

-T

Reset the key database or token.

-U

List all available modules or print a single named module.

-V

Check the validity of a certificate and its attributes.

-W

Change the password to a key database.

--merge

Merge two databases into one.

--upgrade-merge

Upgrade an old database and merge it into a new database. This is used to migrate legacy NSS databases (cert8.db and key3.db) into the newer SQLite databases (cert9.db and key4.db).

Arguments

Arguments modify a command option and are usually lower case, numbers, or symbols.

-a

Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC 1113. +-For certificate requests, ASCII output defaults to standard output unless redirected.

-b validity-time

Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the -V option. The format of the validity-time argument is YYMMDDHHMMSS[+HHMM|-HHMM|Z], which allows offsets to be set relative to the validity end time. Specifying seconds (SS) is optional. When specifying an explicit time, use a Z at the end of the term, YYMMDDHHMMSSZ, to close it. When specifying an offset time, use YYMMDDHHMMSS+HHMM or YYMMDDHHMMSS-HHMM for adding or subtracting time, respectively. ++For certificate requests, ASCII output defaults to standard output unless redirected.

--simple-self-signed

When printing the certificate chain, don't search for a chain if issuer name equals to subject name.

-b validity-time

Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the -V option. The format of the validity-time argument is YYMMDDHHMMSS[+HHMM|-HHMM|Z], which allows offsets to be set relative to the validity end time. Specifying seconds (SS) is optional. When specifying an explicit time, use a Z at the end of the term, YYMMDDHHMMSSZ, to close it. When specifying an offset time, use YYMMDDHHMMSS+HHMM or YYMMDDHHMMSS-HHMM for adding or subtracting time, respectively. +

+ If this option is not used, the validity check defaults to the current system time.

-c issuer

Identify the certificate of the CA from which a new certificate will derive its authenticity. + Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string +- with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then dbm: is the default.

--dump-ext-val OID

For single cert, print binary DER encoding of extension OID.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...

++ with quotation marks if it contains spaces.

-d [prefix]directory

Specify the database directory containing the certificate and key database files.

certutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).

NSS recognizes the following prefixes:

  • sql: requests the newer database

  • dbm: requests the legacy database

If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then sql: is the default.

--dump-ext-val OID

For single cert, print binary DER encoding of extension OID.

-e

Check a certificate's signature during the process of validating a certificate.

--email email-address

Specify the email address of a certificate to list. Used with the -L command option.

--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...

+ Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files. +

  • OID (example): 1.2.3.4

  • critical-flag: critical or not-critical

  • filename: full path to a file containing an encoded extension

-f password-file

Specify a file that will automatically supply the password to include in a certificate + or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent + unauthorized access to this file.

-g keysize

Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.

-h tokenname

Specify the name of a token to use or act on. If not specified the default token is the internal database slot.

The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.

-i input_file

Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.

-k key-type-or-id

Specify the type or specific ID of a key.

+ The valid key type options are rsa, dsa, ec, or all. The default + value is rsa. Specifying the type of key can avoid mistakes caused by + duplicate nicknames. Giving a key type generates a new key pair; + giving the ID of an existing key reuses that key pair (which is +@@ -50,17 +50,17 @@ of the attribute codes: +

  • + C - Trusted CA (implies c) +

  • + T - trusted CA for client authentication (ssl server only) +

  • + The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: +

    -t "TC,C,T"

    + Use the -L option to see a list of the current certificates and trust attributes in a certificate database.

    +- Note that the output of the -L option may include "u" flag, which means that there is a private key associated with the certificate. It is a dynamic flag and you cannot set it with certutil.

    -u certusage

    Specify a usage context to apply when validating a certificate with the -V option.

    The contexts are the following:

    • C (as an SSL client)

    • V (as an SSL server)

    • L (as an SSL CA)

    • A (as Any CA)

    • Y (Verify CA)

    • S (as an email signer)

    • R (as an email recipient)

    • O (as an OCSP status responder)

    • J (as an object signer)

    -v valid-months

    Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months.

    -w offset-months

    Set an offset from the current system time, in months, ++ Note that the output of the -L option may include "u" flag, which means that there is a private key associated with the certificate. It is a dynamic flag and you cannot set it with certutil.

    -u certusage

    Specify a usage context to apply when validating a certificate with the -V option.

    The contexts are the following:

    • C (as an SSL client)

    • V (as an SSL server)

    • L (as an SSL CA)

    • A (as Any CA)

    • Y (Verify CA)

    • S (as an email signer)

    • R (as an email recipient)

    • O (as an OCSP status responder)

    • J (as an object signer)

    • I (as an IPSEC user)

    -v valid-months

    Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months.

    -w offset-months

    Set an offset from the current system time, in months, + for the beginning of a certificate's validity period. Use when creating + the certificate or adding it to a database. Express the offset in integers, + using a minus sign (-) to indicate a negative offset. If this argument is + not used, the validity period begins at the current system time. The length + of the validity period is set with the -v argument.

    -X

    Force the key and certificate database to open in read-write mode. This is used with the -U and -L command options.

    -x

    Use certutil to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.

    -y exp

    Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.

    --pss

    Restrict the generated certificate (with the -S option) or certificate request (with the -R option) to be used with the RSA-PSS signature scheme. This only works when the private key of the certificate or certificate request is RSA.

    --pss-sign

    Sign the generated certificate with the RSA-PSS signature scheme (with the -C or -S option). This only works when the private key of the signer's certificate is RSA. If the signer's certificate is restricted to RSA-PSS, it is not necessary to specify this option.

    -z noise-file

    Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.

    -Z hashAlg

    Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:

    • MD2

    • MD4

    • MD5

    • SHA1

    • SHA224

    • SHA256

    • SHA384

    • SHA512

    -0 SSO_password

    Set a site security officer password on a token.

    -1 | --keyUsage keyword,keyword

    Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:

    • + digitalSignature +

    • + nonRepudiation +@@ -105,16 +105,30 @@ of the attribute codes: +

    • + ocspResponder +

    • + stepUp +

    • + msTrustListSign +

    • + critical ++

    • ++ x509Any ++

    • ++ ipsecIKE ++

    • ++ ipsecIKEEnd ++

    • ++ ipsecIKEIntermediate ++

    • ++ ipsecEnd ++

    • ++ ipsecTunnel ++

    • ++ ipsecUser +

    X.509 certificate extensions are described in RFC 5280.

    -7 emailAddrs

    Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

    -8 dns-names

    Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.

    --extAIA

    Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extSIA

    Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extCP

    Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extPM

    Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extPC

    Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extIA

    Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extSKID

    Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extNC

    Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.

    --extSAN type:name[,type:name]...

    + Create a Subject Alt Name extension with one or multiple names. +

    + -type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr +

    --empty-password

    Use empty password when creating new certificate database with -N.

    --keyAttrFlags attrflags

    + PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}

    --keyOpFlagsOn opflags, --keyOpFlagsOff opflags

    + PKCS #11 key Operation Flags. + Comma separated list of one or more of the following: +@@ -126,77 +140,77 @@ Comma separated list of one or more of t +

    • + cert8.db or cert9.db +

    • + key3.db or key4.db +

    • + secmod.db or pkcs11.txt +

    + These databases must be created before certificates or keys can be generated. +-

    certutil -N -d [sql:]directory

    Creating a Certificate Request

    ++

    certutil -N -d directory

    Creating a Certificate Request

    + A certificate request contains most or all of the information that is used to generate the final certificate. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review). Once the request is approved, then the certificate is generated. +-

    $ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d [sql:]directory [-p phone] [-o output-file] [-a]

    ++

    $ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d directory [-p phone] [-o output-file] [-a]

    + The -R command options requires four arguments: +

    • + -k to specify either the key type to generate or, when renewing a certificate, the existing key pair to use +

    • + -g to set the keysize of the key to generate +

    • + -s to set the subject name of the certificate +

    • + -d to give the security database directory +

    + The new certificate request can be output in ASCII format (-a) or can be written to a specified file (-o). +

    + For example: +-

    $ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d sql:$HOME/nssdb -p 650-555-0123 -a -o cert.cer
    ++	

    $ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d $HOME/nssdb -p 650-555-0123 -a -o cert.cer
    + 
    + Generating key.  This may take a few moments...
    + 
    + 

    Creating a Certificate

    + A valid certificate must be issued by a trusted CA. This can be done by specifying a CA certificate (-c) that is stored in the certificate database. If a CA key pair is not available, you can create a self-signed certificate using the -x argument with the -S command option. +-

    $ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID]

    ++

    $ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID]

    + The series of numbers and --ext* options set certificate extensions that can be added to the certificate when it is generated by the CA. Interactive prompts will result. +

    + For example, this creates a self-signed certificate: +

    $ certutil -S -s "CN=Example CA" -n my-ca-cert -x -t "C,C,C" -1 -2 -5 -m 3650

    + The interative prompts for key usage and whether any extensions are critical and responses have been ommitted for brevity. +

    + From there, new certificates can reference the self-signed certificate: +

    $ certutil -S -s "CN=My Server Cert" -n my-server-cert -c "my-ca-cert" -t ",," -1 -5 -6 -8 -m 730

    Generating a Certificate from a Certificate Request

    + When a certificate request is created, a certificate can be generated by using the request and then referencing a certificate authority signing certificate (the issuer specified in the -c argument). The issuing certificate must be in the certificate database in the specified directory. +-

    certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d [sql:]directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names]

    ++

    certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names]

    + For example: +-

    $ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d sql:$HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com

    Listing Certificates

    ++

    $ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d $HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com

    Listing Certificates

    + The -L command option lists all of the certificates listed in the certificate database. The path to the directory (-d) is required. +-

    $ certutil -L -d sql:/home/my/sharednssdb
    ++	

    $ certutil -L -d /home/my/sharednssdb
    + 
    + Certificate Nickname                                         Trust Attributes
    +                                                              SSL,S/MIME,JAR/XPI
    + 
    + CA Administrator of Instance pki-ca1's Example Domain ID     u,u,u
    + TPS Administrator's Example Domain ID                        u,u,u
    + Google Internet Authority                                    ,,   
    + Certificate Authority - Example Domain                       CT,C,C

    + Using additional arguments with -L can return and print the information for a single, specific certificate. For example, the -n argument passes the certificate name, while the -a argument prints the certificate in ASCII format: +

    +-$ certutil -L -d sql:$HOME/nssdb -a -n my-ca-cert
    ++$ certutil -L -d $HOME/nssdb -a -n my-ca-cert
    + -----BEGIN CERTIFICATE-----
    + MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh
    + bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV
    + BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz
    + JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x
    + XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
    + 0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
    + AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
    + AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
    + XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
    + ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
    + -----END CERTIFICATE-----
    +-

    For a human-readable display

    $ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
    ++

    For a human-readable display

    $ certutil -L -d $HOME/nssdb -n my-ca-cert
    + Certificate:
    +     Data:
    +         Version: 3 (0x2)
    +         Serial Number: 3650 (0xe42)
    +         Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    +         Issuer: "CN=Example CA"
    +         Validity:
    +             Not Before: Wed Mar 13 19:10:29 2013
    +@@ -254,78 +268,78 @@ Certificate:
    +             Valid CA
    +             Trusted CA
    +             User
    + 
    + 

    Listing Keys

    + Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the key database. +

    + To list all keys in the database, use the -K command option and the (required) -d argument to give the path to the directory. +-

    $ certutil -K -d sql:$HOME/nssdb
    ++	

    $ certutil -K -d $HOME/nssdb
    + certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services                  "
    + < 0> rsa      455a6673bde9375c2887ec8bf8016b3f9f35861d   Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
    + < 1> rsa      40defeeb522ade11090eacebaaf1196a172127df   Example Domain Administrator Cert
    + < 2> rsa      1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5   John Smith user cert

    + There are ways to narrow the keys listed in the search results: +

    • + To return a specific key, use the -n name argument with the name of the key. +

    • + If there are multiple security devices loaded, then the -h tokenname argument can search a specific token or all tokens. +

    • + If there are multiple key types available, then the -k key-type argument can search a specific type of key, like RSA, DSA, or ECC. +

    Listing Security Modules

    + The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The -U command option lists all of the security modules listed in the secmod.db database. The path to the directory (-d) is required. +-

    $ certutil -U -d sql:/home/my/sharednssdb
    ++	

    $ certutil -U -d /home/my/sharednssdb
    + 
    +     slot: NSS User Private Key and Certificate Services                  
    +    token: NSS Certificate DB
    +      uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
    + 
    +     slot: NSS Internal Cryptographic Services                            
    +    token: NSS Generic Crypto Services
    +      uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203

    Adding Certificates to the Database

    + Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the -A command option. +-

    certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file]

    ++

    certutil -A -n certname -t trustargs -d directory [-a] [-i input-file]

    + For example: +-

    $ certutil -A -n "CN=My SSL Certificate" -t ",," -d sql:/home/my/sharednssdb -i /home/example-certs/cert.cer

    ++

    $ certutil -A -n "CN=My SSL Certificate" -t ",," -d /home/my/sharednssdb -i /home/example-certs/cert.cer

    + A related command option, -E, is used specifically to add email certificates to the certificate database. The -E command has the same arguments as the -A command. The trust arguments for certificates have the format SSL,S/MIME,Code-signing, so the middle trust settings relate most to email certificates (though the others can be set). For example: +-

    $ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d sql:/home/my/sharednssdb -i /home/example-certs/email.cer

    Deleting Certificates to the Database

    ++

    $ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d /home/my/sharednssdb -i /home/example-certs/email.cer

    Deleting Certificates to the Database

    + Certificates can be deleted from a database using the -D option. The only required options are to give the security database directory and to identify the certificate nickname. +-

    certutil -D -d [sql:]directory -n "nickname"

    ++

    certutil -D -d directory -n "nickname"

    + For example: +-

    $ certutil -D -d sql:/home/my/sharednssdb -n "my-ssl-cert"

    Validating Certificates

    ++

    $ certutil -D -d /home/my/sharednssdb -n "my-ssl-cert"

    Validating Certificates

    + A certificate contains an expiration date in itself, and expired certificates are easily rejected. However, certificates can also be revoked before they hit their expiration date. Checking whether a certificate has been revoked requires validating the certificate. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for. Validation is carried out by the -V command option. +-

    certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d [sql:]directory

    ++

    certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d directory

    + For example, to validate an email certificate: +-

    $ certutil -V -n "John Smith's Email Cert" -e -u S,R -d sql:/home/my/sharednssdb

    Modifying Certificate Trust Settings

    ++

    $ certutil -V -n "John Smith's Email Cert" -e -u S,R -d /home/my/sharednssdb

    Modifying Certificate Trust Settings

    + The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database. This is especially useful for CA certificates, but it can be performed for any type of certificate. +-

    certutil -M -n certificate-name -t trust-args -d [sql:]directory

    ++

    certutil -M -n certificate-name -t trust-args -d directory

    + For example: +-

    $ certutil -M -n "My CA Certificate" -d sql:/home/my/sharednssdb -t "CT,CT,CT"

    Printing the Certificate Chain

    ++

    $ certutil -M -n "My CA Certificate" -d /home/my/sharednssdb -t "CT,CT,CT"

    Printing the Certificate Chain

    + Certificates can be issued in chains because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The -O prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain: +-

    $ certutil -d sql:/home/my/sharednssdb -O -n "jsmith@example.com"
    ++	

    $ certutil -d /home/my/sharednssdb -O -n "jsmith@example.com"
    + "Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA]
    + 
    +   "Thawte Personal Freemail Issuing CA - Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA]
    + 
    +     "(null)" [E=jsmith@example.com,CN=Thawte Freemail Member]

    Resetting a Token

    + The device which stores certificates -- both external hardware devices and internal software databases -- can be blanked and reused. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name (-h) as well as any directory path. If there is no external token used, the default value is internal. +-

    certutil -T -d [sql:]directory -h token-name -0 security-officer-password

    ++

    certutil -T -d directory -h token-name -0 security-officer-password

    + Many networks have dedicated personnel who handle changes to security tokens (the security officer). This person must supply the password to access the specified token. For example: +-

    $ certutil -T -d sql:/home/my/sharednssdb -h nethsm -0 secret

    Upgrading or Merging the Security Databases

    ++

    $ certutil -T -d /home/my/sharednssdb -h nethsm -0 secret

    Upgrading or Merging the Security Databases

    + Many networks or applications may be using older BerkeleyDB versions of the certificate database (cert8.db). Databases can be upgraded to the new SQLite version of the database (cert9.db) using the --upgrade-merge command option or existing databases can be merged with the new cert9.db databases using the ---merge command. +

    + The --upgrade-merge command must give information about the original database and then use the standard arguments (like -d) to give the information about the new databases. The command also requires information that the tool uses for the process to upgrade and write over the original database. +-

    certutil --upgrade-merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file]

    ++

    certutil --upgrade-merge -d directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file]

    + For example: +-

    $ certutil --upgrade-merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal

    ++

    $ certutil --upgrade-merge -d /home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal

    + The --merge command only requires information about the location of the original database; since it doesn't change the format of the database, it can write over information without performing interim step. +-

    certutil --merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file]

    ++

    certutil --merge -d directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file]

    + For example: +-

    $ certutil --merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp-

    Running certutil Commands from a Batch File

    ++

    $ certutil --merge -d /home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp-

    Running certutil Commands from a Batch File

    + A series of commands can be run sequentially from a text file with the -B command option. The only argument for this specifies the input file. +

    $ certutil -B -i /path/to/batch-file

    NSS Database Types

    NSS originally used BerkeleyDB databases to store security information. + The last versions of these legacy databases are:

    • + cert8.db for certificates +

    • + key3.db for keys +

    • + secmod.db for PKCS #11 module information +@@ -333,18 +347,18 @@ The last versions of these

      • + cert9.db for certificates +

      • + key4.db for keys +

      • + pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory +-

    Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

    By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

    $ certutil -L -d sql:/home/my/sharednssdb

    To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

    export NSS_DEFAULT_DB_TYPE="sql"

    This line can be set added to the ~/.bashrc file to make the change permanent.

    Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

    • ++

    Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

    By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example:

    $ certutil -L -d dbm:/home/my/sharednssdb

    To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm:

    export NSS_DEFAULT_DB_TYPE="dbm"

    This line can be set added to the ~/.bashrc file to make the change permanent.

    • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

    For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

    • + https://wiki.mozilla.org/NSS_Shared_DB +

    See Also

    pk12util (1)

    modutil (1)

    certutil has arguments or operations that use features defined in several IETF RFCs.

    • + http://tools.ietf.org/html/rfc5280 +

    • + http://tools.ietf.org/html/rfc1113 +

    • + http://tools.ietf.org/html/rfc1485 +diff --git a/doc/html/derdump.html b/doc/html/derdump.html +--- a/doc/html/derdump.html ++++ b/doc/html/derdump.html +@@ -1,7 +1,5 @@ +-DERDUMP

      Name

      derdump — Dumps C-sequence strings from a DER encoded certificate file

      Synopsis

      derdump [-r] [-i input-file] [-o output-file]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +-

      Description

      derdump dumps C-sequence strings from a DER encode certificate file

      Options

      -r
      For formatted items, dump raw bytes as well
      -i DER encoded file
      Define an input file to use (default is stdin)
      -o output file
      Define an output file to use (default is stdout).

      Additional Resources

      NSS is maintained in conjunction with PKI and security-related projects through Mozilla dn Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

      For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape and now with Red Hat.

      ++DERDUMP

      Name

      derdump — Dumps C-sequence strings from a DER encoded certificate file

      Synopsis

      derdump [-r] [-i input-file] [-o output-file]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++

      Description

      derdump dumps C-sequence strings from a DER encode certificate file

      Options

      -r
      For formatted items, dump raw bytes as well
      -i DER encoded file
      Define an input file to use (default is stdin)
      -o output file
      Define an output file to use (default is stdout).

      Additional Resources

      NSS is maintained in conjunction with PKI and security-related projects through Mozilla dn Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

      For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      + Authors: Gerhardus Geldenhuis <gerhardus.geldenhuis@gmail.com>. Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com> +-

      LICENSE

      Licensed under the Mozilla Public License, version 1.1, +- and/or the GNU General Public License, version 2 or later, +- and/or the GNU Lesser General Public License, version 2.1 or later. ++

      LICENSE

      Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. +

      +diff --git a/doc/html/modutil.html b/doc/html/modutil.html +--- a/doc/html/modutil.html ++++ b/doc/html/modutil.html +@@ -1,13 +1,13 @@ +-MODUTIL

      Name

      modutil — Manage PKCS #11 module information within the security module database.

      Synopsis

      modutil [options] [[arguments]]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++MODUTIL

      Name

      modutil — Manage PKCS #11 module information within the security module database.

      Synopsis

      modutil [options] [[arguments]]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

      Description

      The Security Module Database Tool, modutil, is a command-line utility for managing PKCS #11 module information both within secmod.db files and within hardware tokens. modutil can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

      The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.

      Options

      + Running modutil always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments. +-

      Options

      -add modulename

      Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

      -changepw tokenname

      Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

      -chkfips

      Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

      -create

      Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

      -default modulename

      Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

      -delete modulename

      Delete the named module. The default NSS PKCS #11 module cannot be deleted.

      -disable modulename

      Disable all slots on the named module. Use the -slot argument to disable a specific slot.

      The internal NSS PKCS #11 module cannot be disabled.

      -enable modulename

      Enable all slots on the named module. Use the -slot argument to enable a specific slot.

      -fips [true | false]

      Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

      -force

      Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

      -jar JAR-file

      Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

      -list [modulename]

      Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

      -rawadd

      Add the module spec string to the secmod.db database.

      -rawlist

      Display the module specs for a specified module or for all loadable modules.

      -undefault modulename

      Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

      Arguments

      MODULE

      Give the security module to access.

      MODULESPEC

      Give the security module spec to load into the security database.

      -ciphers cipher-enable-list

      Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

      -dbdir [sql:]directory

      Specify the database directory in which to access or create security module database files.

      modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

      --dbprefix prefix

      Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

      -installdir root-installation-directory

      Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

      -libfile library-file

      Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

      -mechanisms mechanism-list

      Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

      The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

      modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

      -newpwfile new-password-file

      Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

      -nocertdb

      Do not open the certificate or key databases. This has several effects:

      • With the -create command, only a module security file is created; certificate and key databases are not created.

      • With the -jar command, signatures on the JAR file are not checked.

      • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

      -pwfile old-password-file

      Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

      -secmod secmodname

      Give the name of the security module database (like secmod.db) to load.

      -slot slotname

      Specify a particular slot to be enabled or disabled with the -enable or -disable options.

      -string CONFIG_STRING

      Pass a configuration string for the module being added to the database.

      -tempdir temporary-directory

      Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

      Usage and Examples

      Creating Database Files

      Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

      modutil -create -dbdir [sql:]directory

      Adding a Cryptographic Module

      Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

      modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] 

      For example: +-

      modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
      ++	

      Options

      -add modulename

      Add the named PKCS #11 module to the database. Use this option with the -libfile, -ciphers, and -mechanisms arguments.

      -changepw tokenname

      Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. A password is equivalent to a personal identification number (PIN).

      -chkfips

      Verify whether the module is in the given FIPS mode. true means to verify that the module is in FIPS mode, while false means to verify that the module is not in FIPS mode.

      -create

      Create new certificate, key, and module databases. Use the -dbdir directory argument to specify a directory. If any of these databases already exist in a specified directory, modutil returns an error message.

      -default modulename

      Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the -mechanisms argument.

      -delete modulename

      Delete the named module. The default NSS PKCS #11 module cannot be deleted.

      -disable modulename

      Disable all slots on the named module. Use the -slot argument to disable a specific slot.

      The internal NSS PKCS #11 module cannot be disabled.

      -enable modulename

      Enable all slots on the named module. Use the -slot argument to enable a specific slot.

      -fips [true | false]

      Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.

      -force

      Disable modutil's interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.

      -jar JAR-file

      Add a new PKCS #11 module to the database using the named JAR file. Use this command with the -installdir and -tempdir arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with modutil.

      -list [modulename]

      Display basic information about the contents of the secmod.db file. Specifying a modulename displays detailed information about a particular module and its slots and tokens.

      -rawadd

      Add the module spec string to the secmod.db database.

      -rawlist

      Display the module specs for a specified module or for all loadable modules.

      -undefault modulename

      Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the -mechanisms argument.

      Arguments

      MODULE

      Give the security module to access.

      MODULESPEC

      Give the security module spec to load into the security database.

      -ciphers cipher-enable-list

      Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.

      -dbdir directory

      Specify the database directory in which to access or create security module database files.

      modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in SQLite format.

      --dbprefix prefix

      Specify the prefix used on the database files, such as my_ for my_cert9.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.

      -installdir root-installation-directory

      Specify the root installation directory relative to which files will be installed by the -jar option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.

      -libfile library-file

      Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.

      -mechanisms mechanism-list

      Specify the security mechanisms for which a particular module will be flagged as a default provider. The mechanism-list is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.

      The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.

      modutil supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).

      -newpwfile new-password-file

      Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the -changepw option.

      -nocertdb

      Do not open the certificate or key databases. This has several effects:

      • With the -create command, only a module security file is created; certificate and key databases are not created.

      • With the -jar command, signatures on the JAR file are not checked.

      • With the -changepw command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.

      -pwfile old-password-file

      Specify a text file containing a token's existing password so that a password can be entered automatically when the -changepw option is used to change passwords.

      -secmod secmodname

      Give the name of the security module database (like secmod.db) to load.

      -slot slotname

      Specify a particular slot to be enabled or disabled with the -enable or -disable options.

      -string CONFIG_STRING

      Pass a configuration string for the module being added to the database.

      -tempdir temporary-directory

      Give a directory location where temporary files are created during the installation by the -jar option. If no temporary directory is specified, the current directory is used.

      Usage and Examples

      Creating Database Files

      Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located.

      modutil -create -dbdir directory

      Adding a Cryptographic Module

      Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library:

      modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] 

      For example: ++

      modutil -dbdir /home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
      + 
      + Using database directory ... 
      + Module "Example PKCS #11 Module" added to database.

      +

      Installing a Cryptographic Module from a JAR File

      PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module. The JAR install script is described in more detail in the section called “JAR Installation File Format”.

      The JAR installation script defines the setup information for each platform that the module can be installed on. For example:

      Platforms { 
      +    Linux:5.4.08:x86 { 
      +       ModuleName { "Example PKCS #11 Module" } 
      +       ModuleFile { crypto.so } 
      +       DefaultMechanismFlags{0x0000} 
      +@@ -20,17 +20,17 @@ Module "Example PKCS #11 Module" added t
      +             Executable 
      +             Path{ /tmp/setup.sh } 
      +          } 
      +       } 
      +    } 
      +    Linux:6.0.0:x86 { 
      +       EquivalentPlatform { Linux:5.4.08:x86 } 
      +    } 
      +-} 

      Both the install script and the required libraries must be bundled in a JAR file, which is specified with the -jar argument.

      modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb
      ++} 

      Both the install script and the required libraries must be bundled in a JAR file, which is specified with the -jar argument.

      modutil -dbdir /home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir /home/my/sharednssdb
      + 
      + This installation JAR file was signed by: 
      + ---------------------------------------------- 
      + 
      + **SUBJECT NAME** 
      + 
      + C=US, ST=California, L=Mountain View, CN=Cryptorific Inc., OU=Digital ID
      + Class 3 - Netscape Object Signing, OU="www.verisign.com/repository/CPS
      +@@ -48,32 +48,32 @@ Successfully parsed installation script
      + Current platform is Linux:5.4.08:x86 
      + Using installation parameters for platform Linux:5.4.08:x86 
      + Installed file crypto.so to /tmp/crypto.so
      + Installed file setup.sh to ./pk11inst.dir/setup.sh 
      + Executing "./pk11inst.dir/setup.sh"... 
      + "./pk11inst.dir/setup.sh" executed successfully 
      + Installed module "Example PKCS #11 Module" into module database 
      + 
      +-Installation completed successfully 

      Adding Module Spec

      Each module has information stored in the security database about its configuration and parameters. These can be added or edited using the -rawadd command. For the current settings or to see the format of the module spec in the database, use the -rawlist option.

      modutil -rawadd modulespec

      Deleting a Module

      A specific PKCS #11 module can be deleted from the secmod.db database:

      modutil -delete modulename -dbdir [sql:]directory 

      Displaying Module Information

      The secmod.db database contains information about the PKCS #11 modules that are available to an application or server to use. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed.

      To simply get a list of modules in the database, use the -list command.

      modutil -list [modulename] -dbdir [sql:]directory 

      Listing the modules shows the module name, their status, and other associated security databases for certificates and keys. For example:

      modutil -list -dbdir sql:/home/my/sharednssdb 
      ++Installation completed successfully 

      Adding Module Spec

      Each module has information stored in the security database about its configuration and parameters. These can be added or edited using the -rawadd command. For the current settings or to see the format of the module spec in the database, use the -rawlist option.

      modutil -rawadd modulespec

      Deleting a Module

      A specific PKCS #11 module can be deleted from the secmod.db database:

      modutil -delete modulename -dbdir directory 

      Displaying Module Information

      The secmod.db database contains information about the PKCS #11 modules that are available to an application or server to use. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed.

      To simply get a list of modules in the database, use the -list command.

      modutil -list [modulename] -dbdir directory 

      Listing the modules shows the module name, their status, and other associated security databases for certificates and keys. For example:

      modutil -list -dbdir /home/my/sharednssdb 
      + 
      + Listing of PKCS #11 Modules
      + -----------------------------------------------------------
      +   1. NSS Internal PKCS #11 Module
      +          slots: 2 slots attached
      +         status: loaded
      + 
      +          slot: NSS Internal Cryptographic Services                            
      +         token: NSS Generic Crypto Services
      + 	  uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
      + 
      +          slot: NSS User Private Key and Certificate Services                  
      +         token: NSS Certificate DB
      + 	  uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
      +------------------------------------------------------------

      Passing a specific module name with the -list returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:

       modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
      ++-----------------------------------------------------------

      Passing a specific module name with the -list returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:

       modutil -list "NSS Internal PKCS #11 Module" -dbdir /home/my/sharednssdb
      + 
      + -----------------------------------------------------------
      + Name: NSS Internal PKCS #11 Module
      + Library file: **Internal ONLY module**
      + Manufacturer: Mozilla Foundation              
      + Description: NSS Internal Crypto Services    
      + PKCS #11 Version 2.20
      + Library Version: 3.11
      +@@ -107,28 +107,28 @@ Default Mechanism Flags: RSA:RC2:RC4:DES
      +   Token Name: NSS Certificate DB              
      +   Token Manufacturer: Mozilla Foundation              
      +   Token Model: NSS 3           
      +   Token Serial Number: 0000000000000000
      +   Token Version: 8.3
      +   Token Firmware Version: 0.0
      +   Access: NOT Write Protected
      +   Login Type: Login required
      +-  User Pin: Initialized

      A related command, -rawlist returns information about the database configuration for the modules. (This information can be edited by loading new specs using the -rawadd command.)

       modutil -rawlist -dbdir sql:/home/my/sharednssdb
      ++  User Pin: Initialized

      A related command, -rawlist returns information about the database configuration for the modules. (This information can be edited by loading new specs using the -rawadd command.)

       modutil -rawlist -dbdir /home/my/sharednssdb
      +  name="NSS Internal PKCS #11 Module" parameters="configdir=. certPrefix= keyPrefix= secmod=secmod.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] }  Flags=internal,critical"

      Setting a Default Provider for Security Mechanisms

      Multiple security modules may provide support for the same security mechanisms. It is possible to set a specific security module as the default provider for a specific security mechanism (or, conversely, to prohibit a provider from supplying those mechanisms).

      modutil -default modulename -mechanisms mechanism-list 

      To set a module as the default provider for mechanisms, use the -default command with a colon-separated list of mechanisms. The available mechanisms depend on the module; NSS supplies almost all common mechanisms. For example:

      modutil -default "NSS Internal PKCS #11 Module" -dbdir -mechanisms RSA:DSA:RC2 
      + 
      + Using database directory c:\databases...
      + 
      + Successfully changed defaults.

      Clearing the default provider has the same format:

      modutil -undefault "NSS Internal PKCS #11 Module" -dbdir -mechanisms MD2:MD5

      Enabling and Disabling Modules and Slots

      Modules, and specific slots on modules, can be selectively enabled or disabled using modutil. Both commands have the same format:

      modutil -enable|-disable modulename [-slot slotname] 

      For example:

      modutil -enable "NSS Internal PKCS #11 Module" -slot "NSS Internal Cryptographic Services                            " -dbdir .
      + 
      +-Slot "NSS Internal Cryptographic Services                            " enabled.

      Be sure that the appropriate amount of trailing whitespace is after the slot name. Some slot names have a significant amount of whitespace that must be included, or the operation will fail.

      Enabling and Verifying FIPS Compliance

      The NSS modules can have FIPS 140-2 compliance enabled or disabled using modutil with the -fips option. For example:

      modutil -fips true -dbdir sql:/home/my/sharednssdb/
      ++Slot "NSS Internal Cryptographic Services                            " enabled.

      Be sure that the appropriate amount of trailing whitespace is after the slot name. Some slot names have a significant amount of whitespace that must be included, or the operation will fail.

      Enabling and Verifying FIPS Compliance

      The NSS modules can have FIPS 140-2 compliance enabled or disabled using modutil with the -fips option. For example:

      modutil -fips true -dbdir /home/my/sharednssdb/
      + 
      +-FIPS mode enabled.

      To verify that status of FIPS mode, run the -chkfips command with either a true or false flag (it doesn't matter which). The tool returns the current FIPS setting.

      modutil -chkfips false -dbdir sql:/home/my/sharednssdb/
      ++FIPS mode enabled.

      To verify that status of FIPS mode, run the -chkfips command with either a true or false flag (it doesn't matter which). The tool returns the current FIPS setting.

      modutil -chkfips false -dbdir /home/my/sharednssdb/
      + 
      +-FIPS mode enabled.

      Changing the Password on a Token

      Initializing or changing a token's password:

      modutil -changepw tokenname [-pwfile old-password-file] [-newpwfile new-password-file] 
      modutil -dbdir sql:/home/my/sharednssdb -changepw "NSS Certificate DB" 
      ++FIPS mode enabled.

      Changing the Password on a Token

      Initializing or changing a token's password:

      modutil -changepw tokenname [-pwfile old-password-file] [-newpwfile new-password-file] 
      modutil -dbdir /home/my/sharednssdb -changepw "NSS Certificate DB" 
      + 
      + Enter old password: 
      + Incorrect password, try again... 
      + Enter old password: 
      + Enter new password: 
      + Re-enter new password: 
      + Token "Communicator Certificate DB" password changed successfully.

      JAR Installation File Format

      When a JAR file is run by a server, by modutil, or by any program that does not interpret JavaScript, a special information file must be included to install the libraries. There are several things to keep in mind with this file:

      • + It must be declared in the JAR archive's manifest file. +@@ -234,18 +234,18 @@ The last versions of these

        • + cert9.db for certificates +

        • + key4.db for keys +

        • + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory +-

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

      modutil -create -dbdir sql:/home/my/sharednssdb

      To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

      export NSS_DEFAULT_DB_TYPE="sql"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

      • ++

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example:

      modutil -create -dbdir dbm:/home/my/sharednssdb

      To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm:

      export NSS_DEFAULT_DB_TYPE="dbm"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

      For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

      • + https://wiki.mozilla.org/NSS_Shared_DB +

      See Also

      certutil (1)

      pk12util (1)

      signtool (1)

      The NSS wiki has information on the new database design and how to configure applications to use it.

      • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

      • + https://wiki.mozilla.org/NSS_Shared_DB +

      Additional Resources

      For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      + Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. +

      LICENSE

      Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. +diff --git a/doc/html/pk12util.html b/doc/html/pk12util.html +--- a/doc/html/pk12util.html ++++ b/doc/html/pk12util.html +@@ -1,27 +1,27 @@ +-PK12UTIL

      Name

      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database

      Synopsis

      pk12util [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +-

      Description

      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.

      Options and Arguments

      Options

      -i p12file

      Import keys and certificates from a PKCS #12 file into a security database.

      -l p12file

      List the keys and certificates in PKCS #12 file.

      -o p12file

      Export keys and certificates from the security database to a PKCS #12 file.

      Arguments

      -c keyCipher

      Specify the key encryption algorithm.

      -C certCipher

      Specify the certiticate encryption algorithm.

      -d [sql:]directory

      Specify the database directory into which to import to or export from certificates and keys.

      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

      -h tokenname

      Specify the name of the token to import into or export from.

      -k slotPasswordFile

      Specify the text file containing the slot's password.

      -K slotPassword

      Specify the slot's password.

      -m | --key-len keyLength

      Specify the desired length of the symmetric key to be used to encrypt the private key.

      -n | --cert-key-len certKeyLength

      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.

      -n certname

      Specify the nickname of the cert and private key to export.

      The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.

      -P prefix

      Specify the prefix used on the certificate and key databases. This option is provided as a special case. ++PK12UTIL

      Name

      pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database

      Synopsis

      pk12util [-i p12File|-l p12File|-o p12File] [-c keyCipher] [-C certCipher] [-d directory] [-h tokenname] [-m | --key-len keyLength] [-M hashAlg] [-n certname] [-P dbprefix] [-r] [-v] [--cert-key-len certKeyLength] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++

      Description

      The PKCS #12 utility, pk12util, enables sharing certificates among any server that supports PKCS #12. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys.

      Options and Arguments

      Options

      -i p12file

      Import keys and certificates from a PKCS #12 file into a security database.

      -l p12file

      List the keys and certificates in PKCS #12 file.

      -o p12file

      Export keys and certificates from the security database to a PKCS #12 file.

      Arguments

      -c keyCipher

      Specify the key encryption algorithm.

      -C certCipher

      Specify the certiticate encryption algorithm.

      -d directory

      Specify the database directory into which to import to or export from certificates and keys.

      pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format.

      -h tokenname

      Specify the name of the token to import into or export from.

      -k slotPasswordFile

      Specify the text file containing the slot's password.

      -K slotPassword

      Specify the slot's password.

      -m | --key-len keyLength

      Specify the desired length of the symmetric key to be used to encrypt the private key.

      -M hashAlg

      Specify the hash algorithm used in the pkcs #12 mac. This algorithm also specifies the HMAC used in the prf when using pkcs #5 v2.

      --cert-key-len certKeyLength

      Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.

      -n certname

      Specify the nickname of the cert and private key to export.

      The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.

      -P prefix

      Specify the prefix used on the certificate and key databases. This option is provided as a special case. + Changing the names of the certificate and key databases is not recommended.

      -r

      Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.

      -v

      Enable debug logging when importing.

      -w p12filePasswordFile

      Specify the text file containing the pkcs #12 file password.

      -W p12filePassword

      Specify the pkcs #12 file password.

      Return Codes

      • 0 - No error

      • 1 - User Cancelled

      • 2 - Usage error

      • 6 - NLS init error

      • 8 - Certificate DB open error

      • 9 - Key DB open error

      • 10 - File initialization error

      • 11 - Unicode conversion error

      • 12 - Temporary file creation error

      • 13 - PKCS11 get slot error

      • 14 - PKCS12 decoder start error

      • 15 - error read from import file

      • 16 - pkcs12 decode error

      • 17 - pkcs12 decoder verify error

      • 18 - pkcs12 decoder validate bags error

      • 19 - pkcs12 decoder import bags error

      • 20 - key db conversion version 3 to version 2 error

      • 21 - cert db conversion version 7 to version 5 error

      • 22 - cert and key dbs patch error

      • 23 - get default cert db error

      • 24 - find cert by nickname error

      • 25 - create export context error

      • 26 - PKCS12 add password itegrity error

      • 27 - cert and key Safes creation error

      • 28 - PKCS12 add cert and key error

      • 29 - PKCS12 encode error

      Examples

      Importing Keys and Certificates

      The most basic usage of pk12util for importing a certificate or key is the PKCS #12 input file (-i) and some way to specify the security database being accessed (either -d for a directory or -h for a token). +

      +- pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] +-

      For example:

      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
      ++    pk12util -i p12File [-h tokenname] [-v] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
      ++    

      For example:

      # pk12util -i /tmp/cert-files/users.p12 -d /home/my/sharednssdb
      + 
      + Enter a password which will be used to encrypt your keys.
      + The password should be at least 8 characters long,
      + and should contain at least one non-alphabetic character.
      + 
      + Enter new password: 
      + Re-enter password: 
      + Enter password for PKCS12 file: 
      + pk12util: PKCS12 IMPORT SUCCESSFUL

      Exporting Keys and Certificates

      Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database (-n) and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. +-

      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example:

      # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
      ++    

      pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example:

      # pk12util -o certs.p12 -n Server-Cert -d /home/my/sharednssdb
      + Enter password for PKCS12 file: 
      + Re-enter password: 

      Listing Keys and Certificates

      The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file. +-

      pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example, this prints the default ASCII output:

      # pk12util -l certs.p12
      ++    

      pk12util -l p12File [-h tokenname] [-r] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]

      For example, this prints the default ASCII output:

      # pk12util -l certs.p12
      + 
      + Enter password for PKCS12 file: 
      + Key(shrouded):
      +     Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
      + 
      +     Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
      +         Parameters:
      +             Salt:
      +@@ -59,18 +59,18 @@ The last versions of these 
      • + cert9.db for certificates +

      • + key4.db for keys +

      • + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory +-

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

      # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb

      To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

      export NSS_DEFAULT_DB_TYPE="sql"

      This line can be set added to the ~/.bashrc file to make the change permanent.

      Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

      • ++

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example:

      # pk12util -i /tmp/cert-files/users.p12 -d dbm:/home/my/sharednssdb

      To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm:

      export NSS_DEFAULT_DB_TYPE="dbm"

      This line can be set added to the ~/.bashrc file to make the change permanent.

      • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

      For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

      • + https://wiki.mozilla.org/NSS_Shared_DB +

      Compatibility Notes

      The exporting behavior of pk12util has changed over time, while importing files exported with older versions of NSS is still supported.

      Until the 3.30 release, pk12util used the UTF-16 encoding for the PKCS #5 password-based encryption schemes, while the recommendation is to encode passwords in UTF-8 if the used encryption scheme is defined outside of the PKCS #12 standard.

      Until the 3.31 release, even when "AES-128-CBC" or "AES-192-CBC" is given from the command line, pk12util always used 256-bit AES as the underlying encryption scheme.

      For historical reasons, pk12util accepts password-based encryption schemes not listed in this document. However, those schemes are not officially supported and may have issues in interoperability with other tools.

      See Also

      certutil (1)

      modutil (1)

      The NSS wiki has information on the new database design and how to configure applications to use it.

      • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

      • + https://wiki.mozilla.org/NSS_Shared_DB +

      Additional Resources

      For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      + Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. +

      LICENSE

      Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. +diff --git a/doc/html/pp.html b/doc/html/pp.html +--- a/doc/html/pp.html ++++ b/doc/html/pp.html +@@ -1,7 +1,7 @@ +-PP

      Name

      pp — Prints certificates, keys, crls, and pkcs7 files

      Synopsis

      pp -t type [-a] [-i input] [-o output] [-u] [-w]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +-

      Description

      pp pretty-prints private and public key, certificate, certificate-request, +- pkcs7 or crl files +-

      Options

      -t type

      specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}

      -a
      Input is in ascii encoded form (RFC1113)
      -i inputfile
      Define an input file to use (default is stdin)
      -o outputfile
      Define an output file to use (default is stdout)
      -u
      Use UTF-8 (default is to show non-ascii as .)
      -w
      Don't wrap long output lines

      Additional Resources

      NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

      For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      ++PP

      Name

      pp — Prints certificates, keys, crls, and pkcs7 files

      Synopsis

      pp -t type [-a] [-i input] [-o output] [-u] [-w]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++

      Description

      pp pretty-prints private and public key, certificate, certificate-request, ++ pkcs7, pkcs12 or crl files ++

      Options

      -t type

      specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | pkcs12 | crl | name}

      -a
      Input is in ascii encoded form (RFC1113)
      -i inputfile
      Define an input file to use (default is stdin)
      -o outputfile
      Define an output file to use (default is stdout)
      -u
      Use UTF-8 (default is to show non-ascii as .)
      -w
      Don't wrap long output lines

      Additional Resources

      NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at PKI Wiki.

      For information specifically about NSS, the NSS project wiki is located at Mozilla NSS site. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: pki-devel@redhat.com and pki-users@redhat.com

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      + Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. +

      LICENSE

      Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. +

      +diff --git a/doc/html/signver.html b/doc/html/signver.html +--- a/doc/html/signver.html ++++ b/doc/html/signver.html +@@ -1,12 +1,12 @@ +-SIGNVER

      Name

      signver — Verify a detached PKCS#7 signature for a file.

      Synopsis

      signtool -A | -V -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +-

      Description

      The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.

      Options

      -A

      Displays all of the information in the PKCS#7 signature.

      -V

      Verifies the digital signature.

      -d [sql:]directory

      Specify the database directory which contains the certificates and keys.

      signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format.

      -a

      Sets that the given signature file is in ASCII format.

      -i input_file

      Gives the input file for the object with signed data.

      -o output_file

      Gives the output file to which to write the results.

      -s signature_file

      Gives the input file for the digital signature.

      -v

      Enables verbose output.

      Extended Examples

      Verifying a Signature

      The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).

      signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb
      ++SIGNVER

      Name

      signver — Verify a detached PKCS#7 signature for a file.

      Synopsis

      signtool -A | -V -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++

      Description

      The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.

      Options

      -A

      Displays all of the information in the PKCS#7 signature.

      -V

      Verifies the digital signature.

      -d directory

      Specify the database directory which contains the certificates and keys.

      signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format.

      -a

      Sets that the given signature file is in ASCII format.

      -i input_file

      Gives the input file for the object with signed data.

      -o output_file

      Gives the output file to which to write the results.

      -s signature_file

      Gives the input file for the digital signature.

      -v

      Enables verbose output.

      Extended Examples

      Verifying a Signature

      The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).

      signver -V -s signature_file -i signed_file -d /home/my/sharednssdb
      + 
      +-signatureValid=yes

      Printing Signature Data

      ++signatureValid=yes

      Printing Signature Data

      + The -A option prints all of the information contained in a signature file. Using the -o option prints the signature file information to the given output file rather than stdout. +

      signver -A -s signature_file -o output_file

      NSS Database Types

      NSS originally used BerkeleyDB databases to store security information. + The last versions of these legacy databases are:

      • + cert8.db for certificates +

      • + key3.db for keys +

      • + secmod.db for PKCS #11 module information +@@ -14,18 +14,18 @@ The last versions of these

        • + cert9.db for certificates +

        • + key4.db for keys +

        • + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory +-

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example:

      # signver -A -s signature -d sql:/home/my/sharednssdb

      To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql:

      export NSS_DEFAULT_DB_TYPE="sql"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:

      • ++

      Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

      By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example:

      # signver -A -s signature -d dbm:/home/my/sharednssdb

      To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm:

      export NSS_DEFAULT_DB_TYPE="dbm"

      This line can be added to the ~/.bashrc file to make the change permanent for the user.

      • + https://wiki.mozilla.org/NSS_Shared_DB_Howto

      For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

      • + https://wiki.mozilla.org/NSS_Shared_DB +

      See Also

      signtool (1)

      The NSS wiki has information on the new database design and how to configure applications to use it.

      • Setting up the shared NSS database

        https://wiki.mozilla.org/NSS_Shared_DB_Howto

      • + Engineering and technical information about the shared NSS database +

        + https://wiki.mozilla.org/NSS_Shared_DB +

      Additional Resources

      For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

      Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

      IRC: Freenode at #dogtag-pki

      Authors

      The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

      + Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. +diff --git a/doc/html/ssltap.html b/doc/html/ssltap.html +--- a/doc/html/ssltap.html ++++ b/doc/html/ssltap.html +@@ -1,9 +1,9 @@ +-SSLTAP

      Name

      ssltap — Tap into SSL connections and display the data going by

      Synopsis

      ssltap [-fhlsvx] [-p port] [hostname:port]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 ++SSLTAP

      Name

      ssltap — Tap into SSL connections and display the data going by

      Synopsis

      ssltap [-fhlsvx] [-p port] [hostname:port]

      STATUS

      This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

      Description

      The SSL Debugging Tool ssltap is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking

      Options

      -f

      + Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. +

      -h

      + Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. +

      -l prefix

      + Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete. +

      -p port

      Change the default rendezvous port (1924) to another port.

      The following are well-known port numbers:

      + * HTTP 80 +diff --git a/doc/modutil.xml b/doc/modutil.xml +--- a/doc/modutil.xml ++++ b/doc/modutil.xml +@@ -144,24 +144,24 @@ + + + + -ciphers cipher-enable-list + Enable specific ciphers in a module that is being added to the database. The cipher-enable-list is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces. + + + +- -dbdir [sql:]directory ++ -dbdir directory + Specify the database directory in which to access or create security module database files. +- modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format. ++ modutil supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in SQLite format. + + + + --dbprefix prefix +- Specify the prefix used on the database files, such as my_ for my_cert8.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. ++ Specify the prefix used on the database files, such as my_ for my_cert9.db. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. + + + + -installdir root-installation-directory + Specify the root installation directory relative to which files will be installed by the option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory. + + + +@@ -224,23 +224,23 @@ + + + + + Usage and Examples + + Creating Database Files + Before any operations can be performed, there must be a set of security databases available. modutil can be used to create these files. The only required argument is the database that where the databases will be located. +-modutil -create -dbdir [sql:]directory ++modutil -create -dbdir directory + + Adding a Cryptographic Module + Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through modutil directly or by running a JAR file and install script. For the most basic case, simply upload the library: + modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] + For example: +-modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM ++modutil -dbdir /home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM + + Using database directory ... + Module "Example PKCS #11 Module" added to database. + + + + Installing a Cryptographic Module from a JAR File + PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module. The JAR install script is described in more detail in . +@@ -262,17 +262,17 @@ Module "Example PKCS #11 Module" added t + } + } + Linux:6.0.0:x86 { + EquivalentPlatform { Linux:5.4.08:x86 } + } + } + Both the install script and the required libraries must be bundled in a JAR file, which is specified with the argument. + +-modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb ++modutil -dbdir /home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir /home/my/sharednssdb + + This installation JAR file was signed by: + ---------------------------------------------- + + **SUBJECT NAME** + + C=US, ST=California, L=Mountain View, CN=Cryptorific Inc., OU=Digital ID + Class 3 - Netscape Object Signing, OU="www.verisign.com/repository/CPS +@@ -299,42 +299,42 @@ Installation completed successfully Adding Module Spec + Each module has information stored in the security database about its configuration and parameters. These can be added or edited using the command. For the current settings or to see the format of the module spec in the database, use the option. + modutil -rawadd modulespec + + + Deleting a Module + A specific PKCS #11 module can be deleted from the secmod.db database: +-modutil -delete modulename -dbdir [sql:]directory ++modutil -delete modulename -dbdir directory + + Displaying Module Information + The secmod.db database contains information about the PKCS #11 modules that are available to an application or server to use. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed. + To simply get a list of modules in the database, use the command. +-modutil -list [modulename] -dbdir [sql:]directory ++modutil -list [modulename] -dbdir directory + Listing the modules shows the module name, their status, and other associated security databases for certificates and keys. For example: + +-modutil -list -dbdir sql:/home/my/sharednssdb ++modutil -list -dbdir /home/my/sharednssdb + + Listing of PKCS #11 Modules + ----------------------------------------------------------- + 1. NSS Internal PKCS #11 Module + slots: 2 slots attached + status: loaded + + slot: NSS Internal Cryptographic Services + token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 + + slot: NSS User Private Key and Certificate Services + token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 + ----------------------------------------------------------- + Passing a specific module name with the returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example: +- modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb ++ modutil -list "NSS Internal PKCS #11 Module" -dbdir /home/my/sharednssdb + + ----------------------------------------------------------- + Name: NSS Internal PKCS #11 Module + Library file: **Internal ONLY module** + Manufacturer: Mozilla Foundation + Description: NSS Internal Crypto Services + PKCS #11 Version 2.20 + Library Version: 3.11 +@@ -370,17 +370,17 @@ Default Mechanism Flags: RSA:RC2:RC4:DES + Token Model: NSS 3 + Token Serial Number: 0000000000000000 + Token Version: 8.3 + Token Firmware Version: 0.0 + Access: NOT Write Protected + Login Type: Login required + User Pin: Initialized + A related command, returns information about the database configuration for the modules. (This information can be edited by loading new specs using the command.) +- modutil -rawlist -dbdir sql:/home/my/sharednssdb ++ modutil -rawlist -dbdir /home/my/sharednssdb + name="NSS Internal PKCS #11 Module" parameters="configdir=. certPrefix= keyPrefix= secmod=secmod.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] } Flags=internal,critical" + + Setting a Default Provider for Security Mechanisms + Multiple security modules may provide support for the same security mechanisms. It is possible to set a specific security module as the default provider for a specific security mechanism (or, conversely, to prohibit a provider from supplying those mechanisms). + modutil -default modulename -mechanisms mechanism-list + To set a module as the default provider for mechanisms, use the command with a colon-separated list of mechanisms. The available mechanisms depend on the module; NSS supplies almost all common mechanisms. For example: + modutil -default "NSS Internal PKCS #11 Module" -dbdir -mechanisms RSA:DSA:RC2 + +@@ -398,29 +398,29 @@ Successfully changed defaults.For example: + modutil -enable "NSS Internal PKCS #11 Module" -slot "NSS Internal Cryptographic Services " -dbdir . + + Slot "NSS Internal Cryptographic Services " enabled. + Be sure that the appropriate amount of trailing whitespace is after the slot name. Some slot names have a significant amount of whitespace that must be included, or the operation will fail. + + Enabling and Verifying FIPS Compliance + The NSS modules can have FIPS 140-2 compliance enabled or disabled using modutil with the option. For example: +-modutil -fips true -dbdir sql:/home/my/sharednssdb/ ++modutil -fips true -dbdir /home/my/sharednssdb/ + + FIPS mode enabled. + To verify that status of FIPS mode, run the command with either a true or false flag (it doesn't matter which). The tool returns the current FIPS setting. +-modutil -chkfips false -dbdir sql:/home/my/sharednssdb/ ++modutil -chkfips false -dbdir /home/my/sharednssdb/ + + FIPS mode enabled. + + Changing the Password on a Token + + Initializing or changing a token's password: + modutil -changepw tokenname [-pwfile old-password-file] [-newpwfile new-password-file] +-modutil -dbdir sql:/home/my/sharednssdb -changepw "NSS Certificate DB" ++modutil -dbdir /home/my/sharednssdb -changepw "NSS Certificate DB" + + Enter old password: + Incorrect password, try again... + Enter old password: + Enter new password: + Re-enter new password: + Token "Communicator Certificate DB" password changed successfully. + +@@ -684,27 +684,26 @@ BerkleyDB. These new databases provide m + + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory + + + + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example: ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type. ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: + +-modutil -create -dbdir sql:/home/my/sharednssdb ++modutil -create -dbdir dbm:/home/my/sharednssdb + +-To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: +-export NSS_DEFAULT_DB_TYPE="sql" ++To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: ++export NSS_DEFAULT_DB_TYPE="dbm" + + This line can be added to the ~/.bashrc file to make the change permanent for the user. + +-Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + + + + https://wiki.mozilla.org/NSS_Shared_DB_Howto + + + For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki: + +diff --git a/doc/nroff/certutil.1 b/doc/nroff/certutil.1 +--- a/doc/nroff/certutil.1 ++++ b/doc/nroff/certutil.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: CERTUTIL + .\" Author: [see the "Authors" section] + .\" Generator: DocBook XSL Stylesheets vsnapshot +-.\" Date: 5 October 2017 ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "CERTUTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools" ++.TH "CERTUTIL" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -182,16 +182,21 @@ key4\&.db)\&. + .PP + Arguments modify a command option and are usually lower case, numbers, or symbols\&. + .PP + \-a + .RS 4 + Use ASCII format or allow the use of ASCII format for input or output\&. This formatting follows RFC 1113\&. For certificate requests, ASCII output defaults to standard output unless redirected\&. + .RE + .PP ++\-\-simple\-self\-signed ++.RS 4 ++When printing the certificate chain, don\*(Aqt search for a chain if issuer name equals to subject name\&. ++.RE ++.PP + \-b validity\-time + .RS 4 + Specify a time at which a certificate is required to be valid\&. Use when checking certificate validity with the + \fB\-V\fR + option\&. The format of the + \fIvalidity\-time\fR + argument is + \fIYYMMDDHHMMSS[+HHMM|\-HHMM|Z]\fR, which allows offsets to be set relative to the validity end time\&. Specifying seconds (\fISS\fR) is optional\&. When specifying an explicit time, use a Z at the end of the term, +@@ -242,17 +247,17 @@ requests the newer database + .sp -1 + .IP \(bu 2.3 + .\} + \fBdbm:\fR + requests the legacy database + .RE + .sp + If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then +-\fBdbm:\fR ++\fBsql:\fR + is the default\&. + .RE + .PP + \-\-dump\-ext\-val OID + .RS 4 + For single cert, print binary DER encoding of extension OID\&. + .RE + .PP +@@ -569,16 +574,28 @@ The contexts are the following: + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 + .\} + \fBJ\fR + (as an object signer) + .RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++\fBI\fR ++(as an IPSEC user) ++.RE + .RE + .PP + \-v valid\-months + .RS 4 + Set the number of months a new certificate will be valid\&. The validity period begins at the current system time unless an offset is added or subtracted with the + \fB\-w\fR + option\&. If this argument is not used, the default validity period is three months\&. + .RE +@@ -1041,16 +1058,93 @@ msTrustListSign + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 + .\} + critical + .RE + .sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++x509Any ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecIKE ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecIKEEnd ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecIKEIntermediate ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecEnd ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecTunnel ++.RE ++.sp ++.RS 4 ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ipsecUser ++.RE ++.sp + X\&.509 certificate extensions are described in RFC 5280\&. + .RE + .PP + \-7 emailAddrs + .RS 4 + Add a comma\-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database\&. Subject alternative name extensions are described in Section 4\&.2\&.1\&.7 of RFC 3280\&. + .RE + .PP +@@ -1194,31 +1288,31 @@ secmod\&.db or pkcs11\&.txt + .RE + .PP + These databases must be created before certificates or keys can be generated\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-N \-d [sql:]directory ++certutil \-N \-d directory + .fi + .if n \{\ + .RE + .\} + .PP + \fBCreating a Certificate Request\fR + .PP + A certificate request contains most or all of the information that is used to generate the final certificate\&. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review)\&. Once the request is approved, then the certificate is generated\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-R \-k key\-type\-or\-id [\-q pqgfile|curve\-name] \-g key\-size \-s subject [\-h tokenname] \-d [sql:]directory [\-p phone] [\-o output\-file] [\-a] ++$ certutil \-R \-k key\-type\-or\-id [\-q pqgfile|curve\-name] \-g key\-size \-s subject [\-h tokenname] \-d directory [\-p phone] [\-o output\-file] [\-a] + .fi + .if n \{\ + .RE + .\} + .PP + The + \fB\-R\fR + command options requires four arguments: +@@ -1274,17 +1368,17 @@ to give the security database directory + The new certificate request can be output in ASCII format (\fB\-a\fR) or can be written to a specified file (\fB\-o\fR)\&. + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-R \-k rsa \-g 1024 \-s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" \-d sql:$HOME/nssdb \-p 650\-555\-0123 \-a \-o cert\&.cer ++$ certutil \-R \-k rsa \-g 1024 \-s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" \-d $HOME/nssdb \-p 650\-555\-0123 \-a \-o cert\&.cer + + Generating key\&. This may take a few moments\&.\&.\&. + + .fi + .if n \{\ + .RE + .\} + .PP +@@ -1295,17 +1389,17 @@ A valid certificate must be issued by a + argument with the + \fB\-S\fR + command option\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-S \-k rsa|dsa|ec \-n certname \-s subject [\-c issuer |\-x] \-t trustargs \-d [sql:]directory [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] [\-p phone] [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names] [\-\-extAIA] [\-\-extSIA] [\-\-extCP] [\-\-extPM] [\-\-extPC] [\-\-extIA] [\-\-extSKID] ++$ certutil \-S \-k rsa|dsa|ec \-n certname \-s subject [\-c issuer |\-x] \-t trustargs \-d directory [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] [\-p phone] [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names] [\-\-extAIA] [\-\-extSIA] [\-\-extCP] [\-\-extPM] [\-\-extPC] [\-\-extIA] [\-\-extSKID] + .fi + .if n \{\ + .RE + .\} + .PP + The series of numbers and + \fB\-\-ext*\fR + options set certificate extensions that can be added to the certificate when it is generated by the CA\&. Interactive prompts will result\&. +@@ -1343,45 +1437,45 @@ When a certificate request is created, a + specified in the + \fB\-c\fR + argument)\&. The issuing certificate must be in the certificate database in the specified directory\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-C \-c issuer \-i cert\-request\-file \-o output\-file [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] \-d [sql:]directory [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names] ++certutil \-C \-c issuer \-i cert\-request\-file \-o output\-file [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] \-d directory [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names] + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-C \-c "my\-ca\-cert" \-i /home/certs/cert\&.req \-o cert\&.cer \-m 010 \-v 12 \-w 1 \-d sql:$HOME/nssdb \-1 nonRepudiation,dataEncipherment \-5 sslClient \-6 clientAuth \-7 jsmith@example\&.com ++$ certutil \-C \-c "my\-ca\-cert" \-i /home/certs/cert\&.req \-o cert\&.cer \-m 010 \-v 12 \-w 1 \-d $HOME/nssdb \-1 nonRepudiation,dataEncipherment \-5 sslClient \-6 clientAuth \-7 jsmith@example\&.com + .fi + .if n \{\ + .RE + .\} + .PP + \fBListing Certificates\fR + .PP + The + \fB\-L\fR + command option lists all of the certificates listed in the certificate database\&. The path to the directory (\fB\-d\fR) is required\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-L \-d sql:/home/my/sharednssdb ++$ certutil \-L \-d /home/my/sharednssdb + + Certificate Nickname Trust Attributes + SSL,S/MIME,JAR/XPI + + CA Administrator of Instance pki\-ca1\*(Aqs Example Domain ID u,u,u + TPS Administrator\*(Aqs Example Domain ID u,u,u + Google Internet Authority ,, + Certificate Authority \- Example Domain CT,C,C +@@ -1397,17 +1491,17 @@ can return and print the information for + argument passes the certificate name, while the + \fB\-a\fR + argument prints the certificate in ASCII format: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-L \-d sql:$HOME/nssdb \-a \-n my\-ca\-cert ++$ certutil \-L \-d $HOME/nssdb \-a \-n my\-ca\-cert + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh + bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV + BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz + JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x + XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk + 0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB + AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B +@@ -1421,17 +1515,17 @@ ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qx + .\} + .PP + For a human\-readable display + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-L \-d sql:$HOME/nssdb \-n my\-ca\-cert ++$ certutil \-L \-d $HOME/nssdb \-n my\-ca\-cert + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3650 (0xe42) + Signature Algorithm: PKCS #1 SHA\-1 With RSA Encryption + Issuer: "CN=Example CA" + Validity: + Not Before: Wed Mar 13 19:10:29 2013 +@@ -1504,17 +1598,17 @@ To list all keys in the database, use th + command option and the (required) + \fB\-d\fR + argument to give the path to the directory\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-K \-d sql:$HOME/nssdb ++$ certutil \-K \-d $HOME/nssdb + certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services " + < 0> rsa 455a6673bde9375c2887ec8bf8016b3f9f35861d Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID + < 1> rsa 40defeeb522ade11090eacebaaf1196a172127df Example Domain Administrator Cert + < 2> rsa 1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5 John Smith user cert + .fi + .if n \{\ + .RE + .\} +@@ -1570,17 +1664,17 @@ The devices that can be used to store ce + command option lists all of the security modules listed in the + secmod\&.db + database\&. The path to the directory (\fB\-d\fR) is required\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-U \-d sql:/home/my/sharednssdb ++$ certutil \-U \-d /home/my/sharednssdb + + slot: NSS User Private Key and Certificate Services + token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 + + slot: NSS Internal Cryptographic Services + token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 +@@ -1594,29 +1688,29 @@ database\&. The path to the directory (\ + Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere\&. This uses the + \fB\-A\fR + command option\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-A \-n certname \-t trustargs \-d [sql:]directory [\-a] [\-i input\-file] ++certutil \-A \-n certname \-t trustargs \-d directory [\-a] [\-i input\-file] + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-A \-n "CN=My SSL Certificate" \-t ",," \-d sql:/home/my/sharednssdb \-i /home/example\-certs/cert\&.cer ++$ certutil \-A \-n "CN=My SSL Certificate" \-t ",," \-d /home/my/sharednssdb \-i /home/example\-certs/cert\&.cer + .fi + .if n \{\ + .RE + .\} + .PP + A related command option, + \fB\-E\fR, is used specifically to add email certificates to the certificate database\&. The + \fB\-E\fR +@@ -1624,99 +1718,99 @@ command has the same arguments as the + \fB\-A\fR + command\&. The trust arguments for certificates have the format + \fISSL,S/MIME,Code\-signing\fR, so the middle trust settings relate most to email certificates (though the others can be set)\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-E \-n "CN=John Smith Email Cert" \-t ",P," \-d sql:/home/my/sharednssdb \-i /home/example\-certs/email\&.cer ++$ certutil \-E \-n "CN=John Smith Email Cert" \-t ",P," \-d /home/my/sharednssdb \-i /home/example\-certs/email\&.cer + .fi + .if n \{\ + .RE + .\} + .PP + \fBDeleting Certificates to the Database\fR + .PP + Certificates can be deleted from a database using the + \fB\-D\fR + option\&. The only required options are to give the security database directory and to identify the certificate nickname\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-D \-d [sql:]directory \-n "nickname" ++certutil \-D \-d directory \-n "nickname" + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-D \-d sql:/home/my/sharednssdb \-n "my\-ssl\-cert" ++$ certutil \-D \-d /home/my/sharednssdb \-n "my\-ssl\-cert" + .fi + .if n \{\ + .RE + .\} + .PP + \fBValidating Certificates\fR + .PP + A certificate contains an expiration date in itself, and expired certificates are easily rejected\&. However, certificates can also be revoked before they hit their expiration date\&. Checking whether a certificate has been revoked requires validating the certificate\&. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for\&. Validation is carried out by the + \fB\-V\fR + command option\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-V \-n certificate\-name [\-b time] [\-e] [\-u cert\-usage] \-d [sql:]directory ++certutil \-V \-n certificate\-name [\-b time] [\-e] [\-u cert\-usage] \-d directory + .fi + .if n \{\ + .RE + .\} + .PP + For example, to validate an email certificate: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-V \-n "John Smith\*(Aqs Email Cert" \-e \-u S,R \-d sql:/home/my/sharednssdb ++$ certutil \-V \-n "John Smith\*(Aqs Email Cert" \-e \-u S,R \-d /home/my/sharednssdb + .fi + .if n \{\ + .RE + .\} + .PP + \fBModifying Certificate Trust Settings\fR + .PP + The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database\&. This is especially useful for CA certificates, but it can be performed for any type of certificate\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-M \-n certificate\-name \-t trust\-args \-d [sql:]directory ++certutil \-M \-n certificate\-name \-t trust\-args \-d directory + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-M \-n "My CA Certificate" \-d sql:/home/my/sharednssdb \-t "CT,CT,CT" ++$ certutil \-M \-n "My CA Certificate" \-d /home/my/sharednssdb \-t "CT,CT,CT" + .fi + .if n \{\ + .RE + .\} + .PP + \fBPrinting the Certificate Chain\fR + .PP + Certificates can be issued in +@@ -1724,17 +1818,17 @@ Certificates can be issued in + because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint\&. The + \fB\-O\fR + prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate\&. For example, for an email certificate with two CAs in the chain: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-d sql:/home/my/sharednssdb \-O \-n "jsmith@example\&.com" ++$ certutil \-d /home/my/sharednssdb \-O \-n "jsmith@example\&.com" + "Builtin Object Token:Thawte Personal Freemail CA" [E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA] + + "Thawte Personal Freemail Issuing CA \- Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd\&.,C=ZA] + + "(null)" [E=jsmith@example\&.com,CN=Thawte Freemail Member] + .fi + .if n \{\ + .RE +@@ -1743,29 +1837,29 @@ prints the full chain of a certificate, + \fBResetting a Token\fR + .PP + The device which stores certificates \-\- both external hardware devices and internal software databases \-\- can be blanked and reused\&. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name (\fB\-h\fR) as well as any directory path\&. If there is no external token used, the default value is internal\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-T \-d [sql:]directory \-h token\-name \-0 security\-officer\-password ++certutil \-T \-d directory \-h token\-name \-0 security\-officer\-password + .fi + .if n \{\ + .RE + .\} + .PP + Many networks have dedicated personnel who handle changes to security tokens (the security officer)\&. This person must supply the password to access the specified token\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-T \-d sql:/home/my/sharednssdb \-h nethsm \-0 secret ++$ certutil \-T \-d /home/my/sharednssdb \-h nethsm \-0 secret + .fi + .if n \{\ + .RE + .\} + .PP + \fBUpgrading or Merging the Security Databases\fR + .PP + Many networks or applications may be using older BerkeleyDB versions of the certificate database (cert8\&.db)\&. Databases can be upgraded to the new SQLite version of the database (cert9\&.db) using the +@@ -1780,55 +1874,55 @@ The + \fB\-\-upgrade\-merge\fR + command must give information about the original database and then use the standard arguments (like + \fB\-d\fR) to give the information about the new databases\&. The command also requires information that the tool uses for the process to upgrade and write over the original database\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-\-upgrade\-merge \-d [sql:]directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix \-\-upgrade\-id id \-\-upgrade\-token\-name name [\-@ password\-file] ++certutil \-\-upgrade\-merge \-d directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix \-\-upgrade\-id id \-\-upgrade\-token\-name name [\-@ password\-file] + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-\-upgrade\-merge \-d sql:/home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\- \-\-upgrade\-id 1 \-\-upgrade\-token\-name internal ++$ certutil \-\-upgrade\-merge \-d /home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\- \-\-upgrade\-id 1 \-\-upgrade\-token\-name internal + .fi + .if n \{\ + .RE + .\} + .PP + The + \fB\-\-merge\fR + command only requires information about the location of the original database; since it doesn\*(Aqt change the format of the database, it can write over information without performing interim step\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-certutil \-\-merge \-d [sql:]directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix [\-@ password\-file] ++certutil \-\-merge \-d directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix [\-@ password\-file] + .fi + .if n \{\ + .RE + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-\-merge \-d sql:/home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\- ++$ certutil \-\-merge \-d /home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\- + .fi + .if n \{\ + .RE + .\} + .PP + \fBRunning certutil Commands from a Batch File\fR + .PP + A series of commands can be run sequentially from a text file with the +@@ -1921,50 +2015,48 @@ pkcs11\&.txt, a listing of all of the PK + .RE + .PP + Because the SQLite databases are designed to be shared, these are the + \fIshared\fR + database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&. + .PP + By default, the tools (\fBcertutil\fR, + \fBpk12util\fR, +-\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the +-\fBsql:\fR ++\fBmodutil\fR) assume that the given security databases use the SQLite type\&. Using the legacy databases must be manually specified by using the ++\fBdbm:\fR + prefix with the given security directory\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-$ certutil \-L \-d sql:/home/my/sharednssdb ++$ certutil \-L \-d dbm:/home/my/sharednssdb + .fi + .if n \{\ + .RE + .\} + .PP +-To set the shared database type as the default type for the tools, set the ++To set the legacy database type as the default type for the tools, set the + \fBNSS_DEFAULT_DB_TYPE\fR + environment variable to +-\fBsql\fR: ++\fBdbm\fR: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-export NSS_DEFAULT_DB_TYPE="sql" ++export NSS_DEFAULT_DB_TYPE="dbm" + .fi + .if n \{\ + .RE + .\} + .PP + This line can be set added to the + ~/\&.bashrc + file to make the change permanent\&. +-.PP +-Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + .sp + .RS 4 + .ie n \{\ + \h'-04'\(bu\h'+03'\c + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 +diff --git a/doc/nroff/crlutil.1 b/doc/nroff/crlutil.1 +--- a/doc/nroff/crlutil.1 ++++ b/doc/nroff/crlutil.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: CRLUTIL + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "CRLUTIL" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +diff --git a/doc/nroff/derdump.1 b/doc/nroff/derdump.1 +--- a/doc/nroff/derdump.1 ++++ b/doc/nroff/derdump.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: DERDUMP + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.77.1 +-.\" Date: 15 February 2013 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "DERDUMP" "1" "15 February 2013" "nss-tools" "NSS Security Tools" ++.TH "DERDUMP" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -63,22 +63,22 @@ NSS is maintained in conjunction with PK + For information specifically about NSS, the NSS project wiki is located at + \m[blue]\fBMozilla NSS site\fR\m[]\&\s-2\u[3]\d\s+2\&. The NSS site relates directly to NSS code changes and releases\&. + .PP + Mailing lists: pki\-devel@redhat\&.com and pki\-users@redhat\&.com + .PP + IRC: Freenode at #dogtag\-pki + .SH "AUTHORS" + .PP +-The NSS tools were written and maintained by developers with Netscape and now with Red Hat\&. ++The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. + .PP + Authors: Gerhardus Geldenhuis \&. Elio Maldonado , Deon Lackey + .SH "LICENSE" + .PP +-Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&. ++Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. + .SH "NOTES" + .IP " 1." 4 + Mozilla NSS bug 836477 + .RS 4 + \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477 + .RE + .IP " 2." 4 + PKI Wiki +diff --git a/doc/nroff/modutil.1 b/doc/nroff/modutil.1 +--- a/doc/nroff/modutil.1 ++++ b/doc/nroff/modutil.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: MODUTIL + .\" Author: [see the "Authors" section] + .\" Generator: DocBook XSL Stylesheets vsnapshot +-.\" Date: 5 October 2017 ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "MODUTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools" ++.TH "MODUTIL" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -183,36 +183,36 @@ Give the security module spec to load in + .PP + \-ciphers cipher\-enable\-list + .RS 4 + Enable specific ciphers in a module that is being added to the database\&. The + \fIcipher\-enable\-list\fR + is a colon\-delimited list of cipher names\&. Enclose this list in quotation marks if it contains spaces\&. + .RE + .PP +-\-dbdir [sql:]directory ++\-dbdir directory + .RS 4 + Specify the database directory in which to access or create security module database files\&. + .sp + \fBmodutil\fR + supports two types of databases: the legacy security databases (cert8\&.db, + key3\&.db, and +-secmod\&.db) and new SQLite databases (cert9\&.db, ++secmod\&.db) and SQLite databases (cert9\&.db, + key4\&.db, and + pkcs11\&.txt)\&. If the prefix +-\fBsql:\fR +-is not used, then the tool assumes that the given databases are in the old format\&. ++\fBdbm:\fR ++is not used, then the tool assumes that the given databases are in SQLite format\&. + .RE + .PP + \-\-dbprefix prefix + .RS 4 + Specify the prefix used on the database files, such as + my_ + for +-my_cert8\&.db\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. ++my_cert9\&.db\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&. + .RE + .PP + \-installdir root\-installation\-directory + .RS 4 + Specify the root installation directory relative to which files will be installed by the + \fB\-jar\fR + option\&. This directory should be one below which it is appropriate to store dynamic library files, such as a server\*(Aqs root directory\&. + .RE +@@ -325,17 +325,17 @@ option\&. If no temporary directory is s + Before any operations can be performed, there must be a set of security databases available\&. + \fBmodutil\fR + can be used to create these files\&. The only required argument is the database that where the databases will be located\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-create \-dbdir [sql:]directory ++modutil \-create \-dbdir directory + .fi + .if n \{\ + .RE + .\} + .PP + \fBAdding a Cryptographic Module\fR + .PP + Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms\&. This can be done by supplying all of the information through +@@ -353,17 +353,17 @@ modutil \-add modulename \-libfile libra + .\} + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-dbdir sql:/home/my/sharednssdb \-add "Example PKCS #11 Module" \-libfile "/tmp/crypto\&.so" \-mechanisms RSA:DSA:RC2:RANDOM ++modutil \-dbdir /home/my/sharednssdb \-add "Example PKCS #11 Module" \-libfile "/tmp/crypto\&.so" \-mechanisms RSA:DSA:RC2:RANDOM + + Using database directory \&.\&.\&. + Module "Example PKCS #11 Module" added to database\&. + .fi + .if n \{\ + .RE + .\} + .PP +@@ -406,17 +406,17 @@ Platforms { + Both the install script and the required libraries must be bundled in a JAR file, which is specified with the + \fB\-jar\fR + argument\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-dbdir sql:/home/mt"jar\-install\-filey/sharednssdb \-jar install\&.jar \-installdir sql:/home/my/sharednssdb ++modutil \-dbdir /home/mt"jar\-install\-filey/sharednssdb \-jar install\&.jar \-installdir /home/my/sharednssdb + + This installation JAR file was signed by: + \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- + + **SUBJECT NAME** + + C=US, ST=California, L=Mountain View, CN=Cryptorific Inc\&., OU=Digital ID + Class 3 \- Netscape Object Signing, OU="www\&.verisign\&.com/repository/CPS +@@ -468,17 +468,17 @@ modutil \-rawadd modulespec + A specific PKCS #11 module can be deleted from the + secmod\&.db + database: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-delete modulename \-dbdir [sql:]directory ++modutil \-delete modulename \-dbdir directory + .fi + .if n \{\ + .RE + .\} + .PP + \fBDisplaying Module Information\fR + .PP + The +@@ -488,29 +488,29 @@ database contains information about the + To simply get a list of modules in the database, use the + \fB\-list\fR + command\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-list [modulename] \-dbdir [sql:]directory ++modutil \-list [modulename] \-dbdir directory + .fi + .if n \{\ + .RE + .\} + .PP + Listing the modules shows the module name, their status, and other associated security databases for certificates and keys\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-list \-dbdir sql:/home/my/sharednssdb ++modutil \-list \-dbdir /home/my/sharednssdb + + Listing of PKCS #11 Modules + \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- + 1\&. NSS Internal PKCS #11 Module + slots: 2 slots attached + status: loaded + + slot: NSS Internal Cryptographic Services +@@ -529,17 +529,17 @@ Listing of PKCS #11 Modules + Passing a specific module name with the + \fB\-list\fR + returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +- modutil \-list "NSS Internal PKCS #11 Module" \-dbdir sql:/home/my/sharednssdb ++ modutil \-list "NSS Internal PKCS #11 Module" \-dbdir /home/my/sharednssdb + + \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- + Name: NSS Internal PKCS #11 Module + Library file: **Internal ONLY module** + Manufacturer: Mozilla Foundation + Description: NSS Internal Crypto Services + PKCS #11 Version 2\&.20 + Library Version: 3\&.11 +@@ -589,17 +589,17 @@ A related command, + returns information about the database configuration for the modules\&. (This information can be edited by loading new specs using the + \fB\-rawadd\fR + command\&.) + .sp + .if n \{\ + .RS 4 + .\} + .nf +- modutil \-rawlist \-dbdir sql:/home/my/sharednssdb ++ modutil \-rawlist \-dbdir /home/my/sharednssdb + name="NSS Internal PKCS #11 Module" parameters="configdir=\&. certPrefix= keyPrefix= secmod=secmod\&.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] } Flags=internal,critical" + .fi + .if n \{\ + .RE + .\} + .PP + \fBSetting a Default Provider for Security Mechanisms\fR + .PP +@@ -683,33 +683,33 @@ The NSS modules can have FIPS 140\-2 com + with the + \fB\-fips\fR + option\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-fips true \-dbdir sql:/home/my/sharednssdb/ ++modutil \-fips true \-dbdir /home/my/sharednssdb/ + + FIPS mode enabled\&. + .fi + .if n \{\ + .RE + .\} + .PP + To verify that status of FIPS mode, run the + \fB\-chkfips\fR + command with either a true or false flag (it doesn\*(Aqt matter which)\&. The tool returns the current FIPS setting\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-chkfips false \-dbdir sql:/home/my/sharednssdb/ ++modutil \-chkfips false \-dbdir /home/my/sharednssdb/ + + FIPS mode enabled\&. + .fi + .if n \{\ + .RE + .\} + .PP + \fBChanging the Password on a Token\fR +@@ -725,17 +725,17 @@ modutil \-changepw tokenname [\-pwfile o + .if n \{\ + .RE + .\} + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-dbdir sql:/home/my/sharednssdb \-changepw "NSS Certificate DB" ++modutil \-dbdir /home/my/sharednssdb \-changepw "NSS Certificate DB" + + Enter old password: + Incorrect password, try again\&.\&.\&. + Enter old password: + Enter new password: + Re\-enter new password: + Token "Communicator Certificate DB" password changed successfully\&. + .fi +@@ -1336,50 +1336,48 @@ pkcs11\&.txt, which is listing of all of + .RE + .PP + Because the SQLite databases are designed to be shared, these are the + \fIshared\fR + database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&. + .PP + By default, the tools (\fBcertutil\fR, + \fBpk12util\fR, +-\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the +-\fBsql:\fR ++\fBmodutil\fR) assume that the given security databases use the SQLite type\&. Using the legacy databases must be manually specified by using the ++\fBdbm:\fR + prefix with the given security directory\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-modutil \-create \-dbdir sql:/home/my/sharednssdb ++modutil \-create \-dbdir dbm:/home/my/sharednssdb + .fi + .if n \{\ + .RE + .\} + .PP +-To set the shared database type as the default type for the tools, set the ++To set the legacy database type as the default type for the tools, set the + \fBNSS_DEFAULT_DB_TYPE\fR + environment variable to +-\fBsql\fR: ++\fBdbm\fR: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-export NSS_DEFAULT_DB_TYPE="sql" ++export NSS_DEFAULT_DB_TYPE="dbm" + .fi + .if n \{\ + .RE + .\} + .PP + This line can be added to the + ~/\&.bashrc + file to make the change permanent for the user\&. +-.PP +-Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + .sp + .RS 4 + .ie n \{\ + \h'-04'\(bu\h'+03'\c + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 +diff --git a/doc/nroff/pk12util.1 b/doc/nroff/pk12util.1 +--- a/doc/nroff/pk12util.1 ++++ b/doc/nroff/pk12util.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: PK12UTIL + .\" Author: [see the "Authors" section] + .\" Generator: DocBook XSL Stylesheets vsnapshot +-.\" Date: 5 October 2017 ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "PK12UTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools" ++.TH "PK12UTIL" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -26,17 +26,17 @@ + .ad l + .\" ----------------------------------------------------------------- + .\" * MAIN CONTENT STARTS HERE * + .\" ----------------------------------------------------------------- + .SH "NAME" + pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database + .SH "SYNOPSIS" + .HP \w'\fBpk12util\fR\ 'u +-\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword] ++\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-c\ keyCipher] [\-C\ certCipher] [\-d\ directory] [\-h\ tokenname] [\-m\ |\ \-\-key\-len\ keyLength] [\-M\ hashAlg] [\-n\ certname] [\-P\ dbprefix] [\-r] [\-v] [\-\-cert\-key\-len\ certKeyLength] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword] + .SH "STATUS" + .PP + This documentation is still work in progress\&. Please contribute to the initial review in + \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2 + .SH "DESCRIPTION" + .PP + The PKCS #12 utility, + \fBpk12util\fR, enables sharing certificates among any server that supports PKCS #12\&. The tool can import certificates and keys from PKCS #12 files into security databases, export certificates, and list certificates and keys\&. +@@ -66,28 +66,28 @@ Export keys and certificates from the se + Specify the key encryption algorithm\&. + .RE + .PP + \-C certCipher + .RS 4 + Specify the certiticate encryption algorithm\&. + .RE + .PP +-\-d [sql:]directory ++\-d directory + .RS 4 + Specify the database directory into which to import to or export from certificates and keys\&. + .sp + \fBpk12util\fR + supports two types of databases: the legacy security databases (cert8\&.db, + key3\&.db, and + secmod\&.db) and new SQLite databases (cert9\&.db, + key4\&.db, and + pkcs11\&.txt)\&. If the prefix +-\fBsql:\fR +-is not used, then the tool assumes that the given databases are in the old format\&. ++\fBdbm:\fR ++is not used, then the tool assumes that the given databases are in the SQLite format\&. + .RE + .PP + \-h tokenname + .RS 4 + Specify the name of the token to import into or export from\&. + .RE + .PP + \-k slotPasswordFile +@@ -100,17 +100,22 @@ Specify the text file containing the slo + Specify the slot\*(Aqs password\&. + .RE + .PP + \-m | \-\-key\-len keyLength + .RS 4 + Specify the desired length of the symmetric key to be used to encrypt the private key\&. + .RE + .PP +-\-n | \-\-cert\-key\-len certKeyLength ++\-M hashAlg ++.RS 4 ++Specify the hash algorithm used in the pkcs #12 mac\&. This algorithm also specifies the HMAC used in the prf when using pkcs #5 v2\&. ++.RE ++.PP ++\-\-cert\-key\-len certKeyLength + .RS 4 + Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&. + .RE + .PP + \-n certname + .RS 4 + Specify the nickname of the cert and private key to export\&. + .sp +@@ -435,27 +440,27 @@ 29 \- PKCS12 encode error + The most basic usage of + \fBpk12util\fR + for importing a certificate or key is the PKCS #12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either + \fB\-d\fR + for a directory or + \fB\-h\fR + for a token)\&. + .PP +-pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] ++pk12util \-i p12File [\-h tokenname] [\-v] [\-d directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] + .PP + For example: + .PP + + .sp + .if n \{\ + .RS 4 + .\} + .nf +-# pk12util \-i /tmp/cert\-files/users\&.p12 \-d sql:/home/my/sharednssdb ++# pk12util \-i /tmp/cert\-files/users\&.p12 \-d /home/my/sharednssdb + + Enter a password which will be used to encrypt your keys\&. + The password should be at least 8 characters long, + and should contain at least one non\-alphabetic character\&. + + Enter new password: + Re\-enter password: + Enter password for PKCS12 file: +@@ -466,41 +471,41 @@ pk12util: PKCS12 IMPORT SUCCESSFUL + .\} + .PP + \fBExporting Keys and Certificates\fR + .PP + Using the + \fBpk12util\fR + command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS #12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&. + .PP +-pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] ++pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] + .PP + For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-# pk12util \-o certs\&.p12 \-n Server\-Cert \-d sql:/home/my/sharednssdb ++# pk12util \-o certs\&.p12 \-n Server\-Cert \-d /home/my/sharednssdb + Enter password for PKCS12 file: + Re\-enter password: + .fi + .if n \{\ + .RE + .\} + .PP + \fBListing Keys and Certificates\fR + .PP + The information in a + \&.p12 + file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the + \&.p12 + file\&. + .PP +-pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] ++pk12util \-l p12File [\-h tokenname] [\-r] [\-d directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword] + .PP + For example, this prints the default ASCII output: + .sp + .if n \{\ + .RS 4 + .\} + .nf + # pk12util \-l certs\&.p12 +@@ -732,50 +737,48 @@ pkcs11\&.txt, which is listing of all of + .RE + .PP + Because the SQLite databases are designed to be shared, these are the + \fIshared\fR + database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&. + .PP + By default, the tools (\fBcertutil\fR, + \fBpk12util\fR, +-\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the +-\fBsql:\fR ++\fBmodutil\fR) assume that the given security databases use the SQLite type Using the legacy databases must be manually specified by using the ++\fBdbm:\fR + prefix with the given security directory\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-# pk12util \-i /tmp/cert\-files/users\&.p12 \-d sql:/home/my/sharednssdb ++# pk12util \-i /tmp/cert\-files/users\&.p12 \-d dbm:/home/my/sharednssdb + .fi + .if n \{\ + .RE + .\} + .PP +-To set the shared database type as the default type for the tools, set the ++To set the legacy database type as the default type for the tools, set the + \fBNSS_DEFAULT_DB_TYPE\fR + environment variable to +-\fBsql\fR: ++\fBdbm\fR: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-export NSS_DEFAULT_DB_TYPE="sql" ++export NSS_DEFAULT_DB_TYPE="dbm" + .fi + .if n \{\ + .RE + .\} + .PP + This line can be set added to the + ~/\&.bashrc + file to make the change permanent\&. +-.PP +-Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + .sp + .RS 4 + .ie n \{\ + \h'-04'\(bu\h'+03'\c + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 +diff --git a/doc/nroff/pp.1 b/doc/nroff/pp.1 +--- a/doc/nroff/pp.1 ++++ b/doc/nroff/pp.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: PP + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 29 July 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "PP" "1" "29 July 2014" "nss-tools" "NSS Security Tools" ++.TH "PP" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -33,22 +33,22 @@ pp \- Prints certificates, keys, crls, a + .HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\ [\-u]\ [\-w]\fR\ 'u + \fBpp \-t type [\-a] [\-i input] [\-o output] [\-u] [\-w]\fR + .SH "STATUS" + .PP + This documentation is still work in progress\&. Please contribute to the initial review in + \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2 + .SH "DESCRIPTION" + .PP +-\fBpp \fRpretty\-prints private and public key, certificate, certificate\-request, pkcs7 or crl files ++\fBpp \fRpretty\-prints private and public key, certificate, certificate\-request, pkcs7, pkcs12 or crl files + .SH "OPTIONS" + .PP + \fB\-t \fR \fItype\fR + .RS 4 +-specify the input, one of {private\-key | public\-key | certificate | certificate\-request | pkcs7 | crl} ++specify the input, one of {private\-key | public\-key | certificate | certificate\-request | pkcs7 | pkcs12 | crl | name} + .sp + .RE + .PP + \fB\-a \fR + .RS 4 + Input is in ascii encoded form (RFC1113) + .RE + .PP +diff --git a/doc/nroff/signtool.1 b/doc/nroff/signtool.1 +--- a/doc/nroff/signtool.1 ++++ b/doc/nroff/signtool.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: signtool + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "SIGNTOOL" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +diff --git a/doc/nroff/signver.1 b/doc/nroff/signver.1 +--- a/doc/nroff/signver.1 ++++ b/doc/nroff/signver.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: SIGNVER + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "SIGNVER" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +@@ -47,28 +47,28 @@ The Signature Verification Tool, + Displays all of the information in the PKCS#7 signature\&. + .RE + .PP + \-V + .RS 4 + Verifies the digital signature\&. + .RE + .PP +-\-d [sql:]\fIdirectory\fR ++\-d \fIdirectory\fR + .RS 4 + Specify the database directory which contains the certificates and keys\&. + .sp + \fBsignver\fR + supports two types of databases: the legacy security databases (cert8\&.db, + key3\&.db, and + secmod\&.db) and new SQLite databases (cert9\&.db, + key4\&.db, and + pkcs11\&.txt)\&. If the prefix +-\fBsql:\fR +-is not used, then the tool assumes that the given databases are in the old format\&. ++\fBdbm:\fR ++is not used, then the tool assumes that the given databases are in the SQLite format\&. + .RE + .PP + \-a + .RS 4 + Sets that the given signature file is in ASCII format\&. + .RE + .PP + \-i \fIinput_file\fR +@@ -96,17 +96,17 @@ Enables verbose output\&. + The + \fB\-V\fR + option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file)\&. + .sp + .if n \{\ + .RS 4 + .\} + .nf +-signver \-V \-s \fIsignature_file\fR \-i \fIsigned_file\fR \-d sql:/home/my/sharednssdb ++signver \-V \-s \fIsignature_file\fR \-i \fIsigned_file\fR \-d /home/my/sharednssdb + + signatureValid=yes + .fi + .if n \{\ + .RE + .\} + .SS "Printing Signature Data" + .PP +@@ -202,50 +202,48 @@ pkcs11\&.txt, which is listing of all of + .RE + .PP + Because the SQLite databases are designed to be shared, these are the + \fIshared\fR + database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&. + .PP + By default, the tools (\fBcertutil\fR, + \fBpk12util\fR, +-\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the +-\fBsql:\fR ++\fBmodutil\fR) assume that the given security databases use the SQLite type Using the legacy databases must be manually specified by using the ++\fBdbm:\fR + prefix with the given security directory\&. For example: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-# signver \-A \-s \fIsignature\fR \-d sql:/home/my/sharednssdb ++# signver \-A \-s \fIsignature\fR \-d dbm:/home/my/sharednssdb + .fi + .if n \{\ + .RE + .\} + .PP +-To set the shared database type as the default type for the tools, set the ++To set the legacy database type as the default type for the tools, set the + \fBNSS_DEFAULT_DB_TYPE\fR + environment variable to +-\fBsql\fR: ++\fBdbm\fR: + .sp + .if n \{\ + .RS 4 + .\} + .nf +-export NSS_DEFAULT_DB_TYPE="sql" ++export NSS_DEFAULT_DB_TYPE="dbm" + .fi + .if n \{\ + .RE + .\} + .PP + This line can be added to the + ~/\&.bashrc + file to make the change permanent for the user\&. +-.PP +-Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + .sp + .RS 4 + .ie n \{\ + \h'-04'\(bu\h'+03'\c + .\} + .el \{\ + .sp -1 + .IP \(bu 2.3 +diff --git a/doc/nroff/ssltap.1 b/doc/nroff/ssltap.1 +--- a/doc/nroff/ssltap.1 ++++ b/doc/nroff/ssltap.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: SSLTAP + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "SSLTAP" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +diff --git a/doc/nroff/vfychain.1 b/doc/nroff/vfychain.1 +--- a/doc/nroff/vfychain.1 ++++ b/doc/nroff/vfychain.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: VFYCHAIN + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "VFYCHAIN" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +diff --git a/doc/nroff/vfyserv.1 b/doc/nroff/vfyserv.1 +--- a/doc/nroff/vfyserv.1 ++++ b/doc/nroff/vfyserv.1 +@@ -1,18 +1,18 @@ + '\" t + .\" Title: VFYSERV + .\" Author: [see the "Authors" section] +-.\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 5 June 2014 ++.\" Generator: DocBook XSL Stylesheets vsnapshot ++.\" Date: 19 May 2021 + .\" Manual: NSS Security Tools + .\" Source: nss-tools + .\" Language: English + .\" +-.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools" ++.TH "VFYSERV" "1" "19 May 2021" "nss-tools" "NSS Security Tools" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .\" http://bugs.debian.org/507673 + .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html + .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + .ie \n(.g .ds Aq \(aq +diff --git a/doc/pk12util.xml b/doc/pk12util.xml +--- a/doc/pk12util.xml ++++ b/doc/pk12util.xml +@@ -25,17 +25,17 @@ + + + + + pk12util + -i p12File|-l p12File|-o p12File + -c keyCipher + -C certCipher +- -d [sql:]directory ++ -d directory + -h tokenname + -m | --key-len keyLength + -M hashAlg + -n certname + -P dbprefix + -r + -v + --cert-key-len certKeyLength +@@ -83,19 +83,19 @@ + + + + -C certCipher + Specify the certiticate encryption algorithm. + + + +- -d [sql:]directory ++ -d directory + Specify the database directory into which to import to or export from certificates and keys. +- pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format. ++ pk12util supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format. + + + + -h tokenname + Specify the name of the token to import into or export from. + + + +@@ -244,44 +244,44 @@ + + + + Examples + Importing Keys and Certificates + The most basic usage of pk12util for importing a certificate or key is the PKCS #12 input file () and some way to specify the security database being accessed (either for a directory or for a token). + + +- pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] ++ pk12util -i p12File [-h tokenname] [-v] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + + For example: + +- # pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb ++ # pk12util -i /tmp/cert-files/users.p12 -d /home/my/sharednssdb + + Enter a password which will be used to encrypt your keys. + The password should be at least 8 characters long, + and should contain at least one non-alphabetic character. + + Enter new password: + Re-enter password: + Enter password for PKCS12 file: + pk12util: PKCS12 IMPORT SUCCESSFUL + + Exporting Keys and Certificates + Using the pk12util command to export certificates and keys requires both the name of the certificate to extract from the database () and the PKCS #12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material. + +- pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] ++ pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + For example: +- # pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb ++ # pk12util -o certs.p12 -n Server-Cert -d /home/my/sharednssdb + Enter password for PKCS12 file: + Re-enter password: + + Listing Keys and Certificates + The information in a .p12 file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the .p12 file. + +- pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] ++ pk12util -l p12File [-h tokenname] [-r] [-d directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword] + For example, this prints the default ASCII output: + # pk12util -l certs.p12 + + Enter password for PKCS12 file: + Key(shrouded): + Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID + + Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC +@@ -389,27 +389,26 @@ BerkleyDB. These new databases provide m + + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory + + + + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example: ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: + +-# pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb ++# pk12util -i /tmp/cert-files/users.p12 -d dbm:/home/my/sharednssdb + +-To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: +-export NSS_DEFAULT_DB_TYPE="sql" ++To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: ++export NSS_DEFAULT_DB_TYPE="dbm" + + This line can be set added to the ~/.bashrc file to make the change permanent. + +-Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + + + + https://wiki.mozilla.org/NSS_Shared_DB_Howto + + + For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki: + +diff --git a/doc/signver.xml b/doc/signver.xml +--- a/doc/signver.xml ++++ b/doc/signver.xml +@@ -59,19 +59,19 @@ + -A + Displays all of the information in the PKCS#7 signature. + + + -V + Verifies the digital signature. + + +- -d [sql:]directory ++ -d directory + Specify the database directory which contains the certificates and keys. +- signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: is not used, then the tool assumes that the given databases are in the old format. ++ signver supports two types of databases: the legacy security databases (cert8.db, key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt). If the prefix dbm: is not used, then the tool assumes that the given databases are in the SQLite format. + + + -a + Sets that the given signature file is in ASCII format. + + + -i input_file + Gives the input file for the object with signed data. +@@ -90,17 +90,17 @@ + + + + + + Extended Examples + Verifying a Signature + The option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file). +-signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb ++signver -V -s signature_file -i signed_file -d /home/my/sharednssdb + + signatureValid=yes + + + Printing Signature Data + + The option prints all of the information contained in a signature file. Using the option prints the signature file information to the given output file rather than stdout. + +@@ -150,27 +150,26 @@ BerkleyDB. These new databases provide m + + pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory + + + + + Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility. + +-By default, the tools (certutil, pk12util, modutil) assume that the given security databases follow the more common legacy type. +-Using the SQLite databases must be manually specified by using the sql: prefix with the given security directory. For example: ++By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type ++Using the legacy databases must be manually specified by using the dbm: prefix with the given security directory. For example: + +-# signver -A -s signature -d sql:/home/my/sharednssdb ++# signver -A -s signature -d dbm:/home/my/sharednssdb + +-To set the shared database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to sql: +-export NSS_DEFAULT_DB_TYPE="sql" ++To set the legacy database type as the default type for the tools, set the NSS_DEFAULT_DB_TYPE environment variable to dbm: ++export NSS_DEFAULT_DB_TYPE="dbm" + + This line can be added to the ~/.bashrc file to make the change permanent for the user. + +-Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases: + + + + https://wiki.mozilla.org/NSS_Shared_DB_Howto + + + For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki: + diff --git a/SOURCES/nss-disable-dc.patch b/SOURCES/nss-disable-dc.patch index 45d58d7..6eae5e4 100644 --- a/SOURCES/nss-disable-dc.patch +++ b/SOURCES/nss-disable-dc.patch @@ -1,7 +1,18 @@ -diff -up nss/lib/ssl/sslsock.c.dc nss/lib/ssl/sslsock.c ---- nss/lib/ssl/sslsock.c.dc 2020-07-29 14:05:10.413370267 +0200 -+++ nss/lib/ssl/sslsock.c 2020-07-29 14:06:38.339805833 +0200 -@@ -798,7 +798,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh +diff -up ./gtests/ssl_gtest/manifest.mn.orig ./gtests/ssl_gtest/manifest.mn +--- ./gtests/ssl_gtest/manifest.mn.orig 2021-06-02 15:40:48.677355426 -0700 ++++ ./gtests/ssl_gtest/manifest.mn 2021-06-02 15:42:31.248977261 -0700 +@@ -57,7 +57,6 @@ CPPSRCS = \ + tls_filter.cc \ + tls_protect.cc \ + tls_psk_unittest.cc \ +- tls_subcerts_unittest.cc \ + tls_ech_unittest.cc \ + $(SSLKEYLOGFILE_FILES) \ + $(NULL) +diff -up ./lib/ssl/sslsock.c.orig ./lib/ssl/sslsock.c +--- ./lib/ssl/sslsock.c.orig 2021-05-28 02:50:43.000000000 -0700 ++++ ./lib/ssl/sslsock.c 2021-06-02 15:40:48.676355420 -0700 +@@ -819,7 +819,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh break; case SSL_ENABLE_DELEGATED_CREDENTIALS: @@ -10,7 +21,7 @@ diff -up nss/lib/ssl/sslsock.c.dc nss/lib/ssl/sslsock.c break; case SSL_ENABLE_NPN: -@@ -1316,7 +1316,7 @@ SSL_OptionSetDefault(PRInt32 which, PRIn +@@ -1337,7 +1337,7 @@ SSL_OptionSetDefault(PRInt32 which, PRIn break; case SSL_ENABLE_DELEGATED_CREDENTIALS: @@ -19,14 +30,3 @@ diff -up nss/lib/ssl/sslsock.c.dc nss/lib/ssl/sslsock.c break; case SSL_ENABLE_NPN: -diff -up nss/gtests/ssl_gtest/manifest.mn.dc nss/gtests/ssl_gtest/manifest.mn ---- nss/gtests/ssl_gtest/manifest.mn.dc 2020-07-29 16:46:29.574134443 +0200 -+++ nss/gtests/ssl_gtest/manifest.mn 2020-07-29 16:46:35.821094263 +0200 -@@ -56,7 +56,6 @@ CPPSRCS = \ - tls_hkdf_unittest.cc \ - tls_filter.cc \ - tls_protect.cc \ -- tls_subcerts_unittest.cc \ - tls_esni_unittest.cc \ - $(SSLKEYLOGFILE_FILES) \ - $(NULL) diff --git a/SOURCES/nss-reorder-cipher-suites-gtests.patch b/SOURCES/nss-reorder-cipher-suites-gtests.patch index 73b049f..fbedd09 100644 --- a/SOURCES/nss-reorder-cipher-suites-gtests.patch +++ b/SOURCES/nss-reorder-cipher-suites-gtests.patch @@ -1,7 +1,7 @@ -diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc ---- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 -+++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2019-03-22 11:25:50.523173253 +0100 -@@ -728,7 +728,9 @@ static SSLNamedGroup NamedGroupForEcdsa3 +diff -up ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_auth_unittest.cc +--- ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_auth_unittest.cc 2021-06-03 17:01:27.530383629 -0700 +@@ -1036,7 +1036,9 @@ static SSLNamedGroup NamedGroupForEcdsa3 // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519. @@ -12,14 +12,22 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests return ssl_grp_ec_secp384r1; } return ssl_grp_ec_curve25519; -@@ -1377,20 +1379,24 @@ INSTANTIATE_TEST_CASE_P( +@@ -1831,27 +1833,31 @@ INSTANTIATE_TEST_SUITE_P( + ::testing::Values(TlsAgent::kServerRsa), + ::testing::Values(ssl_auth_rsa_sign), + ::testing::Values(ssl_sig_rsa_pkcs1_sha1))); ++// FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ++// a higher priority than AES-128 GCM, and that causes the following ++// 4 TLS 1.2 tests to fail. + INSTANTIATE_TEST_SUITE_P( + SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration, + ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, +- TlsConnectTestBase::kTlsV12Plus, ++ TlsConnectTestBase::kTlsV13, ::testing::Values(TlsAgent::kServerEcdsa256), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256))); -+ // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 -+ // a higher priority than AES-128 GCM, and that causes the following -+ // 3 TLS 1.2 tests to fail. - INSTANTIATE_TEST_CASE_P( + INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV12Plus, @@ -27,7 +35,7 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests ::testing::Values(TlsAgent::kServerEcdsa384), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384))); - INSTANTIATE_TEST_CASE_P( + INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV12Plus, @@ -36,19 +44,19 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp521r1_sha512))); +#if 0 - INSTANTIATE_TEST_CASE_P( + INSTANTIATE_TEST_SUITE_P( SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, -@@ -1399,4 +1405,5 @@ INSTANTIATE_TEST_CASE_P( +@@ -1860,4 +1866,5 @@ INSTANTIATE_TEST_SUITE_P( TlsAgent::kServerEcdsa384), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_sha1))); +#endif } // namespace nss_test -diff -up nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc ---- nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 -+++ nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc 2019-03-22 11:25:50.523173253 +0100 -@@ -71,11 +71,13 @@ void CheckRecordSizes(const std::shared_ +diff -up ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_recordsize_unittest.cc +--- ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_recordsize_unittest.cc 2021-06-03 16:47:23.130301387 -0700 +@@ -72,11 +72,13 @@ void CheckRecordSizes(const std::shared_ break; case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: @@ -62,9 +70,9 @@ diff -up nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-g // Expansion is 20 for the MAC. Maximum block padding is 16. Maximum // padding is added when the input plus the MAC is an exact multiple of // the block size. -diff -up nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc ---- nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 -+++ nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2019-03-22 11:29:30.452433420 +0100 +diff -up ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc +--- ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 ++++ ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2021-06-03 16:47:23.130301387 -0700 @@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) { Reset(TlsAgent::kRsa8192); @@ -86,10 +94,10 @@ diff -up nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gt } } // namespace nss_test -diff -up nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/tls_agent.cc ---- nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2019-03-22 11:28:19.936944328 +0100 -+++ nss/gtests/ssl_gtest/tls_agent.cc 2019-03-22 11:29:58.712828287 +0100 -@@ -532,6 +532,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea, +diff -up ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/tls_agent.cc +--- ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700 ++++ ./gtests/ssl_gtest/tls_agent.cc 2021-06-03 16:47:23.130301387 -0700 +@@ -603,6 +603,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea, case ssl_grp_ec_secp384r1: kea_size = 384; break; diff --git a/SOURCES/nss-rsa-pkcs1-sigalgs.patch b/SOURCES/nss-rsa-pkcs1-sigalgs.patch deleted file mode 100644 index 9855b9a..0000000 --- a/SOURCES/nss-rsa-pkcs1-sigalgs.patch +++ /dev/null @@ -1,247 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1594360877 -7200 -# Fri Jul 10 08:01:17 2020 +0200 -# Node ID df1d2695e115ed9e6f7e8df6ad4d7be2c9bc77d8 -# Parent de661583d46713c9b4873a904dda3a8ba4a61976 -Bug 1646324, advertise rsa_pkcs1_* schemes in CH and CR for certs, r=mt - -Summary: -In TLS 1.3, unless "signature_algorithms_cert" is advertised, the -"signature_algorithms" extension is used as an indication of supported -algorithms for signatures on certificates. While rsa_pkcs1_* -signatures schemes cannot be used for signing handshake messages, they -should be advertised if the peer wants to to support certificates -signed with RSA PKCS#1. - -This adds a flag to ssl3_EncodeSigAlgs() and ssl3_FilterSigAlgs() to -preserve rsa_pkcs1_* schemes in the output. - -Reviewers: mt - -Reviewed By: mt - -Bug #: 1646324 - -Differential Revision: https://phabricator.services.mozilla.com/D80881 - -diff -r de661583d467 -r df1d2695e115 gtests/ssl_gtest/ssl_auth_unittest.cc ---- a/gtests/ssl_gtest/ssl_auth_unittest.cc Thu Jul 09 22:45:27 2020 +0000 -+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc Fri Jul 10 08:01:17 2020 +0200 -@@ -1591,6 +1591,47 @@ - capture->extension()); - } - -+TEST_P(TlsConnectTls13, Tls13RsaPkcs1IsAdvertisedClient) { -+ EnsureTlsSetup(); -+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pkcs1_sha256, -+ ssl_sig_rsa_pss_rsae_sha256}; -+ client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); -+ auto capture = -+ MakeTlsFilter(client_, ssl_signature_algorithms_xtn); -+ Connect(); -+ // We should only have the one signature algorithm advertised. -+ static const uint8_t kExpectedExt[] = {0, -+ 4, -+ ssl_sig_rsa_pss_rsae_sha256 >> 8, -+ ssl_sig_rsa_pss_rsae_sha256 & 0xff, -+ ssl_sig_rsa_pkcs1_sha256 >> 8, -+ ssl_sig_rsa_pkcs1_sha256 & 0xff}; -+ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)), -+ capture->extension()); -+} -+ -+TEST_P(TlsConnectTls13, Tls13RsaPkcs1IsAdvertisedServer) { -+ EnsureTlsSetup(); -+ static const SSLSignatureScheme kSchemes[] = {ssl_sig_rsa_pkcs1_sha256, -+ ssl_sig_rsa_pss_rsae_sha256}; -+ server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); -+ auto capture = MakeTlsFilter( -+ server_, ssl_signature_algorithms_xtn, true); -+ capture->SetHandshakeTypes({kTlsHandshakeCertificateRequest}); -+ capture->EnableDecryption(); -+ server_->RequestClientAuth(false); // So we get a CertificateRequest. -+ Connect(); -+ // We should only have the one signature algorithm advertised. -+ static const uint8_t kExpectedExt[] = {0, -+ 4, -+ ssl_sig_rsa_pss_rsae_sha256 >> 8, -+ ssl_sig_rsa_pss_rsae_sha256 & 0xff, -+ ssl_sig_rsa_pkcs1_sha256 >> 8, -+ ssl_sig_rsa_pkcs1_sha256 & 0xff}; -+ ASSERT_EQ(DataBuffer(kExpectedExt, sizeof(kExpectedExt)), -+ capture->extension()); -+} -+ - // variant, version, certificate, auth type, signature scheme - typedef std::tuple -diff -r de661583d467 -r df1d2695e115 lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c Thu Jul 09 22:45:27 2020 +0000 -+++ b/lib/ssl/ssl3con.c Fri Jul 10 08:01:17 2020 +0200 -@@ -784,15 +784,19 @@ - * Both by policy and by having a token that supports it. */ - static PRBool - ssl_SignatureSchemeAccepted(PRUint16 minVersion, -- SSLSignatureScheme scheme) -+ SSLSignatureScheme scheme, -+ PRBool forCert) - { - /* Disable RSA-PSS schemes if there are no tokens to verify them. */ - if (ssl_IsRsaPssSignatureScheme(scheme)) { - if (!PK11_TokenExists(auth_alg_defs[ssl_auth_rsa_pss])) { - return PR_FALSE; - } -- } else if (ssl_IsRsaPkcs1SignatureScheme(scheme)) { -- /* Disable PKCS#1 signatures if we are limited to TLS 1.3. */ -+ } else if (!forCert && ssl_IsRsaPkcs1SignatureScheme(scheme)) { -+ /* Disable PKCS#1 signatures if we are limited to TLS 1.3. -+ * We still need to advertise PKCS#1 signatures in CH and CR -+ * for certificate signatures. -+ */ - if (minVersion >= SSL_LIBRARY_VERSION_TLS_1_3) { - return PR_FALSE; - } -@@ -851,7 +855,8 @@ - /* Ensure that there is a signature scheme that can be accepted.*/ - for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) { - if (ssl_SignatureSchemeAccepted(ss->vrange.min, -- ss->ssl3.signatureSchemes[i])) { -+ ss->ssl3.signatureSchemes[i], -+ PR_FALSE /* forCert */)) { - return SECSuccess; - } - } -@@ -880,7 +885,7 @@ - PRBool acceptable = authType == schemeAuthType || - (schemeAuthType == ssl_auth_rsa_pss && - authType == ssl_auth_rsa_sign); -- if (acceptable && ssl_SignatureSchemeAccepted(ss->version, scheme)) { -+ if (acceptable && ssl_SignatureSchemeAccepted(ss->version, scheme, PR_FALSE /* forCert */)) { - return PR_TRUE; - } - } -@@ -9803,12 +9808,13 @@ - } - - SECStatus --ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, sslBuffer *buf) -+ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert, -+ sslBuffer *buf) - { - SSLSignatureScheme filtered[MAX_SIGNATURE_SCHEMES] = { 0 }; - unsigned int filteredCount = 0; - -- SECStatus rv = ssl3_FilterSigAlgs(ss, minVersion, PR_FALSE, -+ SECStatus rv = ssl3_FilterSigAlgs(ss, minVersion, PR_FALSE, forCert, - PR_ARRAY_SIZE(filtered), - filtered, &filteredCount); - if (rv != SECSuccess) { -@@ -9843,8 +9849,21 @@ - return sslBuffer_InsertLength(buf, lengthOffset, 2); - } - -+/* -+ * In TLS 1.3 we are permitted to advertise support for PKCS#1 -+ * schemes. This doesn't affect the signatures in TLS itself, just -+ * those on certificates. Not advertising PKCS#1 signatures creates a -+ * serious compatibility risk as it excludes many certificate chains -+ * that include PKCS#1. Hence, forCert is used to enable advertising -+ * PKCS#1 support. Note that we include these in signature_algorithms -+ * because we don't yet support signature_algorithms_cert. TLS 1.3 -+ * requires that PKCS#1 schemes are placed last in the list if they -+ * are present. This sorting can be removed once we support -+ * signature_algorithms_cert. -+ */ - SECStatus - ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae, -+ PRBool forCert, - unsigned int maxSchemes, SSLSignatureScheme *filteredSchemes, - unsigned int *numFilteredSchemes) - { -@@ -9856,15 +9875,32 @@ - } - - *numFilteredSchemes = 0; -+ PRBool allowUnsortedPkcs1 = forCert && minVersion < SSL_LIBRARY_VERSION_TLS_1_3; - for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) { - if (disableRsae && ssl_IsRsaeSignatureScheme(ss->ssl3.signatureSchemes[i])) { - continue; - } - if (ssl_SignatureSchemeAccepted(minVersion, -- ss->ssl3.signatureSchemes[i])) { -+ ss->ssl3.signatureSchemes[i], -+ allowUnsortedPkcs1)) { - filteredSchemes[(*numFilteredSchemes)++] = ss->ssl3.signatureSchemes[i]; - } - } -+ if (forCert && !allowUnsortedPkcs1) { -+ for (unsigned int i = 0; i < ss->ssl3.signatureSchemeCount; ++i) { -+ if (disableRsae && ssl_IsRsaeSignatureScheme(ss->ssl3.signatureSchemes[i])) { -+ continue; -+ } -+ if (!ssl_SignatureSchemeAccepted(minVersion, -+ ss->ssl3.signatureSchemes[i], -+ PR_FALSE) && -+ ssl_SignatureSchemeAccepted(minVersion, -+ ss->ssl3.signatureSchemes[i], -+ PR_TRUE)) { -+ filteredSchemes[(*numFilteredSchemes)++] = ss->ssl3.signatureSchemes[i]; -+ } -+ } -+ } - return SECSuccess; - } - -@@ -9901,7 +9937,7 @@ - - length = 1 + certTypesLength + 2 + calen; - if (isTLS12) { -- rv = ssl3_EncodeSigAlgs(ss, ss->version, &sigAlgsBuf); -+ rv = ssl3_EncodeSigAlgs(ss, ss->version, PR_TRUE /* forCert */, &sigAlgsBuf); - if (rv != SECSuccess) { - return rv; - } -diff -r de661583d467 -r df1d2695e115 lib/ssl/ssl3exthandle.c ---- a/lib/ssl/ssl3exthandle.c Thu Jul 09 22:45:27 2020 +0000 -+++ b/lib/ssl/ssl3exthandle.c Fri Jul 10 08:01:17 2020 +0200 -@@ -1652,7 +1652,7 @@ - minVersion = ss->vrange.min; /* ClientHello */ - } - -- SECStatus rv = ssl3_EncodeSigAlgs(ss, minVersion, buf); -+ SECStatus rv = ssl3_EncodeSigAlgs(ss, minVersion, PR_TRUE /* forCert */, buf); - if (rv != SECSuccess) { - return SECFailure; - } -diff -r de661583d467 -r df1d2695e115 lib/ssl/sslimpl.h ---- a/lib/ssl/sslimpl.h Thu Jul 09 22:45:27 2020 +0000 -+++ b/lib/ssl/sslimpl.h Fri Jul 10 08:01:17 2020 +0200 -@@ -1688,12 +1688,12 @@ - SECStatus ssl3_AuthCertificate(sslSocket *ss); - SECStatus ssl_ReadCertificateStatus(sslSocket *ss, PRUint8 *b, - PRUint32 length); --SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, -+SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool forCert, - sslBuffer *buf); - SECStatus ssl3_EncodeFilteredSigAlgs(const sslSocket *ss, - const SSLSignatureScheme *schemes, - PRUint32 numSchemes, sslBuffer *buf); --SECStatus ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae, -+SECStatus ssl3_FilterSigAlgs(const sslSocket *ss, PRUint16 minVersion, PRBool disableRsae, PRBool forCert, - unsigned int maxSchemes, SSLSignatureScheme *filteredSchemes, - unsigned int *numFilteredSchemes); - SECStatus ssl_GetCertificateRequestCAs(const sslSocket *ss, -diff -r de661583d467 -r df1d2695e115 lib/ssl/tls13exthandle.c ---- a/lib/ssl/tls13exthandle.c Thu Jul 09 22:45:27 2020 +0000 -+++ b/lib/ssl/tls13exthandle.c Fri Jul 10 08:01:17 2020 +0200 -@@ -1519,7 +1519,8 @@ - SSLSignatureScheme filtered[MAX_SIGNATURE_SCHEMES] = { 0 }; - unsigned int filteredCount = 0; - SECStatus rv = ssl3_FilterSigAlgs(ss, ss->vrange.max, -- PR_TRUE, -+ PR_TRUE /* disableRsae */, -+ PR_FALSE /* forCert */, - MAX_SIGNATURE_SCHEMES, - filtered, - &filteredCount); diff --git a/SOURCES/nss-skip-bltest-and-fipstest.patch b/SOURCES/nss-skip-bltest-and-fipstest.patch index e68af55..1045573 100644 --- a/SOURCES/nss-skip-bltest-and-fipstest.patch +++ b/SOURCES/nss-skip-bltest-and-fipstest.patch @@ -1,6 +1,6 @@ -diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile ---- nss/cmd/Makefile.skipthem 2020-06-17 00:50:59.000000000 +0200 -+++ nss/cmd/Makefile 2020-07-28 16:39:14.398475287 +0200 +diff -up ./cmd/Makefile.skipthem ./cmd/Makefile +--- ./cmd/Makefile.skipthem 2021-05-28 02:50:43.000000000 -0700 ++++ ./cmd/Makefile 2021-06-03 15:16:36.015186252 -0700 @@ -19,7 +19,11 @@ BLTEST_SRCDIR = ECPERF_SRCDIR = FREEBL_ECTEST_SRCDIR = @@ -13,13 +13,14 @@ diff -up nss/cmd/Makefile.skipthem nss/cmd/Makefile else BLTEST_SRCDIR = bltest ECPERF_SRCDIR = ecperf -diff -up nss/cmd/shlibsign/Makefile.skipthem nss/cmd/shlibsign/Makefile ---- nss/cmd/shlibsign/Makefile.skipthem 2020-07-28 16:39:58.263169490 +0200 -+++ nss/cmd/shlibsign/Makefile 2020-07-28 16:40:04.485126117 +0200 -@@ -94,6 +94,3 @@ else - $(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<) +diff -up ./cmd/shlibsign/Makefile.skipthem ./cmd/shlibsign/Makefile +--- ./cmd/shlibsign/Makefile.skipthem 2021-06-03 15:16:36.015186252 -0700 ++++ ./cmd/shlibsign/Makefile 2021-06-03 15:18:49.494720335 -0700 +@@ -95,7 +95,3 @@ else endif endif -- + -libs: install +-ifdef CHECKLOC - $(MAKE) $(CHECKLOC) +-endif diff --git a/SOURCES/nss-sql-default-tests.patch b/SOURCES/nss-sql-default-tests.patch index 1d4b6ad..6aabecd 100644 --- a/SOURCES/nss-sql-default-tests.patch +++ b/SOURCES/nss-sql-default-tests.patch @@ -1,85 +1,70 @@ -# HG changeset patch -# User Franziskus Kiefer -# Date 1575483231 0 -# Wed Dec 04 18:13:51 2019 +0000 -# Node ID c1fad130dce2081a5d6ce9f539c72d999f59afce -# Parent a9ba652046e634ccb4ca21a43dd6d76858e20d62 -Bug 1594933 - disable libnssdbm by default; keep build on CI, r=jcj - -Disale libnssdbm by default and add flag to enable it in builds. -On CI a build and certs test with enabled legacy DB are added. - -Note that for some reason the coverage build fails. I have no idea why. I'm open for ideas. - -Differential Revision: https://phabricator.services.mozilla.com/D54673 - -diff -r a9ba652046e6 -r c1fad130dce2 tests/all.sh ---- a/tests/all.sh Tue Dec 03 23:27:28 2019 +0000 -+++ b/tests/all.sh Wed Dec 04 18:13:51 2019 +0000 +diff -up ./tests/all.sh.sql-default-tests ./tests/all.sh +--- ./tests/all.sh.sql-default-tests 2021-06-03 15:44:45.759708770 -0700 ++++ ./tests/all.sh 2021-06-03 15:50:12.649678081 -0700 @@ -51,10 +51,10 @@ # pkix - run test suites with PKIX enabled # upgradedb - upgrade existing certificate databases to shareable # format (creates them if doesn't exist yet) and run --# test suites with those databases -+# test suites with those databases. Requires to enable libdm. +-# test suites with those databases. Requires to enable libdm. ++# test suites with those databases. # sharedb - run test suites with shareable database format # enabled (databases are created directly to this --# format) -+# format). This is the default and doesn't need to be run separately. - # - # Mandatory environment variables (to be set before testing): - # ----------------------------------------------------------- -@@ -135,7 +135,7 @@ +-# format). This is the default and doesn't need to be run separately. ++# format). + # threadunsafe - run test suites with thread unsafe environment variable + # so simulate running NSS locking for PKCS #11 modules which + # are not thread safe. +@@ -137,7 +137,7 @@ run_tests() } ########################## run_cycle_standard ########################## --# run test suites with dbm database (no PKIX, no sharedb) -+# run test suites with sql database (no PKIX) +-# run test suites with sql database (no PKIX) ++# run test suites with dbm database (no PKIX, no sharedb) ######################################################################## run_cycle_standard() { -@@ -144,7 +144,7 @@ +@@ -146,7 +146,7 @@ run_cycle_standard() TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix sdr ocsp pkits" + TESTS_SKIP="libpkix pkits" -- NSS_DEFAULT_DB_TYPE="dbm" -+ NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"} +- NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"} ++ NSS_DEFAULT_DB_TYPE=dbm export NSS_DEFAULT_DB_TYPE run_tests -@@ -288,7 +288,7 @@ +@@ -323,7 +323,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU . ./init.sh fi --cycles="standard pkix upgradedb sharedb" -+cycles="standard pkix" +-cycles="standard pkix threadunsafe" ++cycles="standard pkix upgradedb sharedb threadunsafe" CYCLES=${NSS_CYCLES:-$cycles} NO_INIT_SUPPORT=`certutil --build-flags |grep -cw NSS_NO_INIT_SUPPORT` -diff -r a9ba652046e6 -r c1fad130dce2 tests/common/init.sh ---- a/tests/common/init.sh Tue Dec 03 23:27:28 2019 +0000 -+++ b/tests/common/init.sh Wed Dec 04 18:13:51 2019 +0000 -@@ -651,9 +651,9 @@ +diff -up ./tests/common/init.sh.sql-default-tests ./tests/common/init.sh +--- ./tests/common/init.sh.sql-default-tests 2021-05-28 02:50:43.000000000 -0700 ++++ ./tests/common/init.sh 2021-06-03 15:44:45.771708842 -0700 +@@ -651,9 +651,9 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU RELOAD_CRL=1 -- # if test mode isn't set, test scripts default to expecting dbm -+ # if test mode isn't set, test scripts default to expecting sql +- # if test mode isn't set, test scripts default to expecting sql ++ # if test mode isn't set, test scripts default to expecting dbm if [ "${TEST_MODE}" = "" ]; then -- NSS_DEFAULT_DB_TYPE="dbm" -+ NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"} +- NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE:-"sql"} ++ NSS_DEFAULT_DB_TYPE="dbm" export NSS_DEFAULT_DB_TYPE fi -diff -r a9ba652046e6 -r c1fad130dce2 tests/remote/Makefile ---- a/tests/remote/Makefile Tue Dec 03 23:27:28 2019 +0000 -+++ b/tests/remote/Makefile Wed Dec 04 18:13:51 2019 +0000 -@@ -56,7 +56,7 @@ +diff -up ./tests/remote/Makefile.sql-default-tests ./tests/remote/Makefile +--- ./tests/remote/Makefile.sql-default-tests 2021-05-28 02:50:43.000000000 -0700 ++++ ./tests/remote/Makefile 2021-06-03 15:44:45.771708842 -0700 +@@ -56,7 +56,7 @@ ifeq ($(OS_TARGET),Android) TEST_SHELL?=$$HOME/bin/sh ANDROID_PORT?="2222" #Define the subset of tests that is known to work on Android --NSS_CYCLES?="standard pkix upgradedb sharedb" -+NSS_CYCLES?="standard pkix sharedb" +-NSS_CYCLES?="standard pkix sharedb" ++NSS_CYCLES?="standard pkix upgradedb sharedb" NSS_TESTS?="cipher lowhash libpkix cert dbtests tools sdr crmf smime ssl ocsp merge pkits chains" NSS_SSL_TESTS?="crl normal_normal iopr" NSS_SSL_RUN?="cov auth stress" diff --git a/SOURCES/nss-ssl2-compatible-client-hello.patch b/SOURCES/nss-ssl2-compatible-client-hello.patch index da155c6..ec013e2 100644 --- a/SOURCES/nss-ssl2-compatible-client-hello.patch +++ b/SOURCES/nss-ssl2-compatible-client-hello.patch @@ -1,12 +1,12 @@ -diff -up nss/lib/ssl/sslsock.c.ssl2hello nss/lib/ssl/sslsock.c ---- nss/lib/ssl/sslsock.c.ssl2hello 2020-07-22 17:54:31.498366114 +0200 -+++ nss/lib/ssl/sslsock.c 2020-07-22 17:55:46.019824069 +0200 -@@ -89,7 +89,7 @@ static sslOptions ssl_defaults = { +diff -up ./lib/ssl/sslsock.c.ssl2hello ./lib/ssl/sslsock.c +--- ./lib/ssl/sslsock.c.ssl2hello 2021-06-03 15:39:52.237945867 -0700 ++++ ./lib/ssl/sslsock.c 2021-06-03 15:43:21.746203666 -0700 +@@ -90,7 +90,7 @@ static sslOptions ssl_defaults = { .enableDtls13VersionCompat = PR_FALSE, .enableDtlsShortHeader = PR_FALSE, .enableHelloDowngradeCheck = PR_FALSE, - .enableV2CompatibleHello = PR_FALSE, + .enableV2CompatibleHello = PR_TRUE, .enablePostHandshakeAuth = PR_FALSE, - .suppressEndOfEarlyData = PR_FALSE - }; + .suppressEndOfEarlyData = PR_FALSE, + .enableTls13GreaseEch = PR_FALSE, diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 546ab13..e2bff8b 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -1,14 +1,14 @@ -%global nspr_version 4.25.0 -%global nss_util_version 3.53.1 +%global nspr_version 4.31.0 +%global nss_util_version 3.67.0 %global nss_util_build -1 # adjust to the version that gets submitted for FIPS validation -%global nss_softokn_fips_version 3.53.1 -%global nss_softokn_version 3.53.1 # Attention: Separate softokn versions for build and runtime. -%global runtime_required_softokn_build_version -2 +%global nss_softokn_version 3.67.0 +%global runtime_required_softokn_build_version -1 # Building NSS doesn't require the same version of softokn built for runtime. +%global nss_softokn_build_version 3.53.1 %global build_required_softokn_build_version -2 -%global nss_version 3.53.1 +%global nss_version 3.67.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil nss-policy-check pk12util pp signtool signver ssltap vfychain vfyserv" @@ -41,7 +41,7 @@ rpm.define(string.format("nss_archive_version %s", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 7%{?dist} +Release: 3%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -56,7 +56,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: nspr-devel >= %{nspr_version} # TODO: revert to same version as nss once we are done with the merge # Using '>=' but on RHEL the requires should be '=' -BuildRequires: nss-softokn-devel >= %{nss_softokn_version}%{build_required_softokn_build_version} +BuildRequires: nss-softokn-devel >= %{nss_softokn_build_version}%{build_required_softokn_build_version} BuildRequires: nss-util-devel >= %{nss_util_version}%{nss_util_build} BuildRequires: sqlite-devel BuildRequires: zlib-devel @@ -135,6 +135,8 @@ Patch108: nss-sni-c-v-fix.patch Patch123: nss-skip-util-gtest.patch Patch126: nss-reorder-cipher-suites.patch Patch127: nss-disable-cipher-suites.patch +# revert sql man page changes +Patch128: nss-3.67-revert-sql-manage-change.patch Patch130: nss-reorder-cipher-suites-gtests.patch # To revert the change in: # https://bugzilla.mozilla.org/show_bug.cgi?id=1377940 @@ -155,10 +157,6 @@ Patch150: nss-ssl2-compatible-client-hello.patch # For backward compatibility: make -V "ssl3:" continue working, while # the minimum version is clamped to tls1.0 Patch152: nss-version-range-set.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1646324 -Patch154: nss-rsa-pkcs1-sigalgs.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822 -Patch155: nss-3.53.1-diffie_hellman_checks.patch # CAVS testing should be done in nss-softkn package Patch156: nss-skip-cavs-tests.patch # no upsteam bug yet @@ -168,20 +166,26 @@ Patch157: nss-3.53-fix-private_key_mac.patch Patch158: nss-sql-default-tests.patch # Local patch: disable Delegated Credentials Patch159: nss-disable-dc.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1648822 -Patch160: nss-3.53.1-remove-timing-tests.patch +# restore defaults when creating pkcs12 files +Patch160:nss-3.66-restore-old-pkcs12-default.patch + +# patches that just need to be upstreamed # https://bugzilla.mozilla.org/show_bug.cgi?id=1662738 -Patch161: nss-3.53.1-no-small-primes.patch -# No upstream bug yet. at least post NSS 3.63 -Patch162: nss-3.53.1-fix-deadlock-in-init-context.patch -# CVE-2020-25648 https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 -Patch163: nss-3.53.1-tls-flood-CVE-2020-25648.patch -# CVE-2020-25648 update https://bugzilla.mozilla.org/show_bug.cgi?id=1672703 -Patch164: nss-3.53.1-tls-flood-update.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1694392 -Patch165: nss-3.63-profile_fix.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1643528 -Patch166: nss-3.53-strict-proto-fix.patch +Patch200: nss-3.66-no-small-primes.patch +# no bug number +Patch201: nss-3.67-fix-sdb-timeout.patch +# no bug number +Patch202: nss-3.67-fix-ssl-alerts.patch +# no bug number +Patch203: nss-3.67-fix-pkcs12-policy.patch + +# disable tests that don't work with the 3.53 softoken +# so builds can complete. +Patch300: nss-3.66-no-combo-tests.patch + +# disable tests that don't work in the brew environment +# because we can't reference external servers. +Patch301: nss-3.66-disable-external-host-test.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -243,7 +247,7 @@ Requires: nss-devel = %{version}-%{release} # TODO: revert to using nss_softokn_version once we are done with # the merge into to new rhel git repo # For RHEL we should have '=' instead of '>=' -Requires: nss-softokn-freebl-devel >= %{nss_softokn_version} +Requires: nss-softokn-freebl-devel >= %{nss_softokn_build_version} %description pkcs11-devel Library files for developing PKCS #11 modules using basic NSS @@ -267,9 +271,9 @@ low level services. %patch16 -p0 -b .539183 %patch40 -p0 -b .noocsptest %patch47 -p0 -b .templates -%patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote pushd nss +%patch49 -p0 -b .skipthem %patch52 -p1 -b .disableSSL2libssl %patch53 -p1 -b .disableSSL2tests %patch56 -p1 -b .1026677_ignore_set_policy @@ -289,19 +293,18 @@ pushd nss %patch149 -p1 -b .skip-sysinit-gtests %patch150 -p1 -b .ssl2hello %patch152 -p1 -b .version-range-set -%patch154 -p1 -b .rsa-pkcs1-sigalgs -%patch155 -p1 -b .dh-checks %patch156 -p1 -b .skip-cavs %patch157 -p1 -b .privkey-mac -%patch158 -p1 -R -b .sql-default-tests +%patch128 -R -p1 -b .sql-man-page +%patch158 -p1 -b .sql-default-tests %patch159 -p1 -b .dc -%patch160 -p1 -b .remove-timing-tests -%patch161 -p1 -b .no-small-primes -%patch162 -p1 -b .deadlock -%patch163 -p1 -b .tls-flood -%patch164 -p1 -b .tls-flood-update -%patch165 -p1 -b .cko-profile -%patch166 -p1 -b .strict-proto +%patch160 -p1 -b .restore-pkcs12-defaults +%patch200 -p1 -b .no-small-primes +%patch201 -p1 -b .fix-sdb-timeout +%patch202 -p1 -b .fix-ssl-alerts +%patch203 -p1 -b .fix-pkcs12-policy +%patch300 -p1 -b .oldsoft +%patch301 -p1 -b .brew popd ######################################################### @@ -579,8 +582,13 @@ pushd ./nss/tests/ # don't need to run all the tests when testing packaging export NSS_DEFAULT_DB_TYPE=dbm #in RHEL 7, the default db is sql, but we want # standard to test dbm, or upgradedb will fail +%global nss_full_cycles "standard pkix upgradedb sharedb threadunsafe" %global nss_cycles "standard pkix upgradedb sharedb" +%global nss_full_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests" %global nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests" +%ifarch x86_64 +%global nss_cycles "standard pkix upgradedb sharedb threadunsafe" +%endif # nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr # nss_ssl_run: cov auth stress # @@ -589,12 +597,34 @@ export NSS_DEFAULT_DB_TYPE=dbm #in RHEL 7, the default db is sql, but we want # global nss_ssl_tests "normal_fips" # global nss_ssl_run "cov auth" -# Temporarily disabling ssl stress tests for s390 +# Temporarily disabling tests for s390 %ifarch s390 %global nss_ssl_run "cov auth" +%global nss_tests "libpkix cert dbtests tools sdr crmf smime ocsp merge pkits ec gtests" %endif +%ifarch s390x +%global nss_ssl_run "cov auth" +%global nss_tests "libpkix cert dbtests tools sdr crmf smime ocsp merge pkits ec gtests" +%endif +# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr +soft=$(rpm -q nss-softokn) +soft_minor=${soft:14:2} +nss_soft=%{nss_softokn_version} +nss_soft_minor=${nss_soft:2:2} +export NSS_CYCLES=%{?nss_full_cycles} +export NSS_TESTS=%{?nss_full_tests} +export NSS_SSL_RUN=%{?nss_full_ssl_run} +export NSS_SSL_TESTS=%{?nss_full_ssl_tests} +if [ ${soft_minor} -lt ${nss_soft_minor} ]; then + export NSS_OLD_SOFTOKEN=1 + export NSS_DISABLE_PPC_GHASH=1 + export NSS_CYCLES=%{?nss_cycles} + export NSS_TESTS=%{?nss_tests} + export NSS_SSL_RUN=%{?nss_ssl_run} + export NSS_SSL_TESTS=%{?nss_ssl_tests} +fi -HOST=localhost DOMSUF=localdomain PORT=$MYRAND NSS_CYCLES=%{?nss_cycles} NSS_TESTS=%{?nss_tests} NSS_SSL_TESTS=%{?nss_ssl_tests} NSS_SSL_RUN=%{?nss_ssl_run} ./all.sh +HOST=localhost DOMSUF=localdomain PORT=$MYRAND ./all.sh popd @@ -875,6 +905,7 @@ fi %{_includedir}/nss3/p12plcy.h %{_includedir}/nss3/p12t.h %{_includedir}/nss3/pk11func.h +%{_includedir}/nss3/pk11hpke.h %{_includedir}/nss3/pk11pqg.h %{_includedir}/nss3/pk11priv.h %{_includedir}/nss3/pk11pub.h @@ -914,6 +945,23 @@ fi %changelog +* Tue Sep 12 2021 Bob Relyea - 3.67.0-3 +- revert sql default language in man pages +- fix SEC_PKCS12EnableCipher so python-nss tests will still work. + +* Wed Jul 7 2021 Bob Relyea - 3.67.0-2 +- fix sdb timeout issue +- fix incorrect ssl alerts in Signature scheme processing + +* Tue Jun 22 2021 Bob Relyea - 3.67.0-1 +- Rebase to NSS 3.67 + +* Tue Jun 15 2021 Bob Relyea - 3.66.0-2 +- restore pkcs12 defaults + +* Thu Jun 03 2021 Bob Relyea - 3.66.0-1 +- Rebase to NSS 3.66 + * Wed Mar 03 2021 Bob Relyea - 3.53.1-7 - Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto