diff --git a/.gitignore b/.gitignore index 7de2940..268b07b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/openssl-3.0.1-hobbled.tar.xz +SOURCES/openssl-3.0.7-hobbled.tar.gz diff --git a/.openssl.metadata b/.openssl.metadata index f4d8930..68776d7 100644 --- a/.openssl.metadata +++ b/.openssl.metadata @@ -1 +1 @@ -1170b5119f0e591f6a2515d099abd06d0184f77c SOURCES/openssl-3.0.1-hobbled.tar.xz +54ab0e36f279f260196ac3274631bee93ab01d81 SOURCES/openssl-3.0.7-hobbled.tar.gz diff --git a/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 9917fcf..7a97dee 100644 --- a/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/SOURCES/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: - ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: +ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -- 2.26.2 diff --git a/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch index 0fac4eb..2e72999 100644 --- a/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch +++ b/SOURCES/0008-Add-FIPS_mode-compatibility-macro.patch @@ -12,24 +12,12 @@ default context. 3 files changed, 39 insertions(+) create mode 100644 include/openssl/fips.h -diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in -index 1036da9a2b..9d4896fcaf 100644 ---- a/include/openssl/crypto.h.in -+++ b/include/openssl/crypto.h.in -@@ -38,6 +38,7 @@ use OpenSSL::stackhash qw(generate_stack_macros); - # include - # include - # include -+# include - - # ifdef CHARSET_EBCDIC - # include diff --git a/include/openssl/fips.h b/include/openssl/fips.h new file mode 100644 index 0000000000..c64f0f8e8f --- /dev/null +++ b/include/openssl/fips.h -@@ -0,0 +1,25 @@ +@@ -0,0 +1,26 @@ +/* + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * @@ -43,6 +31,7 @@ index 0000000000..c64f0f8e8f +# define OPENSSL_FIPS_H +# pragma once + ++# include +# include + +# ifdef __cplusplus @@ -58,10 +47,11 @@ index 0000000000..c64f0f8e8f diff -up openssl-3.0.0-beta1/test/property_test.c.fips-macro openssl-3.0.0-beta1/test/property_test.c --- openssl-3.0.0-beta1/test/property_test.c.fips-macro 2021-06-29 12:14:58.851557698 +0200 +++ openssl-3.0.0-beta1/test/property_test.c 2021-06-29 12:17:14.630143832 +0200 -@@ -488,6 +488,18 @@ static int test_property_list_to_string( +@@ -488,6 +488,19 @@ static int test_property_list_to_string( return ret; } - + ++#include +static int test_downstream_FIPS_mode(void) +{ + int ret = 0; diff --git a/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch index 01bd840..30ff325 100644 --- a/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch +++ b/SOURCES/0009-Add-Kernel-FIPS-mode-flag-support.patch @@ -2,8 +2,8 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1 --- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100 +++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100 @@ -12,11 +12,46 @@ - #include "internal/bio.h" #include "internal/provider.h" + #include "crypto/ctype.h" +# include +# include diff --git a/SOURCES/0011-Remove-EC-curves.patch b/SOURCES/0011-Remove-EC-curves.patch index 51c9d23..10e200c 100644 --- a/SOURCES/0011-Remove-EC-curves.patch +++ b/SOURCES/0011-Remove-EC-curves.patch @@ -5011,3 +5011,15 @@ diff -up openssl-3.0.0-beta1/test/recipes/30-test_evp_data/evppkey_ecc.txt.remov Title=prime256v1 curve tests PrivateKey=ALICE_cf_prime256v1 +diff -up openssl-3.0.7/test/recipes/15-test_ec.t.skipshort openssl-3.0.7/test/recipes/15-test_ec.t +--- openssl-3.0.7/test/recipes/15-test_ec.t.skipshort 2022-11-23 12:40:55.324395782 +0100 ++++ openssl-3.0.7/test/recipes/15-test_ec.t 2022-11-23 12:42:12.478094387 +0100 +@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key + + subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" +- if $no_fips; ++ if 1; #Red Hat specific, original value is $no_fips; + + plan tests => 2; + diff --git a/SOURCES/0012-Disable-explicit-ec.patch b/SOURCES/0012-Disable-explicit-ec.patch index 9c3ef57..550cdf4 100644 --- a/SOURCES/0012-Disable-explicit-ec.patch +++ b/SOURCES/0012-Disable-explicit-ec.patch @@ -40,17 +40,17 @@ diff -up openssl-3.0.1/test/endecode_test.c.disable_explicit_ec openssl-3.0.1/te static OSSL_PARAM_BLD *bld_tri_nc = NULL; @@ -990,9 +990,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") DOMAIN_KEYS(ECExplicitPrimeNamedCurve); - IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") + IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") -DOMAIN_KEYS(ECExplicitPrime2G); --IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") +-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) -IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") +/*DOMAIN_KEYS(ECExplicitPrime2G);*/ -+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ ++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ +/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ # ifndef OPENSSL_NO_EC2M DOMAIN_KEYS(ECExplicitTriNamedCurve); - IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") + IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) @@ -1318,7 +1318,7 @@ int setup_tests(void) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) || !create_ec_explicit_prime_params(bld_prime) diff --git a/SOURCES/0013-FIPS-provider-explicit-ec.patch b/SOURCES/0013-FIPS-provider-explicit-ec.patch deleted file mode 100644 index 8cceeed..0000000 --- a/SOURCES/0013-FIPS-provider-explicit-ec.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index 78dc69082fab..8a86c9108d0d 100644 ---- a/providers/implementations/keymgmt/ec_kmgmt.c -+++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -470,9 +470,6 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) - return 0; -- if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 -- && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) -- return 0; - - tmpl = OSSL_PARAM_BLD_new(); - if (tmpl == NULL) -diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t -index 766524e8cfa9..80bac6741290 100644 ---- a/test/recipes/15-test_ecparam.t -+++ b/test/recipes/15-test_ecparam.t -@@ -13,7 +13,7 @@ use warnings; - use File::Spec; - use File::Compare qw/compare_text/; - use OpenSSL::Glob; --use OpenSSL::Test qw/:DEFAULT data_file/; -+use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; - use OpenSSL::Test::Utils; - - setup("test_ecparam"); -@@ -25,7 +25,7 @@ my @valid = glob(data_file("valid", "*.pem")); - my @noncanon = glob(data_file("noncanon", "*.pem")); - my @invalid = glob(data_file("invalid", "*.pem")); - --plan tests => 11; -+plan tests => 12; - - sub checkload { - my $files = shift; # List of files -@@ -59,6 +59,8 @@ sub checkcompare { - } - } - -+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+ - subtest "Check loading valid parameters by ecparam with -check" => sub { - plan tests => scalar(@valid); - checkload(\@valid, 1, "ecparam", "-check"); -@@ -113,3 +115,31 @@ subtest "Check pkeyparam does not change the parameter file on output" => sub { - plan tests => 2 * scalar(@valid); - checkcompare(\@valid, "pkeyparam"); - }; -+ -+subtest "Check loading of fips and non-fips params" => sub { -+ plan skip_all => "FIPS is disabled" -+ if $no_fips; -+ plan tests => 3; -+ -+ my $fipsconf = srctop_file("test", "fips-and-base.cnf"); -+ my $defaultconf = srctop_file("test", "default.cnf"); -+ -+ $ENV{OPENSSL_CONF} = $fipsconf; -+ -+ ok(run(app(['openssl', 'ecparam', -+ '-in', data_file('valid', 'secp384r1-explicit.pem'), -+ '-check'])), -+ "Loading explicitly encoded valid curve"); -+ -+ ok(run(app(['openssl', 'ecparam', -+ '-in', data_file('valid', 'secp384r1-named.pem'), -+ '-check'])), -+ "Loading named valid curve"); -+ -+ ok(!run(app(['openssl', 'ecparam', -+ '-in', data_file('valid', 'secp112r1-named.pem'), -+ '-check'])), -+ "Fail loading named non-fips curve"); -+ -+ $ENV{OPENSSL_CONF} = $defaultconf; -+}; diff --git a/SOURCES/0014-FIPS-disable-explicit-ec.patch b/SOURCES/0014-FIPS-disable-explicit-ec.patch deleted file mode 100644 index 7de159e..0000000 --- a/SOURCES/0014-FIPS-disable-explicit-ec.patch +++ /dev/null @@ -1,421 +0,0 @@ -diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c -index 9dc143c2ac69..4d6f2a76ad20 100644 ---- a/crypto/ec/ec_err.c -+++ b/crypto/ec/ec_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -35,6 +35,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { - "discriminant is zero"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), - "ec group new by name failure"}, -+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), -+ "explicit params not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), - "failed making public key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 2aeab7e3b6b5..f686e45f899d 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -1387,6 +1387,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, - } - #endif - -+#ifndef FIPS_MODULE - /* - * Check if the explicit parameters group matches any built-in curves. - * -@@ -1424,7 +1425,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, - * parameters with one created from a named group. - */ - --#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - /* - * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for - * the same curve, we prefer the SECP nid when matching explicit -@@ -1432,7 +1433,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, - */ - if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) - curve_name_nid = NID_secp224r1; --#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ -+# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ - - ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); - if (ret_group == NULL) -@@ -1467,6 +1468,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, - EC_GROUP_free(ret_group); - return NULL; - } -+#endif /* FIPS_MODULE */ - - static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, - OSSL_LIB_CTX *libctx, const char *propq) -@@ -1536,9 +1538,13 @@ int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) - EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx, const char *propq) - { -- const OSSL_PARAM *ptmp, *pa, *pb; -+ const OSSL_PARAM *ptmp; -+ EC_GROUP *group = NULL; -+ -+#ifndef FIPS_MODULE -+ const OSSL_PARAM *pa, *pb; - int ok = 0; -- EC_GROUP *group = NULL, *named_group = NULL; -+ EC_GROUP *named_group = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; - EC_POINT *point = NULL; - int field_bits = 0; -@@ -1546,6 +1552,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - BN_CTX *bnctx = NULL; - const unsigned char *buf = NULL; - int encoding_flag = -1; -+#endif - - /* This is the simple named group case */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); -@@ -1559,6 +1566,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - } - return group; - } -+#ifdef FIPS_MODULE -+ ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED); -+ return NULL; -+#else - /* If it gets here then we are trying explicit parameters */ - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) { -@@ -1623,10 +1634,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - /* create the EC_GROUP structure */ - group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); - } else { --#ifdef OPENSSL_NO_EC2M -+# ifdef OPENSSL_NO_EC2M - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - goto err; --#else -+# else - /* create the EC_GROUP structure */ - group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); - if (group != NULL) { -@@ -1636,7 +1647,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - goto err; - } - } --#endif /* OPENSSL_NO_EC2M */ -+# endif /* OPENSSL_NO_EC2M */ - } - - if (group == NULL) { -@@ -1733,4 +1744,5 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - BN_CTX_free(bnctx); - - return group; -+#endif /* FIPS_MODULE */ - } -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index c4a94f955905..41df7127403c 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -553,6 +553,7 @@ EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing - EC_R_DECODE_ERROR:142:decode error - EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero - EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure -+EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported - EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key - EC_R_FIELD_TOO_LARGE:143:field too large - EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported -diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h -index 07b6c7aa62dd..4658ae8fb2cd 100644 ---- a/include/crypto/ecerr.h -+++ b/include/crypto/ecerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h -index 49088d208b2c..46405ac62d91 100644 ---- a/include/openssl/ecerr.h -+++ b/include/openssl/ecerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -35,6 +35,7 @@ - # define EC_R_DECODE_ERROR 142 - # define EC_R_DISCRIMINANT_IS_ZERO 118 - # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -+# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 - # define EC_R_FAILED_MAKING_PUBLIC_KEY 166 - # define EC_R_FIELD_TOO_LARGE 143 - # define EC_R_GF2M_NOT_SUPPORTED 147 -diff --git a/test/endecode_test.c b/test/endecode_test.c -index 0c33dff0ee2b..3d78bea50ea3 100644 ---- a/test/endecode_test.c -+++ b/test/endecode_test.c -@@ -147,6 +147,7 @@ typedef int (checker)(const char *file, const int line, - typedef void (dumper)(const char *label, const void *data, size_t data_len); - - #define FLAG_DECODE_WITH_TYPE 0x0001 -+#define FLAG_FAIL_IF_FIPS 0x0002 - - static int test_encode_decode(const char *file, const int line, - const char *type, EVP_PKEY *pkey, -@@ -170,8 +171,19 @@ static int test_encode_decode(const char *file, const int line, - * dumping purposes. - */ - if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, -- output_type, output_structure, pass, pcipher)) -- || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) -+ output_type, output_structure, pass, pcipher))) -+ goto end; -+ -+ if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { -+ if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, -+ encoded_len, output_type, output_structure, -+ (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), -+ selection, pass))) -+ ok = 1; -+ goto end; -+ } -+ -+ if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) - || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, - output_type, output_structure, - (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), -@@ -525,7 +537,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, - return ok; - } - --static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) -+static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR -@@ -533,7 +545,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) - "DER", "PrivateKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_unprotected_PKCS8_DER, -- dump_der, 0); -+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - static int check_unprotected_PKCS8_PEM(const char *file, const int line, -@@ -547,7 +559,7 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, - sizeof(expected_pem_header) - 1); - } - --static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) -+static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR -@@ -555,7 +567,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) - "PEM", "PrivateKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_unprotected_PKCS8_PEM, -- dump_pem, 0); -+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - #ifndef OPENSSL_NO_KEYPARAMS -@@ -702,7 +714,7 @@ static int check_protected_PKCS8_DER(const char *file, const int line, - return ok; - } - --static int test_protected_via_DER(const char *type, EVP_PKEY *key) -+static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR -@@ -711,7 +723,7 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) - pass, pass_cipher, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_mem, check_protected_PKCS8_DER, -- dump_der, 0); -+ dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - static int check_protected_PKCS8_PEM(const char *file, const int line, -@@ -725,7 +737,7 @@ static int check_protected_PKCS8_PEM(const char *file, const int line, - sizeof(expected_pem_header) - 1); - } - --static int test_protected_via_PEM(const char *type, EVP_PKEY *key) -+static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_KEYPAIR -@@ -734,7 +746,7 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) - pass, pass_cipher, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, - test_text, check_protected_PKCS8_PEM, -- dump_pem, 0); -+ dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - static int check_protected_legacy_PEM(const char *file, const int line, -@@ -795,14 +807,15 @@ static int check_public_DER(const char *file, const int line, - return ok; - } - --static int test_public_via_DER(const char *type, EVP_PKEY *key) -+static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "DER", "SubjectPublicKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, -- test_mem, check_public_DER, dump_der, 0); -+ test_mem, check_public_DER, dump_der, -+ fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - static int check_public_PEM(const char *file, const int line, -@@ -816,14 +829,15 @@ static int check_public_PEM(const char *file, const int line, - sizeof(expected_pem_header) - 1); - } - --static int test_public_via_PEM(const char *type, EVP_PKEY *key) -+static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) - { - return test_encode_decode(__FILE__, __LINE__, type, key, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "PEM", "SubjectPublicKeyInfo", NULL, NULL, - encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, -- test_text, check_public_PEM, dump_pem, 0); -+ test_text, check_public_PEM, dump_pem, -+ fips ? 0 : FLAG_FAIL_IF_FIPS); - } - - static int check_public_MSBLOB(const char *file, const int line, -@@ -868,30 +882,30 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) - EVP_PKEY_free(template_##KEYTYPE); \ - EVP_PKEY_free(key_##KEYTYPE) - --#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ -+#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ - static int test_unprotected_##KEYTYPE##_via_DER(void) \ - { \ -- return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_unprotected_##KEYTYPE##_via_PEM(void) \ - { \ -- return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_protected_##KEYTYPE##_via_DER(void) \ - { \ -- return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_protected_##KEYTYPE##_via_PEM(void) \ - { \ -- return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_public_##KEYTYPE##_via_DER(void) \ - { \ -- return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ - } \ - static int test_public_##KEYTYPE##_via_PEM(void) \ - { \ -- return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ -+ return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ - } - - #define ADD_TEST_SUITE(KEYTYPE) \ -@@ -965,10 +979,10 @@ static int test_public_via_MSBLOB(const char *type, EVP_PKEY *key) - - #ifndef OPENSSL_NO_DH - DOMAIN_KEYS(DH); --IMPLEMENT_TEST_SUITE(DH, "DH") -+IMPLEMENT_TEST_SUITE(DH, "DH", 1) - IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") - DOMAIN_KEYS(DHX); --IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") -+IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) - IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") - /* - * DH has no support for PEM_write_bio_PrivateKey_traditional(), -@@ -977,7 +991,7 @@ IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") - #endif - #ifndef OPENSSL_NO_DSA - DOMAIN_KEYS(DSA); --IMPLEMENT_TEST_SUITE(DSA, "DSA") -+IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) - IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") - IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") - IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") -@@ -988,41 +1002,41 @@ IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA") - #endif - #ifndef OPENSSL_NO_EC - DOMAIN_KEYS(EC); --IMPLEMENT_TEST_SUITE(EC, "EC") -+IMPLEMENT_TEST_SUITE(EC, "EC", 1) - IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") - IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") - DOMAIN_KEYS(ECExplicitPrimeNamedCurve); --IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") -+IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) - IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") - /*DOMAIN_KEYS(ECExplicitPrime2G);*/ --/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")*/ -+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/ - /*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/ - # ifndef OPENSSL_NO_EC2M - DOMAIN_KEYS(ECExplicitTriNamedCurve); --IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") -+IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) - IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") - DOMAIN_KEYS(ECExplicitTri2G); --IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") -+IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) - IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") - # endif - KEYS(ED25519); --IMPLEMENT_TEST_SUITE(ED25519, "ED25519") -+IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) - KEYS(ED448); --IMPLEMENT_TEST_SUITE(ED448, "ED448") -+IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) - KEYS(X25519); --IMPLEMENT_TEST_SUITE(X25519, "X25519") -+IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) - KEYS(X448); --IMPLEMENT_TEST_SUITE(X448, "X448") -+IMPLEMENT_TEST_SUITE(X448, "X448", 1) - /* - * ED25519, ED448, X25519 and X448 have no support for - * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. - */ - #endif - KEYS(RSA); --IMPLEMENT_TEST_SUITE(RSA, "RSA") -+IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) - IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") - KEYS(RSA_PSS); --IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") -+IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) - /* - * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), - * so no legacy tests. diff --git a/SOURCES/0015-FIPS-decoded-from-explicit.patch b/SOURCES/0015-FIPS-decoded-from-explicit.patch deleted file mode 100644 index 19d19a3..0000000 --- a/SOURCES/0015-FIPS-decoded-from-explicit.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c -index bea01fb38f66..48721369ae8f 100644 ---- a/crypto/ec/ec_backend.c -+++ b/crypto/ec/ec_backend.c -@@ -318,6 +318,11 @@ int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - return 0; - } - -+ if (!ossl_param_build_set_int(tmpl, params, -+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, -+ group->decoded_from_explicit_params)) -+ return 0; -+ - curve_nid = EC_GROUP_get_curve_name(group); - - /* -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 6b0591c6c8c7..b1696d93bd6d 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -1556,13 +1556,23 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - /* This is the simple named group case */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); - if (ptmp != NULL) { -- group = group_new_from_name(ptmp, libctx, propq); -- if (group != NULL) { -- if (!ossl_ec_group_set_params(group, params)) { -- EC_GROUP_free(group); -- group = NULL; -- } -+ int decoded = 0; -+ -+ if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL) -+ return NULL; -+ if (!ossl_ec_group_set_params(group, params)) { -+ EC_GROUP_free(group); -+ return NULL; -+ } -+ -+ ptmp = OSSL_PARAM_locate_const(params, -+ OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); -+ if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) { -+ ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); -+ EC_GROUP_free(group); -+ return NULL; - } -+ group->decoded_from_explicit_params = decoded > 0; - return group; - } - #ifdef FIPS_MODULE -@@ -1733,6 +1743,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - EC_GROUP_free(group); - group = named_group; - } -+ /* We've imported the group from explicit parameters, set it so. */ -+ group->decoded_from_explicit_params = 1; - ok = 1; - err: - if (!ok) { -diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod -index eed83237c3b2..ee66a074f889 100644 ---- a/doc/man7/EVP_PKEY-EC.pod -+++ b/doc/man7/EVP_PKEY-EC.pod -@@ -70,8 +70,8 @@ I multiplied by the I gives the number of points on the curve. - - =item "decoded-from-explicit" (B) - --Gets a flag indicating wether the key or parameters were decoded from explicit --curve parameters. Set to 1 if so or 0 if a named curve was used. -+Sets or gets a flag indicating whether the key or parameters were decoded from -+explicit curve parameters. Set to 1 if so or 0 if a named curve was used. - - =item "use-cofactor-flag" (B) - -diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index 9260d4bf3635..7aed057cac89 100644 ---- a/providers/implementations/keymgmt/ec_kmgmt.c -+++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -525,7 +525,8 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_GENERATOR, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_ORDER, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_COFACTOR, NULL, 0), \ -- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0) -+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), \ -+ OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, NULL) - - # define EC_IMEXPORTABLE_PUBLIC_KEY \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index 700bbd849c95..ede14864d5ac 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -12,7 +12,7 @@ use warnings; - - use File::Spec::Functions qw/canonpath/; - use File::Copy; --use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; -+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/; - use OpenSSL::Test::Utils; - - setup("test_verify"); -@@ -29,7 +29,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 160; -+plan tests => 163; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -309,6 +309,29 @@ SKIP: { - ["ca-cert-ec-named"]), - "accept named curve leaf with named curve intermediate"); - } -+# Same as above but with base provider used for decoding -+SKIP: { -+ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -+ skip "EC is not supported or FIPS is disabled", 3 -+ if disabled("ec") || $no_fips; -+ -+ my $provconf = srctop_file("test", "fips-and-base.cnf"); -+ my $provpath = bldtop_dir("providers"); -+ my @prov = ("-provider-path", $provpath); -+ $ENV{OPENSSL_CONF} = $provconf; -+ -+ ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], -+ ["ca-cert-ec-named"], @prov), -+ "reject explicit curve leaf with named curve intermediate w/fips"); -+ ok(!verify("ee-cert-ec-named-explicit", "", ["root-cert"], -+ ["ca-cert-ec-explicit"], @prov), -+ "reject named curve leaf with explicit curve intermediate w/fips"); -+ ok(verify("ee-cert-ec-named-named", "", ["root-cert"], -+ ["ca-cert-ec-named"], @prov), -+ "accept named curve leaf with named curve intermediate w/fips"); -+ -+ delete $ENV{OPENSSL_CONF}; -+} - - # Depth tests, note the depth limit bounds the number of CA certificates - # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf diff --git a/SOURCES/0031-tmp-Fix-test-names.patch b/SOURCES/0031-tmp-Fix-test-names.patch index 5c22f24..42b3c0a 100644 --- a/SOURCES/0031-tmp-Fix-test-names.patch +++ b/SOURCES/0031-tmp-Fix-test-names.patch @@ -2,9 +2,9 @@ diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/ --- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200 +++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200 @@ -40,7 +40,7 @@ unless ($no_fips) { - srctop_file("test", "recipes", "90-test_sslapi_data", - "passwd.txt"), $tmpfilename, "fips", - srctop_file("test", "fips-and-base.cnf")])), + "recipes", + "90-test_sslapi_data", + "dhparams.pem")])), - "running sslapitest"); + "running sslapitest - FIPS"); } diff --git a/SOURCES/0033-FIPS-embed-hmac.patch b/SOURCES/0033-FIPS-embed-hmac.patch index c788072..484a75e 100644 --- a/SOURCES/0033-FIPS-embed-hmac.patch +++ b/SOURCES/0033-FIPS-embed-hmac.patch @@ -1,7 +1,7 @@ -diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/providers/fips/self_test.c ---- openssl-3.0.0/providers/fips/self_test.c.embed-hmac 2021-11-16 13:57:05.127171056 +0100 -+++ openssl-3.0.0/providers/fips/self_test.c 2021-11-16 14:07:21.963412455 +0100 -@@ -171,11 +171,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) +diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/providers/fips/self_test.c +--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100 ++++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100 +@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void) } #endif @@ -29,13 +29,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb, unsigned char *expected, size_t expected_len, OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev, -@@ -183,14 +199,26 @@ static int verify_integrity(OSSL_CORE_BI - { - int ret = 0, status; - unsigned char out[MAX_MD_SIZE]; -- unsigned char buf[INTEGRITY_BUF_SIZE]; -+ unsigned char buf[INTEGRITY_BUF_SIZE+HMAC_LEN]; - size_t bytes_read = 0, out_len = 0; +@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI EVP_MAC *mac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[2], *p = params; @@ -44,7 +38,6 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi + struct link_map *lm = NULL; + unsigned long paddr; + unsigned long off = 0; -+ int have_rest = 0; OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); @@ -57,64 +50,52 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); if (mac == NULL) goto err; -@@ -204,12 +233,53 @@ static int verify_integrity(OSSL_CORE_BI +@@ -205,13 +233,42 @@ static int verify_integrity(OSSL_CORE_BI if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params)) goto err; -+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); -+ if (status != 1 || bytes_read != HMAC_LEN) -+ goto err; -+ off += HMAC_LEN; -+ - while (1) { +- while (1) { - status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read); -- if (status != 1) -+ status = read_ex_cb(bio, buf+HMAC_LEN, INTEGRITY_BUF_SIZE, &bytes_read); -+ if (status != 1) { -+ have_rest = 1; -+ break; -+ } -+ -+ if (bytes_read == INTEGRITY_BUF_SIZE) { /* Full block */ -+ /* Logic: -+ * We have HMAC_LEN (read before) + INTEGRITY_BUF_SIZE (read now) in buffer -+ * We calculate HMAC from first INTEGRITY_BUF_SIZE bytes -+ * and move last HMAC_LEN bytes to the beginning of the buffer -+ * -+ * If we have read (a part of) buffer fips_hmac_container -+ * we should replace it with zeros. -+ * If it is inside our current buffer, we will update now. -+ * If it intersects the upper bound, we will clean up on the next step. -+ */ -+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) -+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); -+ off += bytes_read; -+ -+ if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ goto err; -+ memcpy (buf, buf+INTEGRITY_BUF_SIZE, HMAC_LEN); -+ } else { /* Final block */ -+ /* Logic is basically the same as in previous branch -+ * but we calculate HMAC from HMAC_LEN (rest of previous step) -+ * and bytes_read read on this step -+ * */ -+ if (off - HMAC_LEN <= paddr && paddr <= off + bytes_read) -+ memset (buf + HMAC_LEN + paddr - off, 0, HMAC_LEN); -+ if (!EVP_MAC_update(ctx, buf, bytes_read+HMAC_LEN)) -+ goto err; -+ off += bytes_read; ++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); + if (status != 1) break; -- if (!EVP_MAC_update(ctx, buf, bytes_read)) -+ } -+ } -+ if (have_rest) { -+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN)) + if (!EVP_MAC_update(ctx, buf, bytes_read)) goto err; -+ off += HMAC_LEN; ++ off += bytes_read; } ++ ++ if (off + INTEGRITY_BUF_SIZE > paddr) { ++ int delta = paddr - off; ++ status = read_ex_cb(bio, buf, delta, &bytes_read); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ ++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read); ++ memset(buf, 0, HMAC_LEN); ++ if (status != 1) ++ goto err; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ ++ while (bytes_read > 0) { ++ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read); ++ if (status != 1) ++ break; ++ if (!EVP_MAC_update(ctx, buf, bytes_read)) ++ goto err; ++ off += bytes_read; ++ } ++ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out))) goto err; -@@ -284,8 +358,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS + +@@ -285,8 +342,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS CRYPTO_THREAD_unlock(fips_state_lock); } @@ -124,7 +105,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA); goto end; } -@@ -294,8 +367,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -305,8 +361,9 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS if (ev == NULL) goto end; @@ -136,7 +117,7 @@ diff -up openssl-3.0.0/providers/fips/self_test.c.embed-hmac openssl-3.0.0/provi if (module_checksum == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA); goto end; -@@ -357,7 +431,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS +@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS ok = 1; end: OSSL_SELF_TEST_free(ev); diff --git a/SOURCES/0035-speed-skip-unavailable-dgst.patch b/SOURCES/0035-speed-skip-unavailable-dgst.patch index 6d948dd..9256f7f 100644 --- a/SOURCES/0035-speed-skip-unavailable-dgst.patch +++ b/SOURCES/0035-speed-skip-unavailable-dgst.patch @@ -11,16 +11,3 @@ diff -up openssl-3.0.0/apps/speed.c.beldmit openssl-3.0.0/apps/speed.c if (!EVP_MAC_init(mctx, NULL, 0, NULL) || !EVP_MAC_update(mctx, buf, lengths[testnum]) || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) -@@ -1922,8 +1925,10 @@ int speed_main(int argc, char **argv) - if (loopargs[i].mctx == NULL) - goto end; - -- if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) -- goto end; -+ if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) { -+ EVP_MAC_CTX_free(loopargs[i].mctx); -+ loopargs[i].mctx = NULL; -+ } - } - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], diff --git a/SOURCES/0045-FIPS-services-minimize.patch b/SOURCES/0045-FIPS-services-minimize.patch index 8308990..abb13e0 100644 --- a/SOURCES/0045-FIPS-services-minimize.patch +++ b/SOURCES/0045-FIPS-services-minimize.patch @@ -717,35 +717,3 @@ diff -up openssl-3.0.1/providers/implementations/signature/rsa_sig.c.fipskeylen if (!ossl_prov_is_running()) return 0; -diff -up openssl-3.0.1/ssl/t1_lib.c.groupnames openssl-3.0.1/ssl/t1_lib.c ---- openssl-3.0.1/ssl/t1_lib.c.groupnames 2022-06-17 09:42:50.866748854 +0200 -+++ openssl-3.0.1/ssl/t1_lib.c 2022-06-17 09:49:07.715973172 +0200 -@@ -345,6 +345,7 @@ static int add_provider_groups(const OSS - * it. - */ - ret = 1; -+ (void)ERR_set_mark(); - keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); - if (keymgmt != NULL) { - /* -@@ -366,6 +367,7 @@ static int add_provider_groups(const OSS - } - EVP_KEYMGMT_free(keymgmt); - } -+ (void)ERR_pop_to_mark(); - err: - if (ginf != NULL) { - OPENSSL_free(ginf->tlsname); -@@ -725,8 +727,11 @@ static int gid_cb(const char *elem, int - etmp[len] = 0; - - gid = tls1_group_name2id(garg->ctx, etmp); -- if (gid == 0) -+ if (gid == 0) { -+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT, -+ "group '%s' cannot be set", etmp); - return 0; -+ } - for (i = 0; i < garg->gidcnt; i++) - if (garg->gid_arr[i] == gid) - return 0; diff --git a/SOURCES/0046-FIPS-s390x-hardening.patch b/SOURCES/0046-FIPS-s390x-hardening.patch deleted file mode 100644 index f79abf9..0000000 --- a/SOURCES/0046-FIPS-s390x-hardening.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c -index 5c70b2d67840..c5726c638bdd 100644 ---- a/crypto/ec/ecp_s390x_nistp.c -+++ b/crypto/ec/ecp_s390x_nistp.c -@@ -116,7 +116,7 @@ static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, - /* Otherwise use default. */ - if (rc == -1) - rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); -- OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); -+ OPENSSL_cleanse(param, sizeof(param)); - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return rc; -@@ -212,7 +212,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, - - ok = 1; - ret: -- OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); -+ OPENSSL_cleanse(param, sizeof(param)); - if (ok != 1) { - ECDSA_SIG_free(sig); - sig = NULL; diff --git a/SOURCES/0048-correctly-handle-records.patch b/SOURCES/0048-correctly-handle-records.patch deleted file mode 100644 index ecbc09c..0000000 --- a/SOURCES/0048-correctly-handle-records.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up openssl-3.0.1/apps/s_server.c.handle-records openssl-3.0.1/apps/s_server.c ---- openssl-3.0.1/apps/s_server.c.handle-records 2022-02-03 15:26:16.803434943 +0100 -+++ openssl-3.0.1/apps/s_server.c 2022-02-03 15:34:33.358298697 +0100 -@@ -2982,7 +2982,9 @@ static int www_body(int s, int stype, in - /* Set width for a select call if needed */ - width = s + 1; - -- buf = app_malloc(bufsize, "server www buffer"); -+ /* as we use BIO_gets(), and it always null terminates data, we need -+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ -+ buf = app_malloc(bufsize + 1, "server www buffer"); - io = BIO_new(BIO_f_buffer()); - ssl_bio = BIO_new(BIO_f_ssl()); - if ((io == NULL) || (ssl_bio == NULL)) -@@ -3047,7 +3049,7 @@ static int www_body(int s, int stype, in - } - - for (;;) { -- i = BIO_gets(io, buf, bufsize - 1); -+ i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ - if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { - if (!s_quiet) -@@ -3112,7 +3114,7 @@ static int www_body(int s, int stype, in - * we're expecting to come from the client. If they haven't - * sent one there's not much we can do. - */ -- BIO_gets(io, buf, bufsize - 1); -+ BIO_gets(io, buf, bufsize + 1); - } - - BIO_puts(io, -@@ -3401,7 +3403,9 @@ static int rev_body(int s, int stype, in - SSL *con; - BIO *io, *ssl_bio, *sbio; - -- buf = app_malloc(bufsize, "server rev buffer"); -+ /* as we use BIO_gets(), and it always null terminates data, we need -+ * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ -+ buf = app_malloc(bufsize + 1, "server rev buffer"); - io = BIO_new(BIO_f_buffer()); - ssl_bio = BIO_new(BIO_f_ssl()); - if ((io == NULL) || (ssl_bio == NULL)) -@@ -3476,7 +3480,7 @@ static int rev_body(int s, int stype, in - print_ssl_summary(con); - - for (;;) { -- i = BIO_gets(io, buf, bufsize - 1); -+ i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ - if (!BIO_should_retry(io)) { - if (!s_quiet) diff --git a/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch index 18b0183..f18e099 100644 --- a/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch +++ b/SOURCES/0049-Selectively-disallow-SHA1-signatures.patch @@ -479,8 +479,8 @@ index 10b4e57d79..2d3c363bb0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5426,3 +5426,5 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: - EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: +ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: diff --git a/SOURCES/0053-CVE-2022-0778.patch b/SOURCES/0053-CVE-2022-0778.patch deleted file mode 100644 index 4f4bcb5..0000000 --- a/SOURCES/0053-CVE-2022-0778.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 23f1773ddf92979006d0f438523f3c73320c384f Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 28 Feb 2022 18:26:30 +0100 -Subject: [PATCH] Add documentation of BN_mod_sqrt() - ---- - doc/man3/BN_add.pod | 15 +++++++++++++-- - util/missingcrypto.txt | 1 - - 2 files changed, 13 insertions(+), 3 deletions(-) - -diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod -index 62d3ee7205..cf6c49c0e3 100644 ---- a/doc/man3/BN_add.pod -+++ b/doc/man3/BN_add.pod -@@ -3,7 +3,7 @@ - =head1 NAME - - BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, --BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - -+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - - arithmetic operations on BIGNUMs - - =head1 SYNOPSIS -@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs - - int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - -+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); -+ - int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); - - int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, -@@ -87,6 +89,12 @@ L. - BN_mod_sqr() takes the square of I modulo B and places the - result in I. - -+BN_mod_sqrt() returns the modular square root of I such that -+C. The modulus I

must be a -+prime, otherwise an error or an incorrect "result" will be returned. -+The result is stored into I which can be NULL. The result will be -+newly allocated in that case. -+ - BN_exp() raises I to the I

-th power and places the result in I - (C). This function is faster than repeated applications of - BN_mul(). -@@ -108,7 +116,10 @@ the arguments. - - =head1 RETURN VALUES - --For all functions, 1 is returned for success, 0 on error. The return -+The BN_mod_sqrt() returns the result (possibly incorrect if I

is -+not a prime), or NULL. -+ -+For all remaining functions, 1 is returned for success, 0 on error. The return - value should always be checked (e.g., C). - The error codes can be obtained by L. - -diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt -index b61bdeb880..4d2fd7f6b7 100644 ---- a/util/missingcrypto.txt -+++ b/util/missingcrypto.txt -@@ -264,7 +264,6 @@ BN_mod_lshift(3) - BN_mod_lshift1(3) - BN_mod_lshift1_quick(3) - BN_mod_lshift_quick(3) --BN_mod_sqrt(3) - BN_mod_sub_quick(3) - BN_nist_mod_192(3) - BN_nist_mod_224(3) - -From 46673310c9a755b2a56f53d115854983d6ada11a Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 28 Feb 2022 18:26:35 +0100 -Subject: [PATCH] Add a negative testcase for BN_mod_sqrt - ---- - test/bntest.c | 11 ++++++++++- - test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ - 2 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/test/bntest.c b/test/bntest.c -index efdb3ef963..d49f87373a 100644 ---- a/test/bntest.c -+++ b/test/bntest.c -@@ -1732,8 +1732,17 @@ static int file_modsqrt(STANZA *s) - || !TEST_ptr(ret2 = BN_new())) - goto err; - -+ if (BN_is_negative(mod_sqrt)) { -+ /* A negative testcase */ -+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) -+ goto err; -+ -+ st = 1; -+ goto err; -+ } -+ - /* There are two possible answers. */ -- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) -+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) - || !TEST_true(BN_sub(ret2, p, ret))) - goto err; - -diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt -index e22d656091..bc8a434ea5 100644 ---- a/test/recipes/10-test_bn_data/bnmod.txt -+++ b/test/recipes/10-test_bn_data/bnmod.txt -@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f - ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 - A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 - P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f -+ -+# Negative testcases for BN_mod_sqrt() -+ -+# This one triggers an infinite loop with unfixed implementation -+# It should just fail. -+ModSqrt = -1 -+A = 20a7ee -+P = 460201 -+ -+ModSqrt = -1 -+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed -+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f - -From cafcc62d7719dea73f334c9ef763d1e215fcd94d Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Mon, 28 Feb 2022 18:26:21 +0100 -Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() - -The calculation in some cases does not finish for non-prime p. - -This fixes CVE-2022-0778. - -Based on patch by David Benjamin . ---- - crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------ - 1 file changed, 18 insertions(+), 12 deletions(-) - -diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c -index b663ae5ec5..c5ea7ab194 100644 ---- a/crypto/bn/bn_sqrt.c -+++ b/crypto/bn/bn_sqrt.c -@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - /* - * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks - * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number -- * Theory", algorithm 1.5.1). 'p' must be prime! -+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or -+ * an incorrect "result" will be returned. - */ - { - BIGNUM *ret = in; -@@ -303,18 +304,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - goto vrfy; - } - -- /* find smallest i such that b^(2^i) = 1 */ -- i = 1; -- if (!BN_mod_sqr(t, b, p, ctx)) -- goto end; -- while (!BN_is_one(t)) { -- i++; -- if (i == e) { -- ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); -- goto end; -+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ -+ for (i = 1; i < e; i++) { -+ if (i == 1) { -+ if (!BN_mod_sqr(t, b, p, ctx)) -+ goto end; -+ -+ } else { -+ if (!BN_mod_mul(t, t, t, p, ctx)) -+ goto end; - } -- if (!BN_mod_mul(t, t, t, p, ctx)) -- goto end; -+ if (BN_is_one(t)) -+ break; -+ } -+ /* If not found, a is not a square or p is not prime. */ -+ if (i >= e) { -+ ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); -+ goto end; - } - - /* t := y^2^(e - i - 1) */ - diff --git a/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch b/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch deleted file mode 100644 index a66968d..0000000 --- a/SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 2 Feb 2022 17:47:26 +0100 -Subject: [PATCH] Replace size check with more meaningful pubkey check - -It does not make sense to check the size because this -function can be used in other contexts than in TLS-1.3 and -the value might not be padded to the size of p. - -However it makes sense to do the partial pubkey check because -there is no valid reason having the pubkey value outside the -1 < pubkey < p-1 bounds. - -Fixes #15465 - -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/17630) ---- - crypto/dh/dh_key.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 6b8cd550f2..c78ed618bf 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) - int err_reason = DH_R_BN_ERROR; - BIGNUM *pubkey = NULL; - const BIGNUM *p; -- size_t p_size; -+ int ret; - - if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) - goto err; - DH_get0_pqg(dh, &p, NULL, NULL); -- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) { -+ if (p == NULL || BN_num_bytes(p) == 0) { - err_reason = DH_R_NO_PARAMETERS_SET; - goto err; - } -- /* -- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's -- * public key is of size not equal to size of p -- */ -- if (BN_is_zero(pubkey) || p_size != len) { -+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */ -+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) { - err_reason = DH_R_INVALID_PUBKEY; - goto err; - } --- -2.35.1 - diff --git a/SOURCES/0055-nonlegacy-fetch-null-deref.patch b/SOURCES/0055-nonlegacy-fetch-null-deref.patch deleted file mode 100644 index c4ca4fe..0000000 --- a/SOURCES/0055-nonlegacy-fetch-null-deref.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c -index e1da724bd2f4..2bee5ef19447 100644 ---- a/crypto/core_namemap.c -+++ b/crypto/core_namemap.c -@@ -409,14 +409,16 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) - { - const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); - -- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); -+ if (cipher != NULL) -+ get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); - } - - static void get_legacy_md_names(const OBJ_NAME *on, void *arg) - { - const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); - -- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); -+ if (md != NULL) -+ get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); - } - - static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, diff --git a/SOURCES/0056-strcasecmp.patch b/SOURCES/0056-strcasecmp.patch index ed30b2e..8a005e6 100644 --- a/SOURCES/0056-strcasecmp.patch +++ b/SOURCES/0056-strcasecmp.patch @@ -1,2279 +1,54 @@ -diff --git a/apps/ca.c b/apps/ca.c -index 24883615ed6b..8a2b31579549 100644 ---- a/apps/ca.c -+++ b/apps/ca.c -@@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg) - - case REV_CRL_REASON: - for (i = 0; i < 8; i++) { -- if (strcasecmp(rev_arg, crl_reasons[i]) == 0) { -+ if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) { - reason = crl_reasons[i]; - break; - } -@@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - } - if (reason_str) { - for (i = 0; i < NUM_REASONS; i++) { -- if (strcasecmp(reason_str, crl_reasons[i]) == 0) { -+ if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) { - reason_code = i; - break; - } -diff --git a/apps/cmp.c b/apps/cmp.c -index 9ea5cee4124d..5c6bcdad0a64 100644 ---- a/apps/cmp.c -+++ b/apps/cmp.c -@@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) - valptr[0] = '\0'; - valptr++; - -- if (strncasecmp(valptr, "int:", 4) != 0) { -+ if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) { - CMP_err("missing 'int:' in -geninfo option"); - return 0; - } -diff --git a/apps/ecparam.c b/apps/ecparam.c -index 12eed703de69..ecce36be71a2 100644 ---- a/apps/ecparam.c -+++ b/apps/ecparam.c -@@ -229,7 +229,7 @@ int ecparam_main(int argc, char **argv) - point_format, 0); - *p = OSSL_PARAM_construct_end(); - -- if (strcasecmp(curve_name, "SM2") == 0) -+ if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL); - else - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); -diff --git a/apps/lib/apps.c b/apps/lib/apps.c -index 30da6e8a8cb8..227da4982d14 100644 ---- a/apps/lib/apps.c -+++ b/apps/lib/apps.c -@@ -688,8 +688,8 @@ int load_cert_certs(const char *uri, - int ret = 0; - char *pass_string; - -- if (exclude_http && (strncasecmp(uri, "http://", 7) == 0 -- || strncasecmp(uri, "https://", 8) == 0)) { -+ if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 -+ || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { - BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); - return ret; - } -@@ -1182,20 +1182,20 @@ int set_name_ex(unsigned long *flags, const char *arg) - - int set_dateopt(unsigned long *dateopt, const char *arg) - { -- if (strcasecmp(arg, "rfc_822") == 0) -+ if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) - *dateopt = ASN1_DTFLGS_RFC822; -- else if (strcasecmp(arg, "iso_8601") == 0) -+ else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) - *dateopt = ASN1_DTFLGS_ISO8601; - return 0; - } - - int set_ext_copy(int *copy_type, const char *arg) - { -- if (strcasecmp(arg, "none") == 0) -+ if (OPENSSL_strcasecmp(arg, "none") == 0) - *copy_type = EXT_COPY_NONE; -- else if (strcasecmp(arg, "copy") == 0) -+ else if (OPENSSL_strcasecmp(arg, "copy") == 0) - *copy_type = EXT_COPY_ADD; -- else if (strcasecmp(arg, "copyall") == 0) -+ else if (OPENSSL_strcasecmp(arg, "copyall") == 0) - *copy_type = EXT_COPY_ALL; - else - return 0; -@@ -1275,7 +1275,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, - } - - for (ptbl = in_tbl; ptbl->name; ptbl++) { -- if (strcasecmp(arg, ptbl->name) == 0) { -+ if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { - *flags &= ~ptbl->mask; - if (c) - *flags |= ptbl->flag; -diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c -index c093f31e1b39..42775a89f361 100644 ---- a/apps/lib/engine_loader.c -+++ b/apps/lib/engine_loader.c -@@ -71,7 +71,7 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, - char *keyid = NULL; - OSSL_STORE_LOADER_CTX *ctx = NULL; - -- if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) -+ if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) - != 0) - return NULL; - p += sizeof(ENGINE_SCHEME_COLON) - 1; -diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c -index 03faac7707b7..df9575e2cd21 100644 ---- a/apps/lib/http_server.c -+++ b/apps/lib/http_server.c -@@ -453,10 +453,11 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - } - *line_end = '\0'; - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ -- if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) { -- if (strcasecmp(value, "keep-alive") == 0) -+ if (found_keep_alive != NULL -+ && OPENSSL_strcasecmp(key, "Connection") == 0) { -+ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - *found_keep_alive = 1; -- else if (strcasecmp(value, "close") == 0) -+ else if (OPENSSL_strcasecmp(value, "close") == 0) - *found_keep_alive = 0; - } - } -diff --git a/apps/lib/names.c b/apps/lib/names.c -index 5e2e7e147c7f..462703c6462b 100644 ---- a/apps/lib/names.c -+++ b/apps/lib/names.c -@@ -11,14 +11,11 @@ - #include - #include - #include "names.h" -- --#ifdef _WIN32 --# define strcasecmp _stricmp --#endif -+#include "openssl/crypto.h" - - int name_cmp(const char * const *a, const char * const *b) - { -- return strcasecmp(*a, *b); -+ return OPENSSL_strcasecmp(*a, *b); - } - - void collect_names(const char *name, void *vdata) -diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c -index 1b27699b9d49..4d9a69b29e03 100644 ---- a/apps/lib/vms_term_sock.c -+++ b/apps/lib/vms_term_sock.c -@@ -132,7 +132,7 @@ int main (int argc, char *argv[], char *envp[]) - len; - - LogMessage ("Enter 'q' or 'Q' to quit ..."); -- while (strcasecmp (TermBuff, "Q")) { -+ while (OPENSSL_strcasecmp (TermBuff, "Q")) { - /* - ** Create the terminal socket - */ -diff --git a/apps/list.c b/apps/list.c -index 9732d6625a05..620ce0083134 100644 ---- a/apps/list.c -+++ b/apps/list.c -@@ -71,7 +71,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c, - { - if (select_name != NULL - && (c == NULL -- || strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) -+ || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) - return; - if (c != NULL) { - BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); -@@ -370,7 +370,7 @@ DEFINE_STACK_OF(EVP_RAND) - - static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) - { -- int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); -+ int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), -@@ -404,7 +404,7 @@ static void list_random_generators(void) - const EVP_RAND *m = sk_EVP_RAND_value(rands, i); - - if (select_name != NULL -- && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) -+ && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) - continue; - BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); - BIO_printf(bio_out, " @ %s\n", -@@ -463,7 +463,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg) - if (gettables != NULL) - for (; gettables->key != NULL; gettables++) { - /* State has been dealt with already, so ignore */ -- if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) -+ if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) - continue; - /* Outside of verbose mode, we skip non-string values */ - if (gettables->data_type != OSSL_PARAM_UTF8_STRING -diff --git a/apps/rehash.c b/apps/rehash.c -index fb6c08c420ca..e4a4e14fd497 100644 ---- a/apps/rehash.c -+++ b/apps/rehash.c -@@ -214,7 +214,7 @@ static int handle_symlink(const char *filename, const char *fullpath) - return -1; - for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { - const char *suffix = suffixes[type]; -- if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) -+ if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) - break; - } - i += strlen(suffixes[type]); -@@ -249,7 +249,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) - if ((ext = strrchr(filename, '.')) == NULL) - goto end; - for (i = 0; i < OSSL_NELEM(extensions); i++) { -- if (strcasecmp(extensions[i], ext + 1) == 0) -+ if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0) - break; - } - if (i >= OSSL_NELEM(extensions)) -diff --git a/apps/s_server.c b/apps/s_server.c -index ccaec3124bf4..e93cfa1e2c7a 100644 ---- a/apps/s_server.c -+++ b/apps/s_server.c -@@ -432,7 +432,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) - return SSL_TLSEXT_ERR_NOACK; - - if (servername != NULL) { -- if (strcasecmp(servername, p->servername)) -+ if (OPENSSL_strcasecmp(servername, p->servername)) - return p->extension_error; - if (ctx2 != NULL) { - BIO_printf(p->biodebug, "Switching server context.\n"); -diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c -index ddf68b576f88..fe9fc0dd43ba 100644 ---- a/crypto/LPdir_unix.c -+++ b/crypto/LPdir_unix.c -@@ -141,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) - p--; - if (p > (*ctx)->entry_name && p[-1] == ';') - p[-1] = '\0'; -- if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0) -+ if (OPENSSL_strcasecmp((*ctx)->entry_name, -+ (*ctx)->previous_entry_name) == 0) - goto again; - } +diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num +--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200 ++++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200 +@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex + EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: ++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: + ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: + ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: +diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c +--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100 ++++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100 +@@ -342,7 +342,12 @@ int openssl_strerror_r(int errnum, char #endif -diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c -index 031a6c936ad1..0de5785c2745 100644 ---- a/crypto/asn1/ameth_lib.c -+++ b/crypto/asn1/ameth_lib.c -@@ -10,7 +10,6 @@ - /* We need to use some engine deprecated APIs */ - #define OPENSSL_SUPPRESS_DEPRECATED - --#include "e_os.h" /* for strncasecmp */ - #include "internal/cryptlib.h" - #include - #include -@@ -134,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) - continue; - if ((int)strlen(ameth->pem_str) == len -- && strncasecmp(ameth->pem_str, str, len) == 0) -+ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c -index ecff2be02e1f..59d42daf4a1c 100644 ---- a/crypto/asn1/asn1_gen.c -+++ b/crypto/asn1/asn1_gen.c -@@ -10,7 +10,6 @@ - #include "internal/cryptlib.h" - #include - #include --#include "e_os.h" /* strncasecmp() */ - - #define ASN1_GEN_FLAG 0x10000 - #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) -@@ -565,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len) - - tntmp = tnst; - for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { -- if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0)) -+ if ((len == tntmp->len) -+ && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) - return tntmp->tag; - } - -diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c -index c05c3c6b109d..6fe8427dc5e6 100644 ---- a/crypto/conf/conf_def.c -+++ b/crypto/conf/conf_def.c -@@ -11,7 +11,7 @@ - - #include - #include --#include "e_os.h" /* strcasecmp and struct stat */ -+#include "e_os.h" /* struct stat */ - #ifdef __TANDEM - # include /* needed for stat.h */ - # include /* struct stat */ -@@ -192,11 +192,11 @@ static int def_load(CONF *conf, const char *name, long *line) - /* Parse a boolean value and fill in *flag. Return 0 on error. */ - static int parsebool(const char *pval, int *flag) - { -- if (strcasecmp(pval, "on") == 0 -- || strcasecmp(pval, "true") == 0) { -+ if (OPENSSL_strcasecmp(pval, "on") == 0 -+ || OPENSSL_strcasecmp(pval, "true") == 0) { - *flag = 1; -- } else if (strcasecmp(pval, "off") == 0 -- || strcasecmp(pval, "false") == 0) { -+ } else if (OPENSSL_strcasecmp(pval, "off") == 0 -+ || OPENSSL_strcasecmp(pval, "false") == 0) { - *flag = 0; - } else { - ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); -@@ -839,8 +839,10 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) - namelen = strlen(filename); - - -- if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0) -- || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) { -+ if ((namelen > 5 -+ && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) -+ || (namelen > 4 -+ && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { - size_t newlen; - char *newpath; - BIO *bio; -diff --git a/crypto/context.c b/crypto/context.c -index 3333af4c534e..4fef24cadd5a 100644 ---- a/crypto/context.c -+++ b/crypto/context.c -@@ -14,6 +14,7 @@ - #include "internal/core.h" - #include "internal/bio.h" - #include "internal/provider.h" -+#include "crypto/ctype.h" - - # include - # include -@@ -150,7 +151,8 @@ static CRYPTO_THREAD_LOCAL default_context_thread_local; - { - read_kernel_fips_flag(); - return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) -- && context_init(&default_context_int); -+ && context_init(&default_context_int) -+ && ossl_init_casecmp(); } - void ossl_lib_ctx_default_deinit(void) -diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c -index 55248affc663..7e11ab1c8845 100644 ---- a/crypto/core_namemap.c -+++ b/crypto/core_namemap.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp */ - #include "internal/namemap.h" - #include - #include "crypto/lhash.h" /* ossl_lh_strcasehash */ -@@ -49,7 +48,7 @@ static unsigned long namenum_hash(const NAMENUM_ENTRY *n) - - static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) - { -- return strcasecmp(a->name, b->name); -+ return OPENSSL_strcasecmp(a->name, b->name); - } - - static void namenum_free(NAMENUM_ENTRY *n) -diff --git a/crypto/ctype.c b/crypto/ctype.c -index 83c24a546f53..321306eb5f50 100644 ---- a/crypto/ctype.c -+++ b/crypto/ctype.c -@@ -12,6 +12,19 @@ - #include "crypto/ctype.h" - #include - -+#include -+#include "internal/core.h" -+#include "internal/thread_once.h" -+ -+#ifndef OPENSSL_SYS_WINDOWS -+#include +-int OPENSSL_strcasecmp(const char *s1, const char *s2) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1"))) +#endif -+#include -+ -+#ifdef OPENSSL_SYS_MACOSX -+#include -+#endif -+ - /* - * Define the character classes for each character in the seven bit ASCII - * character set. This is independent of the host's character set, characters -@@ -278,3 +291,90 @@ int ossl_ascii_isdigit(const char inchar) { - return 1; - return 0; - } -+ -+/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly -+ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */ -+ -+#if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L) -+ -+# if defined OPENSSL_SYS_WINDOWS -+# define locale_t _locale_t -+# define freelocale _free_locale -+# define strcasecmp_l _stricmp_l -+# define strncasecmp_l _strnicmp_l -+# endif -+ -+# ifndef FIPS_MODULE -+static locale_t loc; -+ -+static int locale_base_inited = 0; -+static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT; -+static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT; -+ -+void *ossl_c_locale() { -+ return (void *)loc; -+} -+ -+DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base) -+{ -+# ifdef OPENSSL_SYS_WINDOWS -+ loc = _create_locale(LC_COLLATE, "C"); -+# else -+ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); -+# endif -+ locale_base_inited = 1; -+ return (loc == (locale_t) 0) ? 0 : 1; -+} -+ -+DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base) -+{ -+ if (locale_base_inited && loc) { -+ freelocale(loc); -+ loc = NULL; -+ } -+ return 1; -+} -+ -+int ossl_init_casecmp() -+{ -+ return RUN_ONCE(&locale_base, ossl_init_locale_base); -+} -+ -+void ossl_deinit_casecmp() { -+ (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base); -+} -+# endif -+ -+int OPENSSL_strcasecmp(const char *s1, const char *s2) -+{ -+ return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); -+} -+ -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+{ -+ return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); -+} -+#else -+# ifndef FIPS_MODULE -+void *ossl_c_locale() { -+ return NULL; -+} -+# endif -+ -+int ossl_init_casecmp() { -+ return 1; -+} -+ -+void ossl_deinit_casecmp() { -+} -+ -+int OPENSSL_strcasecmp(const char *s1, const char *s2) -+{ -+ return strcasecmp(s1, s2); -+} -+ -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -+{ -+ return strncasecmp(s1, s2, n); -+} -+#endif -diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c -index c71f4053da6c..7608cbae5a28 100644 ---- a/crypto/dh/dh_group_params.c -+++ b/crypto/dh/dh_group_params.c -@@ -23,7 +23,6 @@ - #include - #include "internal/nelem.h" - #include "crypto/dh.h" --#include "e_os.h" /* strcasecmp */ - - static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) - { -diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c -index 381da71f33a8..0d84a3332296 100644 ---- a/crypto/ec/ec_backend.c -+++ b/crypto/ec/ec_backend.c -@@ -54,7 +54,7 @@ int ossl_ec_encoding_name2id(const char *name) - return OPENSSL_EC_NAMED_CURVE; - - for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { -- if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0) - return encoding_nameid_map[i].id; - } - return -1; -@@ -91,7 +91,7 @@ static int ec_check_group_type_name2id(const char *name) - return 0; - - for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { -- if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) - return check_group_type_nameid_map[i].id; - } - return -1; -@@ -136,7 +136,7 @@ int ossl_ec_pt_format_name2id(const char *name) - return (int)POINT_CONVERSION_UNCOMPRESSED; - - for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { -- if (strcasecmp(name, format_nameid_map[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0) - return format_nameid_map[i].id; - } - return -1; -diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c -index 2ee8284eaff3..ecd53fee008a 100644 ---- a/crypto/ec/ec_lib.c -+++ b/crypto/ec/ec_lib.c -@@ -22,7 +22,6 @@ - #include "crypto/ec.h" - #include "internal/nelem.h" - #include "ec_local.h" --#include "e_os.h" /* strcasecmp */ - - /* functions for EC_GROUP objects */ - -@@ -1581,9 +1580,10 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - goto err; - } -- if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { -+ if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { - is_prime_field = 1; -- } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) { -+ } else if (OPENSSL_strcasecmp(ptmp->data, -+ SN_X9_62_characteristic_two_field) == 0) { - is_prime_field = 0; - } else { - /* Invalid field */ -diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c -index 10a38b6f82a7..de6d3def3101 100644 ---- a/crypto/encode_decode/decoder_lib.c -+++ b/crypto/encode_decode/decoder_lib.c -@@ -789,7 +789,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - */ - trace_data_structure = data_structure; - if (data_type != NULL && data_structure != NULL -- && strcasecmp(data_structure, "type-specific") == 0) -+ && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) - data_structure = NULL; - - OSSL_TRACE_BEGIN(DECODER) { -@@ -850,7 +850,7 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - * that's the case, we do this extra check. - */ - if (decoder == NULL && ctx->start_input_type != NULL -- && strcasecmp(ctx->start_input_type, new_input_type) != 0) { -+ && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", -@@ -896,7 +896,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - */ - if (data_structure != NULL - && (new_input_structure == NULL -- || strcasecmp(data_structure, new_input_structure) != 0)) { -+ || OPENSSL_strcasecmp(data_structure, -+ new_input_structure) != 0)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", -@@ -915,7 +916,8 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) - && ctx->input_structure != NULL - && new_input_structure != NULL) { - data->flag_input_structure_checked = 1; -- if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { -+ if (OPENSSL_strcasecmp(new_input_structure, -+ ctx->input_structure) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", -diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c -index 475117a463af..833061d873ed 100644 ---- a/crypto/encode_decode/decoder_pkey.c -+++ b/crypto/encode_decode/decoder_pkey.c -@@ -18,7 +18,6 @@ - #include "crypto/evp.h" - #include "crypto/decoder.h" - #include "encoder_local.h" --#include "e_os.h" /* strcasecmp on Windows */ - - int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, - const unsigned char *kstr, -diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c -index cfd9275172f5..2a83af825c2d 100644 ---- a/crypto/encode_decode/encoder_lib.c -+++ b/crypto/encode_decode/encoder_lib.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp on Windows */ - #include - #include - #include -@@ -453,8 +452,8 @@ static int encoder_process(struct encoder_process_data_st *data) - */ - if (top) { - if (data->ctx->output_type != NULL -- && strcasecmp(current_output_type, -- data->ctx->output_type) != 0) { -+ && OPENSSL_strcasecmp(current_output_type, -+ data->ctx->output_type) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", -@@ -482,8 +481,8 @@ static int encoder_process(struct encoder_process_data_st *data) - */ - if (data->ctx->output_structure != NULL - && current_output_structure != NULL) { -- if (strcasecmp(data->ctx->output_structure, -- current_output_structure) != 0) { -+ if (OPENSSL_strcasecmp(data->ctx->output_structure, -+ current_output_structure) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", -diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c -index c37edf966d7e..3a24317cf4d6 100644 ---- a/crypto/encode_decode/encoder_pkey.c -+++ b/crypto/encode_decode/encoder_pkey.c -@@ -7,7 +7,6 @@ - * https://www.openssl.org/source/license.html - */ - --#include "e_os.h" /* strcasecmp on Windows */ - #include - #include - #include -diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c -index e3a5c82e9957..09d0ed9d3aae 100644 ---- a/crypto/engine/tb_asnmth.c -+++ b/crypto/engine/tb_asnmth.c -@@ -152,7 +152,7 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == len) -- && strncasecmp(ameth->pem_str, str, len) == 0) -+ && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -@@ -177,7 +177,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) - e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == lk->len) -- && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { -+ && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { - lk->e = e; - lk->ameth = ameth; - return; -diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c -index 961ca116b32f..0aa1c23beec7 100644 ---- a/crypto/evp/ctrl_params_translate.c -+++ b/crypto/evp/ctrl_params_translate.c -@@ -37,8 +37,6 @@ - #include "crypto/dh.h" - #include "crypto/ec.h" - --#include "e_os.h" /* strcasecmp() for Windows */ -- - struct translation_ctx_st; /* Forwarding */ - struct translation_st; /* Forwarding */ - -@@ -905,7 +903,7 @@ static int fix_kdf_type(enum state state, - - /* Convert KDF type strings to numbers */ - for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) -- if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { -+ if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { - ctx->p1 = kdf_type_map->kdf_type_num; - ret = 1; - break; -@@ -2469,10 +2467,11 @@ lookup_translation(struct translation_st *tmpl, - * cmd name in the template. - */ - if (item->ctrl_str != NULL -- && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) -+ && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) - ctrl_str = tmpl->ctrl_str; - else if (item->ctrl_hexstr != NULL -- && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0) -+ && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, -+ item->ctrl_hexstr) == 0) - ctrl_hexstr = tmpl->ctrl_hexstr; - else - continue; -@@ -2500,7 +2499,8 @@ lookup_translation(struct translation_st *tmpl, - if ((item->action_type != NONE - && tmpl->action_type != item->action_type) - || (item->param_key != NULL -- && strcasecmp(tmpl->param_key, item->param_key) != 0)) -+ && OPENSSL_strcasecmp(tmpl->param_key, -+ item->param_key) != 0)) - continue; - } else { - return NULL; -diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c -index 8550be65e785..aa3c7fa4efc7 100644 ---- a/crypto/evp/ec_support.c -+++ b/crypto/evp/ec_support.c -@@ -10,7 +10,7 @@ - #include - #include - #include "crypto/ec.h" --#include "e_os.h" /* strcasecmp required by windows */ -+#include "internal/nelem.h" - - typedef struct ec_name2nid_st { - const char *name; -@@ -139,7 +139,7 @@ int ossl_ec_curve_name2nid(const char *name) - return nid; - - for (i = 0; i < OSSL_NELEM(curve_list); i++) { -- if (strcasecmp(curve_list[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0) - return curve_list[i].nid; - } - } -diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c -index 24092cfd5be0..da3ef28b3d18 100644 ---- a/crypto/evp/evp_lib.c -+++ b/crypto/evp/evp_lib.c -@@ -15,7 +15,6 @@ - - #include - #include --#include "e_os.h" /* strcasecmp */ - #include "internal/cryptlib.h" - #include - #include -@@ -1170,17 +1169,17 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - - va_start(args, type); - -- if (strcasecmp(type, "RSA") == 0) { -+ if (OPENSSL_strcasecmp(type, "RSA") == 0) { - bits = va_arg(args, size_t); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); -- } else if (strcasecmp(type, "EC") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "EC") == 0) { - name = va_arg(args, char *); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, 0); -- } else if (strcasecmp(type, "ED25519") != 0 -- && strcasecmp(type, "X25519") != 0 -- && strcasecmp(type, "ED448") != 0 -- && strcasecmp(type, "X448") != 0) { -+ } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 -+ && OPENSSL_strcasecmp(type, "X25519") != 0 -+ && OPENSSL_strcasecmp(type, "ED448") != 0 -+ && OPENSSL_strcasecmp(type, "X448") != 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - goto end; - } -diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c -index 27138af56421..668607a72360 100644 ---- a/crypto/evp/p_lib.c -+++ b/crypto/evp/p_lib.c -@@ -50,8 +50,6 @@ - #include "internal/provider.h" - #include "evp_local.h" - --#include "e_os.h" /* strcasecmp on Windows */ -- - static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt); - static void evp_pkey_free_it(EVP_PKEY *key); -@@ -1018,7 +1016,7 @@ int evp_pkey_name2type(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { -- if (strcasecmp(name, standard_name2type[i].ptr) == 0) -+ if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0) - return (int)standard_name2type[i].id; - } - -diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c -index e9f597c46c00..266cb30bc245 100644 ---- a/crypto/ffc/ffc_dh.c -+++ b/crypto/ffc/ffc_dh.c -@@ -10,7 +10,6 @@ - #include "internal/ffc.h" - #include "internal/nelem.h" - #include "crypto/bn_dh.h" --#include "e_os.h" /* strcasecmp */ - - #ifndef OPENSSL_NO_DH - -@@ -84,7 +83,7 @@ const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { -- if (strcasecmp(dh_named_groups[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0) - return &dh_named_groups[i]; - } - return NULL; -diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c -index 6e025a06be6e..500189e49fc0 100644 ---- a/crypto/ffc/ffc_params.c -+++ b/crypto/ffc/ffc_params.c -@@ -12,7 +12,6 @@ - #include "internal/ffc.h" - #include "internal/param_build_set.h" - #include "internal/nelem.h" --#include "e_os.h" /* strcasecmp */ - - #ifndef FIPS_MODULE - # include /* ossl_ffc_params_print */ -diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c -index 33e7b82b9e8c..8133a04936c5 100644 ---- a/crypto/http/http_client.c -+++ b/crypto/http/http_client.c -@@ -322,7 +322,7 @@ static int add1_headers(OSSL_HTTP_REQ_CTX *rctx, - - for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { - hdr = sk_CONF_VALUE_value(headers, i); -- if (add_host && strcasecmp("host", hdr->name) == 0) -+ if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0) - add_host = 0; - if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value)) - return 0; -@@ -666,13 +666,13 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) - } - if (value != NULL && line_end != NULL) { - if (rctx->state == OHS_REDIRECT -- && strcasecmp(key, "Location") == 0) { -+ && OPENSSL_strcasecmp(key, "Location") == 0) { - rctx->redirection_url = value; - return 0; - } - if (rctx->expected_ct != NULL -- && strcasecmp(key, "Content-Type") == 0) { -- if (strcasecmp(rctx->expected_ct, value) != 0) { -+ && OPENSSL_strcasecmp(key, "Content-Type") == 0) { -+ if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, - "expected=%s, actual=%s", - rctx->expected_ct, value); -@@ -682,12 +682,12 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) - } - - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ -- if (strcasecmp(key, "Connection") == 0) { -- if (strcasecmp(value, "keep-alive") == 0) -+ if (OPENSSL_strcasecmp(key, "Connection") == 0) { -+ if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - found_keep_alive = 1; -- else if (strcasecmp(value, "close") == 0) -+ else if (OPENSSL_strcasecmp(value, "close") == 0) - found_keep_alive = 0; -- } else if (strcasecmp(key, "Content-Length") == 0) { -+ } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) { - resp_len = (size_t)strtoul(value, &line_end, 10); - if (line_end == value || *line_end != '\0') { - ERR_raise_data(ERR_LIB_HTTP, -diff --git a/crypto/init.c b/crypto/init.c -index 6a27d1a8e440..1569c35a6b96 100644 ---- a/crypto/init.c -+++ b/crypto/init.c -@@ -32,6 +32,7 @@ - #include "crypto/store.h" - #include /* for OSSL_CMP_log_close() */ - #include -+#include "crypto/ctype.h" - - static int stopped = 0; - static uint64_t optsdone = 0; -@@ -447,6 +448,9 @@ void OPENSSL_cleanup(void) - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); - ossl_trace_cleanup(); - -+ OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n"); -+ ossl_deinit_casecmp(); -+ - base_inited = 0; - } - -@@ -460,6 +464,9 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) - uint64_t tmp; - int aloaddone = 0; - -+ if (!ossl_init_casecmp()) -+ return 0; -+ - /* Applications depend on 0 being returned when cleanup was already done */ - if (stopped) { - if (!(opts & OPENSSL_INIT_BASE_ONLY)) -diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c -index 92152eeb6674..7596d720e964 100644 ---- a/crypto/objects/o_names.c -+++ b/crypto/objects/o_names.c -@@ -21,23 +21,6 @@ - #include "obj_local.h" - #include "e_os.h" - --/* -- * We define this wrapper for two reasons. Firstly, later versions of -- * DEC C add linkage information to certain functions, which makes it -- * tricky to use them as values to regular function pointers. -- * Secondly, in the EDK2 build environment, the strcasecmp function is -- * actually an external function with the Microsoft ABI, so we can't -- * transparently assign function pointers to it. -- */ --#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) --static int obj_strcasecmp(const char *a, const char *b) --{ -- return strcasecmp(a, b); --} --#else --#define obj_strcasecmp strcasecmp --#endif -- - /* - * I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. -@@ -111,7 +94,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - goto out; - } - name_funcs->hash_func = ossl_lh_strcasehash; -- name_funcs->cmp_func = obj_strcasecmp; -+ name_funcs->cmp_func = OPENSSL_strcasecmp; - push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); - - if (!push) { -@@ -145,7 +128,7 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) - ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name, b->name); - } else -- ret = strcasecmp(a->name, b->name); -+ ret = OPENSSL_strcasecmp(a->name, b->name); - } - return ret; - } -diff --git a/crypto/params_dup.c b/crypto/params_dup.c -index 6a58b52f65cb..d92176da46e5 100644 ---- a/crypto/params_dup.c -+++ b/crypto/params_dup.c -@@ -11,7 +11,6 @@ - #include - #include - #include "internal/param_build_set.h" --#include "e_os.h" /* strcasecmp */ - - #define OSSL_PARAM_ALLOCATED_END 127 - #define OSSL_PARAM_MERGE_LIST_MAX 128 -@@ -142,7 +141,7 @@ static int compare_params(const void *left, const void *right) - const OSSL_PARAM *l = *(const OSSL_PARAM **)left; - const OSSL_PARAM *r = *(const OSSL_PARAM **)right; - -- return strcasecmp(l->key, r->key); -+ return OPENSSL_strcasecmp(l->key, r->key); - } - - OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) -@@ -205,7 +204,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) - break; - } - /* consume the list element with the smaller key */ -- diff = strcasecmp((*p1cur)->key, (*p2cur)->key); -+ diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key); - if (diff == 0) { - /* If the keys are the same then throw away the list1 element */ - *dst++ = **p2cur; -diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c -index 8954ec724617..c5691395c424 100644 ---- a/crypto/property/property_parse.c -+++ b/crypto/property/property_parse.c -@@ -45,7 +45,7 @@ static int match(const char *t[], const char m[], size_t m_len) ++OPENSSL_strcasecmp(const char *s1, const char *s2) { - const char *s = *t; - -- if (strncasecmp(s, m, m_len) == 0) { -+ if (OPENSSL_strncasecmp(s, m, m_len) == 0) { - *t = skip_space(s + m_len); - return 1; - } -diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c -index afe3521186ca..c453d3226133 100644 ---- a/crypto/rand/rand_lib.c -+++ b/crypto/rand/rand_lib.c -@@ -768,22 +768,22 @@ static int random_conf_init(CONF_IMODULE *md, const CONF *cnf) - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); -- if (strcasecmp(cval->name, "random") == 0) { -+ if (OPENSSL_strcasecmp(cval->name, "random") == 0) { - if (!random_set_string(&dgbl->rng_name, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "cipher") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) { - if (!random_set_string(&dgbl->rng_cipher, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "digest") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) { - if (!random_set_string(&dgbl->rng_digest, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "properties") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) { - if (!random_set_string(&dgbl->rng_propq, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "seed") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) { - if (!random_set_string(&dgbl->seed_name, cval->value)) - return 0; -- } else if (strcasecmp(cval->name, "seed_properties") == 0) { -+ } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) { - if (!random_set_string(&dgbl->seed_propq, cval->value)) - return 0; - } else { -diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c -index ad1623dd1444..254ebdb24287 100644 ---- a/crypto/rsa/rsa_backend.c -+++ b/crypto/rsa/rsa_backend.c -@@ -27,8 +27,6 @@ - #include "crypto/rsa.h" - #include "rsa_local.h" - --#include "e_os.h" /* strcasecmp for Windows() */ -- - /* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider -@@ -275,8 +273,8 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, - else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) - return 0; - -- if (strcasecmp(param_mgf->data, -- ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) -+ if (OPENSSL_strcasecmp(param_mgf->data, -+ ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) - return 0; - } - -diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c -index 7dcb939066f2..42bf9d555a36 100644 ---- a/crypto/store/store_lib.c -+++ b/crypto/store/store_lib.c -@@ -93,7 +93,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); - if ((p = strchr(scheme_copy, ':')) != NULL) { - *p++ = '\0'; -- if (strcasecmp(scheme_copy, "file") != 0) { -+ if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { - if (strncmp(p, "//", 2) == 0) - schemes_n--; /* Invalidate the file scheme */ - schemes[schemes_n++] = scheme_copy; -diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c -index 1306b270bbaf..6f83da4beb02 100644 ---- a/crypto/store/store_result.c -+++ b/crypto/store/store_result.c -@@ -457,7 +457,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - - /* If we have a data type, it should be a PEM name */ - if (data->data_type != NULL -- && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) -+ && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) - ignore_trusted = 0; - - if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, -diff --git a/crypto/trace.c b/crypto/trace.c -index 40941990e673..d790409a2d62 100644 ---- a/crypto/trace.c -+++ b/crypto/trace.c -@@ -19,8 +19,6 @@ - #include "internal/refcount.h" - #include "crypto/cryptlib.h" - --#include "e_os.h" /* strcasecmp for Windows */ -- - #ifndef OPENSSL_NO_TRACE - - static CRYPTO_RWLOCK *trace_lock = NULL; -@@ -158,7 +156,7 @@ int OSSL_trace_get_category_num(const char *name) - size_t i; + int t; - for (i = 0; i < OSSL_NELEM(trace_categories); i++) -- if (strcasecmp(name, trace_categories[i].name) == 0) -+ if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) - return trace_categories[i].num; - return -1; /* not found */ +@@ -352,7 +354,12 @@ int OPENSSL_strcasecmp(const char *s1, c + return t; } -diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c -index 6a613d64e6aa..9927c083b115 100644 ---- a/crypto/x509/v3_tlsf.c -+++ b/crypto/x509/v3_tlsf.c -@@ -108,7 +108,7 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - extval = val->name; - - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) -- if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) -+ if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - tlsextid = tls_feature_tbl[j].num; -diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c -index ff049c897bae..6e4ef26ed608 100644 ---- a/crypto/x509/v3_utl.c -+++ b/crypto/x509/v3_utl.c -@@ -715,7 +715,7 @@ static int wildcard_match(const unsigned char *prefix, size_t prefix_len, - } - /* IDNA labels cannot match partial wildcards */ - if (!allow_idna && -- subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0) -+ subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) - return 0; - /* The wildcard may match a literal '*' */ - if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') -@@ -775,7 +775,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) { - if ((state & LABEL_START) != 0 -- && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0) -+ && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) - state |= LABEL_IDNA; - state &= ~(LABEL_HYPHEN | LABEL_START); - } else if (p[i] == '.') { -diff --git a/doc/build.info b/doc/build.info -index c1d98a4ca669..7e86de588aed 100644 ---- a/doc/build.info -+++ b/doc/build.info -@@ -1531,6 +1531,10 @@ DEPEND[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod - GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod - DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod - GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod -+DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -+GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -+DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod -+GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod - DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod - GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod - DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod -@@ -3110,6 +3114,7 @@ html/man3/OPENSSL_load_builtin_modules.html \ - html/man3/OPENSSL_malloc.html \ - html/man3/OPENSSL_s390xcap.html \ - html/man3/OPENSSL_secure_malloc.html \ -+html/man3/OPENSSL_strcasecmp.html \ - html/man3/OSSL_CMP_CTX_new.html \ - html/man3/OSSL_CMP_HDR_get0_transactionID.html \ - html/man3/OSSL_CMP_ITAV_set0.html \ -@@ -3704,6 +3709,7 @@ man/man3/OPENSSL_load_builtin_modules.3 \ - man/man3/OPENSSL_malloc.3 \ - man/man3/OPENSSL_s390xcap.3 \ - man/man3/OPENSSL_secure_malloc.3 \ -+man/man3/OPENSSL_strcasecmp.3 \ - man/man3/OSSL_CMP_CTX_new.3 \ - man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ - man/man3/OSSL_CMP_ITAV_set0.3 \ -diff --git a/doc/man3/OPENSSL_strcasecmp.pod b/doc/man3/OPENSSL_strcasecmp.pod -new file mode 100644 -index 000000000000..1bb8b18c5013 ---- /dev/null -+++ b/doc/man3/OPENSSL_strcasecmp.pod -@@ -0,0 +1,47 @@ -+=pod -+ -+=head1 NAME -+ -+OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case -+ -+=head1 SYNOPSIS -+ -+ #include -+ -+ int OPENSSL_strcasecmp(const char *s1, const char *s2); -+ int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); -+ -+=head1 DESCRIPTION -+ -+The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings -+B and B, ignoring the case of the characters. -+ -+The OPENSSL_strncasecmp function is similar, except that it compares no more than -+B bytes of B and B. -+ -+In POSIX-compatible system and on Windows these functions use "C" locale for -+case insensitive. Otherwise the comparison is done in current locale. -+ -+=head1 RETURN VALUES -+ -+Both functions return an integer less than, equal to, or greater than zero if -+s1 is found, respectively, to be less than, to match, or be greater than s2. -+ -+=head1 NOTES -+ -+OpenSSL extensively uses case insensitive comparison of ASCII strings. Though -+OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may -+unpredictably suffer when they use localization (e.g. Turkish locale is -+well-known with a specific I/i cases). These functions use C locale for string -+comparison. -+ -+=head1 COPYRIGHT -+ -+Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ -+Licensed under the Apache License 2.0 (the "License"). You may not use -+this file except in compliance with the License. You can obtain a copy -+in the file LICENSE in the source distribution or at -+L. -+ -+=cut -diff --git a/e_os.h b/e_os.h -index e1608ae55d7d..5490a48fcd48 100644 ---- a/e_os.h -+++ b/e_os.h -@@ -249,8 +249,6 @@ FILE *__iob_func(); - /***********************************************/ - - # if defined(OPENSSL_SYS_WINDOWS) --# define strcasecmp _stricmp --# define strncasecmp _strnicmp - # if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) - # define open _open - # define fdopen _fdopen -diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c -index fa01317db5eb..a9c10d375a58 100644 ---- a/engines/e_devcrypto.c -+++ b/engines/e_devcrypto.c -@@ -1159,9 +1159,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) - case DEVCRYPTO_CMD_CIPHERS: - if (p == NULL) - return 1; -- if (strcasecmp((const char *)p, "ALL") == 0) { -+ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { - devcrypto_select_all_ciphers(selected_ciphers); -- } else if (strcasecmp((const char*)p, "NONE") == 0) { -+ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { - memset(selected_ciphers, 0, sizeof(selected_ciphers)); - } else { - new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); -@@ -1179,9 +1179,9 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) - case DEVCRYPTO_CMD_DIGESTS: - if (p == NULL) - return 1; -- if (strcasecmp((const char *)p, "ALL") == 0) { -+ if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { - devcrypto_select_all_digests(selected_digests); -- } else if (strcasecmp((const char*)p, "NONE") == 0) { -+ } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { - memset(selected_digests, 0, sizeof(selected_digests)); - } else { - new_list=OPENSSL_zalloc(sizeof(selected_digests)); -diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c -index 391ed33d5e3a..f6de29c0c33a 100644 ---- a/engines/e_loader_attic.c -+++ b/engines/e_loader_attic.c -@@ -14,7 +14,6 @@ - /* We need to use some engine deprecated APIs */ - #define OPENSSL_SUPPRESS_DEPRECATED - --/* #include "e_os.h" */ - #include - #include - #include -@@ -44,7 +43,6 @@ DEFINE_STACK_OF(OSSL_STORE_INFO) - - #ifdef _WIN32 - # define stat _stat --# define strncasecmp _strnicmp - #endif - - #ifndef S_ISDIR -@@ -971,12 +969,12 @@ static OSSL_STORE_LOADER_CTX *file_open_ex - * There's a special case if the URI also contains an authority, then - * the full URI shouldn't be used as a path anywhere. - */ -- if (strncasecmp(uri, "file:", 5) == 0) { -+ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { - const char *p = &uri[5]; - - if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ -- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { -+ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { - p = &uri[16]; - } else if (uri[7] == '/') { - p = &uri[7]; -@@ -1466,7 +1464,8 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) - /* - * First, check the basename - */ -- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') -+ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 -+ || name[len] != '.') - return 0; - p = &name[len + 1]; - -diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c -index 0506faa6285b..5d31b31c11f1 100644 ---- a/engines/e_ossltest.c -+++ b/engines/e_ossltest.c -@@ -42,10 +42,6 @@ - - #include "e_ossltest_err.c" - --#ifdef _WIN32 --# define strncasecmp _strnicmp --#endif -- - /* Engine Id and Name */ - static const char *engine_ossltest_id = "ossltest"; - static const char *engine_ossltest_name = "OpenSSL Test engine support"; -@@ -383,7 +379,7 @@ static EVP_PKEY *load_key(ENGINE *eng, const char *key_id, int pub, - BIO *in; - EVP_PKEY *key; - -- if (strncasecmp(key_id, "ot:", 3) != 0) -+ if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0) - return NULL; - key_id += 3; - -diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h -index a35c137e8431..44fa9a8ae930 100644 ---- a/include/crypto/ctype.h -+++ b/include/crypto/ctype.h -@@ -80,4 +80,6 @@ int ossl_ascii_isdigit(const char inchar); - # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) - # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) -+int ossl_init_casecmp(void); -+void ossl_deinit_casecmp(void); - #endif -diff --git a/include/internal/core.h b/include/internal/core.h -index d9dc424164c9..b63af84787af 100644 ---- a/include/internal/core.h -+++ b/include/internal/core.h -@@ -63,4 +63,6 @@ __owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); - int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); - int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); - -+void *ossl_c_locale(void); -+ - #endif -diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in -index c56885d2d6ff..7232f647e8a3 100644 ---- a/include/openssl/crypto.h.in -+++ b/include/openssl/crypto.h.in -@@ -133,6 +133,8 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep); - unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); - int OPENSSL_hexchar2int(unsigned char c); -+int OPENSSL_strcasecmp(const char *s1, const char *s2); -+int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); - - # define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) - -diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c -index f6d95197f07c..e1e1961b2329 100644 ---- a/providers/common/capabilities.c -+++ b/providers/common/capabilities.c -@@ -217,7 +217,7 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) - int ossl_prov_get_capabilities(void *provctx, const char *capability, - OSSL_CALLBACK *cb, void *arg) - { -- if (strcasecmp(capability, "TLS-GROUP") == 0) -+ if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0) - return tls_group_capability(cb, arg); - - /* We don't support this capability */ -diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c -index f4605dcd6ce5..fc17a958ce26 100644 ---- a/providers/fips/fipsprov.c -+++ b/providers/fips/fipsprov.c -@@ -22,6 +22,7 @@ - #include "prov/provider_util.h" - #include "prov/seeding.h" - #include "self_test.h" -+#include "internal/core.h" - - static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; - static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; -@@ -35,6 +36,22 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; - static OSSL_FUNC_provider_get_params_fn fips_get_params; - static OSSL_FUNC_provider_query_operation_fn fips_query; - -+/* Locale object accessor functions */ -+#ifdef OPENSSL_SYS_MACOSX -+# include -+#else -+# include +-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) ++int ++#ifndef FIPS_MODULE ++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"), ++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1"))) +#endif -+ -+#if defined OPENSSL_SYS_WINDOWS -+# define locale_t _locale_t -+# define freelocale _free_locale -+#endif -+static locale_t loc; -+ -+static int fips_init_casecmp(void); -+static void fips_deinit_casecmp(void); -+ - #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } - #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) - extern OSSL_FUNC_core_thread_start_fn *c_thread_start; -@@ -486,6 +503,23 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, - return NULL; - } - -+void *ossl_c_locale() { -+ return (void *)loc; -+} -+ -+static int fips_init_casecmp(void) { -+# ifdef OPENSSL_SYS_WINDOWS -+ loc = _create_locale(LC_COLLATE, "C"); -+# else -+ loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); -+# endif -+ return (loc == (locale_t) 0) ? 0 : 1; -+} -+ -+static void fips_deinit_casecmp(void) { -+ freelocale(loc); -+} -+ - static void fips_teardown(void *provctx) ++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) { - OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); -@@ -498,6 +532,7 @@ static void fips_intern_teardown(void *provctx) - * We know that the library context is the same as for the outer provider, - * so no need to destroy it here. - */ -+ fips_deinit_casecmp(); - ossl_prov_ctx_free(provctx); - } - -@@ -547,6 +582,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, - - memset(&selftest_params, 0, sizeof(selftest_params)); - -+ if (!fips_init_casecmp()) -+ return 0; - if (!ossl_prov_seeding_from_dispatch(in)) - return 0; - for (; in->function_id != 0; in++) { -diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c -index cb3372c646aa..5c48f37c9527 100644 ---- a/providers/implementations/ciphers/cipher_cts.c -+++ b/providers/implementations/ciphers/cipher_cts.c -@@ -46,7 +46,6 @@ - * Otherwise it is the same as CS2. - */ - --#include "e_os.h" /* strcasecmp */ - #include - #include "prov/ciphercommon.h" - #include "internal/nelem.h" -@@ -92,7 +91,7 @@ int ossl_cipher_cbc_cts_mode_name2id(const char *name) - size_t i; - - for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { -- if (strcasecmp(name, cts_modes[i].name) == 0) -+ if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0) - return (int)cts_modes[i].id; - } - return -1; -diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index 667d5e9619ff..89f304b41816 100644 ---- a/providers/implementations/kdfs/hkdf.c -+++ b/providers/implementations/kdfs/hkdf.c -@@ -199,11 +199,11 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) - - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { - if (p->data_type == OSSL_PARAM_UTF8_STRING) { -- if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { -+ if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; -- } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) { -+ } else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; -- } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) { -+ } else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) { - ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; - } else { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); -diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c -index 5f30b037d94e..6be7f45fc58a 100644 ---- a/providers/implementations/kdfs/kbkdf.c -+++ b/providers/implementations/kdfs/kbkdf.c -@@ -298,10 +298,11 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - } - - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); -- if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) { -+ if (p != NULL -+ && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { - ctx->mode = COUNTER; - } else if (p != NULL -- && strncasecmp("feedback", p->data, p->data_size) == 0) { -+ && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { - ctx->mode = FEEDBACK; - } else if (p != NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); -diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c -index 74a0f7e1f3e6..e0b5971a3b7a 100644 ---- a/providers/implementations/kdfs/tls1_prf.c -+++ b/providers/implementations/kdfs/tls1_prf.c -@@ -172,7 +172,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - return 1; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { -- if (strcasecmp(p->data, SN_md5_sha1) == 0) { -+ if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) { - if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, - OSSL_MAC_NAME_HMAC, - NULL, SN_md5, libctx) -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index 313ab133b33a..bfc3da690875 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -12,8 +12,8 @@ - * internal use. - */ - #include "internal/deprecated.h" -+#include "internal/nelem.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -69,7 +69,7 @@ static int name2id(const char *name, const OSSL_ITEM *map, size_t sz) - return -1; - - for (i = 0; i < sz; ++i) { -- if (strcasecmp(map[i].ptr, name) == 0) -+ if (OPENSSL_strcasecmp(map[i].ptr, name) == 0) - return map[i].id; - } - return -1; -diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c -index 885bd62eeaae..2ab69f5f32f5 100644 ---- a/providers/implementations/keymgmt/dsa_kmgmt.c -+++ b/providers/implementations/keymgmt/dsa_kmgmt.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -90,7 +89,7 @@ static int dsa_gen_type_name2id(const char *name) + int t; size_t i; - - for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { -- if (strcasecmp(dsatype2id[i].name, name) == 0) -+ if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0) - return dsatype2id[i].id; - } - return -1; -diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c -index f564a470ac04..68bb35e4cbe1 100644 ---- a/providers/implementations/keymgmt/ec_kmgmt.c -+++ b/providers/implementations/keymgmt/ec_kmgmt.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c -index 99d685735e2f..2a7f867aa56b 100644 ---- a/providers/implementations/keymgmt/ecx_kmgmt.c -+++ b/providers/implementations/keymgmt/ecx_kmgmt.c -@@ -9,8 +9,6 @@ - - #include - #include --/* For strcasecmp on Windows */ --#include "e_os.h" - #include - #include - #include -@@ -546,7 +544,7 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) - } - if (p->data_type != OSSL_PARAM_UTF8_STRING - || groupname == NULL -- || strcasecmp(p->data, groupname) != 0) { -+ || OPENSSL_strcasecmp(p->data, groupname) != 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } -diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c -index ec34a3ee7131..ecfd2eaaa5c0 100644 ---- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c -+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c -@@ -26,7 +26,6 @@ - #include "prov/providercommon.h" - #include "prov/provider_ctx.h" - #include "prov/macsignature.h" --#include "e_os.h" /* strcasecmp */ - - static OSSL_FUNC_keymgmt_new_fn mac_new; - static OSSL_FUNC_keymgmt_free_fn mac_free; -diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c -index dbe57b0d2898..c51eb4b4e581 100644 ---- a/providers/implementations/rands/drbg_ctr.c -+++ b/providers/implementations/rands/drbg_ctr.c -@@ -14,7 +14,6 @@ - #include - #include - #include --#include "e_os.h" /* strcasecmp */ - #include "crypto/modes.h" - #include "internal/thread_once.h" - #include "prov/implementations.h" -@@ -690,7 +689,7 @@ static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[]) - if (p->data_type != OSSL_PARAM_UTF8_STRING - || p->data_size < ctr_str_len) - return 0; -- if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { -+ if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER); - return 0; - } -diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c -index 325e855333e9..9460136bca0b 100644 ---- a/providers/implementations/signature/rsa_sig.c -+++ b/providers/implementations/signature/rsa_sig.c -@@ -13,7 +13,6 @@ - */ - #include "internal/deprecated.h" - --#include "e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -854,7 +853,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, - - if (mdname != NULL - /* was rsa_setup_md already called in rsa_signverify_init()? */ -- && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0) -+ && (mdname[0] == '\0' || OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0) - && !rsa_setup_md(prsactx, mdname, prsactx->propq)) - return 0; - -diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c -index fef2b1d2900f..fceef73b7c09 100644 ---- a/providers/implementations/storemgmt/file_store.c -+++ b/providers/implementations/storemgmt/file_store.c -@@ -9,8 +9,6 @@ - - /* This file has quite some overlap with engines/e_loader_attic.c */ - --#include "e_os.h" /* To get strncasecmp() on Windows */ -- - #include - #include - #include /* isdigit */ -@@ -220,12 +218,12 @@ static void *file_open(void *provctx, const char *uri) - * There's a special case if the URI also contains an authority, then - * the full URI shouldn't be used as a path anywhere. - */ -- if (strncasecmp(uri, "file:", 5) == 0) { -+ if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { - const char *p = &uri[5]; - - if (strncmp(&uri[5], "//", 2) == 0) { - path_data_n--; /* Invalidate using the full URI */ -- if (strncasecmp(&uri[7], "localhost/", 10) == 0) { -+ if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { - p = &uri[16]; - } else if (uri[7] == '/') { - p = &uri[7]; -@@ -592,7 +590,8 @@ static int file_name_check(struct file_ctx_st *ctx, const char *name) - /* - * First, check the basename - */ -- if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') -+ if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 -+ || name[len] != '.') - return 0; - p = &name[len + 1]; - -diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c -index deb0c9aaa650..ae97c38b1597 100644 ---- a/ssl/ssl_conf.c -+++ b/ssl/ssl_conf.c -@@ -148,7 +148,8 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, - if (namelen == -1) { - if (strcmp(tbl->name, name)) - return 0; -- } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen)) -+ } else if (tbl->namelen != namelen -+ || OPENSSL_strncasecmp(tbl->name, name, namelen)) - return 0; - ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); - return 1; -@@ -232,8 +233,8 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) - - /* Ignore values supported by 1.0.2 for the automatic selection */ - if ((cctx->flags & SSL_CONF_FLAG_FILE) -- && (strcasecmp(value, "+automatic") == 0 -- || strcasecmp(value, "automatic") == 0)) -+ && (OPENSSL_strcasecmp(value, "+automatic") == 0 -+ || OPENSSL_strcasecmp(value, "automatic") == 0)) - return 1; - if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && - strcmp(value, "auto") == 0) -@@ -812,7 +813,7 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) - strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) - return 0; - if (cctx->flags & SSL_CONF_FLAG_FILE && -- strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) -+ OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) - return 0; - *pcmd += cctx->prefixlen; - } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { -@@ -854,7 +855,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, - return t; +diff -up openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp openssl-3.0.7/test/recipes/01-test_symbol_presence.t +--- openssl-3.0.7/test/recipes/01-test_symbol_presence.t.cmp 2022-11-25 18:19:05.669769076 +0100 ++++ openssl-3.0.7/test/recipes/01-test_symbol_presence.t 2022-11-25 18:31:20.993392678 +0100 +@@ -77,6 +80,7 @@ foreach my $libname (@libnames) { + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; ++ s|\@.+$||; + # Return the result + $_ } - if (cctx->flags & SSL_CONF_FLAG_FILE) { -- if (t->str_file && strcasecmp(t->str_file, cmd) == 0) -+ if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0) - return t; - } - } -diff --git a/test/bntest.c b/test/bntest.c -index 4c1ee0c13b6d..c5894c157b3c 100644 ---- a/test/bntest.c -+++ b/test/bntest.c -@@ -10,9 +10,6 @@ - #include - #include - #include --#ifdef __TANDEM --# include /* strcasecmp */ --#endif - #include - - #include -@@ -23,10 +20,6 @@ - #include "internal/numbers.h" - #include "testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - /* - * Things in boring, not in openssl. - */ -@@ -64,7 +57,7 @@ static const char *findattr(STANZA *s, const char *key) - PAIR *pp = s->pairs; - - for ( ; --i >= 0; pp++) -- if (strcasecmp(pp->key, key) == 0) -+ if (OPENSSL_strcasecmp(pp->key, key) == 0) - return pp->value; - return NULL; - } -diff --git a/test/build.info b/test/build.info -index 0f379e11e222..14a84f00a258 100644 ---- a/test/build.info -+++ b/test/build.info -@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] - sanitytest rsa_complex exdatatest bntest \ - ecstresstest gmdifftest pbelutest \ - destest mdc2test sha_test \ -- exptest pbetest \ -+ exptest pbetest localetest \ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext \ -@@ -135,6 +135,10 @@ IF[{- !$disabled{tests} -}] - INCLUDE[exptest]=../include ../apps/include - DEPEND[exptest]=../libcrypto libtestutil.a - -+ SOURCE[localetest]=localetest.c -+ INCLUDE[localetest]=../include ../apps/include -+ DEPEND[localetest]=../libcrypto libtestutil.a -+ - SOURCE[pbetest]=pbetest.c - INCLUDE[pbetest]=../include ../apps/include - DEPEND[pbetest]=../libcrypto libtestutil.a -diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c -index 826e558cc0cd..3b597617791a 100644 ---- a/test/evp_extra_test.c -+++ b/test/evp_extra_test.c -@@ -35,7 +35,6 @@ - #include "internal/nelem.h" - #include "internal/sizes.h" - #include "crypto/evp.h" --#include "../e_os.h" /* strcasecmp */ - - static OSSL_LIB_CTX *testctx = NULL; - static char *testpropq = NULL; -@@ -1739,7 +1738,7 @@ static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) - return 0; - - for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { -- if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { -+ if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { - *enc = ec_encodings[i].encoding; - break; - } -diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c -index e2663dc02998..9b2f4a016893 100644 ---- a/test/evp_libctx_test.c -+++ b/test/evp_libctx_test.c -@@ -33,7 +33,6 @@ - #include "testutil.h" - #include "internal/nelem.h" - #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ --#include "../e_os.h" /* strcasecmp */ - - static OSSL_LIB_CTX *libctx = NULL; - static OSSL_PROVIDER *nullprov = NULL; -@@ -478,7 +477,7 @@ static int test_cipher_reinit_partialupdate(int test_id) - - static int name_cmp(const char * const *a, const char * const *b) - { -- return strcasecmp(*a, *b); -+ return OPENSSL_strcasecmp(*a, *b); - } - - static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) -diff --git a/test/evp_test.c b/test/evp_test.c -index 7a5b9345e0db..8a0758f857a5 100644 ---- a/test/evp_test.c -+++ b/test/evp_test.c -@@ -12,7 +12,6 @@ - #include - #include - #include --#include "../e_os.h" /* strcasecmp */ - #include - #include - #include -@@ -3886,9 +3885,9 @@ void cleanup_tests(void) - OSSL_LIB_CTX_free(libctx); - } - --#define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0 -+#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 - #define STR_ENDS_WITH(str, pre) \ --strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) -+strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) - - static int is_digest_disabled(const char *name) - { -@@ -3897,31 +3896,31 @@ static int is_digest_disabled(const char *name) - return 1; - #endif - #ifdef OPENSSL_NO_MD2 -- if (strcasecmp(name, "MD2") == 0) -+ if (OPENSSL_strcasecmp(name, "MD2") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MDC2 -- if (strcasecmp(name, "MDC2") == 0) -+ if (OPENSSL_strcasecmp(name, "MDC2") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MD4 -- if (strcasecmp(name, "MD4") == 0) -+ if (OPENSSL_strcasecmp(name, "MD4") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_MD5 -- if (strcasecmp(name, "MD5") == 0) -+ if (OPENSSL_strcasecmp(name, "MD5") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_RMD160 -- if (strcasecmp(name, "RIPEMD160") == 0) -+ if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_SM3 -- if (strcasecmp(name, "SM3") == 0) -+ if (OPENSSL_strcasecmp(name, "SM3") == 0) - return 1; - #endif - #ifdef OPENSSL_NO_WHIRLPOOL -- if (strcasecmp(name, "WHIRLPOOL") == 0) -+ if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) - return 1; - #endif - return 0; -diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c -index 1374b04cf02f..7236ffd4a6ac 100644 ---- a/test/helpers/ssl_test_ctx.c -+++ b/test/helpers/ssl_test_ctx.c -@@ -16,21 +16,17 @@ - #include "ssl_test_ctx.h" - #include "../testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - static const int default_app_data_size = 256; - /* Default set to be as small as possible to exercise fragmentation. */ - static const int default_max_fragment_size = 512; - - static int parse_boolean(const char *value, int *result) - { -- if (strcasecmp(value, "Yes") == 0) { -+ if (OPENSSL_strcasecmp(value, "Yes") == 0) { - *result = 1; - return 1; - } -- else if (strcasecmp(value, "No") == 0) { -+ else if (OPENSSL_strcasecmp(value, "No") == 0) { - *result = 0; - return 1; - } -diff --git a/test/localetest.c b/test/localetest.c -new file mode 100644 -index 000000000000..3db66b7a9e5f ---- /dev/null -+++ b/test/localetest.c -@@ -0,0 +1,122 @@ -+ -+#include -+#include -+#include -+#include "testutil.h" -+#include "testutil/output.h" -+ -+#include -+#include -+#include -+#ifdef OPENSSL_SYS_WINDOWS -+# define strcasecmp _stricmp -+#else -+# include -+#endif -+ -+int setup_tests(void) -+{ -+ const unsigned char der_bytes[] = { -+ 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, -+ 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, -+ 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, -+ 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, -+ 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, -+ 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, -+ 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, -+ 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, -+ 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, -+ 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, -+ 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, -+ 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, -+ 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, -+ 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, -+ 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, -+ 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, -+ 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, -+ 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, -+ 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, -+ 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, -+ 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, -+ 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, -+ 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, -+ 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, -+ 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, -+ 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, -+ 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, -+ 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, -+ 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, -+ 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, -+ 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, -+ 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, -+ 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, -+ 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, -+ 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, -+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, -+ 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, -+ 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, -+ 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, -+ 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, -+ 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, -+ 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, -+ 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, -+ 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, -+ 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, -+ 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, -+ 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, -+ 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, -+ 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, -+ 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, -+ 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, -+ 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, -+ 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, -+ 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, -+ 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, -+ 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, -+ 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, -+ 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, -+ 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, -+ 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, -+ 0x5f -+}; -+ -+ char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo"; -+ int res; -+ X509 *cert = NULL; -+ X509_PUBKEY *cert_pubkey = NULL; -+ const unsigned char *p = der_bytes; -+ -+ TEST_ptr(setlocale(LC_ALL, "")); -+ -+ res = strcasecmp(str1, str2); -+ TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded"); -+ -+ TEST_false(OPENSSL_strcasecmp(str1, str2)); -+ -+ cert = d2i_X509(NULL, &p, sizeof(der_bytes)); -+ if (!TEST_ptr(cert)) -+ return 0; -+ -+ cert_pubkey = X509_get_X509_PUBKEY(cert); -+ if (!TEST_ptr(cert_pubkey)) { -+ X509_free(cert); -+ return 0; -+ } -+ -+ if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) { -+ X509_free(cert); -+ return 0; -+ } -+ -+ X509_free(cert); -+ return 1; -+} -+ -+void cleanup_tests(void) -+{ -+} -diff --git a/test/params_conversion_test.c b/test/params_conversion_test.c -index 9422ef14734a..710c2a9a2e9f 100644 ---- a/test/params_conversion_test.c -+++ b/test/params_conversion_test.c -@@ -15,10 +15,6 @@ - /* On machines that dont support just disable the tests */ - #if !defined(OPENSSL_NO_INTTYPES_H) - --# ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --# endif -- - # ifdef OPENSSL_SYS_VMS - # define strtoumax strtoull - # define strtoimax strtoll -@@ -62,7 +58,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - - for (i = 0; i < s->numpairs; i++, pp++) { - p = ""; -- if (strcasecmp(pp->key, "type") == 0) { -+ if (OPENSSL_strcasecmp(pp->key, "type") == 0) { - if (type != NULL) { - TEST_info("Line %d: multiple type lines", s->curr); - return 0; -@@ -72,48 +68,48 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - TEST_info("Line %d: unknown type line", s->curr); - return 0; - } -- } else if (strcasecmp(pp->key, "int32") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) { - if (def_i32++) { - TEST_info("Line %d: multiple int32 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_i32 = 1; - pc->i32 = (int32_t)strtoimax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "int64") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) { - if (def_i64++) { - TEST_info("Line %d: multiple int64 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_i64 = 1; - pc->i64 = (int64_t)strtoimax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "uint32") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) { - if (def_u32++) { - TEST_info("Line %d: multiple uint32 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_u32 = 1; - pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "uint64") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) { - if (def_u64++) { - TEST_info("Line %d: multiple uint64 lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_u64 = 1; - pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10); - } -- } else if (strcasecmp(pp->key, "double") == 0) { -+ } else if (OPENSSL_strcasecmp(pp->key, "double") == 0) { - if (def_d++) { - TEST_info("Line %d: multiple double lines", s->curr); - return 0; - } -- if (strcasecmp(pp->value, "invalid") != 0) { -+ if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { - pc->valid_d = 1; - pc->d = strtod(pp->value, &p); - } -@@ -133,7 +129,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - return 0; - } - -- if (strcasecmp(type, "int32") == 0) { -+ if (OPENSSL_strcasecmp(type, "int32") == 0) { - if (!TEST_true(def_i32) || !TEST_true(pc->valid_i32)) { - TEST_note("errant int32 on line %d", s->curr); - return 0; -@@ -142,7 +138,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_i32; - pc->ref = &ref_i32; - pc->size = sizeof(ref_i32); -- } else if (strcasecmp(type, "int64") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "int64") == 0) { - if (!TEST_true(def_i64) || !TEST_true(pc->valid_i64)) { - TEST_note("errant int64 on line %d", s->curr); - return 0; -@@ -151,7 +147,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_i64; - pc->ref = &ref_i64; - pc->size = sizeof(ref_i64); -- } else if (strcasecmp(type, "uint32") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "uint32") == 0) { - if (!TEST_true(def_u32) || !TEST_true(pc->valid_u32)) { - TEST_note("errant uint32 on line %d", s->curr); - return 0; -@@ -160,7 +156,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_u32; - pc->ref = &ref_u32; - pc->size = sizeof(ref_u32); -- } else if (strcasecmp(type, "uint64") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "uint64") == 0) { - if (!TEST_true(def_u64) || !TEST_true(pc->valid_u64)) { - TEST_note("errant uint64 on line %d", s->curr); - return 0; -@@ -169,7 +165,7 @@ static int param_conversion_load_stanza(PARAM_CONVERSION *pc, const STANZA *s) - pc->datum = &datum_u64; - pc->ref = &ref_u64; - pc->size = sizeof(ref_u64); -- } else if (strcasecmp(type, "double") == 0) { -+ } else if (OPENSSL_strcasecmp(type, "double") == 0) { - if (!TEST_true(def_d) || !TEST_true(pc->valid_d)) { - TEST_note("errant double on line %d", s->curr); - return 0; -diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t -new file mode 100644 -index 000000000000..1bccd57d4c63 ---- /dev/null -+++ b/test/recipes/02-test_localetest.t -@@ -0,0 +1,24 @@ -+#! /usr/bin/env perl -+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use OpenSSL::Test; -+use OpenSSL::Test::Utils; -+ -+setup("locale tests"); -+ -+plan skip_all => "Locale tests not available on Windows or VMS" -+ if $^O =~ /^(VMS|MSWin32)$/; -+ -+plan tests => 2; -+ -+$ENV{LANG} = "C"; -+ok(run(test(["localetest"])), "running localetest"); -+ -+$ENV{LANG} = "tr_TR.UTF-8"; -+ok(run(test(["localetest"])), "running localetest with Turkish locale"); -diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c -index b07b98062494..5fb54a3a2eb1 100644 ---- a/test/ssl_old_test.c -+++ b/test/ssl_old_test.c -@@ -216,7 +216,7 @@ static int servername_cb(SSL *s, int *ad, void *arg) - - if (servername) { - if (s_ctx2 != NULL && sn_server2 != NULL && -- !strcasecmp(servername, sn_server2)) { -+ !OPENSSL_strcasecmp(servername, sn_server2)) { - BIO_printf(bio_stdout, "Switching server context.\n"); - SSL_set_SSL_CTX(s, s_ctx2); - } -diff --git a/test/v3nametest.c b/test/v3nametest.c -index 06d713b2feb1..ce1f4949fef2 100644 ---- a/test/v3nametest.c -+++ b/test/v3nametest.c -@@ -15,10 +15,6 @@ - #include "internal/nelem.h" - #include "testutil.h" - --#ifdef OPENSSL_SYS_WINDOWS --# define strcasecmp _stricmp --#endif -- - static const char *const names[] = { - "a", "b", ".", "*", "@", - ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..", -@@ -287,7 +283,7 @@ static int run_cert(X509 *crt, const char *nameincert, - int failed = 0; - - for (; *pname != NULL; ++pname) { -- int samename = strcasecmp(nameincert, *pname) == 0; -+ int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; - size_t namelen = strlen(*pname); - char *name = OPENSSL_malloc(namelen + 1); - int match, ret; -diff --git a/util/libcrypto.num b/util/libcrypto.num -index 10b4e57d7969..1b9b23878e83 100644 ---- a/util/libcrypto.num -+++ b/util/libcrypto.num -@@ -5425,3 +5425,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION: - ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION: - ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION: -+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION: diff --git a/SOURCES/0057-strcasecmp-fix.patch b/SOURCES/0057-strcasecmp-fix.patch deleted file mode 100644 index f5c59b5..0000000 --- a/SOURCES/0057-strcasecmp-fix.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 68f23e3725d9639f5b27d868fee291cabb516677 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Fri, 22 Apr 2022 18:16:56 +0200 -Subject: [PATCH 1/2] Ensure we initialized the locale before - evp_pkey_name2type - -Fixes #18158 ---- - crypto/evp/pmeth_lib.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c -index 2b9c6c2351da..92d25de44532 100644 ---- a/crypto/evp/pmeth_lib.c -+++ b/crypto/evp/pmeth_lib.c -@@ -27,6 +27,7 @@ - #ifndef FIPS_MODULE - # include "crypto/asn1.h" - #endif -+#include "crypto/ctype.h" - #include "crypto/evp.h" - #include "crypto/dh.h" - #include "crypto/ec.h" -@@ -199,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, - } - #ifndef FIPS_MODULE - if (keytype != NULL) { -+ ossl_init_casecmp(); - id = evp_pkey_name2type(keytype); - if (id == NID_undef) - id = -1; - -From 51c7b2d9c30b72aeb7e8eb69799dc039d5b23e58 Mon Sep 17 00:00:00 2001 -From: Dmitry Belyavskiy -Date: Fri, 22 Apr 2022 19:26:08 +0200 -Subject: [PATCH 2/2] Testing the EVP_PKEY_CTX_new_from_name without - preliminary init - ---- - test/build.info | 6 +++++- - test/evp_pkey_ctx_new_from_name.c | 14 ++++++++++++++ - test/recipes/02-test_localetest.t | 4 +++- - 3 files changed, 22 insertions(+), 2 deletions(-) - create mode 100644 test/evp_pkey_ctx_new_from_name.c - -diff --git a/test/build.info b/test/build.info -index 14a84f00a258..ee059973d31a 100644 ---- a/test/build.info -+++ b/test/build.info -@@ -37,7 +37,7 @@ IF[{- !$disabled{tests} -}] - sanitytest rsa_complex exdatatest bntest \ - ecstresstest gmdifftest pbelutest \ - destest mdc2test sha_test \ -- exptest pbetest localetest \ -+ exptest pbetest localetest evp_pkey_ctx_new_from_name\ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext \ -@@ -139,6 +139,10 @@ IF[{- !$disabled{tests} -}] - INCLUDE[localetest]=../include ../apps/include - DEPEND[localetest]=../libcrypto libtestutil.a - -+ SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c -+ INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include -+ DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto -+ - SOURCE[pbetest]=pbetest.c - INCLUDE[pbetest]=../include ../apps/include - DEPEND[pbetest]=../libcrypto libtestutil.a -diff --git a/test/evp_pkey_ctx_new_from_name.c b/test/evp_pkey_ctx_new_from_name.c -new file mode 100644 -index 000000000000..24063ea05ea5 ---- /dev/null -+++ b/test/evp_pkey_ctx_new_from_name.c -@@ -0,0 +1,14 @@ -+#include -+#include -+#include -+#include -+ -+int main(int argc, char *argv[]) -+{ -+ EVP_PKEY_CTX *pctx = NULL; -+ -+ pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL); -+ EVP_PKEY_CTX_free(pctx); -+ -+ return 0; -+} -diff --git a/test/recipes/02-test_localetest.t b/test/recipes/02-test_localetest.t -index 1bccd57d4c63..77fba7d819ab 100644 ---- a/test/recipes/02-test_localetest.t -+++ b/test/recipes/02-test_localetest.t -@@ -15,7 +15,9 @@ setup("locale tests"); - plan skip_all => "Locale tests not available on Windows or VMS" - if $^O =~ /^(VMS|MSWin32)$/; - --plan tests => 2; -+plan tests => 3; -+ -+ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init"); - - $ENV{LANG} = "C"; - ok(run(test(["localetest"])), "running localetest"); diff --git a/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch index a4ea757..9991c5c 100644 --- a/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch +++ b/SOURCES/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch @@ -567,554 +567,4 @@ index 8c52b637fc..ff75c5b6ec 100644 + } SKIP: { - skip "No IPv4 available on this machine", 1 -diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem -index 7d66a6b421..894461f6da 100644 ---- a/test/smime-certs/smdh.pem -+++ b/test/smime-certs/smdh.pem -@@ -14,10 +14,10 @@ ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv - BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFljCCBH6gAwIBAgIUYmx57362u3KsYCqtKby2mYi+pLMwDQYJKoZIhvcNAQEL -+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL - BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV --BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIxMDExNTEwMDk1MloXDTMwMTEy --NDEwMDk1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz -+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx - HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw - ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz - VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH -@@ -38,10 +38,10 @@ Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+ - xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h - wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE - FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI --qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQA5r5k39ghJIgQKjOXSffhtAaBPT0Um --WtLjijp/iBUAowFpncDRIp+Ng7n/feJHDdnh59H0ZHGljWqZ3rgG3HjjArvG+iUm --6aaS4KdM6OwK60JTUXBQ/InISXzrZof2oZ5BjO6L6yV6cpaYOLlLo3QjU8HE54G9 --7UyR48NSvhwPw+vS1Abjib+K1En/ctnlm0CurHgP56LrJxguFZZP6+UjCnEy0wxm --VRr+y4+IgWikdOumMelJ+x9O9R7EPVfwQ9TYBtpo5hZQiGhSJ3Di9LZO5i0h2xjj --AhtR8zmzusFX2Ruh2dXQWeNx/dMEcYRJLU1P+IxUq2g1GUiCgq2Xc7ZY -+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y -+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb -+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC -+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ -+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2 -+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5 - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem -index b424f6704e..597d98f827 100644 ---- a/test/smime-certs/smdsa1.pem -+++ b/test/smime-certs/smdsa1.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBDMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAGXSQADbuRIZBjiQ6NikwZl+x --EDEffIE0RWbvwf1tfWxw4ZvanO/djyz5FePO0AIJDBCLUjr9D32nkmIG1Hu3dWgV --86knQsM6uFiMSzY9nkJGZOlH3w4NHLE78pk75xR1sg1MEZr4x/t+a/ea9Y4AXklE --DCcaHtpMGeAx3ZAqSKec+zQOOA73JWP1/gYHGdYyTQpQtwRTsh0Gi5mOOdpoJ0vp --O83xYbFCZ+ZZKX1RWOjJe2OQBRtw739q1nRga1VMLAT/LFSQsSE3IOp8hiWbjnit --1SE6q3II2a/aHZH/x4OzszfmtQfmerty3eQSq3bgajfxCsccnRjSbLeNiazRSKNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFNHQYTOO --xaZ/N68OpxqjHKuatw6sMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQAAiLociMMXcLkO/uKjAjCIQMrsghrOrxn4ZGBx --d/mCTeqPxhcrX2UorwxVCKI2+Dmz5dTC2xKprtvkiIadJamJmxYYzeF1pgRriFN3 --MkmMMkTbe/ekSvSeMtHQ2nHDCAJIaA/k9akWfA0+26Ec25/JKMrl3LttllsJMK1z --Xj7TcQpAIWORKWSNxY/ezM34+9ABHDZB2waubFqS+irlZsn38aZRuUI0K67fuuIt --17vMUBqQpe2hfNAjpZ8dIpEdAGjQ6izV2uwP1lXbiaK9U4dvUqmwyCIPniX7Hpaf --0VnX0mEViXMT6vWZTjLBUv0oKmO7xBkWHIaaX6oyF32pK5AO -+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz -+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E -+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P -+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH -++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy -+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx -+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd -+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL -+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq -+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1 -+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ -+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW -+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem -index 648447fc89..a995f665bb 100644 ---- a/test/smime-certs/smdsa2.pem -+++ b/test/smime-certs/smdsa2.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBEMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAItQlFu0t7Mw1HHROuuwKLS+E --h2WNNZP96MLQTygOVlqgaJY+1mJLzvl/51LLH6YezX0t89Z2Dm/3SOJEdNrdbIEt --tbu5rzymXxFhc8uaIYZFhST38oQwJOjM8wFitAQESe6/9HZjkexMqSqx/r5aEKTa --LBinqA1BJRI72So1/1dv8P99FavPADdj8V7fAccReKEQKnfnwA7mrnD+OlIqFKFn --3wCGk8Sw7tSJ9g6jgCI+zFwrKn2w+w+iot/Ogxl9yMAtKmAd689IAZr5GPPvV2y0 --KOogCiUYgSTSawZhr+rjyFavfI5dBWzMq4tKx/zAi6MJ+6hGJjJ8jHoT9JAPmaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFGaxw04k --qpufeGZC+TTBq8oMnXyrMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQCk2Xob1ICsdHYx/YsBzY6E1eEwcI4RZbZ3hEXp --VA72/Mbz60gjv1OwE5Ay4j+xG7IpTio6y2A9ZNepGpzidYcsL/Lx9Sv1LlN0Ukzb --uk6Czd2sZJp+PFMTTrgCd5rXKnZs/0D84Vci611vGMA1hnUnbAnBBmgLXe9pDNRV --6mhmCLLjJ4GOr5Wxt/hhknr7V2e1VMx3Q47GZhc0o/gExfhxXA8+gicM0nEYNakD --2A1F0qDhQGakjuofANHhjdUDqKJ1sxurAy80fqb0ddzJt2el89iXKN+aXx/zEX96 --GI5ON7z/bkVwIi549lUOpWb2Mved61NBzCLKVP7HSuEIsC/I -+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz -+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s -+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO -+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR -+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA -+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r -+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm -+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat -+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx -+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW -+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU -+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r -+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem -index 77acc5e46f..9f703e52f0 100644 ---- a/test/smime-certs/smdsa3.pem -+++ b/test/smime-certs/smdsa3.pem -@@ -14,34 +14,34 @@ Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+ - TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIFkDCCBHigAwIBAgIJANk5lu6mSyBFMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggNGMIICOQYHKoZIzjgEATCCAiwCggEBAJB8 --uU116E+dOsYgyHDiuTS65rqTWcIbfNzJ9eWLXsF0HaTQcE9pMDdrdkd863UDDLRS --7TBneB0+v3PQjriGclcgai7MhqdnudhEiYe1fkkwVtd7LGjU7B3ZmzegST2dBShS --wzG+ZgL+CE8vlnHWk/FwcI7DNbGgbjJkyOKZc5zX9bvO8r/j+D8LP18i0PfN1zJ1 --+Az+ErT8J5hDbXF+Gp/iaMq/2mWcJxaBOgYj7sfxUrzQwVuQ7ZApHPe8/X9OMro9 --Gb2wR4HlvXT5K8a/aPbD4ILR9cvizqfs+0GWb9vDDzEvX8DPyTB6NRwgjUNzy43D --AhLAZvBoYG+XsgembbUCIQCuh1mL6cIpl1MvwiAKNfefQO6E9GRVA+PP8HpXB4tb --0wKCAQB+KaRQ3CewYWnuYozMkqEehCQwHWonPIgeMPND8nXGN+gXqLbtp/DX9Ypu --g0Pl6x5mGWEDZM7lkkHqcbEM4T2VVDFhWaX75xCPp+geHVNUkCAaXiZa695b9HP4 --0SGkrjNV4Sx8ytuQHKk8HLLHMXVnj23nrzF0ij57yMsjwWMR1c4hSDh6EHc1jpIv --yvignj2P+wlZ8dwOhYf8sr1loEXw2l+Ul7cXjRLxEO8zyPYcL7LZDhDIqTUNcaIf --7vJAsZbOvczveQLdQGecfSEfFvshIMJPt0LD+UfWcJtUUE4zQBIjbpJKwVJdCu8P --aSvJFxNnQqTLKGGg84NalT5NAyzFA4IBBQACggEAcXvtfiJfIZ0wgGpN72ZeGrJ9 --msUXOxow7w3fDbP8r8nfVkBNbfha8rx0eY6fURFVZzIOd8EHGKypcH1gS6eZNucf --zgsH1g5r5cRahMZmgGXBEBsWrh2IaDG7VSKt+9ghz27EKgjAQCzyHQL5FCJgR2p7 --cv0V4SRqgiAGYlJ191k2WtLOsVd8kX//jj1l8TUgE7TqpuSEpaSyQ4nzJROpZWZp --N1RwFmCURReykABU/Nzin/+rZnvZrp8WoXSXEqxeB4mShRSaH57xFnJCpRwKJ4qS --2uhATzJaKH7vu63k3DjftbSBVh+32YXwtHc+BGjs8S2aDtCW3FtDA7Z6J8BIxaNg --MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFMJxatDE --FCEFGl4uoiQQ1050Ju9RMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZs --MA0GCSqGSIb3DQEBBQUAA4IBAQBGZD1JnMep39KMOhD0iBTmyjhtcnRemckvRask --pS/CqPwo+M+lPNdxpLU2w9b0QhPnj0yAS/BS1yBjsLGY4DP156k4Q3QOhwsrTmrK --YOxg0w7DOpkv5g11YLJpHsjSOwg5uIMoefL8mjQK6XOFOmQXHJrUtGulu+fs6FlM --khGJcW4xYVPK0x/mHvTT8tQaTTkgTdVHObHF5Dyx/F9NMpB3RFguQPk2kT4lJc4i --Up8T9mLzaxz6xc4wwh8h70Zw81lkGYhX+LRk3sfd/REq9x4QXQNP9t9qU1CgrBzv --4orzt9cda4r+rleSg2XjWnXzMydE6DuwPVPZlqnLbSYUy660 -+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz -+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB -+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw -+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs -+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4 -+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt -+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J -+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0 -+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3 -+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ -+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV -+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv -+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA -+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h -+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY -+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA -+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl -+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof -+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc -+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV -+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL -+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR -+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5 -+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw -+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J -+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87 -+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem -index 75a862666b..05754f3963 100644 ---- a/test/smime-certs/smec1.pem -+++ b/test/smime-certs/smec1.pem -@@ -4,19 +4,19 @@ DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV - 3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICoDCCAYigAwIBAgIJANk5lu6mSyBGMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL5I --iPYVjYOi49G40On1ZWmyp5/ny1XeAjBXQQ5X/HJhPNmG59mL9oFxe6BZHXHvnzHi --ce6za4S4QWLcyvcrf7GjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg --MB0GA1UdDgQWBBR/ybxC2DI+Jydhx1FMgPbMTmLzRzAfBgNVHSMEGDAWgBTJkVMK --Y3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEAdk9si83JjtgHHHGy --WcgWDfM0jzlWBsgFNQ9DwAuB7gJd/LG+5Ocajg5XdA5FXAdKkfwI6be3PdcVs3Bt --7f/fdKfBxfr9/SvFHnK7PVAX2x1wwS4HglX1lfoyq1boSvsiJOnAX3jsqXJ9TJiV --FlgRVnhnrw6zz3Xs/9ZDMTENUrqDHPNsDkKEi+9SqIsqDXpMCrGHP4ic+S8Rov1y --S+0XioMxVyXDp6XcL4PQ/NgHbw5/+UcS0me0atZ6pW68C0vi6xeU5vxojyuZxMI1 --DXXwMhOXWaKff7KNhXDUN0g58iWlnyaCz4XQwFsbbFs88TQ1+e/aj3bbwTxUeyN7 --qtcHJA== -+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz -+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2 -+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp -+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9 -+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj -+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R -+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy -+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ -+V5ASvNRiGWIJK5XF+zRY - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem -index 457297a760..7c502d8799 100644 ---- a/test/smime-certs/smec2.pem -+++ b/test/smime-certs/smec2.pem -@@ -5,19 +5,19 @@ uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8 - 6bQ= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICpTCCAY2gAwIBAgIJANk5lu6mSyBHMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzFaFw0yMzA1MjYxNzI4MzFaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMjBeMBAGByqGSM49AgEGBSuBBAAQA0oABAXbOzq+ --huahP4z4/b70tntqy8UE2Lu4LMtgX/yPVJyf+ylzOgL283NWE3D4uDt2eM0vgQMj --JhkuXsTS/r2W7Nu/L6rjj/zptKNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E --BAMCBeAwHQYDVR0OBBYEFGf+QSQlkN20PsNN7x+jmQIJBDcXMB8GA1UdIwQYMBaA --FMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBBQUAA4IBAQBaBBryl2Ez --ftBrGENXMKQP3bBEw4n9ely6HvYQi9IC7HyK0ktz7B2FcJ4z96q38JN3cLxV0DhK --xT/72pFmQwZVJngvRaol0k1B+bdmM03llxCw/uNNZejixDjHUI9gEfbigehd7QY0 --uYDu4k4O35/z/XPQ6O5Kzw+J2vdzU8GXlMBbWeZWAmEfLGbk3Ux0ouITnSz0ty5P --rkHTo0uprlFcZAsrsNY5v5iuomYT7ZXAR3sqGZL1zPOKBnyfXeNFUfnKsZW7Fnlq --IlYBQIjqR1HGxxgCSy66f1oplhxSch4PUpk5tqrs6LeOqc2+xROy1T5YrB3yjVs0 --4ZdCllHZkhop -+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz -+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE -+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT -+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA -+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw -+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD -+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ -+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5 -+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd -+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60 -+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ -+/UfNk+5Y3g5Mm642MLvjBEUqurw= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem -index 90eac867d0..5110e2984b 100644 ---- a/test/smime-certs/smec3.pem -+++ b/test/smime-certs/smec3.pem -@@ -4,19 +4,19 @@ zSy+knGorGWZBGG5p//ke0WUSbqhRANCAARH8uHBHkuOfuyXgJj7V3lNqUEPiQNo - xG8ntGjVmKRHfywdUoQJ1PgfbkCEsBk334rRFmja1r+MYyqn/A9ARiGB - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIICoDCCAYigAwIBAgIJAPaEOllWs/pjMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xNzA4MTAxNTQyMDhaFw0yNzA2MTkxNTQyMDhaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBFRSBFQyAjMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEfy --4cEeS45+7JeAmPtXeU2pQQ+JA2jEbye0aNWYpEd/LB1ShAnU+B9uQISwGTffitEW --aNrWv4xjKqf8D0BGIYGjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXg --MB0GA1UdDgQWBBQLR+H9CmAY/KDyXWdVUM9FP766WzAfBgNVHSMEGDAWgBT3YQTy --KJTdSIrnOcPj3pm5oVNtazANBgkqhkiG9w0BAQsFAAOCAQEAmMRuf8Iz5fr9f0GA --HaNiOM5S7AIfZ6W7zzdeF63EF1j9HqP1DJsUW4y5b9azWmpp62kKuNaM4CGPUVvm --diLKJVlrDcc+6lW9oROpnBsskhjqFMTjTANPQSAKZeKiG2W3U8Q103VQpuYvE4Nj --OU9JT+5e4RZS7wxYk/IsvnyF/DkoF1FTMHo9/3Wiw4V4KRhpJIPnqojWNcfipmhM --UDpbw0Oyj5fE7x6wvaoOUr8GNJE5NudtV/5QDh9REkjyKUdVYsuUrWwKqn3NT8EI --OLl8wx3RqA8htRg/W+SoESx87rvW1saPGvfypBp4cl18B1IzTlC+FMbHFJvZqQn8 --Ci1l4Q== -+MIICqzCCAZOgAwIBAgIUSG5MT0bOz48OfBayRWfoQwUcA50wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0Mjg1MloXDTMyMDMz -+MTE0Mjg1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMzMFkwEwYHKoZIzj0CAQYIKoZI -+zj0DAQcDQgAER/LhwR5Ljn7sl4CY+1d5TalBD4kDaMRvJ7Ro1ZikR38sHVKECdT4 -+H25AhLAZN9+K0RZo2ta/jGMqp/wPQEYhgaNgMF4wDAYDVR0TAQH/BAIwADAOBgNV -+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFAtH4f0KYBj8oPJdZ1VQz0U/vrpbMB8GA1Ud -+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQBY -+xXTNWQz38q37bRjyl6FWMdIaVRkle1Qzjo0bAVHsrYNwY36PBnJpfZE8aJS6WwD2 -+PUHWVLc0zd50pXbAa41FlquOdP5FNa8wOc+jHIiyWaE8SEdt0jsxPRTJ9kElXuJ5 -+wFx7icmRde7DWLG32SWwR1pFi4R/aDOOxpTzUuYvKuawfAUVQtQyCz8sahbmI8EW -+H0KDuiyuncq1YjvHfaUR7QKijMJ0eBRsjUls0HeMjkehBkTrz78u7TJBWKE/BCiB -+HzuZeMqHpSXtK6ZCRtQXTLv0HyenFmbdVSDiOFSnvdL5lyLT3aFQ19DVtGFCAUwZ -+HQdD3KNn4i073Z7Ia2Xa - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem -index d1a253f409..f62a54e2a3 100644 ---- a/test/smime-certs/smroot.pem -+++ b/test/smime-certs/smroot.pem -@@ -27,23 +27,23 @@ vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ - KfvPCYimQwBjVrEnSntLPR0= - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbjCCAlagAwIBAgIJAMc+8VKBJ/S9MA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MjlaFw0yMzA3MTUxNzI4MjlaMEQx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRU --ZXN0IFMvTUlNRSBSU0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC --ggEBALLJBcQPkfJVbCqdfLOZjfXvIxQmsh+wq9EQbYLr3V0k0eA2D6irmyO39/OT --JLzgC906KJwCxqjhxgsO6W2FoulsLuawQGG/ACKXQU1vmDcRG6l7Uq5N1RXVS4P+ --LpLZWho1dQEGfWsP1ZwEFzSWfH/ha33Z5BMjr3bmm3tkc9DDY6WntNAMSXKLmo/E --J6bi5PSDfNtmxaqaawgxdu74rd0SmvOoDW5wpdvFSZk2QzBWzZcKaUvGtFSPwLf/ --MQ20fXsdYLOeFH8hVxWSAi6SWR6IOwSFta9RC6ZVdHug+H8I9kBuMaqrmZW54dIe --untusFVkodm+hSRrbxAtaK2rVbkCAwEAAaNjMGEwHQYDVR0OBBYEFMmRUwpjexZb --i71E8HaIqSTm5bZsMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA8G --A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB --AQAwpIVWQey2u/XoQSMSu0jd0EZvU+lhLaFrDy/AHQeG3yX1+SAOM6f6w+efPvyb --Op1NPI9UkMPb4PCg9YC7jgYokBkvAcI7J4FcuDKMVhyCD3cljp0ouuKruvEf4FBl --zyQ9pLqA97TuG8g1hLTl8G90NzTRcmKpmhs18BmCxiqHcTfoIpb3QvPkDX8R7LVt --9BUGgPY+8ELCgw868TuHh/Cnc67gBtRjBp0sCYVzGZmKsO5f1XdHrAZKYN5mEp0C --7/OqcDoFqORTquLeycg1At/9GqhDEgxNrqA+YEsPbLGAfsNuXUsXs2ubpGsOZxKt --Emsny2ah6fU2z7PztrUy/A80 -+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy -+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR -+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb -+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj -+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN -+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2 -+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E -+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw -+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN -+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z -+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx -+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo -+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2 -+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8= - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem -index d0d0b9e66b..7eb331e2c9 100644 ---- a/test/smime-certs/smrsa1.pem -+++ b/test/smime-certs/smrsa1.pem -@@ -27,23 +27,23 @@ iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST - zQpuMJliRlrq/5JkIbH6SA== - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBAMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDXr9uzB/20QXKCxhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK --2bcj54XB26i1kXuOrxID3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt --+W6lSd6Hmfrk4GmE9LTU/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JF --Yg4c7qt5RCk/w8kwrQ0DorQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSe --bvt0APeqgRxSpCxqYnHsCoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxM --kjpJSv3/ekDG2CHYxXSHXxpJstxZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBTmjc+lrTQuYx/VBOBGjMvufajvhDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --dr2IRXcFtlF16kKWs1VTaFIHHNQrfSVHBkhKblPX3f/0s/i3eXgwKUu7Hnb6T3/o --E8L+e4ioQNhahTLt9ruJNHWA/QDwOfkqM3tshCs2xOD1Cpy7Bd3Dn0YBrHKyNXRK --WelGp+HetSXJGW4IZJP7iES7Um0DGktLabhZbe25EnthRDBjNnaAmcofHECWESZp --lEHczGZfS9tRbzOCofxvgLbF64H7wYSyjAe6R8aain0VRbIusiD4tCHX/lOMh9xT --GNBW8zTL+tV9H1unjPMORLnT0YQ3oAyEND0jCu0ACA1qGl+rzxhF6bQcTUNEbRMu --9Hjq6s316fk4Ne0EUF3PbA== -+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz -+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw -+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy -+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS -+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH -+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT -+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM -+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm -+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq -+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ -+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0 -+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY -+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem -index 2f17cb2978..4262742176 100644 ---- a/test/smime-certs/smrsa2.pem -+++ b/test/smime-certs/smrsa2.pem -@@ -27,23 +27,23 @@ hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n - yrLyf+8hjm6H6zkjqiOkHAl+ - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBBMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQDcYC4tS2Uvn1Z2iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iF --AzAnwqR/UB1R67ETrsWqV8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFp --cXepPWQacpuBq2VvcKRDlDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS --0PZ9EZB63T1gmwaK1Rd5U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1 --NcojhptIWyI0r7dgn5J3NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0 --EFWyQf7iDxGaA93Y9ePBJv5iFZVZAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBT0arpyYMHXDPVL7MvzE+lx71L7sjAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --I8nM42am3aImkZyrw8iGkaGhKyi/dfajSWx6B9izBUh+3FleBnUxxOA+mn7M8C47 --Ne18iaaWK8vEux9KYTIY8BzXQZL1AuZ896cXEc6bGKsME37JSsocfuB5BIGWlYLv --/ON5/SJ0iVFj4fAp8z7Vn5qxRJj9BhZDxaO1Raa6cz6pm0imJy9v8y01TI6HsK8c --XJQLs7/U4Qb91K+IDNX/lgW3hzWjifNpIpT5JyY3DUgbkD595LFV5DDMZd0UOqcv --6cyN42zkX8a0TWr3i5wu7pw4k1oD19RbUyljyleEp0DBauIct4GARdBGgi5y1H2i --NzYzLAPBkHCMY0Is3KKIBw== -+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz -+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6 -+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7 -+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk -+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM -+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2 -+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT -+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD -+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa -+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv -+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR -+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM -+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE - -----END CERTIFICATE----- -diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem -index 14c27f64aa..f7dca3a004 100644 ---- a/test/smime-certs/smrsa3.pem -+++ b/test/smime-certs/smrsa3.pem -@@ -27,23 +27,23 @@ yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF - RvOAi5wVkYylDxV4238MAZIq - -----END PRIVATE KEY----- - -----BEGIN CERTIFICATE----- --MIIDbDCCAlSgAwIBAgIJANk5lu6mSyBCMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV --BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDDBRUZXN0IFMv --TUlNRSBSU0EgUm9vdDAeFw0xMzA3MTcxNzI4MzBaFw0yMzA1MjYxNzI4MzBaMEUx --CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU --ZXN0IFMvTUlNRSBFRSBSU0EgIzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK --AoIBAQCyK+BTAOJKJjjiOhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVC --FoVBz5doMf3M6QIS2jL3Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsF --STxytUVpfcByrubWiLKX63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuW --m/gavozkK103gQ+dUq4HXamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enha --v2sXDfOmZp/DYf9IqS7lvFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p --1diWRpaSn62bbkRN49j6L2dVb+DfAgMBAAGjYDBeMAwGA1UdEwEB/wQCMAAwDgYD --VR0PAQH/BAQDAgXgMB0GA1UdDgQWBBQ6CkW5sa6HrBsWvuPOvMjyL5AnsDAfBgNV --HSMEGDAWgBTJkVMKY3sWW4u9RPB2iKkk5uW2bDANBgkqhkiG9w0BAQUFAAOCAQEA --JhcrD7AKafVzlncA3cZ6epAruj1xwcfiE+EbuAaeWEGjoSltmevcjgoIxvijRVcp --sCbNmHJZ/siQlqzWjjf3yoERvLDqngJZZpQeocMIbLRQf4wgLAuiBcvT52wTE+sa --VexeETDy5J1OW3wE4A3rkdBp6hLaymlijFNnd5z/bP6w3AcIMWm45yPm0skM8RVr --O3UstEFYD/iy+p+Y/YZDoxYQSW5Vl+NkpGmc5bzet8gQz4JeXtH3z5zUGoDM4XK7 --tXP3yUi2eecCbyjh/wgaQiVdylr1Kv3mxXcTl+cFO22asDkh0R/y72nTCu5fSILY --CscFo2Z2pYROGtZDmYqhRw== -+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL -+BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV -+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz -+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx -+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB -+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x -+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM -+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5 -+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO -+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj -+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T -+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868 -+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3 -+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c -+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs -+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn -+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7 -+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu -+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf - -----END CERTIFICATE----- --- -2.35.3 - + skip "No IPv4 available on this machine", 4 diff --git a/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch b/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch index 6d368d8..d2e9b0a 100644 --- a/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch +++ b/SOURCES/0062-fips-Expose-a-FIPS-indicator.patch @@ -325,7 +325,7 @@ index de391ce067..1cfd71c5cf 100644 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, { NULL, NULL, NULL } @@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) { - freelocale(loc); + return NULL; } +const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) { diff --git a/SOURCES/0063-CVE-2022-1473.patch b/SOURCES/0063-CVE-2022-1473.patch deleted file mode 100644 index b4b12dc..0000000 --- a/SOURCES/0063-CVE-2022-1473.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c -index 2a574fbfe6aa..16f482db68a9 100644 ---- a/crypto/lhash/lhash.c -+++ b/crypto/lhash/lhash.c -@@ -100,6 +100,8 @@ void OPENSSL_LH_flush(OPENSSL_LHASH *lh) - } - lh->b[i] = NULL; - } -+ -+ lh->num_items = 0; - } - - void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) diff --git a/SOURCES/0064-CVE-2022-1343.diff b/SOURCES/0064-CVE-2022-1343.diff deleted file mode 100644 index d473597..0000000 --- a/SOURCES/0064-CVE-2022-1343.diff +++ /dev/null @@ -1,263 +0,0 @@ -diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c -index 7a4a45d537..3c5f48ec0a 100644 ---- a/crypto/ocsp/ocsp_vfy.c -+++ b/crypto/ocsp/ocsp_vfy.c -@@ -59,9 +59,10 @@ static int ocsp_verify_signer(X509 *signer, int response, - - ret = X509_verify_cert(ctx); - if (ret <= 0) { -- ret = X509_STORE_CTX_get_error(ctx); -+ int err = X509_STORE_CTX_get_error(ctx); -+ - ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, -- "Verify error: %s", X509_verify_cert_error_string(ret)); -+ "Verify error: %s", X509_verify_cert_error_string(err)); - goto end; - } - if (chain != NULL) -diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t -index d42030cb89..34fdfcbccc 100644 ---- a/test/recipes/80-test_ocsp.t -+++ b/test/recipes/80-test_ocsp.t -@@ -35,6 +35,7 @@ sub test_ocsp { - $untrusted = $CAfile; - } - my $expected_exit = shift; -+ my $nochecks = shift; - my $outputfile = basename($inputfile, '.ors') . '.dat'; - - run(app(["openssl", "base64", "-d", -@@ -45,7 +46,8 @@ sub test_ocsp { - "-partial_chain", @check_time, - "-CAfile", catfile($ocspdir, $CAfile), - "-verify_other", catfile($ocspdir, $untrusted), -- "-no-CApath", "-no-CAstore"])), -+ "-no-CApath", "-no-CAstore", -+ $nochecks ? "-no_cert_checks" : ()])), - $title); }); - } - -@@ -55,143 +57,149 @@ subtest "=== VALID OCSP RESPONSES ===" => sub { - plan tests => 7; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); -+ "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "ND2.ors", "ND2_Issuer_Root.pem", "", 0); -+ "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "ND3.ors", "ND3_Issuer_Root.pem", "", 0); -+ "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0); - test_ocsp("NON-DELEGATED; 3-level CA hierarchy", -- "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); -+ "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "D1.ors", "D1_Issuer_ICA.pem", "", 0); -+ "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "D2.ors", "D2_Issuer_Root.pem", "", 0); -+ "D2.ors", "D2_Issuer_Root.pem", "", 0, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "D3.ors", "D3_Issuer_Root.pem", "", 0); -+ "D3.ors", "D3_Issuer_Root.pem", "", 0, 0); - }; - - subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); -+ "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); -+ "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); -+ "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); -+ "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); -+ "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); -+ "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); -+ "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); -+ "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); -+ "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); -+ "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); -+ "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); -+ "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { - plan tests => 3; - - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { -- plan tests => 3; -+ plan tests => 6; - - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); -+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); -+ test_ocsp("DELEGATED; Root CA -> Intermediate CA", -+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); -+ test_ocsp("DELEGATED; Root CA -> EE", -+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); -+ test_ocsp("DELEGATED; Intermediate CA -> EE", -+ "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); -+ "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1); - test_ocsp("DELEGATED; Root CA -> EE", -- "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); -+ "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1); - }; - - subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); -+ "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); -+ "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); -+ "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); -+ "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); -+ "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); -+ "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { - plan tests => 6; - - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); -+ "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); -+ "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); -+ "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); -+ "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); -+ "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); -+ "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0); - }; - - subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { -@@ -199,17 +207,17 @@ subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { - - # Expect success, because we're explicitly trusting the issuer certificate. - test_ocsp("NON-DELEGATED; Intermediate CA -> EE", -- "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); -+ "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0); - test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", -- "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); -+ "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0); - test_ocsp("NON-DELEGATED; Root CA -> EE", -- "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); -+ "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0); - test_ocsp("DELEGATED; Intermediate CA -> EE", -- "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); -+ "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0); - test_ocsp("DELEGATED; Root CA -> Intermediate CA", -- "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); -+ "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0); - test_ocsp("DELEGATED; Root CA -> EE", -- "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); -+ "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0); - }; - - subtest "=== OCSP API TESTS===" => sub { diff --git a/SOURCES/0065-CVE-2022-1292.patch b/SOURCES/0065-CVE-2022-1292.patch deleted file mode 100644 index 5531fb3..0000000 --- a/SOURCES/0065-CVE-2022-1292.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index d51d8856d7..a630773a02 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -152,6 +152,23 @@ sub check_file { - return ($is_cert, $is_crl); - } - -+sub compute_hash { -+ my $fh; -+ if ( $^O eq "VMS" ) { -+ # VMS uses the open through shell -+ # The file names are safe there and list form is unsupported -+ if (!open($fh, "-|", join(' ', @_))) { -+ print STDERR "Cannot compute hash on '$fname'\n"; -+ return; -+ } -+ } else { -+ if (!open($fh, "-|", @_)) { -+ print STDERR "Cannot compute hash on '$fname'\n"; -+ return; -+ } -+ } -+ return (<$fh>, <$fh>); -+} - - # Link a certificate to its subject name hash value, each hash is of - # the form . where n is an integer. If the hash value already exists -@@ -161,10 +178,12 @@ sub check_file { - - sub link_hash_cert { - my $fname = $_[0]; -- $fname =~ s/\"/\\\"/g; -- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; -+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, -+ "-fingerprint", "-noout", -+ "-in", $fname); - chomp $hash; - chomp $fprint; -+ return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; -@@ -202,10 +221,12 @@ sub link_hash_cert { - - sub link_hash_crl { - my $fname = $_[0]; -- $fname =~ s/'/'\\''/g; -- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; -+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, -+ "-fingerprint", "-noout", -+ "-in", $fname); - chomp $hash; - chomp $fprint; -+ return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; diff --git a/SOURCES/0066-replace-expired-certs.patch b/SOURCES/0066-replace-expired-certs.patch deleted file mode 100644 index adc9460..0000000 --- a/SOURCES/0066-replace-expired-certs.patch +++ /dev/null @@ -1,212 +0,0 @@ -diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem -index 1fa449d5a098..6aa9455f09ed 100644 ---- a/test/certs/embeddedSCTs1_issuer.pem -+++ b/test/certs/embeddedSCTs1_issuer.pem -@@ -1,18 +1,18 @@ - -----BEGIN CERTIFICATE----- --MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk -+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk - MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX --YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw --MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu --c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf --MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7 --jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP --KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL --svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk --tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG --A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO --MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB --/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt --OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy --f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP --OwqULg== -+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw -+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy -+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w -+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG -+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4 -+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG -+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw -+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw -+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB -+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD -+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq -++uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo -+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c -+Doud4XrO - -----END CERTIFICATE----- -diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem -index 5677ac6c9f6a..70ce71e43091 100644 ---- a/test/certs/sm2-ca-cert.pem -+++ b/test/certs/sm2-ca-cert.pem -@@ -1,14 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT - AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG --SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU --5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW --BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU --5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI --ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X --YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg -+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x -+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP -+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH -+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ -+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O -+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp -+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 -+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC -+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu - -----END CERTIFICATE----- -diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt -index 5677ac6c9f6a..70ce71e43091 100644 ---- a/test/certs/sm2-root.crt -+++ b/test/certs/sm2-root.crt -@@ -1,14 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT -+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT - AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG --SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU --5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW --BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU --5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI --ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X --YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 -+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg -+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x -+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP -+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH -+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ -+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O -+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp -+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 -+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC -+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu - -----END CERTIFICATE----- -diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem -index 189abb137625..daf12926aff9 100644 ---- a/test/certs/sm2.pem -+++ b/test/certs/sm2.pem -@@ -1,13 +1,14 @@ - -----BEGIN CERTIFICATE----- --MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT --AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl --c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe --Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw --CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn --MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw --WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE --TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ --BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT --TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH --OZOfmtx613VyzXwc -+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw -+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER -+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl -+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw -+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD -+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT -+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt -+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN -+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl -+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/ -+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9 -+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg== - -----END CERTIFICATE----- -diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh -index 12e8a7305402..109b9c4abc28 100644 ---- a/test/smime-certs/mksmime-certs.sh -+++ b/test/smime-certs/mksmime-certs.sh -@@ -15,23 +15,23 @@ export OPENSSL_CONF - - # Root CA: create certificate directly - CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \ -- -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 3650 -+ -keyout smroot.pem -out smroot.pem -newkey rsa:2048 -days 36501 - - # EE RSA certificates: create request first - CN="Test S/MIME EE RSA #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa1.pem -out req.pem -newkey rsa:2048 - # Sign request: end entity extensions --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa1.pem - - CN="Test S/MIME EE RSA #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa2.pem -out req.pem -newkey rsa:2048 --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa2.pem - - CN="Test S/MIME EE RSA #3" $OPENSSL req -config ca.cnf -noenc \ - -keyout smrsa3.pem -out req.pem -newkey rsa:2048 --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smrsa3.pem - - # Create DSA parameters -@@ -40,15 +40,15 @@ $OPENSSL dsaparam -out dsap.pem 2048 - - CN="Test S/MIME EE DSA #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa1.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa1.pem - CN="Test S/MIME EE DSA #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa2.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa2.pem - CN="Test S/MIME EE DSA #3" $OPENSSL req -config ca.cnf -noenc \ - -keyout smdsa3.pem -out req.pem -newkey dsa:dsap.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdsa3.pem - - # Create EC parameters -@@ -58,16 +58,17 @@ $OPENSSL ecparam -out ecp2.pem -name K-283 - - CN="Test S/MIME EE EC #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smec1.pem -out req.pem -newkey ec:ecp.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec1.pem - CN="Test S/MIME EE EC #2" $OPENSSL req -config ca.cnf -noenc \ - -keyout smec2.pem -out req.pem -newkey ec:ecp2.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec2.pem --CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ -- -keyout smec3.pem -out req.pem -newkey ec:ecp.pem --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -- -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem -+# Do not renew this cert as it is used for legacy data decrypt test -+#CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \ -+# -keyout smec3.pem -out req.pem -newkey ec:ecp.pem -+#$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ -+# -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smec3.pem - # Create X9.42 DH parameters. - $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem - # Generate X9.42 DH key. -@@ -77,7 +78,7 @@ $OPENSSL pkey -pubout -in smdh.pem -out dhpub.pem - CN="Test S/MIME EE DH #1" $OPENSSL req -config ca.cnf -noenc \ - -keyout smtmp.pem -out req.pem -newkey rsa:2048 - # Sign request but force public key to DH --$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 3600 \ -+$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36500 \ - -force_pubkey dhpub.pem \ - -extfile ca.cnf -extensions usr_cert -CAcreateserial >>smdh.pem - # Remove temp files. diff --git a/SOURCES/0067-fix-ppc64-montgomery.patch b/SOURCES/0067-fix-ppc64-montgomery.patch deleted file mode 100644 index a572ef8..0000000 --- a/SOURCES/0067-fix-ppc64-montgomery.patch +++ /dev/null @@ -1,662 +0,0 @@ -diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl -index 56df89dc27da..e69de29bb2d1 100755 ---- a/crypto/bn/asm/ppc64-mont-fixed.pl -+++ b/crypto/bn/asm/ppc64-mont-fixed.pl -@@ -1,581 +0,0 @@ --#! /usr/bin/env perl --# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. --# --# Licensed under the Apache License 2.0 (the "License"). You may not use --# this file except in compliance with the License. You can obtain a copy --# in the file LICENSE in the source distribution or at --# https://www.openssl.org/source/license.html -- --# ==================================================================== --# Written by Amitay Isaacs , Martin Schwenke --# & Alastair D'Silva for --# the OpenSSL project. --# ==================================================================== -- --# --# Fixed length (n=6), unrolled PPC Montgomery Multiplication --# -- --# 2021 --# --# Although this is a generic implementation for unrolling Montgomery --# Multiplication for arbitrary values of n, this is currently only --# used for n = 6 to improve the performance of ECC p384. --# --# Unrolling allows intermediate results to be stored in registers, --# rather than on the stack, improving performance by ~7% compared to --# the existing PPC assembly code. --# --# The ISA 3.0 implementation uses combination multiply/add --# instructions (maddld, maddhdu) to improve performance by an --# additional ~10% on Power 9. --# --# Finally, saving non-volatile registers into volatile vector --# registers instead of onto the stack saves a little more. --# --# On a Power 9 machine we see an overall improvement of ~18%. --# -- --use strict; --use warnings; -- --my ($flavour, $output, $dir, $xlate); -- --# $output is the last argument if it looks like a file (it has an extension) --# $flavour is the first argument if it doesn't look like a file --$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; --$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -- --$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; --( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or --( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or --die "can't locate ppc-xlate.pl"; -- --open STDOUT,"| $^X $xlate $flavour \"$output\"" -- or die "can't call $xlate: $!"; -- --if ($flavour !~ /64/) { -- die "bad flavour ($flavour) - only ppc64 permitted"; --} -- --my $SIZE_T= 8; -- --# Registers are global so the code is remotely readable -- --# Parameters for Montgomery multiplication --my $sp = "r1"; --my $toc = "r2"; --my $rp = "r3"; --my $ap = "r4"; --my $bp = "r5"; --my $np = "r6"; --my $n0 = "r7"; --my $num = "r8"; -- --my $i = "r9"; --my $c0 = "r10"; --my $bp0 = "r11"; --my $bpi = "r11"; --my $bpj = "r11"; --my $tj = "r12"; --my $apj = "r12"; --my $npj = "r12"; --my $lo = "r14"; --my $c1 = "r14"; -- --# Non-volatile registers used for tp[i] --# --# 12 registers are available but the limit on unrolling is 10, --# since registers from $tp[0] to $tp[$n+1] are used. --my @tp = ("r20" .. "r31"); -- --# volatile VSRs for saving non-volatile GPRs - faster than stack --my @vsrs = ("v32" .. "v46"); -- --package Mont; -- --sub new($$) --{ -- my ($class, $n) = @_; -- -- if ($n > 10) { -- die "Can't unroll for BN length ${n} (maximum 10)" -- } -- -- my $self = { -- code => "", -- n => $n, -- }; -- bless $self, $class; -- -- return $self; --} -- --sub add_code($$) --{ -- my ($self, $c) = @_; -- -- $self->{code} .= $c; --} -- --sub get_code($) --{ -- my ($self) = @_; -- -- return $self->{code}; --} -- --sub get_function_name($) --{ -- my ($self) = @_; -- -- return "bn_mul_mont_fixed_n" . $self->{n}; --} -- --sub get_label($$) --{ -- my ($self, $l) = @_; -- -- return "L" . $l . "_" . $self->{n}; --} -- --sub get_labels($@) --{ -- my ($self, @labels) = @_; -- -- my %out = (); -- -- foreach my $l (@labels) { -- $out{"$l"} = $self->get_label("$l"); -- } -- -- return \%out; --} -- --sub nl($) --{ -- my ($self) = @_; -- -- $self->add_code("\n"); --} -- --sub copy_result($) --{ -- my ($self) = @_; -- -- my ($n) = $self->{n}; -- -- for (my $j = 0; $j < $n; $j++) { -- $self->add_code(<<___); -- std $tp[$j],`$j*$SIZE_T`($rp) --___ -- } -- --} -- --sub mul_mont_fixed($) --{ -- my ($self) = @_; -- -- my ($n) = $self->{n}; -- my $fname = $self->get_function_name(); -- my $label = $self->get_labels("outer", "enter", "sub", "copy", "end"); -- -- $self->add_code(<<___); -- --.globl .${fname} --.align 5 --.${fname}: -- --___ -- -- $self->save_registers(); -- -- $self->add_code(<<___); -- ld $n0,0($n0) -- -- ld $bp0,0($bp) -- -- ld $apj,0($ap) --___ -- -- $self->mul_c_0($tp[0], $apj, $bp0, $c0); -- -- for (my $j = 1; $j < $n - 1; $j++) { -- $self->add_code(<<___); -- ld $apj,`$j*$SIZE_T`($ap) --___ -- $self->mul($tp[$j], $apj, $bp0, $c0); -- } -- -- $self->add_code(<<___); -- ld $apj,`($n-1)*$SIZE_T`($ap) --___ -- -- $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0); -- -- $self->add_code(<<___); -- li $tp[$n+1],0 -- --___ -- -- $self->add_code(<<___); -- li $i,0 -- mtctr $num -- b $label->{"enter"} -- --.align 4 --$label->{"outer"}: -- ldx $bpi,$bp,$i -- -- ld $apj,0($ap) --___ -- -- $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0); -- -- for (my $j = 1; $j < $n; $j++) { -- $self->add_code(<<___); -- ld $apj,`$j*$SIZE_T`($ap) --___ -- $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0); -- } -- -- $self->add_code(<<___); -- addc $tp[$n],$tp[$n],$c0 -- addze $tp[$n+1],$tp[$n+1] --___ -- -- $self->add_code(<<___); --.align 4 --$label->{"enter"}: -- mulld $bpi,$tp[0],$n0 -- -- ld $npj,0($np) --___ -- -- $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0); -- -- for (my $j = 1; $j < $n; $j++) { -- $self->add_code(<<___); -- ld $npj,`$j*$SIZE_T`($np) --___ -- $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0); -- } -- -- $self->add_code(<<___); -- addc $tp[$n-1],$tp[$n],$c0 -- addze $tp[$n],$tp[$n+1] -- -- addi $i,$i,$SIZE_T -- bdnz $label->{"outer"} -- -- and. $tp[$n],$tp[$n],$tp[$n] -- bne $label->{"sub"} -- -- cmpld $tp[$n-1],$npj -- blt $label->{"copy"} -- --$label->{"sub"}: --___ -- -- # -- # Reduction -- # -- -- $self->add_code(<<___); -- ld $bpj,`0*$SIZE_T`($np) -- subfc $c1,$bpj,$tp[0] -- std $c1,`0*$SIZE_T`($rp) -- --___ -- for (my $j = 1; $j < $n - 1; $j++) { -- $self->add_code(<<___); -- ld $bpj,`$j*$SIZE_T`($np) -- subfe $c1,$bpj,$tp[$j] -- std $c1,`$j*$SIZE_T`($rp) -- --___ -- } -- -- $self->add_code(<<___); -- subfe $c1,$npj,$tp[$n-1] -- std $c1,`($n-1)*$SIZE_T`($rp) -- --___ -- -- $self->add_code(<<___); -- addme. $tp[$n],$tp[$n] -- beq $label->{"end"} -- --$label->{"copy"}: --___ -- -- $self->copy_result(); -- -- $self->add_code(<<___); -- --$label->{"end"}: --___ -- -- $self->restore_registers(); -- -- $self->add_code(<<___); -- li r3,1 -- blr --.size .${fname},.-.${fname} --___ -- --} -- --package Mont::GPR; -- --our @ISA = ('Mont'); -- --sub new($$) --{ -- my ($class, $n) = @_; -- -- return $class->SUPER::new($n); --} -- --sub save_registers($) --{ -- my ($self) = @_; -- -- my $n = $self->{n}; -- -- $self->add_code(<<___); -- std $lo,-8($sp) --___ -- -- for (my $j = 0; $j <= $n+1; $j++) { -- $self->{code}.=<<___; -- std $tp[$j],-`($j+2)*8`($sp) --___ -- } -- -- $self->add_code(<<___); -- --___ --} -- --sub restore_registers($) --{ -- my ($self) = @_; -- -- my $n = $self->{n}; -- -- $self->add_code(<<___); -- ld $lo,-8($sp) --___ -- -- for (my $j = 0; $j <= $n+1; $j++) { -- $self->{code}.=<<___; -- ld $tp[$j],-`($j+2)*8`($sp) --___ -- } -- -- $self->{code} .=<<___; -- --___ --} -- --# Direct translation of C mul() --sub mul($$$$$) --{ -- my ($self, $r, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $lo,$a,$w -- addc $r,$lo,$c -- mulhdu $c,$a,$w -- addze $c,$c -- --___ --} -- --# Like mul() but $c is ignored as an input - an optimisation to save a --# preliminary instruction that would set input $c to 0 --sub mul_c_0($$$$$) --{ -- my ($self, $r, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $r,$a,$w -- mulhdu $c,$a,$w -- --___ --} -- --# Like mul() but does not to the final addition of CA into $c - an --# optimisation to save an instruction --sub mul_last($$$$$$) --{ -- my ($self, $r1, $r2, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $lo,$a,$w -- addc $r1,$lo,$c -- mulhdu $c,$a,$w -- -- addze $r2,$c --___ --} -- --# Like C mul_add() but allow $r_out and $r_in to be different --sub mul_add($$$$$$) --{ -- my ($self, $r_out, $r_in, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $lo,$a,$w -- addc $lo,$lo,$c -- mulhdu $c,$a,$w -- addze $c,$c -- addc $r_out,$r_in,$lo -- addze $c,$c -- --___ --} -- --# Like mul_add() but $c is ignored as an input - an optimisation to save a --# preliminary instruction that would set input $c to 0 --sub mul_add_c_0($$$$$$) --{ -- my ($self, $r_out, $r_in, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $lo,$a,$w -- addc $r_out,$r_in,$lo -- mulhdu $c,$a,$w -- addze $c,$c -- --___ --} -- --package Mont::GPR_300; -- --our @ISA = ('Mont::GPR'); -- --sub new($$) --{ -- my ($class, $n) = @_; -- -- my $mont = $class->SUPER::new($n); -- -- return $mont; --} -- --sub get_function_name($) --{ -- my ($self) = @_; -- -- return "bn_mul_mont_300_fixed_n" . $self->{n}; --} -- --sub get_label($$) --{ -- my ($self, $l) = @_; -- -- return "L" . $l . "_300_" . $self->{n}; --} -- --# Direct translation of C mul() --sub mul($$$$$) --{ -- my ($self, $r, $a, $w, $c, $last) = @_; -- -- $self->add_code(<<___); -- maddld $r,$a,$w,$c -- maddhdu $c,$a,$w,$c -- --___ --} -- --# Save the last carry as the final entry --sub mul_last($$$$$) --{ -- my ($self, $r1, $r2, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- maddld $r1,$a,$w,$c -- maddhdu $r2,$a,$w,$c -- --___ --} -- --# Like mul() but $c is ignored as an input - an optimisation to save a --# preliminary instruction that would set input $c to 0 --sub mul_c_0($$$$$) --{ -- my ($self, $r, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- mulld $r,$a,$w -- mulhdu $c,$a,$w -- --___ --} -- --# Like C mul_add() but allow $r_out and $r_in to be different --sub mul_add($$$$$$) --{ -- my ($self, $r_out, $r_in, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- maddld $lo,$a,$w,$c -- maddhdu $c,$a,$w,$c -- addc $r_out,$r_in,$lo -- addze $c,$c -- --___ --} -- --# Like mul_add() but $c is ignored as an input - an optimisation to save a --# preliminary instruction that would set input $c to 0 --sub mul_add_c_0($$$$$$) --{ -- my ($self, $r_out, $r_in, $a, $w, $c) = @_; -- -- $self->add_code(<<___); -- maddld $lo,$a,$w,$r_in -- maddhdu $c,$a,$w,$r_in --___ -- -- if ($r_out ne $lo) { -- $self->add_code(<<___); -- mr $r_out,$lo --___ -- } -- -- $self->nl(); --} -- -- --package main; -- --my $code; -- --$code.=<<___; --.machine "any" --.text --___ -- --my $mont; -- --$mont = new Mont::GPR(6); --$mont->mul_mont_fixed(); --$code .= $mont->get_code(); -- --$mont = new Mont::GPR_300(6); --$mont->mul_mont_fixed(); --$code .= $mont->get_code(); -- --$code =~ s/\`([^\`]*)\`/eval $1/gem; -- --$code.=<<___; --.asciz "Montgomery Multiplication for PPC by , " --___ -- --print $code; --close STDOUT or die "error closing STDOUT: $!"; -diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c -index 1e9421bee213..3ee76ea96574 100644 ---- a/crypto/bn/bn_ppc.c -+++ b/crypto/bn/bn_ppc.c -@@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); -- int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, -- const BN_ULONG *bp, const BN_ULONG *np, -- const BN_ULONG *n0, int num); -- int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, -- const BN_ULONG *bp, const BN_ULONG *np, -- const BN_ULONG *n0, int num); - - if (num < 4) - return 0; -@@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - * no opportunity to figure it out... - */ - --#if defined(_ARCH_PPC64) -- if (num == 6) { -- if (OPENSSL_ppccap_P & PPC_MADD300) -- return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); -- else -- return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); -- } --#endif -- - return bn_mul_mont_int(rp, ap, bp, np, n0, num); - } -diff --git a/crypto/bn/build.info b/crypto/bn/build.info -index 987a70ae263b..4f8d0689b5ea 100644 ---- a/crypto/bn/build.info -+++ b/crypto/bn/build.info -@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}] - - $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s - $BNDEF_ppc32=OPENSSL_BN_ASM_MONT -- $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s -+ $BNASM_ppc64=$BNASM_ppc32 - $BNDEF_ppc64=$BNDEF_ppc32 - - $BNASM_c64xplus=asm/bn-c64xplus.asm -@@ -173,7 +173,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl - GENERATE[bn-ppc.s]=asm/ppc.pl - GENERATE[ppc-mont.s]=asm/ppc-mont.pl - GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl --GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl - - GENERATE[alpha-mont.S]=asm/alpha-mont.pl - -diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -index f36982845db4..1543ed9f7534 100644 ---- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt -@@ -97,6 +97,18 @@ Key = P-256-PUBLIC - Input = "Hello World" - Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 - -+PublicKey=P-384-PUBLIC -+-----BEGIN PUBLIC KEY----- -+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd -+nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19 -+twD8guGxyFRaoMDTtW47/nifwYqRaIfC -+-----END PUBLIC KEY----- -+ -+DigestVerify = SHA384 -+Key = P-384-PUBLIC -+Input = "123400" -+Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970 -+ - # Oneshot tests - OneShotDigestVerify = SHA256 - Key = P-256-PUBLIC diff --git a/SOURCES/0067-ppc64le-Montgomery-multiply.patch b/SOURCES/0067-ppc64le-Montgomery-multiply.patch new file mode 100644 index 0000000..36c0222 --- /dev/null +++ b/SOURCES/0067-ppc64le-Montgomery-multiply.patch @@ -0,0 +1,703 @@ +From 33ffd36afa7594aeb958a925f521cb287ca850c8 Mon Sep 17 00:00:00 2001 +From: Rohan McLure +Date: Mon, 27 Jun 2022 12:14:55 +1000 +Subject: [PATCH 1/2] Revert "Revert "bn: Add fixed length (n=6), unrolled PPC + Montgomery Multiplication"" + +This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e. +--- + crypto/bn/asm/ppc64-mont-fixed.pl | 581 ++++++++++++++++++++++++++++++ + crypto/bn/bn_ppc.c | 15 + + crypto/bn/build.info | 3 +- + 3 files changed, 598 insertions(+), 1 deletion(-) + +diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl +index e69de29bb2d1..0fb397bc5f12 100755 +--- a/crypto/bn/asm/ppc64-mont-fixed.pl ++++ b/crypto/bn/asm/ppc64-mont-fixed.pl +@@ -0,0 +1,581 @@ ++#! /usr/bin/env perl ++# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++# ==================================================================== ++# Written by Amitay Isaacs , Martin Schwenke ++# & Alastair D'Silva for ++# the OpenSSL project. ++# ==================================================================== ++ ++# ++# Fixed length (n=6), unrolled PPC Montgomery Multiplication ++# ++ ++# 2021 ++# ++# Although this is a generic implementation for unrolling Montgomery ++# Multiplication for arbitrary values of n, this is currently only ++# used for n = 6 to improve the performance of ECC p384. ++# ++# Unrolling allows intermediate results to be stored in registers, ++# rather than on the stack, improving performance by ~7% compared to ++# the existing PPC assembly code. ++# ++# The ISA 3.0 implementation uses combination multiply/add ++# instructions (maddld, maddhdu) to improve performance by an ++# additional ~10% on Power 9. ++# ++# Finally, saving non-volatile registers into volatile vector ++# registers instead of onto the stack saves a little more. ++# ++# On a Power 9 machine we see an overall improvement of ~18%. ++# ++ ++use strict; ++use warnings; ++ ++my ($flavour, $output, $dir, $xlate); ++ ++# $output is the last argument if it looks like a file (it has an extension) ++# $flavour is the first argument if it doesn't look like a file ++$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; ++$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; ++ ++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; ++( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or ++( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or ++die "can't locate ppc-xlate.pl"; ++ ++open STDOUT,"| $^X $xlate $flavour \"$output\"" ++ or die "can't call $xlate: $!"; ++ ++if ($flavour !~ /64/) { ++ die "bad flavour ($flavour) - only ppc64 permitted"; ++} ++ ++my $SIZE_T= 8; ++ ++# Registers are global so the code is remotely readable ++ ++# Parameters for Montgomery multiplication ++my $sp = "r1"; ++my $toc = "r2"; ++my $rp = "r3"; ++my $ap = "r4"; ++my $bp = "r5"; ++my $np = "r6"; ++my $n0 = "r7"; ++my $num = "r8"; ++ ++my $i = "r9"; ++my $c0 = "r10"; ++my $bp0 = "r11"; ++my $bpi = "r11"; ++my $bpj = "r11"; ++my $tj = "r12"; ++my $apj = "r12"; ++my $npj = "r12"; ++my $lo = "r14"; ++my $c1 = "r14"; ++ ++# Non-volatile registers used for tp[i] ++# ++# 12 registers are available but the limit on unrolling is 10, ++# since registers from $tp[0] to $tp[$n+1] are used. ++my @tp = ("r20" .. "r31"); ++ ++# volatile VSRs for saving non-volatile GPRs - faster than stack ++my @vsrs = ("v32" .. "v46"); ++ ++package Mont; ++ ++sub new($$) ++{ ++ my ($class, $n) = @_; ++ ++ if ($n > 10) { ++ die "Can't unroll for BN length ${n} (maximum 10)" ++ } ++ ++ my $self = { ++ code => "", ++ n => $n, ++ }; ++ bless $self, $class; ++ ++ return $self; ++} ++ ++sub add_code($$) ++{ ++ my ($self, $c) = @_; ++ ++ $self->{code} .= $c; ++} ++ ++sub get_code($) ++{ ++ my ($self) = @_; ++ ++ return $self->{code}; ++} ++ ++sub get_function_name($) ++{ ++ my ($self) = @_; ++ ++ return "bn_mul_mont_fixed_n" . $self->{n}; ++} ++ ++sub get_label($$) ++{ ++ my ($self, $l) = @_; ++ ++ return "L" . $l . "_" . $self->{n}; ++} ++ ++sub get_labels($@) ++{ ++ my ($self, @labels) = @_; ++ ++ my %out = (); ++ ++ foreach my $l (@labels) { ++ $out{"$l"} = $self->get_label("$l"); ++ } ++ ++ return \%out; ++} ++ ++sub nl($) ++{ ++ my ($self) = @_; ++ ++ $self->add_code("\n"); ++} ++ ++sub copy_result($) ++{ ++ my ($self) = @_; ++ ++ my ($n) = $self->{n}; ++ ++ for (my $j = 0; $j < $n; $j++) { ++ $self->add_code(<<___); ++ std $tp[$j],`$j*$SIZE_T`($rp) ++___ ++ } ++ ++} ++ ++sub mul_mont_fixed($) ++{ ++ my ($self) = @_; ++ ++ my ($n) = $self->{n}; ++ my $fname = $self->get_function_name(); ++ my $label = $self->get_labels("outer", "enter", "sub", "copy", "end"); ++ ++ $self->add_code(<<___); ++ ++.globl .${fname} ++.align 5 ++.${fname}: ++ ++___ ++ ++ $self->save_registers(); ++ ++ $self->add_code(<<___); ++ ld $n0,0($n0) ++ ++ ld $bp0,0($bp) ++ ++ ld $apj,0($ap) ++___ ++ ++ $self->mul_c_0($tp[0], $apj, $bp0, $c0); ++ ++ for (my $j = 1; $j < $n - 1; $j++) { ++ $self->add_code(<<___); ++ ld $apj,`$j*$SIZE_T`($ap) ++___ ++ $self->mul($tp[$j], $apj, $bp0, $c0); ++ } ++ ++ $self->add_code(<<___); ++ ld $apj,`($n-1)*$SIZE_T`($ap) ++___ ++ ++ $self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0); ++ ++ $self->add_code(<<___); ++ li $tp[$n+1],0 ++ ++___ ++ ++ $self->add_code(<<___); ++ li $i,0 ++ mtctr $num ++ b $label->{"enter"} ++ ++.align 4 ++$label->{"outer"}: ++ ldx $bpi,$bp,$i ++ ++ ld $apj,0($ap) ++___ ++ ++ $self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0); ++ ++ for (my $j = 1; $j < $n; $j++) { ++ $self->add_code(<<___); ++ ld $apj,`$j*$SIZE_T`($ap) ++___ ++ $self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0); ++ } ++ ++ $self->add_code(<<___); ++ addc $tp[$n],$tp[$n],$c0 ++ addze $tp[$n+1],$tp[$n+1] ++___ ++ ++ $self->add_code(<<___); ++.align 4 ++$label->{"enter"}: ++ mulld $bpi,$tp[0],$n0 ++ ++ ld $npj,0($np) ++___ ++ ++ $self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0); ++ ++ for (my $j = 1; $j < $n; $j++) { ++ $self->add_code(<<___); ++ ld $npj,`$j*$SIZE_T`($np) ++___ ++ $self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0); ++ } ++ ++ $self->add_code(<<___); ++ addc $tp[$n-1],$tp[$n],$c0 ++ addze $tp[$n],$tp[$n+1] ++ ++ addi $i,$i,$SIZE_T ++ bdnz $label->{"outer"} ++ ++ and. $tp[$n],$tp[$n],$tp[$n] ++ bne $label->{"sub"} ++ ++ cmpld $tp[$n-1],$npj ++ blt $label->{"copy"} ++ ++$label->{"sub"}: ++___ ++ ++ # ++ # Reduction ++ # ++ ++ $self->add_code(<<___); ++ ld $bpj,`0*$SIZE_T`($np) ++ subfc $c1,$bpj,$tp[0] ++ std $c1,`0*$SIZE_T`($rp) ++ ++___ ++ for (my $j = 1; $j < $n - 1; $j++) { ++ $self->add_code(<<___); ++ ld $bpj,`$j*$SIZE_T`($np) ++ subfe $c1,$bpj,$tp[$j] ++ std $c1,`$j*$SIZE_T`($rp) ++ ++___ ++ } ++ ++ $self->add_code(<<___); ++ subfe $c1,$npj,$tp[$n-1] ++ std $c1,`($n-1)*$SIZE_T`($rp) ++ ++___ ++ ++ $self->add_code(<<___); ++ addme. $tp[$n],$tp[$n] ++ beq $label->{"end"} ++ ++$label->{"copy"}: ++___ ++ ++ $self->copy_result(); ++ ++ $self->add_code(<<___); ++ ++$label->{"end"}: ++___ ++ ++ $self->restore_registers(); ++ ++ $self->add_code(<<___); ++ li r3,1 ++ blr ++.size .${fname},.-.${fname} ++___ ++ ++} ++ ++package Mont::GPR; ++ ++our @ISA = ('Mont'); ++ ++sub new($$) ++{ ++ my ($class, $n) = @_; ++ ++ return $class->SUPER::new($n); ++} ++ ++sub save_registers($) ++{ ++ my ($self) = @_; ++ ++ my $n = $self->{n}; ++ ++ $self->add_code(<<___); ++ std $lo,-8($sp) ++___ ++ ++ for (my $j = 0; $j <= $n+1; $j++) { ++ $self->{code}.=<<___; ++ std $tp[$j],-`($j+2)*8`($sp) ++___ ++ } ++ ++ $self->add_code(<<___); ++ ++___ ++} ++ ++sub restore_registers($) ++{ ++ my ($self) = @_; ++ ++ my $n = $self->{n}; ++ ++ $self->add_code(<<___); ++ ld $lo,-8($sp) ++___ ++ ++ for (my $j = 0; $j <= $n+1; $j++) { ++ $self->{code}.=<<___; ++ ld $tp[$j],-`($j+2)*8`($sp) ++___ ++ } ++ ++ $self->{code} .=<<___; ++ ++___ ++} ++ ++# Direct translation of C mul() ++sub mul($$$$$) ++{ ++ my ($self, $r, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $lo,$a,$w ++ addc $r,$lo,$c ++ mulhdu $c,$a,$w ++ addze $c,$c ++ ++___ ++} ++ ++# Like mul() but $c is ignored as an input - an optimisation to save a ++# preliminary instruction that would set input $c to 0 ++sub mul_c_0($$$$$) ++{ ++ my ($self, $r, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $r,$a,$w ++ mulhdu $c,$a,$w ++ ++___ ++} ++ ++# Like mul() but does not to the final addition of CA into $c - an ++# optimisation to save an instruction ++sub mul_last($$$$$$) ++{ ++ my ($self, $r1, $r2, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $lo,$a,$w ++ addc $r1,$lo,$c ++ mulhdu $c,$a,$w ++ ++ addze $r2,$c ++___ ++} ++ ++# Like C mul_add() but allow $r_out and $r_in to be different ++sub mul_add($$$$$$) ++{ ++ my ($self, $r_out, $r_in, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $lo,$a,$w ++ addc $lo,$lo,$c ++ mulhdu $c,$a,$w ++ addze $c,$c ++ addc $r_out,$r_in,$lo ++ addze $c,$c ++ ++___ ++} ++ ++# Like mul_add() but $c is ignored as an input - an optimisation to save a ++# preliminary instruction that would set input $c to 0 ++sub mul_add_c_0($$$$$$) ++{ ++ my ($self, $r_out, $r_in, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $lo,$a,$w ++ addc $r_out,$r_in,$lo ++ mulhdu $c,$a,$w ++ addze $c,$c ++ ++___ ++} ++ ++package Mont::GPR_300; ++ ++our @ISA = ('Mont::GPR'); ++ ++sub new($$) ++{ ++ my ($class, $n) = @_; ++ ++ my $mont = $class->SUPER::new($n); ++ ++ return $mont; ++} ++ ++sub get_function_name($) ++{ ++ my ($self) = @_; ++ ++ return "bn_mul_mont_300_fixed_n" . $self->{n}; ++} ++ ++sub get_label($$) ++{ ++ my ($self, $l) = @_; ++ ++ return "L" . $l . "_300_" . $self->{n}; ++} ++ ++# Direct translation of C mul() ++sub mul($$$$$) ++{ ++ my ($self, $r, $a, $w, $c, $last) = @_; ++ ++ $self->add_code(<<___); ++ maddld $r,$a,$w,$c ++ maddhdu $c,$a,$w,$c ++ ++___ ++} ++ ++# Save the last carry as the final entry ++sub mul_last($$$$$) ++{ ++ my ($self, $r1, $r2, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ maddld $r1,$a,$w,$c ++ maddhdu $r2,$a,$w,$c ++ ++___ ++} ++ ++# Like mul() but $c is ignored as an input - an optimisation to save a ++# preliminary instruction that would set input $c to 0 ++sub mul_c_0($$$$$) ++{ ++ my ($self, $r, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ mulld $r,$a,$w ++ mulhdu $c,$a,$w ++ ++___ ++} ++ ++# Like C mul_add() but allow $r_out and $r_in to be different ++sub mul_add($$$$$$) ++{ ++ my ($self, $r_out, $r_in, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ maddld $lo,$a,$w,$c ++ maddhdu $c,$a,$w,$c ++ addc $r_out,$r_in,$lo ++ addze $c,$c ++ ++___ ++} ++ ++# Like mul_add() but $c is ignored as an input - an optimisation to save a ++# preliminary instruction that would set input $c to 0 ++sub mul_add_c_0($$$$$$) ++{ ++ my ($self, $r_out, $r_in, $a, $w, $c) = @_; ++ ++ $self->add_code(<<___); ++ maddld $lo,$a,$w,$r_in ++ maddhdu $c,$a,$w,$r_in ++___ ++ ++ if ($r_out ne $lo) { ++ $self->add_code(<<___); ++ mr $r_out,$lo ++___ ++ } ++ ++ $self->nl(); ++} ++ ++ ++package main; ++ ++my $code; ++ ++$code.=<<___; ++.machine "any" ++.text ++___ ++ ++my $mont; ++ ++$mont = new Mont::GPR(6); ++$mont->mul_mont_fixed(); ++$code .= $mont->get_code(); ++ ++$mont = new Mont::GPR_300(6); ++$mont->mul_mont_fixed(); ++$code .= $mont->get_code(); ++ ++$code =~ s/\`([^\`]*)\`/eval $1/gem; ++ ++$code.=<<___; ++.asciz "Montgomery Multiplication for PPC by , " ++___ ++ ++print $code; ++close STDOUT or die "error closing STDOUT: $!"; +diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c +index 3ee76ea96574..1e9421bee213 100644 +--- a/crypto/bn/bn_ppc.c ++++ b/crypto/bn/bn_ppc.c +@@ -19,6 +19,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); + int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); ++ int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, ++ const BN_ULONG *bp, const BN_ULONG *np, ++ const BN_ULONG *n0, int num); ++ int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, ++ const BN_ULONG *bp, const BN_ULONG *np, ++ const BN_ULONG *n0, int num); + + if (num < 4) + return 0; +@@ -34,5 +40,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + * no opportunity to figure it out... + */ + ++#if defined(_ARCH_PPC64) && !defined(__ILP32__) ++ if (num == 6) { ++ if (OPENSSL_ppccap_P & PPC_MADD300) ++ return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); ++ else ++ return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); ++ } ++#endif ++ + return bn_mul_mont_int(rp, ap, bp, np, n0, num); + } +diff --git a/crypto/bn/build.info b/crypto/bn/build.info +index 4f8d0689b5ea..987a70ae263b 100644 +--- a/crypto/bn/build.info ++++ b/crypto/bn/build.info +@@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}] + + $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s + $BNDEF_ppc32=OPENSSL_BN_ASM_MONT +- $BNASM_ppc64=$BNASM_ppc32 ++ $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s + $BNDEF_ppc64=$BNDEF_ppc32 + + $BNASM_c64xplus=asm/bn-c64xplus.asm +@@ -173,6 +173,7 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl + GENERATE[bn-ppc.s]=asm/ppc.pl + GENERATE[ppc-mont.s]=asm/ppc-mont.pl + GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl ++GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl + + GENERATE[alpha-mont.S]=asm/alpha-mont.pl + + +From 01ebad0d6e3a09bc9e32350b402901471610a3dc Mon Sep 17 00:00:00 2001 +From: Rohan McLure +Date: Thu, 30 Jun 2022 16:21:06 +1000 +Subject: [PATCH 2/2] Fix unrolled montgomery multiplication for POWER9 + +In the reference C implementation in bn_asm.c, tp[num + 1] contains the +carry bit for accumulations into tp[num]. tp[num + 1] is only ever +assigned, never itself incremented. +--- + crypto/bn/asm/ppc64-mont-fixed.pl | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl +index 0fb397bc5f12..e27d0ad93d85 100755 +--- a/crypto/bn/asm/ppc64-mont-fixed.pl ++++ b/crypto/bn/asm/ppc64-mont-fixed.pl +@@ -63,6 +63,7 @@ + # Registers are global so the code is remotely readable + + # Parameters for Montgomery multiplication ++my $ze = "r0"; + my $sp = "r1"; + my $toc = "r2"; + my $rp = "r3"; +@@ -192,6 +193,7 @@ ($) + $self->save_registers(); + + $self->add_code(<<___); ++ li $ze,0 + ld $n0,0($n0) + + ld $bp0,0($bp) +@@ -242,7 +244,7 @@ ($) + + $self->add_code(<<___); + addc $tp[$n],$tp[$n],$c0 +- addze $tp[$n+1],$tp[$n+1] ++ addze $tp[$n+1],$ze + ___ + + $self->add_code(<<___); +@@ -272,7 +274,7 @@ ($) + and. $tp[$n],$tp[$n],$tp[$n] + bne $label->{"sub"} + +- cmpld $tp[$n-1],$npj ++ cmpld $tp[$n-1],$npj + blt $label->{"copy"} + + $label->{"sub"}: diff --git a/SOURCES/0068-CVE-2022-2068.patch b/SOURCES/0068-CVE-2022-2068.patch deleted file mode 100644 index c4dd7f2..0000000 --- a/SOURCES/0068-CVE-2022-2068.patch +++ /dev/null @@ -1,174 +0,0 @@ -diff -up openssl-3.0.1/tools/c_rehash.in.cve20222068 openssl-3.0.1/tools/c_rehash.in ---- openssl-3.0.1/tools/c_rehash.in.cve20222068 2022-06-22 13:15:57.347421765 +0200 -+++ openssl-3.0.1/tools/c_rehash.in 2022-06-22 13:16:14.797576250 +0200 -@@ -104,18 +104,41 @@ foreach (@dirlist) { - } - exit($errorcount); - -+sub copy_file { -+ my ($src_fname, $dst_fname) = @_; -+ -+ if (open(my $in, "<", $src_fname)) { -+ if (open(my $out, ">", $dst_fname)) { -+ print $out $_ while (<$in>); -+ close $out; -+ } else { -+ warn "Cannot open $dst_fname for write, $!"; -+ } -+ close $in; -+ } else { -+ warn "Cannot open $src_fname for read, $!"; -+ } -+} -+ - sub hash_dir { -+ my $dir = shift; - my %hashlist; -- print "Doing $_[0]\n"; -- chdir $_[0]; -- opendir(DIR, "."); -+ -+ print "Doing $dir\n"; -+ -+ if (!chdir $dir) { -+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; -+ return; -+ } -+ -+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; - my @flist = sort readdir(DIR); - closedir DIR; - if ( $removelinks ) { - # Delete any existing symbolic links - foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { - if (-l $_) { -- print "unlink $_" if $verbose; -+ print "unlink $_\n" if $verbose; - unlink $_ || warn "Can't unlink $_, $!\n"; - } - } -@@ -130,13 +153,16 @@ sub hash_dir { - link_hash_cert($fname) if ($cert); - link_hash_crl($fname) if ($crl); - } -+ -+ chdir $pwd; - } - - sub check_file { - my ($is_cert, $is_crl) = (0,0); - my $fname = $_[0]; -- open IN, $fname; -- while() { -+ -+ open(my $in, "<", $fname); -+ while(<$in>) { - if (/^-----BEGIN (.*)-----/) { - my $hdr = $1; - if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { -@@ -148,7 +174,7 @@ sub check_file { - } - } - } -- close IN; -+ close $in; - return ($is_cert, $is_crl); - } - -@@ -177,76 +203,49 @@ sub compute_hash { - # certificate fingerprints - - sub link_hash_cert { -- my $fname = $_[0]; -- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, -- "-fingerprint", "-noout", -- "-in", $fname); -- chomp $hash; -- chomp $fprint; -- return if !$hash; -- $fprint =~ s/^.*=//; -- $fprint =~ tr/://d; -- my $suffix = 0; -- # Search for an unused hash filename -- while(exists $hashlist{"$hash.$suffix"}) { -- # Hash matches: if fingerprint matches its a duplicate cert -- if ($hashlist{"$hash.$suffix"} eq $fprint) { -- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; -- return; -- } -- $suffix++; -- } -- $hash .= ".$suffix"; -- if ($symlink_exists) { -- print "link $fname -> $hash\n" if $verbose; -- symlink $fname, $hash || warn "Can't symlink, $!"; -- } else { -- print "copy $fname -> $hash\n" if $verbose; -- if (open($in, "<", $fname)) { -- if (open($out,">", $hash)) { -- print $out $_ while (<$in>); -- close $out; -- } else { -- warn "can't open $hash for write, $!"; -- } -- close $in; -- } else { -- warn "can't open $fname for read, $!"; -- } -- } -- $hashlist{$hash} = $fprint; -+ link_hash($_[0], 'cert'); - } - - # Same as above except for a CRL. CRL links are of the form .r - - sub link_hash_crl { -- my $fname = $_[0]; -- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, -+ link_hash($_[0], 'crl'); -+} -+ -+sub link_hash { -+ my ($fname, $type) = @_; -+ my $is_cert = $type eq 'cert'; -+ -+ my ($hash, $fprint) = compute_hash($openssl, -+ $is_cert ? "x509" : "crl", -+ $is_cert ? $x509hash : $crlhash, - "-fingerprint", "-noout", - "-in", $fname); - chomp $hash; -+ $hash =~ s/^.*=// if !$is_cert; - chomp $fprint; - return if !$hash; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename -- while(exists $hashlist{"$hash.r$suffix"}) { -+ my $crlmark = $is_cert ? "" : "r"; -+ while(exists $hashlist{"$hash.$crlmark$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert -- if ($hashlist{"$hash.r$suffix"} eq $fprint) { -- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; -+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { -+ my $what = $is_cert ? 'certificate' : 'CRL'; -+ print STDERR "WARNING: Skipping duplicate $what $fname\n"; - return; - } - $suffix++; - } -- $hash .= ".r$suffix"; -+ $hash .= ".$crlmark$suffix"; - if ($symlink_exists) { - print "link $fname -> $hash\n" if $verbose; - symlink $fname, $hash || warn "Can't symlink, $!"; - } else { -- print "cp $fname -> $hash\n" if $verbose; -- system ("cp", $fname, $hash); -- warn "Can't copy, $!" if ($? >> 8) != 0; -+ print "copy $fname -> $hash\n" if $verbose; -+ copy_file($fname, $hash); - } - $hashlist{$hash} = $fprint; - } diff --git a/SOURCES/0069-CVE-2022-2097.patch b/SOURCES/0069-CVE-2022-2097.patch deleted file mode 100644 index 47fcaa5..0000000 --- a/SOURCES/0069-CVE-2022-2097.patch +++ /dev/null @@ -1,151 +0,0 @@ -From a98f339ddd7e8f487d6e0088d4a9a42324885a93 Mon Sep 17 00:00:00 2001 -From: Alex Chernyakhovsky -Date: Thu, 16 Jun 2022 12:00:22 +1000 -Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path -that performs operations on 6 16-byte blocks concurrently (the -"grandloop") and then proceeds to handle the "short" tail (which can -be anywhere from 0 to 5 blocks) that remain. - -As part of initialization, the assembly initializes $len to the true -length, less 96 bytes and converts it to a pointer so that the $inp -can be compared to it. Each iteration of "grandloop" checks to see if -there's a full 96-byte chunk to process, and if so, continues. Once -this has been exhausted, it falls through to "short", which handles -the remaining zero to five blocks. - -Unfortunately, the jump at the end of "grandloop" had a fencepost -error, doing a `jb` ("jump below") rather than `jbe` (jump below or -equal). This should be `jbe`, as $inp is pointing to the *end* of the -chunk currently being handled. If $inp == $len, that means that -there's a whole 96-byte chunk waiting to be handled. If $inp > $len, -then there's 5 or fewer 16-byte blocks left to be handled, and the -fall-through is intended. - -The net effect of `jb` instead of `jbe` is that the last 16-byte block -of the last 96-byte chunk was completely omitted. The contents of -`out` in this position were never written to. Additionally, since -those bytes were never processed, the authentication tag generated is -also incorrect. - -The same fencepost error, and identical logic, exists in both -aesni_ocb_encrypt and aesni_ocb_decrypt. - -This addresses CVE-2022-2097. - -Co-authored-by: Alejandro Sedeño -Co-authored-by: David Benjamin - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(cherry picked from commit 6ebf6d51596f51d23ccbc17930778d104a57d99c) -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93] ---- - crypto/aes/asm/aesni-x86.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl -index 4245fe34e17e..7cf838db170b 100644 ---- a/crypto/aes/asm/aesni-x86.pl -+++ b/crypto/aes/asm/aesni-x86.pl -@@ -2025,7 +2025,7 @@ sub aesni_generate6 - &movdqu (&QWP(-16*2,$out,$inp),$inout4); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? -- &jb (&label("grandloop")); -+ &jbe (&label("grandloop")); - - &set_label("short"); - &add ($len,16*6); -@@ -2451,7 +2451,7 @@ sub aesni_generate6 - &pxor ($rndkey1,$inout5); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? -- &jb (&label("grandloop")); -+ &jbe (&label("grandloop")); - - &set_label("short"); - &add ($len,16*6); -From 52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 Mon Sep 17 00:00:00 2001 -From: Alex Chernyakhovsky -Date: Thu, 16 Jun 2022 12:02:37 +1000 -Subject: [PATCH] AES OCB test vectors -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue. - -Co-authored-by: Alejandro Sedeño -Co-authored-by: David Benjamin - -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -(cherry picked from commit 2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be) -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8] ---- - .../30-test_evp_data/evpciph_aes_ocb.txt | 50 +++++++++++++++++++ - 1 file changed, 50 insertions(+) - -diff --git a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt -index e58ee34b6b3f..de098905230b 100644 ---- a/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt -+++ b/test/recipes/30-test_evp_data/evpciph_aes_ocb.txt -@@ -207,3 +207,53 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021 - Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B2176C12F110DD441B7CAA3A509B13C86A023AFCEE998BEE42028D44507B15F77C528A1DE6406B519BCEE8FCB829417001E54E15A7576C4DF32366E0F439C7051CB4824B8114E9A720CBC1CE0185B156B486 - Operation = DECRYPT - Result = CIPHERFINAL_ERROR -+ -+#Test vectors generated to validate aesni_ocb_encrypt on x86 -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = C14DFF7D62A13C4A3422456207453190 -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333 -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8 -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204 -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = 41970D13737B7BD1B5FBF49ED4412CA5 -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91 -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = BE0228651ED4E48A11BDED68D953F3A0 -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = 17BC6E10B16E5FDC52836E7D589518C7 -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = E84AAC18666116990A3A37B3A5FC55BD -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED -+ -+Cipher = aes-128-ocb -+Key = 000102030405060708090A0B0C0D0E0F -+IV = 000000000001020304050607 -+Tag = 3E5EA7EE064FE83B313E28D411E91EAD -+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D -+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C diff --git a/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch b/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch deleted file mode 100644 index 5a16ae7..0000000 --- a/SOURCES/0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch +++ /dev/null @@ -1,56 +0,0 @@ -From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 5 May 2022 08:11:24 +0200 -Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init - strcasecmp - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/18247) - -(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9) - -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483] ---- - crypto/evp/evp_lib.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c -index 3fe4743761..d9b8c0af41 100644 ---- a/crypto/evp/evp_lib.c -+++ b/crypto/evp/evp_lib.c -@@ -24,6 +24,7 @@ - #include - #include - #include "crypto/evp.h" -+#include "crypto/cryptlib.h" - #include "internal/provider.h" - #include "evp_local.h" - -@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) - return (ctx->flags & flags); - } - -+#if !defined(FIPS_MODULE) -+ - int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) - { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; -@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - - va_start(args, type); - -+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); -+ - if (OPENSSL_strcasecmp(type, "RSA") == 0) { - bits = va_arg(args, size_t); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); -@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - va_end(args); - return ret; - } -+ -+#endif /* !defined(FIPS_MODULE) */ --- -2.35.3 - diff --git a/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch index 527b901..e5e7f9b 100644 --- a/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch +++ b/SOURCES/0072-ChaCha20-performance-optimizations-for-ppc64le.patch @@ -1311,7 +1311,7 @@ index c12cb9c..2a819b2 100644 $CHACHAASM_c64xplus=chacha-c64xplus.s @@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM - GENERATE[chacha-x86.s]=asm/chacha-x86.pl + GENERATE[chacha-x86.S]=asm/chacha-x86.pl GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl +GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl diff --git a/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch index 27f86f5..eeafbfa 100644 --- a/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch +++ b/SOURCES/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch @@ -136,10 +136,17 @@ diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.i index 4e30ec56dd..0103c87528 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc -@@ -1294,9 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { +@@ -1294,15 +1294,22 @@ static const ST_KAT_PARAM rsa_priv_key[] = { ST_KAT_PARAM_END() }; +-/*- +- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the +- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient +- * HP/UX PA-RISC compilers. +- */ +-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; +- +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient @@ -153,8 +160,7 @@ index 4e30ec56dd..0103c87528 100644 +}; + static const ST_KAT_PARAM rsa_enc_params[] = { -- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, -- OSSL_PKEY_RSA_PAD_MODE_NONE), +- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep), + ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, + oaep_fixed_seed), diff --git a/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch index c7e4731..0b6a9fb 100644 --- a/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch +++ b/SOURCES/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch @@ -149,14 +149,14 @@ index db1a1d7bc3..c94c3c53bd 100644 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + sigret == NULL ? 0 : *siglen); +#ifndef FIPS_MODULE dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; @@ -566,8 +584,10 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + *siglen); EVP_PKEY_CTX_free(dctx); +#endif /* defined(FIPS_MODULE) */ return r; diff --git a/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch b/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch index 31e3c7d..b54d0fa 100644 --- a/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch +++ b/SOURCES/0078-Add-FIPS-indicator-parameter-to-HKDF.patch @@ -1,50 +1,69 @@ -From c4b086fc4de06128695e1fe428f56d776d25e748 Mon Sep 17 00:00:00 2001 +From 0c4aaedf29a1ed1559762515bfeaa5923925e18f Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Thu, 11 Aug 2022 09:27:12 +0200 -Subject: [PATCH] Add FIPS indicator parameter to HKDF +Subject: [PATCH 1/2] Add FIPS indicator parameter to HKDF NIST considers HKDF only acceptable when used as in TLS 1.3, and otherwise unapproved. Add an explicit indicator attached to the EVP_KDF_CTX that can be queried using EVP_KDF_CTX_get_params() to determine whether the KDF operation was approved after performing it. -Related: rhbz#2114772 Signed-off-by: Clemens Lang +Related: rhbz#2114772 --- + include/crypto/evp.h | 7 ++++ include/openssl/core_names.h | 1 + include/openssl/kdf.h | 4 ++ providers/implementations/kdfs/hkdf.c | 53 +++++++++++++++++++++++++++ - 3 files changed, 58 insertions(+) + 4 files changed, 65 insertions(+) +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index e70d8e9e84..76fb990de4 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -219,6 +219,13 @@ struct evp_mac_st { + OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; + }; + ++#ifdef FIPS_MODULE ++/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving ++ * Additional Keys from a Cryptographic Key, "[t]he length of the ++ * key-derivation key [i.e., the input key] shall be at least 112 bits". */ ++# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8) ++#endif ++ + struct evp_kdf_st { + OSSL_PROVIDER *prov; + int name_id; diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h -index 21c94d0488..87786680d7 100644 +index 21c94d0488..c019afbbb0 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -223,6 +223,7 @@ extern "C" { #define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo" #define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo" #define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits" -+#define OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR "hkdf-fips-indicator" ++#define OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" /* Known KDF names */ #define OSSL_KDF_NAME_HKDF "HKDF" diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h -index 0983230a48..869f23d8fb 100644 +index 0983230a48..86171635ea 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf, # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1 # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2 -+# define EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED 0 -+# define EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED 1 -+# define EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED 2 ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65 #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66 #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67 diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c -index afdb7138e1..9d28d292d8 100644 +index afdb7138e1..6f06fa58fe 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -298,6 +298,56 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) @@ -53,13 +72,13 @@ index afdb7138e1..9d28d292d8 100644 } + +#ifdef FIPS_MODULE -+ if ((p = OSSL_PARAM_locate(params, -+ OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR)) != NULL) { -+ int fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_UNDETERMINED; ++ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR)) ++ != NULL) { ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED; + switch (ctx->mode) { + case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND: + /* TLS 1.3 never uses extract-and-expand */ -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + break; + case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: + { @@ -74,10 +93,10 @@ index afdb7138e1..9d28d292d8 100644 + * comes from, so all we can do is check the salt length. + */ + const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); -+ if (md != NULL && ctx->salt_len == EVP_MD_get_size(md)) -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ if (md != NULL && ctx->salt_len == (size_t) EVP_MD_get_size(md)) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; + else -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + } + break; + case EVP_KDF_HKDF_MODE_EXPAND_ONLY: @@ -92,9 +111,9 @@ index afdb7138e1..9d28d292d8 100644 + && ctx->label_len >= 2 /* length */ + 4 /* "dtls" */ + && (strncmp("tls", (const char *)ctx->label + 2, 3) == 0 || + strncmp("dtls", (const char *)ctx->label + 2, 4) == 0)) -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_APPROVED; ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; + else -+ fips_indicator = EVP_KDF_HKDF_FIPS_INDICATOR_NOT_APPROVED; ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; + break; + } + return OSSL_PARAM_set_int(p, fips_indicator); @@ -109,11 +128,11 @@ index afdb7138e1..9d28d292d8 100644 static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), +#ifdef FIPS_MODULE -+ OSSL_PARAM_int(OSSL_KDF_PARAM_HKDF_REDHAT_FIPS_INDICATOR, NULL), ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), +#endif /* defined(FIPS_MODULE) */ OSSL_PARAM_END }; return known_gettable_ctx_params; -- -2.37.1 +2.38.1 diff --git a/SOURCES/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/SOURCES/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch new file mode 100644 index 0000000..a5633d3 --- /dev/null +++ b/SOURCES/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch @@ -0,0 +1,3154 @@ +From 6aed6931cf50499e778a6d34502f9bf82f5a4c0d Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 16 Nov 2022 13:53:24 +0100 +Subject: [PATCH] rand: Forbid truncated hashes & SHA-3 in FIPS prov + +Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs" +of the Implementation Guidance for FIPS 140-3 [1] notes that there is no +efficiency improvement when using truncated hash functions (i.e. SHA-224 +rather than SHA-256 or SHA-384, SHA-512/224, or SHA512/256 rather than +SHA-512). Starting on 2023-05-16, all submissions to NIST's +Cryptographic Module Validation Program shall only use SHA-1, SHA-256, +or SHA-512. + +NIST further notes that the same will apply for the truncated versions +of SHA-3, i.e. SHA3-224 and SHA3-384, and that SHA-3 should currently +not be used. + +Adjust tests to only run Hash-DRBG and HMAC-DRBG tests with truncated +algorithms in the default provider. + +[1]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf + +Signed-off-by: Clemens Lang +--- + providers/implementations/rands/drbg_hash.c | 12 + + providers/implementations/rands/drbg_hmac.c | 12 + + test/recipes/30-test_evp_data/evprand.txt | 384 ++++++++++++++++++++ + 3 files changed, 408 insertions(+) + +diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c +index 12faa993d0..5f9602cf84 100644 +--- a/providers/implementations/rands/drbg_hash.c ++++ b/providers/implementations/rands/drbg_hash.c +@@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + return 0; + } + ++#ifdef FIPS_MODULE ++ if (!EVP_MD_is_a(md, SN_sha1) ++ && !EVP_MD_is_a(md, SN_sha256) ++ && !EVP_MD_is_a(md, SN_sha512)) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, ++ "%s is not an acceptable hash function for an SP 800-90A" ++ " DRBG according to FIPS 140-3 IG, section D.R", ++ EVP_MD_get0_name(md)); ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + /* These are taken from SP 800-90 10.1 Table 2 */ + hash->blocklen = EVP_MD_get_size(md); + /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ +diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c +index ffeb70f8c3..79ed96a15a 100644 +--- a/providers/implementations/rands/drbg_hmac.c ++++ b/providers/implementations/rands/drbg_hmac.c +@@ -372,6 +372,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + return 0; + } + ++#ifdef FIPS_MODULE ++ if (!EVP_MD_is_a(md, SN_sha1) ++ && !EVP_MD_is_a(md, SN_sha256) ++ && !EVP_MD_is_a(md, SN_sha512)) { ++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, ++ "%s is not an acceptable hash function for an SP 800-90A" ++ " DRBG according to FIPS 140-3 IG, section D.R", ++ EVP_MD_get0_name(md)); ++ return 0; ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params, + NULL, NULL, NULL, libctx)) + return 0; +diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt +index 8cb70247a0..8a0a2dea15 100644 +--- a/test/recipes/30-test_evp_data/evprand.txt ++++ b/test/recipes/30-test_evp_data/evprand.txt +@@ -7483,6 +7483,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0 + AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c + Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7533,6 +7534,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49 + Nonce.14 = c85baec1c2d1f3f189eecad5 + Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7613,6 +7615,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749 + AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1 + Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7678,6 +7681,7 @@ Nonce.14 = e41f19a969494a2293ad0542 + PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9 + Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7773,6 +7777,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8 + AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35 + Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7823,6 +7828,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95 + Nonce.14 = d3ca16fb12ae4709d411e5c5 + Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7903,6 +7909,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c + AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69 + Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -7968,6 +7975,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1 + PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad + Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8063,6 +8071,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe + AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085 + Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8113,6 +8122,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38 + Nonce.14 = a0c71049f5c75c23cc11c7ca + Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8193,6 +8203,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8 + AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799 + Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8258,6 +8269,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06 + PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1 + Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8353,6 +8365,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d + AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9 + Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8403,6 +8416,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b + Nonce.14 = 61edc22b49e518eaa9e4e04d + Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8483,6 +8497,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b + AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870 + Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -8548,6 +8563,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b + PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221 + Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -9803,6 +9819,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f + AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a + Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -9853,6 +9870,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450 + Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14 + Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -9933,6 +9951,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc + AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366 + Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -9998,6 +10017,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b + PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3 + Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10093,6 +10113,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa + AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7 + Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10143,6 +10164,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09 + Nonce.14 = 581d145675384210801d9c75d4d19624 + Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10223,6 +10245,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1 + AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b + Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10288,6 +10311,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40 + PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2 + Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10383,6 +10407,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4 + AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427 + Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10433,6 +10458,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f + Nonce.14 = b8d8984703ca7f942951fca97129135a + Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10513,6 +10539,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b + AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404 + Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10578,6 +10605,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0 + PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec + Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10673,6 +10701,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836 + AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56 + Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10723,6 +10752,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af + Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad + Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10803,6 +10833,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495 + AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9 + Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -10868,6 +10899,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb + PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7 + Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -12123,6 +12155,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2 + AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612 + Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12173,6 +12206,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1 + Nonce.14 = b79f5c377be52381210c1c2c + Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12253,6 +12287,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365 + AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9 + Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12318,6 +12353,7 @@ Nonce.14 = f2435f70e075f8044d4235cb + PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593 + Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12413,6 +12449,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3 + AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88 + Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12463,6 +12500,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056 + Nonce.14 = 2642dd7030605b3608f4513e + Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12543,6 +12581,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8 + AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27 + Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12608,6 +12647,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a + PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099 + Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12703,6 +12743,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d + AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb + Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12753,6 +12794,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9 + Nonce.14 = 1c217188f9c7980b8b03b41b + Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12833,6 +12875,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7 + AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb + Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12898,6 +12941,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965 + PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb + Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -12993,6 +13037,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86 + AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8 + Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -13043,6 +13088,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645 + Nonce.14 = 6a9a5188dabd510894073f76 + Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -13123,6 +13169,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616 + AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac + Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -13188,6 +13235,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b + PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae + Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -13283,6 +13331,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af + AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0 + Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13333,6 +13382,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a + Nonce.14 = 503b4bbc0ca538983285857a573f6166 + Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13413,6 +13463,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399 + AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9 + Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13478,6 +13529,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2 + PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b + Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13573,6 +13625,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609 + AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19 + Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13623,6 +13676,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713 + Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d + Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13703,6 +13757,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6 + AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93 + Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13768,6 +13823,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37 + PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164 + Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13863,6 +13919,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269 + AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855 + Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13913,6 +13970,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22 + Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90 + Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -13993,6 +14051,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39 + AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88 + Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -14058,6 +14117,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3 + PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb + Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -14153,6 +14213,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12 + AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f + Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -14203,6 +14264,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1 + Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0 + Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -14283,6 +14345,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969 + AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155 + Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -14348,6 +14411,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20 + PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8 + Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -15605,6 +15669,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f + AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70 + Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -15655,6 +15720,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc + Nonce.14 = f49cb642b3d915cf03b90e65 + Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -15735,6 +15801,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1 + AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6 + Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -15800,6 +15867,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74 + PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3 + Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -15895,6 +15963,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe + AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595 + Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -15945,6 +16014,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130 + Nonce.14 = f77b7e0fcca6f8733e0bb0cc + Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16025,6 +16095,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934 + AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590 + Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16090,6 +16161,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba + PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090 + Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16185,6 +16257,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2 + AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d + Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16235,6 +16308,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5 + Nonce.14 = e1634c0d96cf91c53b063450 + Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16315,6 +16389,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2 + AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1 + Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16380,6 +16455,7 @@ Nonce.14 = fc382061e29c4047c6f05dde + PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a + Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16475,6 +16551,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a + AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f + Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16525,6 +16602,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126 + Nonce.14 = a1e958e036afd40059ce9639 + Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16605,6 +16683,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d + AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af + Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -16670,6 +16749,7 @@ Nonce.14 = 82dfae196513724ae269204e + PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95 + Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -17925,6 +18005,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb + AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2 + Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -17975,6 +18056,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985 + Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5 + Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18055,6 +18137,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56 + AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7 + Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18120,6 +18203,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59 + PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad + Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18215,6 +18299,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e + AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4 + Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18265,6 +18350,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89 + Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673 + Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18345,6 +18431,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e + AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7 + Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18410,6 +18497,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6 + PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336 + Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18505,6 +18593,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f + AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998 + Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18555,6 +18644,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00 + Nonce.14 = fc309209936c569a1367d45b212a9a50 + Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18635,6 +18725,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f + AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53 + Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18700,6 +18791,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278 + PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f + Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18795,6 +18887,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5 + AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be + Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18845,6 +18938,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b + Nonce.14 = 94206c91dcdf9c7c3f3571c703013419 + Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18925,6 +19019,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14 + AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4 + Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -18990,6 +19085,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10 + PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7 + Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -20245,6 +20341,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649 + AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088 + Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20295,6 +20392,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b + Nonce.14 = 1fb1df257951ce8fc0cf12a5 + Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20375,6 +20473,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241 + AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6 + Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20440,6 +20539,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6 + PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb + Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20535,6 +20635,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8 + AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018 + Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20585,6 +20686,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891 + Nonce.14 = b833be09092d4755ee6118f6 + Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20665,6 +20767,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206 + AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948 + Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20730,6 +20833,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f + PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4 + Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20825,6 +20929,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235 + AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001 + Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20875,6 +20980,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f + Nonce.14 = 3ecbdff8cf33b50788dba82f + Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -20955,6 +21061,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38 + AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d + Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21020,6 +21127,7 @@ Nonce.14 = 98ec3ae036755323042c08da + PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17 + Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21115,6 +21223,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216 + AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a + Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21165,6 +21274,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca + Nonce.14 = 1ed975755cad5e4c475c5945 + Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21245,6 +21355,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a + AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380 + Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21310,6 +21421,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1 + PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7 + Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -21405,6 +21517,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f + AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a + Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21455,6 +21568,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15 + Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c + Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21535,6 +21649,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695 + AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f + Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21600,6 +21715,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672 + PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea + Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21695,6 +21811,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb + AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0 + Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21745,6 +21862,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f + Nonce.14 = ff2558bec3e5377c12697c908d629952 + Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21825,6 +21943,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3 + AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0 + Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21890,6 +22009,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6 + PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2 + Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -21985,6 +22105,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211 + AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654 + Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22035,6 +22156,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444 + Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a + Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22115,6 +22237,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279 + AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7 + Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22180,6 +22303,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b + PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4 + Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22275,6 +22399,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0 + AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432 + Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22325,6 +22450,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564 + Nonce.14 = ea8e646e88f7fd6c8e590155df15558d + Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22405,6 +22531,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742 + AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637 + Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -22470,6 +22597,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410 + PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935 + Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -32177,6 +32305,7 @@ AdditionalInputA.14 = fc54b5339b37eb6889cfd7c185070bd0 + AdditionalInputB.14 = f6a783d6d42e5ad5abb0a996bddfa04c + Output.14 = 683faa732c4551604c8865b5f777571c7d3cf1a60124c59b91283da0cda9b21761d1c17c81856958c6d590436c73594bb36f46c2f89237d8c7a7ddd2c58394c983f8f6c000d77566f2a1d89bac054bdb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32227,6 +32356,7 @@ Entropy.14 = 08a325accfe119fa807a95e8cc2cd8ff041ccad8e2c4cf49 + Nonce.14 = c85baec1c2d1f3f189eecad5 + Output.14 = 2567712d6fd3b52364b508bb2e4ae18e34b155dbe99fef9acbe21346715d36c538dc380a5e5900e0ebde76c779006fabe2b3f171fa63fa0f5ba264748278549c9beb26db701c8fab7adfdf48eb63e48ca6f3be8f17131c5e9145f5dadb00fe666a651d2b1b9e785fd444b05d4efa8ccc + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32307,6 +32437,7 @@ AdditionalInputA.14 = ae701404440c584e27266a12318c1793b6a112d96e6a6749 + AdditionalInputB.14 = 53861747c9627e9244679d58e2dc8cfd8a72d1bab611dfd1 + Output.14 = 665481033912ca7d87caa56af2612338768b044953b02b9a50e0244bb805ca007648f71ccf923030e56baa13a88111fe211091a54744aa5d82abe97775878059dedc6272e7c7a5392d1fb443b770ee7f5dd05a3f2bba4cab1cf473d02648d4f8acce91ef167e3ac00c1c9324ca074486 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32372,6 +32503,7 @@ Nonce.14 = e41f19a969494a2293ad0542 + PersonalisationString.14 = f67bda6553b5e4b89e309cb48a336b78460aff498846c2e9 + Output.14 = 44d544ac910b7668ba9c5524e388957520fdbf11383808a5a8008d119aff7e1e2bbe63b4cbff19455f20f3dc79ab0a83dcf0e403728f2a2b2a9f3b98930d9f285641da3b6b9a9467b2701ce1ecac82bad8214bb618c40999f5023dc2d97dc1a53a0296d44f6fc9d49db00959c89e9f5e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32467,6 +32599,7 @@ AdditionalInputA.14 = 6a7418d4ffc40e11859f33189d5a8327042ec268b004ade8 + AdditionalInputB.14 = 97beb8c47434a23efe536287d776edda7ed7cae84c0c7e35 + Output.14 = 1fe94acb5f5cb7e4a8edf5be61673bdc066288538dbd0ac29ce2d43f7b890028e48131e6b3a7cfbb42772b63f2fac8c0472418653ee2ebcdfa5ec08683e7d4a9cb2c67cf7e22c2ddc779c6d9971b29347e6688113294c902a5d62c1fc35595e091cb10e5a895d7c3697056659ae457d1 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32517,6 +32650,7 @@ Entropy.14 = a71c303bf17e128c8e0aa07fb61ccc1f40fdb487a955fd95 + Nonce.14 = d3ca16fb12ae4709d411e5c5 + Output.14 = 61a51fe1eca4cf947bbf2a77d643e7963ca2c587e0eacc8f7fab3b3f0e166197a4d15184cec4f0858de2773d8becb339bbb18ab2c10c8b246ca66dce48e2a0938fe1ab122b4930d603b937491ddd3d10abac731957f2e1e030eef33f7f311ed782b06697914145e266d0b967914d638a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32597,6 +32731,7 @@ AdditionalInputA.14 = e098f0e076a3f40fd970f5d221944f0040ef4a18d88dbe6c + AdditionalInputB.14 = d7eb01dfd7c13fece92d35133c3be71efba145d7353c6d69 + Output.14 = f03074a219ef31d395451ebc8534e4f2cd2dbfebbd9257507979ecec79a5f76359f2d6b4653b31704ae5a49f884db91ac335ddc6d11768cac7850734e76734b63b71ff12f3f8d42cd404009e7f4b66bc0a639a9354ebd754c17f3cc65704e698d9bc0640919c386e96760f3c36d8789e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32662,6 +32797,7 @@ Nonce.14 = 838d1c69d8408cf0134f54e1 + PersonalisationString.14 = f08a964b386eeadc4bbe57164d3b3a0c7c0068c49c9bc5ad + Output.14 = d8af077476875fca2ef9f04013976c3c278d30592361b923bab2f7e3c8af4affac5408c390b4989da254eeb97ccdabf32f5e246739d0e532a6ea317e7dda02bae5051ca97a445f5e0696a041e5f9f2c077b26e575d749cae344859864aa00f262c1c41b2964b78f72f9cb98abce103f9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32757,6 +32893,7 @@ AdditionalInputA.14 = fa0823db6808a3de1a7dcc081c01cca840f68b005d473bfe + AdditionalInputB.14 = d3054fa2bdec7c63dc009ecccf25c1116380ac25f82a9085 + Output.14 = 556e90c95c1abcdde027fb2b88cf191f0686830ecf3fbf89de51c9bd735726131472a17f307263d57c03bd5ecd9ceba6cd5759b06594bf901418e2421fcef4b72678614079cdf4d25fa0b74985380552d2bbf478290445066e3f4a40a2e2b0792a685b769ffdb27721b1faa484e9c783 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32807,6 +32944,7 @@ Entropy.14 = 2a55ddbf673f4e12538e61cd2bfda6f0316277661f553c38 + Nonce.14 = a0c71049f5c75c23cc11c7ca + Output.14 = a88e6cc37617929bee1e14f74ee363d1e05fee618fc1eb1f8abaff42c571048032c84ef0ec7a6d8ad7e6c5a4a6e90d714d76643eca063287929032fe75a2b63fb1f83ab36a7fa12a12d7332459bba56b017654bc0fc29beae1897863a63276208f9d11a32780a627135b271efda4f4f0 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32887,6 +33025,7 @@ AdditionalInputA.14 = 65e70309f7386d1a0aaa53da65263d5263bc5eaff0d5f3d8 + AdditionalInputB.14 = abb8cd0ce0560309d2424d2f3fdce7af085e6c14699b4799 + Output.14 = 8188a498ef9e0fd52a77c3a44f1c7edccf9248590aebc52cb9ba7b5cddffe867b26309f032a78c0ab751741fdd9bd77d4bd17be90dd045f6f8b45826c9900028f68138cf1ca8e18b253b8eb73ae04f2e156d51a792abdc6524e4f45e4ed0b06ab3b0c94bc5e1ed58f917c17f72161d31 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -32952,6 +33091,7 @@ Nonce.14 = 1ffb77244697c3d67a564d06 + PersonalisationString.14 = 62865bf0f5af2146440d74e5ac8787cbedc544de16db24f1 + Output.14 = 1a74f62cc6bb05ff956d1af526926b937a84352830a78c7ecd2ad9c39a796f29f640d188ded8bda0e66ba81c941fed5e82f3c78543d9fca14335459ad9d573362f6b5d69861cb94c0bb055723ba5416b1fe08e74f27f23cdec9db05b50b01a20f0337cafec896f5f7412e1dbe7307e0c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -33047,6 +33187,7 @@ AdditionalInputA.14 = 1a6853817be281e26796430dc90f014f6fde64cbef16e58d + AdditionalInputB.14 = bdfa703974a758cd4eb00661e0f4663f4e574cc7be6906e9 + Output.14 = 23c9f591ec9abea9f9eb89ab8d705a1e570fd2888772db5d6fc6e418a34e32d78fe49be8d4d8288fa397b57afd49c07b715e276c68a2eb8f3e63f67de21d8ad23fbbdcfa03b201952fae49928ce4da66cb70638398bfdba4db7635c8c726a3cdac22c98ae776e881edd60b69f0b38e4c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -33097,6 +33238,7 @@ Entropy.14 = 7c8a961f01c1888456ae6042caf338c3ab8b5be28b34d15b + Nonce.14 = 61edc22b49e518eaa9e4e04d + Output.14 = 9d2eb0a41f7b03ccae8e4e3c61628e6710f5999f3991f04ba90fb3007275d07ff169d325ab26f3446e585c2d454ff8f6cd4a520190afbc06f30ec9b49668b09de45a116b171c210f5f888cf3c273c803044b17a16b06b44bc39344f2b2acb2f21f4b0a7abafec8c8d406d26477db9b7b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -33177,6 +33319,7 @@ AdditionalInputA.14 = 71b5b9e9b813b5f69e8fa9fa7f588217268581b7d135fd7b + AdditionalInputB.14 = e5b06d8f12539d36c665cf129c1c42e3b7e88edce1650870 + Output.14 = 64595391a02ff750b46418274b8366bbca0e9c52c95bbdfa65882b76395887a018faa276f3fd6c8dbccdb964755e36508897cdac977037d0978f2752d1dc68bde3ba1edc94787c1c8cfe42c2347052da30ba7f1e06b44c10805196e7bb048cf572fda62b4a28fc189702b1e575b008ef + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -33242,6 +33385,7 @@ Nonce.14 = a16783ada78fa029ca3fe31b + PersonalisationString.14 = b20dae78f254b07fe3eeb7c793334f3f432930353fe7f221 + Output.14 = 081803927779c7b2039681db542c965fe48dc3cfde712a361e77da9aaf9f21cf38e18b4e8e5ae5a365910ada327b05630abe87858163713fd8c2988975eca44ee3725370f1c68117e58c2164605524102f22f3ea55f21f7e8fccd9861c59973d71c0aaca574480be6ec8e1fb9a163680 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -34497,6 +34641,7 @@ AdditionalInputA.14 = 228522e58e65d50dfd176e8ff1749faa70fc2c82eda25b0748ddc5d41f + AdditionalInputB.14 = 7af60c47b4cd146a39887c9b812a1dd814d74c398609bbbfb57e73da9caff57a + Output.14 = 9528c88f0aea3fc03bb8a9061e159a06d78a2a654408808aa4d0e73ab1a51e5aa85e8bcae72d34784ff6f513193e183d556ddac5675314f2b5cfe392d1526056afe32d7c03e09ba2bdf3b10e228b0f600a61cccd9e7bf14dccf13b16a838e60909785307e6905d510d9888eaab169fa601558fc952aa8559d270ecd386d7fbd7 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34547,6 +34692,7 @@ Entropy.14 = c0509068d88167921812103b67e734698d68718ecf42cd99e0f55836c162d450 + Nonce.14 = 71a50d2db258ea35ba69b5716bf68a14 + Output.14 = f66c05713ebe804b4273103997d260adbe8a7d0f6b2bb862b867ca59874ab9e0898102664af2a8db24a7ccb4637269ac67d5e834941303acab9076ebfa04cef64f73480afb6808f11e6ab1a9deae514f5db1c90c59ce988cc1d04012640a40173362de2689f88647268c665ca44f57534c9ad9b8316b9cd1d5a14942e94e90607acf6ad37a2398979e56e9c227c1803f90844d6140f10d0baf20dd789d808a647b4df54d2136d967461383dd4db9dc154dd89cd282a2766dd6086bf3825d095c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34627,6 +34773,7 @@ AdditionalInputA.14 = 25d2ad9eecd3bb8bb60769942abd16edf0ba777f2541a4b0e80fdd70fc + AdditionalInputB.14 = 608c5789b5a2a6c11c7df095be8c81968c0bdbc6296026ab65195bdc5a297366 + Output.14 = e1c600294a86393b7067b6e77ca83e68d28a6b76f6f81007183be65a50fd2f1adf6eec5a64cc753c5bd0ebc12387bde8c6ec10e6ec7e603f09d4ae624cc5423b5bd53da4f0af064e14a7d176369f1726fdcf6468ee15ffd7db3be48d196601506c71e2f443a768e03ebc35245d254bb87a392508ab07c95bce84ba81058ca1545289c9d8142aa0858c9cd5ba54ee2bb75cebb5b74e0d099ee458752d11ed70122aed1254609a715ddf2720798c9194ae4a7424e2c518ce7a8277ec79da86263a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34692,6 +34839,7 @@ Nonce.14 = aadd62dbd7b34bf2021ea74a2788b17b + PersonalisationString.14 = cc3308e380672a955620fba59999ec4fcabf1b7f63089a124cc1f65d58b691e3 + Output.14 = 6c39f49bb51765dbae1de8325e7a6f8f8aec031dbdd94b83d5c4e062848eb4e01e3912784f817ee16f9c2dd0129eacd3f7b8d5bb4cf9a4a2ef823b0505c2ac8e4a1ec30812e98564aebaec14ff710a77c1904ab1fa3fef3c3d09f2d55b047a8db860322fab6d939093385838ec6d11667ca843f69268ba1fb7edc462fcc285adc9b4b97f0f717c28ac1b6f371d90baa86e8728051dfe9b68f15dd31a6da35194253545a5d667df6a1322f6b73ba661c7407608fa42e1b894bd1b6e7641749977 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34787,6 +34935,7 @@ AdditionalInputA.14 = 0d81d8c5af9885d1b30d2174429bcc6979bdb2b82e6fd3ccdfe93f36fa + AdditionalInputB.14 = c63866629ed771e53d2fe2d5c21e98ebde295c3fc3896fb67279427c61a89eb7 + Output.14 = b369b226dd535dbdab45ff8f13735214f9abe6d11463a44804b838d2932112ce6799341505b7b5bab423a3794c37f383b06be1fe21f5c7da97b333a41fb67908dbeeb2450a3581ef71870c964c976f039ee856fa507e9de948c4c097a64070b23cfa09ab7506a8ec4fc38a38ce21fbee3f3c1ef3ab598f5da202f35b90f422af31688402509c38ac25359409d2b61958390d28ca2d8b5dea99ae26c90978f01d7a482c12e134a81de0bf6c9f39e32a8b597ec7b7a05a805ebc7ce260c381f189 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34837,6 +34986,7 @@ Entropy.14 = 5b50064163ae6238f462461472ad2ac9acc300316e140abd9cd6edb87b8ffa09 + Nonce.14 = 581d145675384210801d9c75d4d19624 + Output.14 = de0ace4f4a728c681a0b326298142fe79cbff2ce5230e6c1ca3e2808692d02e4845867763cb9e93acb983aa54659be6f9baf210048baf7ea4f062bd7e3d9a6d5e7dccf427422b9dd93d392ffc810dfe185bbee253c3208e22a83c9804501321c6cc0357d22859487a3eaba53444f4027843699d5a78214c431ea741bba73bd29550925443cfa5f494372bd0e482e3ab4eace1b60187b6db588c0d252c8da3e0d6dd3e475040817ca2c85b1149d8447a52c111f05d7c14a0f6b7b6ea4f60aed3e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34917,6 +35067,7 @@ AdditionalInputA.14 = 80bb70930ef2015949b53d787630f5de93d93f98c577ca4632266e1bb1 + AdditionalInputB.14 = b6afd2c00be2eaed5c1991909e89029db0b04598115fae5118cc215298e0528b + Output.14 = c20bd78d9c396fc8fb408361e1dd4827ed3231617a73cd8848e493927207ea23e6efecd4fae36aff74b5235067543c7eb44c290122f9167a0ec4c6a530ecb0936fd683fbd866b73afb712b2f20ccc981b3f70faec4f4fda62e956c7d04cf578b06259b0f3c044e6dc68baf91e6149efa70b2ad2b81c8e14d1a994887193e53bdb5986a23d0412e989c447689a71b283934e50c25e10bdef0b22ce7368840cf761e32aebc07d7b51da16dad4c332926a4cc9853ac8db36b4b01bb36746a28f527 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -34982,6 +35133,7 @@ Nonce.14 = 3432a2e2263728e375ab973bb5842d40 + PersonalisationString.14 = ccfee35071757d5141f55a481b7c44a584c5e537c636d4d0ba10dc3c88adf6a2 + Output.14 = 72a77d1c5dea9d00c349d4e5a9e6dff63ef6cb80b7998ef62e7a1fdc2267057d07fafb993e8df868821c6cf76430f3b7ff24a527f7e41fda6d560a773d05bc003f7e1ed5085f6da3785dd999a4763894455febf7618750bad4e30d8f52f3a072af30d57df5afda08ae7cebdcb659e6cdeaff52b47d4dc571e28315ff0e38538baf436e02d157b64afc6d50e6a4c5842aff1e7573888c6ff9beaf4f91aed988f03032388940c4f54afda05bf55ef6fc8c673f01ab545838574f3bd4f22865cfd6 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35077,6 +35229,7 @@ AdditionalInputA.14 = 0facad642bc0004f946e3fdd149a4c0e52475c9e832c85b228bff6f2a4 + AdditionalInputB.14 = 19d477a7dd45a0b733e6c301a4fd44ddf65d4fe0a0435b57e319e31de4797427 + Output.14 = 2a48844f6919ed43a2b0b64a1d28707fd3265b418e0673190b49a606358062c1a54a6071c845adc6ad74193d746668f890423ebb971a63cedae3241005432c8f3fa3fe7f98d5912da34dabcfeb17c03ee8881de7b2ef04fa2147b78532eb0ce7d9244d717697138f116341c7b9e99f15728207f6a73c651b8940582f9f926253420a853ae18132093183a6073e3bc85633b75e1c6cec9323ed4142d0c8ca0dd5ab2ff2e6b304ab8cfe4aa98ac64951d836e074169d375ebeae8498f11bd02c05 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35127,6 +35280,7 @@ Entropy.14 = 3b6dde5f550d482d30eee2288bff802241ef20ec15696e614b7268f7c574eb1f + Nonce.14 = b8d8984703ca7f942951fca97129135a + Output.14 = 36d0cce70eb5aaccf9b172fccf68e01eb8ac8b1f2652cdd238f4b070c8f2d9a128418badb38d5d5fabe28b59d15cd432010716fa6a48071114b2168cd29028386171594291118e54fbf5b61ae3fbbf9a21ebe73a4aba482c7cdc5ea1a4f21a0f1b38812cefff9bae78c2b95f417dc0cda010079b637f825dcba059d154f5a53050db773250013a1f051de9f7882433d2054ef2adf9b7b57c67173c06ad16cac6bdf74a10bcc666f7d4a091a78131c5ed76fb733791278b6ee0f55302c4b122a4 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35207,6 +35361,7 @@ AdditionalInputA.14 = c6a3bc83220c7708eb7fff5787ecba27e48c894e15302e0ee7f4e5f09b + AdditionalInputB.14 = 39b854a1c487e24e1ed58916d8012277fafd6e7b6175c4be43927cfac9958404 + Output.14 = f7d2f39a513f6c4eab993fa440b769ce09a15476e06ceda47969be05f53ec7f8409de284749cdcfac07fe7df66b1b6bd39389401909f3a84538d041e1c038a289869e51bce8bac13a0f786cb091628f0a3a7f7f9a2f620c98889688d46a2a037fbc1b2a4fff40800eaccf98a0bc1452ff1f53f040daa94e17dcd6acef97192c74075d064be5a97205ad97f693257d96c04e78654a694e90b80a5234a25d1c7ceef360d53e768067335097c4aa8f126a31882eff8e55cee05eba4b4325c203f4b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35272,6 +35427,7 @@ Nonce.14 = a684932ea2337296cc3d150174a47ce0 + PersonalisationString.14 = b2c0af9038c2ef79ca8263a047bb9293a44ecdb457fb45945996157dcd199cec + Output.14 = 316fbc32ecc1dfa778b13921b1d624f9231c0ecca03e17fde750b1e31e76b1c330ea5bd62ca76150f231ac4aa96b06f845db2d03b65cdaba4c160b288a121eb144058f65a751e22151f91b90131e6756356e7f90d880ce754cf965f439189eb8bedf86c58e1fc2751e65637930c42552fdf81acfa1d4515ad49dc532b2a10b2b11209425ed1cf43c991b4a7c49bf6e701990fddc420608d74c3636829e4683c4e77a8151708d82ef8fb81b3655670fd4d242e357831bc091f30e6d139d5e5ba5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35367,6 +35523,7 @@ AdditionalInputA.14 = fa32817ad83c85b594976eafab28fe25c45aa74d0ab4750b33dbfd8836 + AdditionalInputB.14 = 2e5cb3c7c9503e019b3383eb6264d6000160c3c99ee5700e7a92433da1c01f56 + Output.14 = a7571c1afd3d1dc1d3b28dbab54fe3514a0ec74ccf999376a963a3820474cdd67b190551ad5b24f4376633b4964490f79a94059a55b967f8dbe58eb20d70f1fdac91565bd8daf5223abfa13b132a140acd33e36f29fe1b107f62e6c45a679247b80c0aa050f1c2d3195629baef7422b72fb3cfbb82a2e4dd1966b1cc27b8e6df1907fbd6320f25594e1eff912cd9685755473b908e06fd30c4359258be0580e6bb2f986b0450d53fdbfefc3bf06c0d80648800234100af755acec4f809c39f3e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35417,6 +35574,7 @@ Entropy.14 = 1e1cde834393e00a2136b8924be5600c8bf59dc2d8a9eeae467ede71ee7b75af + Nonce.14 = b6035e96adcb7e8f2e17022e2e4f39ad + Output.14 = 9dde9f29034b6e784be24fe600c39b091568afb4c40c8e05b8b7dc36ca74a1bed38ab15643ca8c6da2f5aa4b7a6a5d5c9920cc31129c84e2fc9b865b3f30b698a143189a3f3b692b3e5641499c949e53e3619cb112f42046a18d5d12dfb3c6932a6a829d07deb17b799519b81e961ff293c0b2d24b629fe906166e330135e4ffd00609462f0f9b89a110084945243972486a0e1aedb2eceec02d402696c89abbc950dcaa72d7b0e00ed8e65c3e9eb1af7535de2da728f901650633242b3368c6 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35497,6 +35655,7 @@ AdditionalInputA.14 = 7112823304b16377182ff9aba920c97ec4d4f23cd472fa9954ded16495 + AdditionalInputB.14 = ba183a035635d9617bd71b59fccd561f1c78a7589c7fb3fedf41dc2e6d5015c9 + Output.14 = 94e577e5c4f66be345c6be7038b02fcfb4070d5bf74f8004b59c279cce961dcf5bfdce2f01e007790cf770587a68d0d24ef0fcd1a148fca6920e707289e58b81fa4a58b5a018a358d336a20daef30b2881844838e51c56f11533b25c77b9c6c6bb2c0657350f011b24db6c60a84232dbcd218a816563737585c1ca6152ff13304ca86dff20f9f9596aaa21448f2c6e620eee58f69338e3b675d29b478f34f0e60dfe7f12f02e6181d19185f7dc945210d86d31e85eae03161e947fec0f0fc91d + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -35562,6 +35721,7 @@ Nonce.14 = 67f50628067bc401648926d7567711cb + PersonalisationString.14 = 5f8cb19e3c86b179ffb8812db791e8bbe6b0caff958715dd9e3368a2d48f65d7 + Output.14 = f178a20d27725759c839e7fabb63bd101c3352f582524ff088ccaf6f0546ecbd3d5165f1e3cacbb49ede115b8f6c8db3aa9720692efda124138d29eac17637b84977384fb88e81289ed5ec960e6e98fdc71d03ef0bbc05ac7682acdc62888b49fdbb442080687f902b5a313ac88d364b13871b20f684cf1acbfa229fa203607a0a37b4e1685d13a508da9f48dcd83f26751a2284044f93e18b2a206a1887d77c4b76e821952b376f19fcf53d83f704e3ec3b5c3cb4c390b213d57dbe4852914b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -36817,6 +36977,7 @@ AdditionalInputA.14 = 2cc9f137fcd8c2d526d70093fe11f90a0a36bc9764a4c5609072e181a2 + AdditionalInputB.14 = e40361245b91880e308fb777c28bbfaea5982e45fecb7757bb1c9de2df9dc612 + Output.14 = 66ad048b4d2d003223c64dd9827cc22ed3ec8fcb61209d199619177592e9b89226be30b1930bdd749f30ed09da52abaa2e599afaf91903e7a2b59ffb8fd470e6604485a27c200d375feff621118595a7a3057b7e31eadc0687b1008c3cb2c7435a5704b1a1a6a3487d60fd14793c31486af765ce2ce182de88112445dd5ff11b256cfda07018b95f97edbab4e4c39ca097c42f9dce80cd3f32677f3c224a86b315d02e377dca8f3785e9748ffdbe3fcaa3b0c6bf001b63b57426836358e9b315c6718e0b74fb82b9bf3df700a641ab9411d1b9fba42309a84bef67a14204f3160ed16a5497fe211aa1f5d3ae4b858b6d445f1d094543d0107ce04ef1d1ba33ab + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -36867,6 +37028,7 @@ Entropy.14 = 42623115c0a43edeab391ee8ac84c2b3b1bebba8a6040cd1 + Nonce.14 = b79f5c377be52381210c1c2c + Output.14 = a59dcfa9585b1080cee51ee493fabc22394ccd0949e3a4d4e5b8d60e1137288d20f65e7f1ddc1345869e1af62562d6c11044bb65d11dc0071a04a2cd0eab76718ec9a67d4482acbc82ac27685b98c50064b41e120a35e5ca57ed1bed6963fdd03e26865ddd3217d67cdddbc990c5833c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -36947,6 +37109,7 @@ AdditionalInputA.14 = 450a2109e7d83a3ab2e628ab35af4dce8ce7205de7c5f365 + AdditionalInputB.14 = 60d0ce5e11413c321535d849da56c3d9bf6222a3d2cf77e9 + Output.14 = 27397574a1ad91ef6f332c954c0d5802cb9c90926ab05c116586995bd795a2f1b4706487da86282e33d0b44dcb7a58c8c4a2874ed4646a1e963b7d26b62e0a5e0a5bb60ec6e07ea6b7b7fe1194c3ca4371736e595707ca7fb56bc924089e66b137c47f9dde74b5de3687aebc2f5c2a39 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37012,6 +37175,7 @@ Nonce.14 = f2435f70e075f8044d4235cb + PersonalisationString.14 = 80fa0ec5a3a1b46cd639ae19c137239ba8113db33984c593 + Output.14 = e547f6d8cd665204f8ebf6d64ecaa23fcc59c1682eab3190bc76ad4981d68810833f1212965def4868883529c0bae4a2345da6a0e6a7e766d16022c6f371db8ad089d9227e3a85168d080c3ff2bdd604e7f8404a16268bd66d70f5fb164cee60f1af97bdb6e1d72059d7028a13ec83f5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37107,6 +37271,7 @@ AdditionalInputA.14 = 81356bf7d3122bd65b5d96d2ca68875e1d77b36edb8e92b3 + AdditionalInputB.14 = 1f185d4aeca1d95ba4c8e7867df64296525e00db7da61e88 + Output.14 = 8032e92efc35ace508d8a10f36a6e7110cd0b087cf853409e83dbc554633380e9793b7657a23a931e34347fe0ba34c2abdef6a8505e44da62fee97a9543b9e6dd6538726ec2cc6f6d19382562a4a438a2b0756fa66b48628af292e2f53e49edfae3ccc48a95f24c940a90d1abfdd6d0b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37157,6 +37322,7 @@ Entropy.14 = 3879ca720aaebb2a29c99c0aa21d63308b44677f2bbe6056 + Nonce.14 = 2642dd7030605b3608f4513e + Output.14 = b7ddc2d0295a550e44103ffe7e6e1771cd488fa2ea32b091076085284edb870220e02ba6facdf27d8b34209048d0aa4cce4556c074fc7ec2c3691b95aac3f47c3b42bee3c2e35da17b040188d47b7effef8ac471a669f29e6c4b97ff6836cb9fd8954f57309a97e9a697e061010525a1 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37237,6 +37403,7 @@ AdditionalInputA.14 = 13998df6bfa51c2708775384f01cfe8f4755b6fe4b3c2fd8 + AdditionalInputB.14 = 8d25383b6d04285fb699c644bfc9b7fc72de41c733f35b27 + Output.14 = 3f408ca372917703ecb3449ea55de7a969a5ba184eee8f30fb19b99ae827c66b13f29d4d3a0236aefdaca63c28bb71595d3dc1fc20f1e7ba1b1c9bdb7c2122bd8e443b00b5339508c315ebbfc9bc3c7bebaaf83312325bae696a576b3c92931eef6b4eab6bd90c140295f47994ec6e34 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37302,6 +37469,7 @@ Nonce.14 = ddb5c0cd2b4b640898c2fd1a + PersonalisationString.14 = a096d62f947314691cfb647cc2f331af834cbcdd5918f099 + Output.14 = dc9175fb05854708739c3da005592ada29d408ed6162dd278ee457bd3304e4f7011355da2302df1d0d190ef846cadaccfa5325d3f71c407ab2434d65d815dafa6ca15f7e701a104225a839f2fa9874ad49bbdbee576b1bc71ace28c825095510890861c851bb79e2e2e922c3ac22fcde + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37397,6 +37565,7 @@ AdditionalInputA.14 = 2bc060710fe3d92760adc274b878de0df82804e840cd098d + AdditionalInputB.14 = de879de9c03efe5a68a12da7a06003ffbbea0a9c53f5e0bb + Output.14 = 4968c67d2f830b591531d620b6c40de4e9a15dc97c70b8b059023033bea376953cc5fb415d823d55d5b02b17c2ac60a1c8ee7473d25e94888fae15c6a7770b75565fe505a117c734d0c7d0386cff907a893da3a83d45f51bec9d95670374524b4f59e45a04c88d1756ed854fa9f65693 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37447,6 +37616,7 @@ Entropy.14 = 7ce7dd98c93953a8b60d395a68f03b8919931031e8f68bb9 + Nonce.14 = 1c217188f9c7980b8b03b41b + Output.14 = 58884a4316fe8104459bb339a4bac08d95461ad8e58f333eae5ceeecbf2d375e8fbb82eb1d29890ee0c56037bbbac8cd8e202d7ef05ed7126a15064699b9dfd4523782aabc6eaf21f1727d02c1311f5812c4b4294827a75f1cd6e6dcc73ba45ea8fc5f2647dff725f5fd9bc64d7b21ec + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37527,6 +37697,7 @@ AdditionalInputA.14 = e73890b772747a356ee1527501410eb5cddef015a8d6fbd7 + AdditionalInputB.14 = 9145caf79d0b85bb7874c2dc82d52bcca68225a18de258cb + Output.14 = 4ce4c45336ed4bdf4004f326a049c195c26ff11aadde90d7d035ce277a5b158577a7e9971063ee9c0b5063ab1f20c90f619137c2f4713831d18f2237e1a3d522af9a585e5f43f07d911b8b977f6c644784c9c02238b9fcd0f663c8bc1913f783c200b388b4ecf30246c7120adf3db79b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37592,6 +37763,7 @@ Nonce.14 = 2b884a75ff571f92ba1eb965 + PersonalisationString.14 = 273f3885354c0a8296b0862e19157fbad69578ec121cecbb + Output.14 = b60362ddfbb4fc41f4f5ef353fc0fd8f31e139876a3af0e69f9049aca46a5989ee3a1ebb6cf14f525c3d8a944f4e88e030e020ef6551289c93f5c6ca2f6bc495cdf49ac91bb86e4766ccbace5f7aba008390d2b6dfd416d63ebfe07f5d583b8f9916ebb54620953d0b73c136de06f520 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37687,6 +37859,7 @@ AdditionalInputA.14 = 69720682d68b7043c331b889ce6d3d83aa3d33846e9ddc86 + AdditionalInputB.14 = 350c63e7b01ecff4aa171f157c71f89a55637c2cac0253e8 + Output.14 = 63fc9293971bc8dc151bcc2df20e4b5c7604138e4df49fed323c9f1cdeade3d5d1c8bc89e507e5da1f38c1f76d968ee45ba53a3da35e693e00afd683817ee7da5cd2b0a657ac6cf95913c859c6b4a15449fe9045a3af03cc198cf10b2deb67c5c3e9cf9a40b8251de19c6cf3114bfe22 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37737,6 +37910,7 @@ Entropy.14 = e03af342db03da30e2b0e5b8ed76c2562194417fbf6be645 + Nonce.14 = 6a9a5188dabd510894073f76 + Output.14 = 7963276f1054db251369a0b91d854fabaa3dd5b2343ef4306cf897bf964fc8b885908c4ada163b929a19c948ac89c8480170eb59b9a8d7d2d30ddfd1248e2c1795c69da81fe72d6361d34754f88eeffca2c31859bc8940d6662abe2622fdfcc28a1764355aaf46a2e00e50606af2b6be + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37817,6 +37991,7 @@ AdditionalInputA.14 = 9b6c491387a2394b94bfa8b077cd43bac49117e94afb9616 + AdditionalInputB.14 = 7c04bea824d8aa7b19facfeb3a676eb51c31d7b92f0ca1ac + Output.14 = 332b884c8edcb260c535a218001d421e190d8b9c6b856fbc5a4ab45f92149487f8563138312a42487969370440675f5bc9b21a75d2a8386867fdf861c8650e26af47c5efd81d9fc39cbcd44ab0f4cb10325fed6f5b7ce5d8111ff71e5d78c7d1f53410e5ba492b9f68ca55325ea8b318 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37882,6 +38057,7 @@ Nonce.14 = 9dcc6c4317ff492d0d7dec5b + PersonalisationString.14 = 7d30c5a4aa169c6dce156a8eaf000f9be0f8681e3282dbae + Output.14 = 550a9ad9e45ba359d463c1e084777bfb2ee25ff791070a87f01adc04cd1a7e9e6ef334e477fb5cadd82381e0add8a39ffc222150f17b8bb0d3b1cd80948c0a5ee09a84ccfff6c9ac33e6831d1a84182edac6bcc25fe357a708f78db9a88daf553914cdf0bc7a9b0527597f73707fec8e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -37977,6 +38153,7 @@ AdditionalInputA.14 = 1b8725447ec539ea4a13c47b323f1d6f435ba7e624dcf5af + AdditionalInputB.14 = 86d30af40a7a395764b8b69f2656954c7c3f1c30b2b703b0 + Output.14 = 2fb2f24b2c38f217232dc22ecc7380b8240b05d2c7bc0e3dfdad268c8c10912a92595d70dd98e7ecdbdc6d7bce6c72cdebd7e121d75de8b6795b660be9096a1f24a97e9c5344c35f04451dbd8d9808c7a84c6fbafab6d060026490d492060f052fbf21a3bfa2a8e4a40db58672ca52ce + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38027,6 +38204,7 @@ Entropy.14 = 9021c403eada5eac222dc48e1437b6de48ca31b9e7e76fc5f60653a3d901308a + Nonce.14 = 503b4bbc0ca538983285857a573f6166 + Output.14 = bca7456257568a178877bca602d331161828a4ed0758d1ec3febcc21717cc4142e5481dc9756c56099cb043130345689156cb96e1664ad007c461ef8b5b0fa7d18508541f528a43fe8c719f3a269ff2821ca655980579dfc2c794da673b8c9234d561b833855efc91b4747ea5135a1a05017543f5780f2cde8b472787173ec50 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38107,6 +38285,7 @@ AdditionalInputA.14 = 439ba9ee252edb11b09fd765266b220077ab641cd7ed42b7cedc96b399 + AdditionalInputB.14 = 18e1dab1f2af82b8912be6791b003d7b0d66ce76a78cc17b753055b7b48cd2e9 + Output.14 = 5af9e042af202c9584bb69cb54738c0352ef2c9b9483d6fc8efd525ca38e62f535f2ed5658770e8cc5d53d9f1964b8a55d871c78250851491441c924701a52175410f52b162ebfe3991a72472d8842248402a666d726ea71437fc4a521543a323d501a6942ec4b7fb77ce462face53a2ab9b1b9fcccfe2346adf36027c48293e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38172,6 +38351,7 @@ Nonce.14 = ef68efad369ca5fe791ad438cf9dbbd2 + PersonalisationString.14 = 012ff5b08fe14fad65ebad5f15d74fd72d8577115e5e91262043e85a13a3043b + Output.14 = 1779c05411254dc5ff714eb56332cdf9a378a160bf0a20ca2da9e4c3b4e3c425d2f08dc969bd4924560c8caf9686b27720307af8246e6cef20fcbc00cb1f137b6efe9902f9944c1384bf917675a52b7b816795327afc4896182a78d4664b98196f89c466d5fe1e2a54122035863c8bd61461b2ef9e7b469492ff63364b013dfb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38267,6 +38447,7 @@ AdditionalInputA.14 = 77d998ddfd7ab7577ca9f51d6cfbec955aaf9f88cbb3ae32db7f7c4609 + AdditionalInputB.14 = 9ebaa09e7057ad7cfbf02e8f3143ef7b7c1dd6158f641815ecdf8e4a65c17f19 + Output.14 = 161efdc30cdd124d4d6b3d43798dd79bac70f494c3ebaca111cfa3d9343bdb73ac0def00776486584f932cab74ee12a391cbf4890b10044f7de6c73f973e43837a43b7c47a1a9a36d7e62f9b7ce40064994a610b92d68c6d37aa5d9d92c3d858770ffb8fbd87324b49101bade3f2014bcae7deffc1e4f6a1a91ddfe7e6aa33cd + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38317,6 +38498,7 @@ Entropy.14 = 0653c409e957302f6eb62bbc4f42b30942ff7860e7c38dfb2fd26b164e83a713 + Nonce.14 = 273f7eab3dc9bf11216d5216bd12478d + Output.14 = 51dfe9851da8d7d5add3dae413d8bab8bc7d1fcecea00795ffadce047d5243ae36f29f3611fb8cb66e98717a98735384aa6a310696356cb48f4672b2ddccf86eb44777c1616338792629b6cc6ec2b66dbacc1a6b66bd9364914f1f43277f6f43e13145fcdb73a4aca6b784f9084d22c967033651da610e9a85b1eb7513683dc9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38397,6 +38579,7 @@ AdditionalInputA.14 = ca73cf447f2fc3984a9de0290fd9a984a8460ac715cddd9e8ed99aafd6 + AdditionalInputB.14 = 21dd9cb8e146954a9745fabe039f6f52ba8200f575e9bbe19c703b8864f34e93 + Output.14 = f1b153ae274a380c28668f1ee2c8c3a91f5380d41bd611d974e4e419a37debe664d0b706722184fd3e805f2ff05554bde7219023d1f62a52970aedf4d77e7b4604cac2a804e7b9353c087752f7f185991b10910724d0fd06dc6526d6102c8d0ee8c32f6692c2786d3b715bf3860539689e3f415855ddc37bbb6750972f3a45ca + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38462,6 +38645,7 @@ Nonce.14 = 10818cc50b58ccb660d65ff705041a37 + PersonalisationString.14 = 2756a89e79266d6d86bbd865708321f529b023d0cb5ee5d9888c37db33dd5164 + Output.14 = 7b3d778ee1623b08875305d5761ce2cf44ef1bab87c7d0f29c862c40d3da31240e7450d827909b6b131a9b0e9ad68d5c02caebf4f3b0b7d7ac1cc58e353ba68e7ac9eefc3de1310cf9bf5f4b854ef3fc36e940d4fc50072845a83c38a7d4372c191b900d11d11a907a50607c348951ccfeba4efc30377e4a965056e4e84eeb02 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38557,6 +38741,7 @@ AdditionalInputA.14 = 764b81871036cf65802c4e9659e25b8039be84bad1b121b536d2ffc269 + AdditionalInputB.14 = 28d46df3c254e5cc199e14b45bb1e2f85a5da03f49dd76b5a16b76723d5b9855 + Output.14 = 94e1fa76f879eb9840cd50853565f43cd7b0545705bd9a35494668bef7d7e7085b48a455b38fcf10f145f28a599c58e2f88c2855f2437a17d7333d243a1c25b76bebc6a94f7abc3fabe4c78041d9b3eaf675c11970b14cfc6ff20c8b23852b2733ef8d8416a920617a9b271beeabdb0462e5d23fd68b56f58e3554e81493c5a5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38607,6 +38792,7 @@ Entropy.14 = 3bb1f6cabc56a02643eb767cc6e5bb3a5bd765555e4e27159ec905012f58de22 + Nonce.14 = cc37cc9b20a2e4de0bdf8ccc3261eb90 + Output.14 = 28f20b9a94340aaa6ca98174b5929ce3329d81bebd67faf5e30d12f775748c34c848bcda26cac8b4a9b34c7c92c9984a6f5a85269583358e985c2b372a887f9e3f0f3920dd512def27d818522ed1a49e96d00a5aeb41bafd152144a8b6f93426e73d6e8ef7a8a5381bc464b24061080af02aac51fdc52f404e1349b7d04daef8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38687,6 +38873,7 @@ AdditionalInputA.14 = 2be009fb81ff22c5c2e15c988cdac8f21a6f17a4277fb1df773bbbcc39 + AdditionalInputB.14 = 0c869f061049dbaea48af93272c5b321977659a79f8bf0a5c6d68b982ef44b88 + Output.14 = cd9e8213591ed7e30743ba0dbae5f08a4021845d961040c5188093d518c3135048ea8ff052fd66fa83bf98c06d39c6cb522dbc938b6824f51488197159666369e7a9444e04b7ce5832bd6db1b3cebf8c0f7bf865bfc3cf60d2a2c0ef06abf7737590fba097c29fed234369cf9f064b142ca30e3941093904945021372c20d90e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38752,6 +38939,7 @@ Nonce.14 = 704e8e29c7aac1d8cbe97bd7305f8cb3 + PersonalisationString.14 = 631c5d0240b8d9800211ee6c97a5ae77405a354ac25705f22d405e17a52109cb + Output.14 = 9ee855e661d4293fdd7353492c711b39625ead90849ae5808b1f67c55cabe17ae13f0f18c0954341d6a2d24b899785642c0b29bb1b81fe098a17f8701e8820cacf6c00a8dab2e96e7f8593e188aae48385ede7bb5ed5ffa3f19053663383d666d38eea377d121e0b55ee58ee8fbf1e49c42a4d3d48fb0c9247c6b94c6539f4cf + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38847,6 +39035,7 @@ AdditionalInputA.14 = cf6884bb4cf7c08ea954cc2d2389eaaaaaa3bf9ab1dd74372c20bb3e12 + AdditionalInputB.14 = 2b30cc597b280e704632ed1cd2bbbbba7a9953deaa809848eb937b6b1a44b91f + Output.14 = 4de8e3c529bda0753a9ba237633be4c844308c233d6e58995c339cc006c7d4789b5f1a6314637b9749621fae3982c5a748d58c080e12118d4442bb55732da53daeca71d3d033b10a2a807848babb822a346524b4a41e9d85941730b21c0e80a9871c9d9aab0e6d0269258b57fcbf7d703794bd2e5f3d7b3da9d3cf2dc2073653 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38897,6 +39086,7 @@ Entropy.14 = 043872fa9f0c4d97e2c6824b778a4fb0debae214d3358a5aa01c0092c9dab6a1 + Nonce.14 = 0fc8d529a37083c2efe84aba8c8abbc0 + Output.14 = 22e8eb6b4d11657a66cba93f89b519bcce87a9bfa5ee22cd3cfef6180cb8ca842e8d408257b8140fabbf1dd65085ae62fb8b1d2a679dc0bb0a82ecd3b8bbc05782a20a6345554a1f5467e9811e0fce41a786c805ce2882f8b4d972b9a37eedbf828a381d34bab95efc47233846f8b5c701563033253323eda41effad5fe37d3a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -38977,6 +39167,7 @@ AdditionalInputA.14 = 585a4b6736338ba663522b438ab9255782c39b36e6b253186e821ae969 + AdditionalInputB.14 = 2581ca0314c9a224b09c0c2e677e1df1c215cae0760d3ba03d1053156e9c3155 + Output.14 = e244109b937e9a71caa70d627ec8280210c86676b4ea842c6a4569e5da0b25c1ab3794ade3344e2185641c77df4d3011962e8312aa7c2013e4373204d861e27e88ede82873d5d45ae5700ddf0ae7d523e96df236a249ffc6e009e231b77d64f07f395e57b19a4d2961a6046c910d0b8ac3d882129ec3e337be4cf2d9ef041a8f + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -39042,6 +39233,7 @@ Nonce.14 = b2328815495d926dc8ff075d5834bc20 + PersonalisationString.14 = 4c539b94823c6c7883b071ac395203bfb5117b6f9d5db7cf4063132e6a2a3cb8 + Output.14 = 4f6035946d4305290485c7aea10bbceb99b841770dbf5529e31ad51b0ce138344ac0b193a5074234adab8887a51d9448a2cc637a543372ed93885975b8de342c6a12a1ca8f3d053ced1dd2c7d6a3fabf6ea7860071c035f0fd54ee5775ae3a5d457d4af9e034ed337d79e9fd52c2ad051388dda50aa78d37403f33d52d30f6be + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -40299,6 +40491,7 @@ AdditionalInputA.14 = c9a1481cd25c537ba57750d594afd25f + AdditionalInputB.14 = 51e29804f9d079f3074ec398320b2a70 + Output.14 = cb3cd4510de88f8081d8989c2679f76387b7d2cda286b75d659a3ab7c3b2ac77ea00366e7531c1c9f4f8e60c845c5d2a5e05fc999621d011deac3f28cb447a37c2ee815f7f5be3a571d153475d6497a3 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40349,6 +40542,7 @@ Entropy.14 = 71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bc + Nonce.14 = f49cb642b3d915cf03b90e65 + Output.14 = 144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40429,6 +40623,7 @@ AdditionalInputA.14 = 03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1 + AdditionalInputB.14 = 5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6 + Output.14 = 72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40494,6 +40689,7 @@ Nonce.14 = e8c5220ae48b0ca1412e9c74 + PersonalisationString.14 = a0a1d6d3887f7ff9f13c85d6ae5af2c840fd85989b7e50b3 + Output.14 = 14f629aee43f71b61d467ccc37de8eb6110ccdc65fff57ddd2e66707bb768e5de5df5467ccd55002815d306adc7b7d6b5d87c20d2922bf5fd3790282608457b69720be7d7affcdfecd173a741c7fc99f5f30f981b1bc102977a61f1515b923ba53cd87a37faaac12e0af613ba0972a0c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40589,6 +40785,7 @@ AdditionalInputA.14 = 875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe + AdditionalInputB.14 = 4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595 + Output.14 = 90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40639,6 +40836,7 @@ Entropy.14 = 30efbec33ef98a928e9441af3caabb34cdad892669e88130 + Nonce.14 = f77b7e0fcca6f8733e0bb0cc + Output.14 = 85f5368cb9f44474af6c4a159477c5cdd05eb0c0a37847bbb07e9a9c8f633ef2c3727d017f1bbfa89dba056062202f5824b3a493ab53a2a5fcf796d944577f1393d35f2a284453b2cbd8eaf35b9bae7b87c156cdf9cd0a2fc94ddb0d4842e3ab4b6c97089cac0e32bdeb32dd8233fd6e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40719,6 +40917,7 @@ AdditionalInputA.14 = 5c15fa9dc77d6fec5f7a4a3e4a315c05de2b5e46efe54934 + AdditionalInputB.14 = fb65ede490ee01a1c100ad5e23a20f91b45adf1ddc15c590 + Output.14 = 98cb3191831dc79334e8e37d5246600f822aaa40964b91f345b9df90929db1b7bdea96dae9aeb88d05fade5ae6c29aa8eeec7fdc96e654c5ea41ea01e3104ca4d287bb03005feab0bd1f85e556bb6bc46a2227b14fd94f9e6cfd0341cfce951851feb967968d6cc818f364345b715bbf + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40784,6 +40983,7 @@ Nonce.14 = 46f8ee037b927ec766de0aba + PersonalisationString.14 = e6299e0eb5826e498d873ac02892f01e02f6632101fcc090 + Output.14 = d86bfd8f9d80eda3bd43850ea6edab2ba4f69ac8eea623fd6bbd5c0c920620f8cc136b0170f0310a156271981a9cf7629e1b8f0759de1e99e20a0930ce3bb7dd2d88bc9172a56108cdd736dc529a6b99862bed7d543bdceeebf450020762652d520105f5c5cc3c9a6ebb64af2a7e82b0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40879,6 +41079,7 @@ AdditionalInputA.14 = 82f895626afb606f335f5f050f0fdf3b45275e0b451774f2 + AdditionalInputB.14 = d423d43240cb6461402a7755f247573f24fab496e00b2e5d + Output.14 = b32c753900d4a0a0650d35d0fc918b3aa5f253d4381598ed475147f32c8b002bc08678e45bed1b9b519cb9729972886f85e581c75d3c2c9fd6ced929be29aa3befcd1d3fabefec590ca55612c1a0409446a01398d0e4775a548d118a32f29b0dc29530329d2a7656e5d3ef66db2b9726 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -40929,6 +41130,7 @@ Entropy.14 = c617061099a17392c3092d27728b35e59eb45814e9df9fa5 + Nonce.14 = e1634c0d96cf91c53b063450 + Output.14 = f08234ed8621f1f551cf49ea60140313a71341f6886c484a06e74e64aba6f8ffc2cf1edd34cd93e836ab033fb0893e52e01da9b3104fe49584a45447c136222b1c1f1d3cf406a80ed9d782d2ae277790eefc5c06f954e654f7f283ddea79d2160cca1f63d0ad00eae9e882de34ba4083 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41009,6 +41211,7 @@ AdditionalInputA.14 = 857ce19dd6e8a45be185875f1a98911062045553e8d28ac2 + AdditionalInputB.14 = b5f1998f0fa38145edb86ae4d569ef4dc2e0aac0a815d3b1 + Output.14 = 8f0d978b24bae2a0665beaddfa61e8896ed7976432bc4f7c444699e30b8da1ecbab8990bab9d0d72ef6f6b0b27ede12dc171a43a14092d57e3999cee71b1356da5f29b17fec227ca2a4887bd990fa33e1e01c8a9f900ffbeb300cc5ce9d7d2e25a44fafc07e34acd61d425e0d36fb0f4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41074,6 +41277,7 @@ Nonce.14 = fc382061e29c4047c6f05dde + PersonalisationString.14 = 9b2eaa4c2a229cd2bc5de218aff95f6e5fbc7ef150bdb50a + Output.14 = ad49119d6b4f25ba34050920fc503d3d0d331ac2535d916a58d781317fcc2b1117618e9105ce192651ea9e19fa6756975d207c662f2b464416d849cb67b9af52abeb84f80863943af99c7916e78317a091ba90714ec8620f661b41d648c15c06e822329cd7f145446c5c3630a4243281 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41169,6 +41373,7 @@ AdditionalInputA.14 = c9aac7bd9f15385facc344dedcfa754bc9f4f30277a3555a + AdditionalInputB.14 = 42de701acf5622b30e7672bf7115043a9912c1758c1b316f + Output.14 = 972ccd5aa60966bac39aa9c891c7c513244efbfe3446fde6806cee991851f1e4b3d4a4a0c04b57242deb4f53d27040879562fc5b32621b46a642f3c84063c5195faf9b78ed92145821ae554d58325b03d60e11461adaa8ac87876559e1cbe47f7b5c33a8311294b0e54a44c97d4d2c9d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41219,6 +41424,7 @@ Entropy.14 = 47f141d1d0142d53c10628d2d1dd77aafc11ffe45f29b126 + Nonce.14 = a1e958e036afd40059ce9639 + Output.14 = 2096935329ffd975154c38a2c22e30ef12b7acbacd39868032d6eb31a596e617fc7e05026b3dae231f256ea94dd4ea4f05734eaa7916be6f846b0304ff0de389f3390e51641103e7dedee99e56d9455c80a7e10edfd2147a50b3864b05443a1646fccde2197af1d1d72ae3c2d4594218 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41299,6 +41505,7 @@ AdditionalInputA.14 = 49a758a4e0a8ce69aa2e5f9b7940c6fbcbfc4fdc91165e4d + AdditionalInputB.14 = 9c8ebc02c3d92d33112a15747b6367b8d6db3447cb9be2af + Output.14 = 70cf10825dab6c1abcc1532a1b2bccd96f0638d02eedb40a7ebf97093f5d0295b6bc74d9e48290ab39260d684effcb401427a4ca62b971e5a31f06c14a9f8e3851c3e79dfe129ecf8a8e185ee58667e2b692474a0d5f0a39f9d794adf1cd71c1266563dde24dc944661acbf849fe69fa + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -41364,6 +41571,7 @@ Nonce.14 = 82dfae196513724ae269204e + PersonalisationString.14 = 6e01d897ae919812b8408f82edffcfed8db6df2e2cbebd95 + Output.14 = 6e9bebf2e54d8da4e8ede97ce463239245ff1b021acf4441312ddba96d1f3d750bf2b9583a8aee76e2ee36a56d8e2fd4e11377d15ba3ad0876fd467c375a744240de0a7b38974e0e7b27c3917ce4e22f2bc78861f6f8b1fb42edbb1b0cb869fe5169527064cf2f38c0154082af5457bd + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 0 +@@ -42619,6 +42827,7 @@ AdditionalInputA.14 = 9ba9285889d50c27bdeb4a830a5b3120931a53980b30643557444718cb + AdditionalInputB.14 = 0f8716df331067b8ccf0e5b90ff79dd0f962acc69fc5f89c593bbb84e3501ae2 + Output.14 = 9d2c0053a0fd3f9be1fe33db214f6f2d54aca573e0642bd269f1b1ca23c42a1e85c73449830673cca14feab4d2686814edbd90c325e0fbcd5a2d7ca75334dbb113a13a0bb4e838f6724c74dddfca8c2bfb903c362d3ea82acd60d01749f6dc01fcd6708009a58ee9cc57a0d089095efae66aaea68ac247cf6aa8808d1038a109 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -42669,6 +42878,7 @@ Entropy.14 = fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad985 + Nonce.14 = 91f9c02a1d205cdbcdf4d93054fde5f5 + Output.14 = f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -42749,6 +42959,7 @@ AdditionalInputA.14 = 809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56 + AdditionalInputB.14 = 3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7 + Output.14 = 4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -42814,6 +43025,7 @@ Nonce.14 = afafaf2ad7e6449308e176be01edbc59 + PersonalisationString.14 = ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad + Output.14 = b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -42909,6 +43121,7 @@ AdditionalInputA.14 = 9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544e + AdditionalInputB.14 = c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4 + Output.14 = b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -42959,6 +43172,7 @@ Entropy.14 = 5f28c73baaabbc09e8260df3b3577c21f2f02be057bf49d2e73098ed5ff67f89 + Nonce.14 = 8c2f85b546903d8d4c10fe4549c3f673 + Output.14 = 1563c678f1b072813888970996af33c2a6b70b8dfd2e146c46df0616509382062fc9c72d223ebd555f4d8892aafd7b3b61619559fe3d3e7b5e83c07f422eeac912ca7d8858a2d25b966a8b34348b8ebcf44a4651edb9cf5a886e383b01423322ab3002edc8c936aef869d7638f38ca6688c308d2a17fea0ded21901d8e9f1ff8508762cb1dc7e700970938a0ece74c1c2d1801230ea785165d62a7ab0d6d59caf36b30be8e2e1f691210373b7a2866e32ba4b49b6a2f9cc9b80aa1340ef5c76f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43039,6 +43253,7 @@ AdditionalInputA.14 = b5d9cb4b3709adf297462f1aa8875c9f84bc39e323b8fe1c0df269344e + AdditionalInputB.14 = 5e47728cc468e0d2c6b6a90a20f83a9f0565716af54844552988f1d8c3a83eb7 + Output.14 = 548c3496135ecfa1119098ea2d862d421af024a844c37a02142e2545e4ff1038f4b73c7f6b7d0fba8f92f292cf5ca8fd57dbe7ce129423e0ddeb1dffe89252dd6b50495c88f350bb77e08c8be409064f7e9cb751aeb779eae30b7c471dc41365f128d22474a7e90a9953e948642001f8e6ba8f91d250d8b4c6407892cd96b12e5d94e4d7608e6c11604357436c8d1cc07a21aeb58d396f413a31f72af1ac06864ba68c04e0c25971c1315f5a8c5c04fe252105fc822452d0cf66f86af13d613e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43104,6 +43319,7 @@ Nonce.14 = d28f752f6e466e3fd9595fd380fa14b6 + PersonalisationString.14 = 232727310fdaac541b182497e5240dc2623a36b4efa7a912ab3ffaf9939c2336 + Output.14 = 3bc26201261930bf3dc164d25287e41efb47c07c8c5c0adf3e86613435df202116331cfccd4e07c9ef008c62d4199d937221a17dc97be2043270ecc605d3d48c609cbce3aecba3557dddb304f440250b2c9fd78838483e2d5a2b22015b97869b891f9e42afe21df5fbb8dfc9061468c70c63a14b6dcad9ccdeced41d021dc0ff47821415e8793d34377258d9d6629b9e396b9d6b8bb7fc22e03ecfd4890d16912001cb7ed002e33a595052ddf7b991c5607ab93c220b2122783d51a8372a223d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43199,6 +43415,7 @@ AdditionalInputA.14 = 50ceb01860d60ed119f101d5c573b5db00402dbb03885a09e8d326156f + AdditionalInputB.14 = 01e09092bc892916c29f7b515823f244d147d4b16976cebd6a76a37ef6e62998 + Output.14 = 6f1379c44d8131924c9a78286e80ebb34604ad78b531e795cc30c4f0aee422e4052f201ba226bc0c2aa3ec341fcbb5a87e24b91c36be7dda62addba6960df1289372e9677ce030555a9bd1691f559b8ff787dafa35cff5dfd66a2abd83f81552a82ba6ca7d21c438483e60fd77f93bc109f5be802035412c2af2873f5cb186b77dc055c0e0b27b16b1ef37de0b81fe63c4074a7cc8c3d27f71a992b5468351ef8b84a7b3e8f12458ff670d1381d879feeb1cd3b93436580c86bc2c33f27448d4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43249,6 +43466,7 @@ Entropy.14 = 57050c5fe58b2a2a0eba0d3b9c08a9b285e1180d2a297e0a9ad20740c6fa9f00 + Nonce.14 = fc309209936c569a1367d45b212a9a50 + Output.14 = 288668476b39814edbce5ed91951cec398ba2dc3bad76048df5fb1a2a680519c217ec4d57adc0251e1f8892a866b142e0953353bc2dd207aa2703f81814d26a60daedfe94d97de6043ed5f3bd957b7516681827f7a36d1b2a87b692c67aba050bc38b5e84f65f07d70cc34549f01aa390c5fc8dd01304fee7378e62549738e3f710ee6a4e32db3f472e1c2ef1e803e57a8ea992f389f0823c922bcea8b00ab844e071579170baae90839ffd5e00844ec343b02db090847cd323f8a68f0dce64e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43329,6 +43547,7 @@ AdditionalInputA.14 = a633f5f05ed8b09b70683a9f9a8e998ebf843b68a039dc3aa40cf30a5f + AdditionalInputB.14 = 9a57c6be8c1d992bcbd599952bd94a755d7ad686698991d189afd11cb88b9f53 + Output.14 = ae0fd8a1bf6f2f53f9e81ecf6f40ff6a36fef58a3f157b6a435403e48da4e88cab7871bfe2233b92afd228bfe3117d7cff0798225a901663d51f0491109b9c631dd6d32c5bec2da321b8e64ebaced87a27f17f67082df944fa94acc6c557fa6816001642e38b7d776c631212b782f71aed6db760f90e0de8e81baaf4d419170362932e6c319dab948749b331aae41b4cb3267da37c9233c36d65d5482c8940387498453b226af485a37ea16bd9e4f938618f70aec97e8c1430a8d8b6aae396e9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43394,6 +43613,7 @@ Nonce.14 = e1609138b91637917ec170fa3c3fb278 + PersonalisationString.14 = 230db2e57b87e910cbab26fbac7fa93a65c07c1ec004c74637e346c2db63288f + Output.14 = fa58f2e96776b4aa079dbfb49d81d8abfcc30d459caeb45dec4f1766fdc3b234d52cdc5337ea770e71a28cc42c82cbefce896d1fecea5a5290300208aa79b5ff97d2091498d749b66a9e5b2da7b774567ae9f83b87a8417b1bd089935e575b16618ffe8ec04b91fc9315968dc395fa2bb8776133d3ede95aa89ae675881b26ca831fa5fe6cba800d2fed1d509353e8cba6f007cf3c5e0b9424cc034e1c817d5f7326764f5ed1d17ddf8900977a0172dfab50bf4819a67e4c1af4704f59eda3bc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43489,6 +43709,7 @@ AdditionalInputA.14 = 32f618446311f03a0038dae07e85e19006a55b69501d764c241f683be5 + AdditionalInputB.14 = d64a97650e2f25362fd711c7abb5635672e16a02a1dd5ed8a181762e86f4f5be + Output.14 = 54ee53e6d18e974913ec235a37a706868f217af33b25e8e5369d90071be1d01035ca331b8514f3d6186a9ec62b1e7808b7fa22859eea21e4b8113ef770772561eff7f8b6ac22125d002f6ba9f53b235f7d85dd5b601787201ee1423de5d971b2e758b3955a048b50f118c01122a8e657f69a63843bea00a46c4fc2ebbae36adaebfe3e6c9b1c82e498d3fe48d332ac1bf31ab4c80830086c8ee4b1ea190f8e269f74cd760f5a29d244064d09c1bc30832482d5205e35604a388250a7a196ec74 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43539,6 +43760,7 @@ Entropy.14 = 9168436a8600415b83062125de0ce6a998090216dea7374af08e6d3becba054b + Nonce.14 = 94206c91dcdf9c7c3f3571c703013419 + Output.14 = ef12bd2b6dea20cd197ea9eabd98eec1a2943619cd2a96dd16a6c5485435e00c59570ff14d7d9fc09c99ade0e5ec12a84c0a8ccd5677fa9b92295eb2a620e8a0400bc9ad8a1ac1aa4969d8d04b77ad59b81d95cad75358698107dc8a2ff42adbd679ab29cc29cd6ea756f4c4e60c271c3134c48b5d5aedecf011e73c2663ad1cafe57120cc70137370760c350f4e9c0b8e9b01c9acaaeb56094434f4f87c67a5b5f674783204ab0d0598c06f0802a05ec97073c005f3c9f772fe0bb449c1cad0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43619,6 +43841,7 @@ AdditionalInputA.14 = eb9e19bb6eb7b714dc4d56243897916364dae7bb3861a4697d7d3f2b14 + AdditionalInputB.14 = 156d12c7a1d0af2cb9f2d0610cedd9ed3b982e77bf4a9dc1ef0f71284b751ca4 + Output.14 = d3b0b0ac5150afdb3d9de12d2c8a7d45109436ed9c316aef1d1fc5bfba1cd37cd750841146dd08320539eb1678962e990f7b7662b44b918447e173672b873b8ab0348306cf6ae2bcc6756036870745436571763efde334dec5be7bb9920629a36cc5db66e8824695cabecb8bf092858e095a2a520eff140f483ec528131c850a8eaa48d8c997fbc810401ca378666d84020fd34af77fbe1152523e979560708fb15f3b7981e333ad4ee8c2fb6021a562f339616823cac5998cd919f82d43f41f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -43684,6 +43907,7 @@ Nonce.14 = 733bf048e5b112426979a9879b6a0c10 + PersonalisationString.14 = 58d91008875f51d541c6fbd626a49a798dc51d9cf2e8588808e74953392800e7 + Output.14 = 1794335e21606d706dc89ace28c60a15c0c9f108f5ac882b103eb62e225de749285e5fb0be98a5bdc26e3c998ae418306380941d78acb7c81b91ef41cecab328332ac7404ace0ea858e7835534f778cab3e3e4eff043742e4f7d4d5725bcdca0b6be7ddbf79e57fcd1d5a4279f074a599abac2cd281ec6784e29d9399f5ffa8def3252acacc59844c0c24c20d029a89b4407e0b5cbe9a8d51241dd36bb82c400ec4571dd1baf831d58fed3dde4ac7f961be6ebc18af6bfa922a32b81ea11334a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 0 +@@ -44939,6 +45163,7 @@ AdditionalInputA.14 = 06df99a38f4222b9e7e1e3f4a6f488c1dfeafe847129d54c93bccb1649 + AdditionalInputB.14 = 3977a9671024bf0150752ba10c9f6432773bb71aaaa9d23d1ab72b90b7f0e088 + Output.14 = cd4fa86fb559475f4cf4a60f111d3d0f71646d3d25111889332f2451eda96390c607a0178e1e79e8124c7626ecaa9822495e5341dc6f24818f97951bb29434c7c48d05838fcf3b43b8314827d3acc8fbe2c4ae2ab066626c25c32a760002cb1d980169f7691bee5e329ff1ff4938d3bdaae583f3561499563198a5eb69e73f6b963a5d072d23e07b0ce48cd04b31f9ea349c2cae355ba478e26a5fa33d8f03af84235fb1743d30910f5557194e3609494019bd705f8cdbf3d1b4dafaa09c9d8037d2e0ba0f96948d4302e981162c34c12c2fabe1a42da517b7e5a1f796980371420cb305d0a316bee56767ce1aca9260231839b92fa26fd75846d9304427da27 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -44989,6 +45214,7 @@ Entropy.14 = 0cac1d970c06da6f224d49e5affec0fe338d0b375b66687b + Nonce.14 = 1fb1df257951ce8fc0cf12a5 + Output.14 = 7d6e2be5aa574b0edff39ea938e94143ed92b287262891dd2a6c9193b0237e8fbe10056e15785bd818e548452792a31c728acc14ce2bce9295d3776885018a57c8580a8e7df9a34ea960e0b39af4510711320528fa7a0badc6e25a0eead8cb091c404f626343c63d40044055ee9f9e35 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45069,6 +45295,7 @@ AdditionalInputA.14 = 38ead8a466e462f5c0617822c23294cdba07a80fd51dc241 + AdditionalInputB.14 = cacc9efb209c71b123498182d25081aab8f0159bed1fc0c6 + Output.14 = c200766d5caf72e64a77a7fcae1ae3d14681e33767ba2ba7faca26209fdcb59c7202c381b18adba07ef0ceef443d9e1c5888366bfd953d614bb184370b45ea2b44a251e381fd2bdb80bf4bb8dfe011e1b143032bae9ce82c2869537e70d36622bf23476163a2dace9ba863a5f0e3d303 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45134,6 +45361,7 @@ Nonce.14 = 7e2f3e4427d00de41ae92bf6 + PersonalisationString.14 = 2e8bc8edcdb3dfdd451542fbc68481b30964fdf8a6ca77cb + Output.14 = df949beb9b33d2c1522cf6fdb3206cb10b58411ba9e28a4096cda7662b69d23e0da2be9557b9a3b5a8d67db4d616ae9fda3a7e0a8516196568f7a81474c0264993b141f14066fbfc29da724e447f6e503385944e902510f0b3971f7bffc6a6a202ff88d8113bb222b104055f427fe770 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45229,6 +45457,7 @@ AdditionalInputA.14 = 23a781948449d82ee235d0495ca48d61aeb399d7e2ea68b8 + AdditionalInputB.14 = b52421e5b0e5281920da6975ee18d74ceebdd5d5de05c018 + Output.14 = c878a886e24e20a8b7e22e41ebb33a2b6e9a0168f4c72bebb78f0955c8449592e91c6a2f1ba5554c9459bf2702e67470c1df0b5125d651facc0a9339a2b7c921a51bc7203020f085c9231b3acd850ebfef0d0e13dc8bcfecf1f9853930ecd9b262cecaff0e2bed9e3b5b53343b733766 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45279,6 +45508,7 @@ Entropy.14 = 04c61e5cbd79804118267ee1c76db36b71b042bf60a1c891 + Nonce.14 = b833be09092d4755ee6118f6 + Output.14 = 0c4663313750b12daaeee80cb28f097cbe6f50df2022f9ff02a51fb373da42411c5856a136e9645e99e69aee273726d146e3ef4e546273eeca52b43c068887148b7197143f5b9a4c55d4b0544907ee9ad2f181d1b37742d1479d39e78e47505603550d2b28bc1d151a50bbac140988ec + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45359,6 +45589,7 @@ AdditionalInputA.14 = fa3bc697a6bd8ce341735365ad6e214d1e53e8d6d0a2c206 + AdditionalInputB.14 = bea0650424d1f26e75a49ae2dc529f1fdc552e3a0aa50948 + Output.14 = 4a718257296a3a99f199a5a24decf8f3e6209a4a7fb0b24913393c8309826ffcd6c47208ea6879921424ca55e63a7e5bc63a030cc48be7648da78fc9f314dacb2b8568635e5b14a94bb06a709a2f023a86a871dfd708204c911d94ef3690b3634e58de03fb20091d628bec834a760dd4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45424,6 +45655,7 @@ Nonce.14 = 4b729a67449bb5675a1f9d1f + PersonalisationString.14 = 9160b7c96fd367dd7d378e82be11ad1827c7661d76bc1fb4 + Output.14 = 1d7ab4500d99a18b8be2ffb8177c869059e25f1ffbddb36694fa8561da1d71f86a38accb1926339f6dff71ea8ed104c3518e62b00e520c51a096c1c62469e56b139e6384e982588e748a8074dccc51d558d944868e2b8e1dbd68bd83c663447590430ebe15c64aba4669d1a4a784d8c5 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45519,6 +45751,7 @@ AdditionalInputA.14 = c375af43c11115e995f47212f81cf3cdca5801d184d82235 + AdditionalInputB.14 = d2eea45f69c6d82dc3a7bb3be69d595c86c5ea5b4aee6001 + Output.14 = 907452bdf42eb168195313eefd090a2fe1be8b668b8ec7153a4ed4c07e6979244282e976decef02ffd4fd92b0d7b90bfc453cfd81a823dc162dde29dfa926f20e395d7432e0aea61c72e05c1673180bee3b47fa171cfba98864fc2bf83878e37c7dc019d465788aa1500ab3db8997d3c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45569,6 +45802,7 @@ Entropy.14 = b37ca70fd13538ef74c5a3c7ef00a78705919446954ec43f + Nonce.14 = 3ecbdff8cf33b50788dba82f + Output.14 = 1bcbccc535fbdc8617575d46ea5a9cef2622995dee19aa4b998325dd8d0935957170f6b18219354cd2759ba53c9c1f380586070db0c89979a581ce1e00ce38855e123dc3a2dc9ce74bc3b6e27c9603fb87c09a1d90bb540d267d456f5457daf0920a13119a2b805f9b97b154f80f4bbf + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45649,6 +45883,7 @@ AdditionalInputA.14 = 9fcab4a8d0d1036a6210d56a894f861fbfacd4b20c081f38 + AdditionalInputB.14 = e279bf650f812b8931662e59a0da7ab799c193da1f6eef1d + Output.14 = b3ec81a3cc8dfa4e1ea17d33566a4444bae9969244e7a8970eab02afc8797b5fc85b6614ab009625b81fbe078bfa4db78ced2d8b3f1e3342b477a3fb42cec7d44546585621bb8310075808aaddef32ede3e668e626711fdfaf2569721bf645edeaf74a9826aadf0a9cea9893aab4fe3c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45714,6 +45949,7 @@ Nonce.14 = 98ec3ae036755323042c08da + PersonalisationString.14 = e6f24d96c8d11cc68e72f56ee7e345c5a0083509821fdf17 + Output.14 = f5a9d375a58d1b337d245d29b7a9e352cbb0fc950276e042d075a71f4bc43b65b063bff299c670adfc46db39c4303adbbfebcea1df964c27d33cbfe4d46567475abff4f357252ff7d05ed4ac34e6ed14c33c192909426654d604736f3bb0ba01aa5e0454d60dfe8aa5b2df3a52df22d4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45809,6 +46045,7 @@ AdditionalInputA.14 = ec35738bedab1835d07ec7a6d9a5e6e0bf8a3283541b3216 + AdditionalInputB.14 = 689957f9c2c58f1ff34899bd0c295bbfacdd149ab378428a + Output.14 = 6eebecbac4dd64b170cf6aa84788f643755ad5c6c731b63bbba3b2bdc2694f1fd42fb077b4309a0cb09b5ed1107fee2379272351ca9221069530762e4c8ac4c142c30167a32ac2b82b728d57bef95d620cd1b7a2ab5c1a6fac2cc90e0f6cd003ef526485c8bf0dbc9baa7c1f0d6f763c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45859,6 +46096,7 @@ Entropy.14 = 2fe6d7ec78f76820cd88c41a5a958c399c7ad1619406caca + Nonce.14 = 1ed975755cad5e4c475c5945 + Output.14 = e34b31db083e58516cd60ead2e5b0d39e4a2bb47c2436531c0e700e484c27d3d233d10d1ea6c58148149751f24155fcd258f384d61000da88106a0205d693e4ddfbb5c35f101ff15e531e9ac4a988c16302a962146a3aba9af5c505697cf9aeb7bdb8c49c281458acc33ad4010122aa5 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -45939,6 +46177,7 @@ AdditionalInputA.14 = 17c87a351e940e261e8806e2548da44a751c550ff5f0257a + AdditionalInputB.14 = 7e3bb28f266786ae38c24876087fe35c7e43222382270380 + Output.14 = c943c9ff0cde86a62756465e6bf4fc9dc25447157537831c975782dad82f3e33e6e7790b41c158713b8978a6967bfadda9e15ef43922b3f93c8ccd0cfa834fbc6776f3c1b6369b4f25b1cd1189f8b8efc31be2dc151d3608eb2189a4f39c0f0a3deba00ffc97299c11c46885b424a7b2 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -46004,6 +46243,7 @@ Nonce.14 = 4fb71fac56d2aa35d7fa44d1 + PersonalisationString.14 = ad66fd02b6f6e30ce521ae0d783236c75cd3699696475ac7 + Output.14 = 4b2df98ad411407c1dff07b5c08e97ab501fc20ad191794dab73e9b4dce62470b3c70d75f07848f436f16a8c63ac31a75525bd928b5c76218099ec940e3ad193eecdbad834557e92602d7daa6e3eedcbccbc4d0829c8e1c7e59adb95ce928bb138870566eb27e4725191a9ebed50304c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 0 +@@ -46099,6 +46339,7 @@ AdditionalInputA.14 = 30a66bba0f4d6c249e271de8927b6ba1e99fefbf3386934f + AdditionalInputB.14 = 1ebe06fd88f8f914ea8f590483994fbf227613e7f49ff18a + Output.14 = 38b4e2bf6aaf771df03b3bc37a959955dec83f07af4bcd995957a31991c5ee18b5bcb7754f3bf6293665dff2b4769d081d9be6393803e2c62a73ed8ce4adb17b36c1e0deb8ff6106308be9019cd179a92feeb184d93a9348d3b14a70bf13fd74d12cc427496803b7fc041f87c630756c + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46149,6 +46390,7 @@ Entropy.14 = 7f422e735bdf349e4f51787571ffe061ec7e9181fa0b6a342e36611da25c1a15 + Nonce.14 = b09d8dc6997bcb567cfd788d0e06483c + Output.14 = b83bb6e99b0a5237242711e27779d05d2157402856f9653542f1ce52b1a7463e13d5c92309a06d8a78773ad70504b64ff070c2e6afa4ec3662f2729cb7552235b79c18e08354e334474f238ee74feb7e892d5701543f418cd7f2f5533437d9901dcc54687816f16eb7341b1707c6310a2085dbf387044a78fed850b42fe9d8b4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46229,6 +46471,7 @@ AdditionalInputA.14 = 5722b092a5a0195f14b5f236885538cc7a514e997876c06f634926c695 + AdditionalInputB.14 = 6e4f341a0524dd1085aad0b6c956057893f737704ca2fd8eaae6231e9691688f + Output.14 = a757af53227bd8555853ee2e643256074be9904d2fabb0ca86a645b0ed1905731cfbfdb7eefc83938fb576d7e5da8135300f8e934dca521637ed10e5e791e18e82c48085f511476452237ceb930e0307e228886d36aeb83d8e25ba23b38dce6dbc335de90b63db4021d6ebba5dfb6d8044a2bb7bb20aca679cde16406c8c4746 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46294,6 +46537,7 @@ Nonce.14 = 06b7b75d18365f4957489a09204b2672 + PersonalisationString.14 = 9e32f001033eba3bede220d4f351ce110e6ee2eb0b099ce54f9606a21d80b1ea + Output.14 = 508333114a0abd5fe10327daa0f1342c66569d912a64d8ae89227d0d8ed5b4052cf84f0c38927d88dc0d7c476e747965adc9579a4603a36566a1730f55ed7b100c1695f060674484781682ee629167f7adce89885ff04d722d960d0297d2abf79bd3338126c2d356a91bfa588f80db7ea365bf181fa5370c478a04d05a515b78 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46389,6 +46633,7 @@ AdditionalInputA.14 = 5b2d2bf0653e3c075c469de5e2a093193e700abff9792a9f3bc0d143fb + AdditionalInputB.14 = 976c765df6b57f0eed8661587045826c329f4f1994020de30fdd835912f72fe0 + Output.14 = d8275a104f1dad7412637d12fabf9dd1b06592850cd48a3f38304789911efe8f08970b8f90fa021b04039cd3d1ca573c1586e7ef586f4c623dfc559efc0f2c89e4136b59f0f5706a74679d1c95886a5ad05b9a850043cdb19d806d617b2f640f715351cff6920c47f96a42b872a512a7b2e99e4d0c2230861b16f3b38deb9b58 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46439,6 +46684,7 @@ Entropy.14 = df6edf960abe3aef5f50741907c0171906c0837ba3bfaa3a1044fcc4f19ed21f + Nonce.14 = ff2558bec3e5377c12697c908d629952 + Output.14 = 9d68c2674eac76f3ccabe1c6c0bad96d5fbdcb1629c939e397eefbcd2ec2f25803fbb9aa72db952f7fedcb290da99f34c0fdd637c37dde1446d475a61c38c3fc5c1ebf9541d136cb02a43b2646df7ee4bd0d9191157dac92a33f401f089ae15618624fc0baf707409aa2f80cd5d0676612c2667aa420acc6e016e6ba3f63c686 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46519,6 +46765,7 @@ AdditionalInputA.14 = 4bf2c816e2c3e9721d192a670153d620aded035ffa214cb0d7638432c3 + AdditionalInputB.14 = 06f515395ad7c3d025af7df781b49b62f068ec9398f6dab31ead6f917c663de0 + Output.14 = 1e70791e6a8ce753f959ab75d1225b44452ce7aed0fb53b56208b3f26419f004983c452d724c483b4f9b70d2d84734ce8ec0258d8edfac639b355204e14b5b7bc1d3aee6ddd9f5da54c6cb086d16ce381c2d5cefbceae3afd56c13441d80c7e6081aa68ff57f21d460370de9ae713c17ab14a81f0895e9e492af7c437d7a5799 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46584,6 +46831,7 @@ Nonce.14 = 2c4c4f3a953e551746f7e258821d24f6 + PersonalisationString.14 = 676a9304a3f744c62c7f5048f2137982c89860577cfcaf0d855514436ff8eff2 + Output.14 = 7bde8a5a34538655ab2ca26d0447eff3c6da298b3fa53ff0526eeeebaa4a876b60e47ca544ae30ccb00176ff84920bb4e4a4ebc3cf74b9cf8cd8ff9f7b11266a3c9bf918c458760bca6368ddfb3522edbc61ad14f2b638294e51d82e617d8c0c631aefbba50dbcd1a0a88963c3d63959909ce2cc669924d7163b01cac468c0d9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46679,6 +46927,7 @@ AdditionalInputA.14 = c168776136197bc3877c824461994a4cb020b61ad1630bd8f38d0db211 + AdditionalInputB.14 = 4f54082a1b9e6cdc8599e1639865c00fd758f403adba5cb74a37e2b20f29b654 + Output.14 = b48984588cb54f78610e05c8a7ce12c630934f5ed2e4cee21e523fc65a7b8412189ac51823ecdf493844a859aa87f3e84645f22f0914245043f7b86287a85db97697bcc84684b072162c2fa636569df83fe85f1ae25204786bfdcf5eb85006d09a4d97b162248daa8ccbff9eca28b7bce9fdbddcb8679ba50b6648cb3bfe9af1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46729,6 +46978,7 @@ Entropy.14 = abc502a99b7c3cf14262f6b036925a9904105b019592a2a6be26d71fc42c7444 + Nonce.14 = 40a212f9e1a5aa54f2c7ed4ccf631c9a + Output.14 = 0e747d83e2104367beca697db9b6bb994061d82aae7b1564f6a0911a1f599084a7ca7c94e232908d41df93a6b416e76146a53b490afb552124fc0c2087cc45de96390565b58f913b5dddbc55dcdd2617ea27858ae7c7748b31d832fec0fafe84594ad7b693cf972daa9521ad4134867339536ed5cdf02a758e40d5d96802f4fa + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46809,6 +47059,7 @@ AdditionalInputA.14 = 2a8cf10885a141125dae18c40f7bcb7e09c1b2726e22a7f776e4735279 + AdditionalInputB.14 = 7c2db5278d2336764d274bf9624db7eecad2db11c6622831e47338ea3ef02ad7 + Output.14 = 08ed2c3aa35812485ea8aa0b16149ee4f3207a0368be2035e202797939dd2a1c1db1ab244434edd783c7574bf48fc99f93827a1fee91cd1db1cad53512b6931d2d63018045b2a50a9b523a6ee212fbcb21ffa57ef998b4ce24e5f2f875a8ff3a45d8602cd56cfefd2f61f73d00dc33304a464f4fc1f7dd311b516a8da4e91151 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46874,6 +47125,7 @@ Nonce.14 = d5aa1d24b7c7564f6836f626bcc6d32b + PersonalisationString.14 = 4ef1e00dcda9e893d066ce48cd291258a29e0a234796c30a6465079cbc3d3aa4 + Output.14 = 43da46cb7b737ff7617715e3a8aa4c42d8cf1b62f32ea97d035514a10798f5bcaab550eab684cfbd5c8d3e1ce6d9fb026812e647ae6a50d3d8da8e9e2f1d5f7fe550e7e0b88e146925f2aa64690e1a5a5de152f6421837c15337efa80fdedb0a4754268bb83fcf0281b05b3885dc64b87f1da61b1ab219779ef44a1399b992ac + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -46969,6 +47221,7 @@ AdditionalInputA.14 = f8dbd6a405435595b2520bec5026075514955a666e4ca34b7d0339b0a0 + AdditionalInputB.14 = d9536bdf1c3944d4d239b6dd13750c16a2780d943d4cb5fbbe418189a7d65432 + Output.14 = b5e12e5082c09fbdda81d1a2229ef9bd46db84e62ecbcd1a2c4e88557f8ed3b5af740fac2bddaaf441b66084ce2239adfc9d02f001cd23470535f13ee6ed73256adf902b359930093ffb293a7c007074582a356529ea3ed9a5ac0a1a3f62df5fe09d27f5a7ac6abdf1fbd5f5e5da70da5e3037fb062d0817b077b56457238108 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -47019,6 +47272,7 @@ Entropy.14 = d233eed6e4a43436e4418ac071bf9ec00d463d0568cfaf7b4174f96c1f6b8564 + Nonce.14 = ea8e646e88f7fd6c8e590155df15558d + Output.14 = 314dca793ee1eb0dbe48bedc324b557966ac7a17b900bc4167ab4b65fe6b34ae625c200c4e21428ed258fe28b99c31cc4e8f9eb93a793c3e33fb0b75a2595a3201d939dddfa27911ad6f731894e16692343f25de291da89570a257a95cccb42f7d9820afa9b35d16664f95a2099ac929683b7480a4d1e34291853047ced3302a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -47099,6 +47353,7 @@ AdditionalInputA.14 = 46cc09705223bd3c01fa037d9a19dd2465bc612f519e51d33fbc845742 + AdditionalInputB.14 = a9f78f79d034d46086bbe5c8883dc2a34a1a17414aad2c767a3b3f23dfc9b637 + Output.14 = 2674afd329d03ad3b1bb8157c3100a312e29bd72b55139c408afe7f2c9e6d53df2cb8b829b7351a80cca8f0b59d60f6454ba60b154f654a09aa82a63fb28ceab9435cb6022934a0599a4c3a005bccdaa8bdaf8246ca654692a6c038cc82fea477fabdf3d6a0975e952ce3feb7fe8c4510b8c5347b21da5431cfee69e9dd2d8c4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -47164,6 +47419,7 @@ Nonce.14 = 4788964160bb81d6f6c2675008b05410 + PersonalisationString.14 = c56e284ac65798010eb7bd39ffdf49bc25fc2e663e90ff93f73c97e65ea82935 + Output.14 = 683493fb3c6ba0ae0c42009beb39fc37a9d235fb3fa00648ce4d60b4d6bdecdbaa1e2ca0c0fc80c53f6f8ceab31c3c42764b8f23c4cda91743be33e0a77fe5a4297701bdec6b2a5712e76c64bb8b7e03a257c140cd8aafef046b049303679a7904f029444d92d673107bdbf769fc1130429ff64b527b0ce2420e2c70e8998ee8 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 0 +@@ -58071,6 +58327,7 @@ AdditionalInputB.14 = b07198a49bc854cfc9d6d7466fe24948 + EntropyPredictionResistanceB.14 = 7b558b48f3c891a77fed293881775118 + Output.14 = 878d26fb57589d42497b869564a1dac5adf1b83615f9ab9fc30b5140f79e3b7f525f1eff2e68002801939aa0728432efad829b5b12491404fb50f2584a3bdea8785e79390501978704a667ec5d04da56 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58151,6 +58408,7 @@ EntropyPredictionResistanceA.14 = e734a035d71399a60be221b8c383044fc83506429a7eaf + EntropyPredictionResistanceB.14 = 51325a5d10137cd3ef2c6cd2290593a73361b298b9fc0099 + Output.14 = 12b008fd1ebb36ee67678a8b90ebd4ae333451aac2961d2ecf0d3fe2321fa520543452505e1e6216921ac380ddd88c51fc8b6b873b77b73b38558163845e2bf67661c05896da0efbd6c0faf0e363103abce11ab27da19c21564d8ec067802a0000e61fc33f43c12b854b85d6166a3a3a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58261,6 +58519,7 @@ AdditionalInputB.14 = dc30a416e609cd52562109d22960e1295e3fc6eb66709704 + EntropyPredictionResistanceB.14 = 849864c63ae33d51a3b2e282325729df0d01b4b6efe4d2b0 + Output.14 = f2206a4e8008a5b32a3a3e271e9673031f536eda568fc2cf7013b4b342af76bf4ebdf867e7f2e2e89fbf2f63cb6e096671d360eb72223e96d9bacdc2195138770870557b88e770b7a439094e2eba6b529e54a25c75237c4b4fcbd06efa77f6174ba64071d2c3caf13fc1fad0c0cf005a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58356,6 +58615,7 @@ EntropyPredictionResistanceA.14 = e0b1ad06619cc7e6b06fa369846d0718061e4ac707d1a7 + EntropyPredictionResistanceB.14 = 2941e7b99738be35a340fbf29bb443547f3128e5435ae876 + Output.14 = 07a627ee351cd794c19148459821ee504770bfdc07399fede63f1e22c3d76a57ae1da3c66403d789a8f2f4a0f071dec3fa102bcaf791222d2b0de7cc5b9d8f59b6b23d441b006eec851856c8abb152b84828a88f06e1f4cb257dbe00ce4d4868532782b06da28f923bf8e3f38d4ba50a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58481,6 +58741,7 @@ AdditionalInputB.14 = ae204b086225c6659bd8c2487b1b91310c3d65c6a18a8081 + EntropyPredictionResistanceB.14 = f69f38c433c8f892d4aa3d1c7b97903711b6e0f5445ca61b + Output.14 = e4b3c801cee482f2d70a92fa7d4d2b9b19a1827287ea50698de61f82a095246dbc3abf102510c3fd413d6a8a9b9c88b186a177c14e013672fe3056722ee69fc3a49679f9d1cc0707ebb29297472343884dd6637bf094af5dd40bd1be4a269cf4fa65c163347ecd0fb6935eda690402ac + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58561,6 +58822,7 @@ EntropyPredictionResistanceA.14 = babb7e1e29089815ef8d794611a3164b54617f8edcae51 + EntropyPredictionResistanceB.14 = 06ab40819ac75f8609d7759fdecd3274d231781c939516ba + Output.14 = 80abf3d122e8917731a3ad6c8cc0495aa302d521384a155707f1302fd2c14ff9b8d6a12027b05cfb050fc45baee976715aa9cc606b943c785001c0431175278ed18d3b4c99bb7380598db4e9462e472ed9ede95c2e357f37152d1a76a60fbef4f97751fd111d9b965645de5c823d64bb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58671,6 +58933,7 @@ AdditionalInputB.14 = 32460d6c3eb7912389edb486462038fe90505f7bd5d8e46d + EntropyPredictionResistanceB.14 = 31b1b8fd7753800a1d3c3849ccb22a7c28ea4cec21e71c91 + Output.14 = 77e3b89a60d91cfbbdac8215a3fcc000ae61a86016cefd998de3561ff76e188eda8910c08e964fdac58e3bb30f4af464b92812e15178a97d3215699f21b9775d3d4b11fb16541eeda2956937e43bd4e928f3856bced91c2e9a3c741f89894912cdec7acdb0652542fd08acb6d6ce2c66 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58766,6 +59029,7 @@ EntropyPredictionResistanceA.14 = 7a40b0bd455f5eed4ea7fef036c5b044425ef2138b18f1 + EntropyPredictionResistanceB.14 = 33bd20a02d78688da2b43f2222894d508f63851fa8217b6e + Output.14 = 1d0bcbbddc32be27ad0408c93d49f328832dd15beafaf969fa8f991b18faf1cf4cd1ae7103cf94135c1fa9beaef66f75d825cd9c3a16697337d746069a94aa8881e9ca841fc61fadc3701fec3fe65f750240c7da05884828ac3cb87289567c4e491ddb3f1ca5cdc08b5fcd3d8f91136a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58891,6 +59155,7 @@ AdditionalInputB.14 = 528bc69e8fc2c45ad8006dc7a865ca73c31a679adbcb0656 + EntropyPredictionResistanceB.14 = 97bbf5c91c830c627a1dfb629a0f40943655d70ef97fe922 + Output.14 = d9cafae3bfbcfe622c82f137700f959f79ea11d07631abc26beb2d846e375a2b21165db0c568e1ae54d03c26f0ecdfa2564bf5c3c6c902abba3b2ff994ce191caba7e89b129c303e5169f4ec2e415a90523efc792e6aa2caf5ef583d286285f7d4900d79fce6afdd184d9993f85cd6d6 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -58971,6 +59236,7 @@ EntropyPredictionResistanceA.14 = 58e89c98a93710a6856da202b373749dcf3f60c16fe067 + EntropyPredictionResistanceB.14 = bebbc0ee84a187340613ff138c5abc0aab2e86f57f337712 + Output.14 = 13949feb41c811c6894809f16ab5b34be3fe3753416a8fceb0c6de131167d0bf60409b753385307b71e2622a46a42f1561b4793c6f0394fda66115c95dce20753a9caec5aa5263f6581db8195bb7de7e4b13761fd43eff13741849b8556247f08a58c9b180269f213eba0476c7fd3394 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59081,6 +59347,7 @@ AdditionalInputB.14 = 15f279e7677894af10821b9cc0ddc9238b318dc9020b05e5 + EntropyPredictionResistanceB.14 = 878d41b7c5951930acb26a23c06501b88d1474796e536225 + Output.14 = 8f96cd7a4e6363be72a9b45bdf8253fb47d0b50ddb3c5dfc8825f2c44366106b1094cc65d60d86542c25830a3d0f247326fbb941053df81a1d0789318563b870a81f9e554d8349b669f528d6889247d23896186c620b93b239c1d18861cfde3c123c80b4e9d5e338bd83bc2e97135ee2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59176,6 +59443,7 @@ EntropyPredictionResistanceA.14 = 62b1fbffc1d23ec871ec6c85c76f1bae9ec7b7cf85eeff + EntropyPredictionResistanceB.14 = ad80381072e85622e48978527ee673151fcc036c0096094e + Output.14 = c5d7cf9f1f83f497ef8c48eb81898ad1616c00cf2788a32c5878c3ea868eb3848cfc2961c8095f9c65052ba063707ea69f9d6ad9c4ac9858fb2470543dc4d2d2fb3eab11994e6ce387809c3e7595ede565ae549b25070f7ffdc630ee0ef8ac9835dbcc5cb5c9570143006ac691265a89 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59301,6 +59569,7 @@ AdditionalInputB.14 = 6abc274f05fc74ffe1a0bac13cffb199eb87d66b385fb675 + EntropyPredictionResistanceB.14 = b3a9b4f5f51dc337d12d34dddf231ca21dd98f0775a53ae7 + Output.14 = 86732afa068efb5fdadf94ac34ec595eba831694cae1dc892e9c028ca78f950afbe78191457a115f3c444e5735bdbc40d787294de99043c96ce49176fd17d721f5b467943219437f3e1bea373fcad275e64bd35cd4aacd1f3c126bcb59b50d905bf40966dcbd474978abe1899bf0c4a7 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59381,6 +59650,7 @@ EntropyPredictionResistanceA.14 = 058a109cc72dd766556a142a2d59acbc036cc86d476fb9 + EntropyPredictionResistanceB.14 = 97f27faad6528c42dcd97c1313c0e9043a043e0ab0b58395 + Output.14 = 3f5095a28e5674becd4b895d8918a36ba3cbf44f09c8c80b155f217e9b783b4ba99bf3ef183371bc3c5a654e3dc2346b605463abe63313cbf0919693965712366574e175d910e263f5086ee862672bd9c59a461f2d66a9b397570c86a09e2e4eab77aa139133789424482e94b9ba63d4 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59491,6 +59761,7 @@ AdditionalInputB.14 = 3d9654ec477ddb9d1928cf286f599736d51eb35af1eb3738 + EntropyPredictionResistanceB.14 = b8de4fffb86a4c7af05d85f7855aec4c8b463676b9b9eca4 + Output.14 = 33f691da4b3f351aa15acebafdc181da1a57883f0ded8b7223ab9c1b80e913644f850e3511e901175c7be68c96dc2b6175f69ea91218bf09dfd8b91a79e7499c8386746c260f29a22c6a000659e8aeee4c83f1484d5c09677f15d3bc045a2ddbf0b72c179dfe260e5054a75fd11c6867 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -59586,6 +59857,7 @@ EntropyPredictionResistanceA.14 = 4afd7a280d8eb867f842e2e84f2c84d78749aa25c1201e + EntropyPredictionResistanceB.14 = 7d3e4a62634e7c6f74610ae4aacc62ca147fd1699c5b246e + Output.14 = 5c89bce4759878a3fe7b510c1b0c5ebfb2b085f89c3c4fa8cf6755cb51ba16dcc516402783d7870296f848bc285a5100a548e51cab01cd60638ecf2ecdf63f6d1c793aec14c4b179880687022acb9c90907e53fcede69d26f68a53815a6746c5bb80ecb22bc7d134da3412ba7c31477b + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -61351,6 +61623,7 @@ AdditionalInputB.14 = ced31f7e0dae5bb5c043e246b29473e2fd39512ead4569eee3e3803314 + EntropyPredictionResistanceB.14 = c73832534681ede37e03846d3c841767297d246c689241d2e775be7ec996293d + Output.14 = 60c234cfafb468033bf195e578ce266e1465326a96a9e03f8b893670ef62754d5e80d553a1f84950208b9343079f2ef856e9c570618597b5dc82a2daeaa3fd9b2fd2a0d71bc62935ccb83da0679805a0e31efee4f0e513b08317faca935e382948d272db763e6df32510ff1b99fff8c60eb0dd292ebcbbc80a016ed3b00e4eab + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61431,6 +61704,7 @@ EntropyPredictionResistanceA.14 = a835812aff799db76764365d3cfce7a70d168ca8a363e7 + EntropyPredictionResistanceB.14 = 6cc406628d2fa0771f896079d052d057f60b334e620315f2cb3e658b1323e7ac + Output.14 = 36c2e433e06280c1219c2f2992985e74117d35aafbeefb6468d9576fc4a23f97f131874c0c4c18b9cc6028f881eb42f0e011f2c19bb60db5f5eb65114365c659790a3f423f986eb5ccec70118e48e7ecb40e40c31a6c4b8752e8fc841df65ee68c6343579bf95e10ff99486d9793eb6a92471622b3d60297d9b0faa9e7d925d3ec9cc05bc9853c18930a5f64a8aa9e139baa625665aacd443f1469d11a6c24a3e079b952cc8b5f75ddc9fb7d96b8b14cf255c2fe7619212f281364bcd8958bd2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61541,6 +61815,7 @@ AdditionalInputB.14 = d8e5e99dd1498f4cbf4224e4c7ac40aa7e077521ff5abfb836d8483d6a + EntropyPredictionResistanceB.14 = cc122d075bde2cb4ce5e48d72d5f6fb99529262118b01cca6639fff83adcb977 + Output.14 = bbc4a9e2c9ee0e3f1e55e77cbb8d0ff902bf5d6853a5aed3fc0de3275da712b031a723ce201448e3d15360e5471f11bbd30029c6574db47d9d3275a8559294695b4ab832d656defecc9d6086a01895f74f67ad0643e77cccf92ff358440f3efdca3cb816687e940b7e30bf50795f111175a7a564333b21b32a0b9d26b093c396dcdcf3203e8ecd902c3de0ab0c82ac4c1d68f77da85383e60b3ac403b8ea339a97088539aa0004e3a7fb39a827aa0d27eb308d8ae29c07cb5b0495cedb839863 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61636,6 +61911,7 @@ EntropyPredictionResistanceA.14 = 54ca39bb5d569901c657e36d0a8e103551e25f9a3a40a3 + EntropyPredictionResistanceB.14 = 9c2962c0e03e96c94b9a616fdd52b1f04945597b372ed5c69469b29b3bfa71cc + Output.14 = 96cd0e64c1dfbf51e067b2eafd896d30580f46e29ecc1e51cc662e0acecad5529d2bb177d60c02e7cf415777a85feece50113942eed54a5b328cbc007a72a0db1500f17e5fa1cbd1231a8608dc25f64e1e078d7e0b4c49ba34e4659b9642f79acd108de0c92e52af86a4a82f23df12826f8f44a88cd99f576897896d17d7ab19ad02be4660b8a5840552cc73b5e24e76705485c70ca57b07eac35765ccc51d0795abc229aadc0101a056e047d7514c9d9294ef9458d5f7f5328673defb3c5aac + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61761,6 +62037,7 @@ AdditionalInputB.14 = 9d015ac36aa25905ab1ad61c4c5ced15620306935c548b63f6274d0e69 + EntropyPredictionResistanceB.14 = 462b911da3ed588f1e57e952379c76f4c32b1db3f85fce3315904d38bdd5ca9d + Output.14 = 1beaa2df060fcbb134e8af0f7e1c4e6073fa23deac0a774825978a42083b18c559de8ddd6652dc89abfd8006ba18d9bb9f579f611fe02984870f160e4f4516d6a708253e3c57896a0c9491b7c218e4131d29d31ff331c411c157ba071289a0004d3ee5fc6bc0e8aaf4bb934f48521c5c30aea79fc752720c3cdf67517abae2b936a75b669edd0f86d0d9d01bfb91033c431a4f8c2822f4f055c39a8451c3169dd63597ed1710915d5ed1fb8af25e2db01fe1cf60b8ed59ff0af91282db367afb + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61841,6 +62118,7 @@ EntropyPredictionResistanceA.14 = 523aa2f18ed872566ae4fa9061a83dbe1e213fe141e84d + EntropyPredictionResistanceB.14 = 101ca246a89f650b9f6e3282a908d51742e4f2b9a0fa987e9c8f8be89f3d7ce7 + Output.14 = 2a34c78d5ebc24dfb34250a1a2601f044e15969ea37e791110261f86d1c7e8c60b60cb4515649cb277526d4cca4bc6d31f14b42dc4da15044deb36cd9040a73e5f32806270cd503af2c7a6af85d2c9b91480df5677d9c2da368621dc7dbab8ca1ec634246fd55120058a7c0e16dc934e69fbe890a16a2b759b9d10c23fb57a188d906585c87c26a70cfa69aa7609c3a4226494b9498e6bafe0632ce06a82ee60b7bf275edc4ac862e3a2bc7683cd2258663d1cf2d0fa95ca75ee9dd85bcd42a0 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -61951,6 +62229,7 @@ AdditionalInputB.14 = af0921fd29ae0315837039a4ecd285de2d6e04f97bd6b18a480ff31c3e + EntropyPredictionResistanceB.14 = 028ae7d410cadffbb1a8dd1a26649c51abda3729d64ef24049157b8250c532fa + Output.14 = c4552eee3b4b58c5ac306a607e3047bedb0fc06f921f28f859324ffae46d95b5a235d32dbf68b6093498a02270ac6988c13467481553996e6ad080b5b7dee800807e9e8776d0f338fd2dcfa74716a9663c3984fff72167afdc5a5292a85663d1b243b96e7ea070021fce1f269de1f5ccb60c8f3755a7b7c9f36dd5fa5894ccb3838d568507a9bcc418a82eed820b6c35ee66c40ad9bc718ef73fd7f8c956cbcbc173b9ac0d7f3f40ff37da2d4572a8901d84c216e1ef2b90bd531aa9238af339 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62046,6 +62325,7 @@ EntropyPredictionResistanceA.14 = 0ef1d45b978c565be7e64b9e455e02636ce9d2981bab7d + EntropyPredictionResistanceB.14 = cfe1c350d349c38b6f4568e2f1ca53493be77597271ecedc5ed578abf1f94096 + Output.14 = 49c4c52a81741d2eb583eb6038c1c686b84ec9e8a882d1ef509777a5bb431eb9ae711412afd5ceaeea212c2dbbb17652881b20b2517f1b720eb528274f937b4c41c4991730bbc7979d305859fd1fed523af128347f9fb3e3df22afc4be9f43ab6c5529f720b766cb519700ac83e83668083199f02c5ec80d29621d6c41394a927839bcccd802fc00839923a482ab82061bc96798046c20a11429f266195820862b8e242b083b12567c17e0423d01a7f77f5d4d035eb75c797019d798b54148ec + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62171,6 +62451,7 @@ AdditionalInputB.14 = 64d3689e23425f428b99b64736cc26c475f72fbc564f86f99ec4e22440 + EntropyPredictionResistanceB.14 = 1dd8eded094fc0baea87df0317255fb06ca6e3470c9d1d52e5b238513ddf93ec + Output.14 = e52e2c91e99f31080afc7398ed67f4b7ca0b48e9db242815524b192c7bec24b4aa2aaa3449ed5c49053273b8f30773784c27355c238c7c3c8b8085a5b2917a46862fb0d7cb0b52d62e630f7fb55be54977a15d3e82ba09a7d26e270384ed5b0a381920ea2c9c6a2da7a123f811a066c81eb3b8b92d7bfd62007a19a13725566d35b0c811b4f4a951f3fa83cc7809c623c9af5317054ee1567109d3772965eb3cf6e2c399d89e5fd59c5aa1391d149a09d002ff7e6d1efbad2624c71d01ec184d + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62251,6 +62532,7 @@ EntropyPredictionResistanceA.14 = 32822d7374b2a24cc00a9217ff5dd17c6962d40d9c739d + EntropyPredictionResistanceB.14 = 98f2d35e46d162b562842886552bb854212fb652431058cc02e9963c07128406 + Output.14 = 73f40fdf6550d37fd7c9f64221e7d0447cdf6911e5aeb7b80ea6307a3f97b7d4d6e42eff11e8c53d18504a6b8c735d9d89c6e1f0fff47f2dc3ad823229cd0bb811c50aca7f3f8b7890df6da7ea279e3f0582a580ac18c3a42b10e5be088c90d3aced0418c6183b0ce11957052c9e48a8e30f12e1e5deaf68d29e4809e7fed178b541c80930b6b3b782121b99c41ccb98046147a6e08294e2f8a9a215ff77b4f6729a0585a554014c60b36ba29db8de4cb11f3e20b4bb2406d03f7f1d4601ea23 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62361,6 +62643,7 @@ AdditionalInputB.14 = 4d60a3f6c5fad0b57ee38f5ccc9c83843344dcce4f5dc056d813eb9fca + EntropyPredictionResistanceB.14 = 50915e1d171a23bb7328650449a6845c181ad304b5415e05e4bb8f6820a7adc9 + Output.14 = 08071e75400f6f225a1801359983a0fb4d6fdd1bc74f8a78d9f54b1027df0b4167acfbced55ad735a99ece966bd1e79a71ffb62c4526b8afe1a276976d9b3b765b9533f50e750651596ca53a24af1606a2cf6aab27ab3026437b7a03a0507c1913e6ae1718d6d69c7e09f808cf97c73a6195550a0f4cb426df27362b0f005226bd54e0df9c5e5038c75da6f8f77bd5fa35b9a3324b0aea322f5e48c203ee228483ac0f56a67dedcd1d706b8f0a69fa7946f1177a313241066b5324249faa7cf8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62456,6 +62739,7 @@ EntropyPredictionResistanceA.14 = fd31acdbc71e112a4db2ceff387d4b6db1e7c714e89390 + EntropyPredictionResistanceB.14 = 754a7e0ea6eb9e18483e0ed7045ae6f7ccc6cc626ddc1cc2b317ee78782c6e19 + Output.14 = 978543a7389db3122a01947a9a8ede689a4fba9c0d72b74e1aec38ec6fda8e7b519e5ce91eee5c532c9df49c8a36a64818230c5535d262061e96cbdb9e7bef5d7330a2989c3d3012727a18d2c96931b66f48bb0bf6cefcf783c65b0e094e44b0227e3e898215aa3afa2a71dfd832c6e11b3522940cea0482b5f24a90d12e5aea53bad0d028abaa4c45c54828272a9ce543e8cd7ad10a3daf15055e3999e94a62a7281ddf1dff41ad3e30c19ab8c50c759607203ed67c153a33f52130670d1f1a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62581,6 +62865,7 @@ AdditionalInputB.14 = d56dffe6e68ff34c828ed6daa6957db8f8f1eb0683f6788ebc4d7ba42e + EntropyPredictionResistanceB.14 = caaee38a60aa69e7fbf710f0d03ac18ed70bf50590dc7854e2ba78edf2f6a826 + Output.14 = bd2334cb3356a211a759fbad57708e815889f3961b4c6a0f5475792d1f0db772af058bc44ab716d02f11e37bbc74f59ef046d01f99056eb4366435b23bcd92f5c761d22551e66ce180defd47fc43afc361bb2ec8a3c92727bd63329f1397bd5ac689709b529fafb7a8a70437790384213a3f1b27c6086fee25cbc3c0a2874c8a85dfe7022a5ca7365e9a715bd0904dfc999eba168466766316fd196a1fa139e37cfa30be486b0fa1ca03602becbbe97869535913b1f9e00b12f4f2085794c0d2 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62661,6 +62946,7 @@ EntropyPredictionResistanceA.14 = 957544da181d9451e52bad53ecc6e598e94e55434ba806 + EntropyPredictionResistanceB.14 = c8c9ed877603789c92d8dbcccd10bf34e26fd34804178db31a6ec0486fdf44a8 + Output.14 = 10e2ef2c3bf4836f072688eede8aad92da8ba7cc06bb2af2243fc2e7ccf9f9489a7ccfda36b2d91420df270ea9402b9716b95db186aa1859fa0e9a5cc389dbd7ad94490818fa34804a773d8dfe054cfa663267b8d21dd58cc199d7d3f7fa1abe54ef8d4cb2fb0f72a02537b0901c03b848c491784afd314d92b409b51a8ce88a3b7907e36170bcb1004a65c49785e9c14d6ad8871d6474d890b3f1599550d41c0b7a9b39c7e30a8932ce5a832137f77b97081088a8fce641e03875102e51b9da + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62771,6 +63057,7 @@ AdditionalInputB.14 = cb7cd7e4239a550b8f65366cbb39c50c551d83976a01ce82aba7517530 + EntropyPredictionResistanceB.14 = 2ff81fd74a033d6333f732f4cefbf021a90b42c9daa6830c2ab2899b64a05320 + Output.14 = 932fac5d00f0026d0c439912ea5714fbca4385d25e8a3dd42440087bc3114ae946f32c7d7a22a0a699ce8b840b6edf5975d70961cb91f8aacc3dd826dc6e88bc780eaff13c80abcc8461d6fbd53122fe8574295ee67a624108d4aba3cf333c58316ce811194c9db18b2c1d897f385a3d7732a86d867a361b9f7f502421f12f53e97f0ebed34e03039bc903c104025e2b0bfd76f1bc70597946f97c0815fd1b7043e007a3542d0c2a8250935d0e705e8854d4f2b991bd8e11b446e0bcbaa4d695 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -62866,6 +63153,7 @@ EntropyPredictionResistanceA.14 = 44d6b1c7d7e951ce59f1cd023717a4a06eb3b55e78e64f + EntropyPredictionResistanceB.14 = 6ce1aaedda5818985583c96218d19d63c23aaf9ab6614556a5d3df0c3c5a3fcd + Output.14 = a2a7bcb7752b27516c35c2a42c912462205c267120c0ae06e6413ec13a93563443a81f7f68694d8212237adfd474e765dd00c73a350d793202e6899492a135876d06eb30630527b2064c310bf65fe2f8bb0ecb53367658603775caf3c8fa9afbe38d09e67bfb73eee11f216e4619f2008c739d1637ecb046b459d5ce49defd273d0c238d0468742a023a00a50aaeab976b66abddca704ce7ccff7ed754cd0380c963b0e044b7477acb6bce83c4567638ae740e329c062bdfdfe5386a1958da8e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -64631,6 +64919,7 @@ AdditionalInputB.14 = cf2040e9046a69dd9638de941f0090b7535c51cfa9f1c7bb2a56a33232 + EntropyPredictionResistanceB.14 = b871611f8fcb8c860a72c4fd406d4939335a031e0de9f2d436d4736b6b060c2d + Output.14 = 2d990f0de43d3a4b2930542c27ad27458e8865ca6b8f27fd7a969cf4e2a0323e38fe6f505a2dba488ea6b04365209c6db786cbbf0a7c73b4fd56d24987719db0fdba1a3f07149521dcf5b7759c610da22d151057acefe70df1ccaeb67a975159b8996aca93d7a48096926db4381bbce481277d7ab27cbc0388f0b7cedbbfb8421cb1dc5f2a9c677f62acf96ab25e7e406ce82f5b96bcb471afbdf4b3f5a6fbcb8da45d2258e350e77d4633b0c1da691662dd869909dcfd7c8ed0f54ba7af0f9c038eb32d32b705e51b35bb3c2eeff010bb47ee326c2318b5bcda963c2dad419c5923e368d9b28f25b048a87bdba0a90d98c24c81b6dbde0f58054a41a8293a65 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -64711,6 +65000,7 @@ EntropyPredictionResistanceA.14 = c6e791bf03cb41dd67d8d0e6afc88cdb3243c6d8c99ec6 + EntropyPredictionResistanceB.14 = 4b107f56ea9cf896bc58a6409dfab2fa65adf930488f634e + Output.14 = 9c25b3a34af68768dc47e8521b70dd52bd3243c8c4ca911fc32b6a191e4abb7a56c2ae535ee17899ddd7d3011386c60d4dd1c7a0f3bbc27224e1471e061675d28d726a6463d45612b6b1913136be596255ee2f1cac4f24400bc50ed41a30e4c4dc1a32524617e51ce2fe41a829d164c4 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -64821,6 +65111,7 @@ AdditionalInputB.14 = 67333be1a1d8ccfeaf0bb6836abc101f9be86f6584168b71 + EntropyPredictionResistanceB.14 = bc9be23eb198d7a9c821bf848dc659b6c5c7b001b388078f + Output.14 = 9d45b149af6ddd8231aef5d6ac48dc80cea748f860edbb447c3e181be541c0cc384bd2b3d39a7dbda865cbae5da0e6e9e4230728a819e1dfb9b7ac9b6610ea5fc42554b357f4f4b2d48ece49fb86127d5669cb4d361be9fb22c658264a850bd927252ce83ad57e7373689acbb1b2c266 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -64916,6 +65207,7 @@ EntropyPredictionResistanceA.14 = 1faaa87f7d4767c15792faaeff52c850e7d1779819fbee + EntropyPredictionResistanceB.14 = 79cf8e36b1ea35077793e4dfe4e4cc736fc8071c72ec9ee3 + Output.14 = 356c2bc25223d3f536b075f7052d29e1f36c3dcef8b09811f3bcc18fcd78fb10115b6779bec0dfedf1563eb9024fd38e9083c1a7b748b05d61c99c14b7a57ebb121b5ca9a83e6bfbd4be01a24185de86a9baca5c9e8b1f59424bf77b9457e3829de9c44ab10c5966dc59ba5884493980 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65041,6 +65333,7 @@ AdditionalInputB.14 = 74b7046dee3b978038195a4ede2e8a0ffd3b8c490c4ea36f + EntropyPredictionResistanceB.14 = 52f143079094332e20460b6bd1b5a5872348ddd626053d3a + Output.14 = 58d2c19cd4ad3ebd48e3520d23395b4566e65981aebf6f143f46733d4fdf23e2fe0243674778fe5c5ad1fa4e9389305d3e7c1b99d7f7e163c9ef87a35d34732629ca8d87b7b8878ec95662dd9ccb43b0d2ccee2f4f3c4037925f264fa03b534da0751f45b2df1cb653c379cac512ee5d + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65121,6 +65414,7 @@ EntropyPredictionResistanceA.14 = 2520f0af49912e6973e81e5d3ea1b140664209e1050784 + EntropyPredictionResistanceB.14 = da19f29b28f43ff72e579a4a21d979dbf399f0123695227e + Output.14 = c79b9cb6955eaf7d0354ea81b1e54f3bb7855edea5040fa6ea2f18566210372f9f7b4d08208931c321ea09f44390dcb4939373e96fe3a417b2804b6af94aebc65fb31e7e9faa4113cb4bc1294fbfd19eb078eb300e599beb0a8afd05f10dcbbca84a27dc86a12a998a74d6f532f38e39 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65231,6 +65525,7 @@ AdditionalInputB.14 = 9b0214621496003a5e48ca25fb008bb7ac7cb9192ccabdd4 + EntropyPredictionResistanceB.14 = 9764e49ef04c1c164bec335e2ecd98ff0f8b7959c4af9ef0 + Output.14 = 8e4a6f42f812bcb71891f6abcb4c19f179f44d6d7ca0be8f84ea4de6227e31f60ba600c0dce0c0cdd6bba0deea6d860b3ee204be73421044cdeb59f3b42a5e4db94e2d06af91e1f2ccea73eeaea40262a5c74b7fe76979bf67510c86c4c5fc55569b6244fd15a49db2768c884102e106 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65326,6 +65621,7 @@ EntropyPredictionResistanceA.14 = 3e5b6735d467912273c38536f7a1be160b1edca1af6dc1 + EntropyPredictionResistanceB.14 = 0dec0880ce8e6ef894b9396ef56fd678435ed5b6b39d4918 + Output.14 = 5dbf5d3b2fe59054ab29bd747ac3dfc4026799f493b65a49a528bdd1dfe26ee50f7d8b4a69f96488095d09209f2657d98d2625adfb769188e5fcba1472d8364611e34dbce5160adb642bff5919b54e8ef3c6bf8de8fa0f651fed3878ecee371e312bf71688093a7a625239fb861cd8d8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65451,6 +65747,7 @@ AdditionalInputB.14 = c7c8c48d9ab3014e6f94a3ce3e8df9768b3c60f478a5edbf + EntropyPredictionResistanceB.14 = 00b456fef04acd6dadb600fe9b2735a5d53dc58e9cd3f963 + Output.14 = 6c1d21ef77388dae905c338b72894c8fa3a066d6255e7760eeb307d264948f979a343a25209a3a7d1b6944d013b05142c3fdc155d63ccdf626437298d0a9f0715d6dfd81acc7e45129b6a3b442e8c36527470466f74712b03d03ff1f4cadfa8e2c348639d82919cc9a3e288fc15751c9 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65531,6 +65828,7 @@ EntropyPredictionResistanceA.14 = f9902e3d878151db3849537f186a7b2fcbcd10576aab5e + EntropyPredictionResistanceB.14 = 9787f601b4a6244569468fe586a67e2e7733ec0f1e2405ed + Output.14 = 8338c7e93fc15595aa5828c90f064f37221439c1e6d9c51a0986fe9f3e9b719f0a05c9dda87f3f88543b2ec0005ec343b62a3929ef720fb269e8dd1cdec36a8a2b867876752b8aa23d6878d0e9f3a27b06a7782a58ce68fe80cbfe6b5795e7da0c34499dd153b202c5432e37e03638f8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65641,6 +65939,7 @@ AdditionalInputB.14 = 69b3ec5d555f1c338f45a72c56ba8f714894c069e47d329e + EntropyPredictionResistanceB.14 = 9a0350c1885b5f69fdd13e8324b8730f27c92dd96c87916c + Output.14 = b4a922cfedb084156cc73d5bacf1a78090935fb1a5368e02d1bfcd22ff497defc9784e16b14e19777c50f0db895c3a61fde6f97988315e427b4323c9c0ddee5eefe49677b37bbea5a6c9d43cd7c3279c7502154e8b551538e10c8bdd0cf35ac9379931f0bd7acfa82291702648612815 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65736,6 +66035,7 @@ EntropyPredictionResistanceA.14 = 80b2cc6b2d460340d5915e109e434d05ab4861378d65ea + EntropyPredictionResistanceB.14 = 42a0f1f0e9a911d0e12948a235d1a125e9462d5bcb605b98 + Output.14 = 38df6537e3bf2a8ce577da82336ccb234dcfa6fae8bec62c1ee38be0f9014f49695e4200389a55291a95b97ebd09ccb7c392320fda66797ab1979ed0ea56772456f36ee287bd683c190c438b1ee0c4c262ebc4b2e5d036b3f50f0630da695b271c3cf746162258a4920be29c25dcf201 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65861,6 +66161,7 @@ AdditionalInputB.14 = e201d55a78452ed3401d92c27247db4801b572b389b2fe61 + EntropyPredictionResistanceB.14 = d50ec469c29891aff7289644413e0bae6954075854c1e475 + Output.14 = 1bc3d11462d9e2ae029afa1b7db585d17c1de83fa1e7d7d9e9e7c015fd85a369edce029a3eb111dec4a2efda8e35bc5d412d31fe2d0d0a35f629609c2aaaaec7fba121a164f4ab20fd65b8bff2ca6f52f171ed2879f129b0bc2ba7dddb0c387a8748ddd2321681655cb2821523bb2510 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -65941,6 +66242,7 @@ EntropyPredictionResistanceA.14 = d6734f3b3b76bdd8715f1cbc24df30bc8062a0276d954d + EntropyPredictionResistanceB.14 = c6947a5c4932e357cd296aa8153614ceab7a6c479ba1cf30 + Output.14 = 19f1b2ab68854e65d92318b4e09c74a379c76c096ee460355a977ca08788a8ac83bbe817a8ae4eaaa795a09a49f572fdb471d8f5d2de060016b1b0422905af24018457acc9ded76b66d204ed5d1bb66d77270bc23ae5528a6a05aadd3eb1a194bfd42c88273def6fc24ef677d326c586 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -66051,6 +66353,7 @@ AdditionalInputB.14 = add443f0f3064aa799c6fcbc729416a494ace56d2a29eebd + EntropyPredictionResistanceB.14 = 19b708e95dfcfe56f171ddcc411c63bc2e742cb45873a019 + Output.14 = 29fcc98bb0b08c965dc5ec7de8dbf7a16d234eeaaa262f5ece8f2a1d843940bc663b4f892ca1481155573c4a6754f8b7b398fe12a81409ed7f6165bd16f2ac031d809e6535dcd3561586c038df4aa735c5efa36224b2235d05c12555151b1ddfc2121e806ddb484d19e9db631383e969 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -66146,6 +66449,7 @@ EntropyPredictionResistanceA.14 = d9b643ef8cb569c2eaeeacb3d8be9a0b2c93c60f8e1129 + EntropyPredictionResistanceB.14 = 213994f4f3e9382b9b6c0247e74a930043a563d0dc67d05c + Output.14 = 991659b877318d688fb40a862e4a089f74e60948f853ccc57588ca14a51c8a8af65c7c1e0a5fa1393a2f96d23cf0e6f829141cdbc4229c5576b07a915a59bcae554cc50e6f38264757e29117273792cd9ec6e89a82713db07af8562c24aa80e64f2723e8885ddf3435d96581881ccf9c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -66271,6 +66575,7 @@ AdditionalInputB.14 = a00aa12c4a26030b79897e04d0171bbce1cd7257e0cce379 + EntropyPredictionResistanceB.14 = aa9b3dba7376b0a21d34ee6ac8939a625dbfec172a108c4c + Output.14 = 54fb778fcfc5549e190271dc12389f42ea8128df55e6193e03073888b4be31e2d7a78845c47362c4e96b41fce503fb970f9176bdb9b5d664c386898a0e44ffe12f9480699b7d566d697a4f520268f62e460359a39d091f4c372ad33ef0eef58622f488c9348ab5fd693d4edece794b12 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66351,6 +66656,7 @@ EntropyPredictionResistanceA.14 = bc9fa0d6596cd2b1e020a0f23fadcdbd5ed8730e9187c5 + EntropyPredictionResistanceB.14 = 671405ac5614d316a8f289b50eeff5467be8960feccc46b7eda7d3038f09321a + Output.14 = c8784cdcf893010849f094a0de5d3325a69b425a8c7b788f96ed2d8209434f9731bec3c590e8982c22b46ab9f28d169933c1ca2c4e4b99a9bbbd74e2182097a7c0e29e84a63363eb3c0b7b9cd730cd0bde121006aa11542b968f4963e84830219c359771a3ab03298e5c0b8a207387668308e2158fd06add5309defc8cb2c0e8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66461,6 +66767,7 @@ AdditionalInputB.14 = 7a63a39a4db6161824113f32ca5c4588edaefccb08894b2ba52b6659e0 + EntropyPredictionResistanceB.14 = c20c5ba1aea693d375097d19b3cfc2b06c9c876e980131387374899d4ab48385 + Output.14 = 818ab1aeac3dd58e54ab686b04e3686a37a1202a19979a3620d1aea5e425472af381677a363ae190acfdbb0372c7ea2d5248cf27b18327e13b91507fc28b9d3e804ca0e618d867b3d892173a19c5918326e6fda277d5a3a34bba1425f4a6c9543f66dec79bc909b3d082c6067df73966d1b8f8a16d07005732e0cc00f9b212a8 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66556,6 +66863,7 @@ EntropyPredictionResistanceA.14 = a21a3a1e4a6e4ff4c646ee1b19ae20f956cd174001cac1 + EntropyPredictionResistanceB.14 = 5f673e1dba2a9c526ebf62d4383da60fd194bee81d405dd719f0cdfd0624a79d + Output.14 = 718c2bd08da84f897864d2c2a91cab5e6b66251ce71886969271b3b88885cce8f01e2e0bbddb0f5826c68445c8d56964c7f2b641b7f8498dbc293875a422b65bb7aec20b154064b336ebb06dc861fa7e69d683dba33d8a6f71c2b2c76e030db66fcacead182c0f316395c3dd4586a38d56157d8b4138f3039acfaa599df1a096 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66681,6 +66989,7 @@ AdditionalInputB.14 = 4a5a23362f631c0b155fb802990f855d684a1d3f54073c7bef2515ee3c + EntropyPredictionResistanceB.14 = 73189d6afce0d5724c50cbe257a1494c7e78dd5b3d7509c5509d795d6abea851 + Output.14 = 8c64782c4b34cb5e2ac304ad773adc7a76ff2fe1f43202b01e28aed52ff96b651765d642d5313146f322f3cb067cc274918babc2b35255f048ee74b4c87a4e1c465e3e1098b1053747343123ae5ecb652520d0fb20db17379388249a2d92cabcea7140162f2d9cc17daf718eaaeb8e8a69197689ab206f68fc468982c8f89e73 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66761,6 +67070,7 @@ EntropyPredictionResistanceA.14 = e0975b46c5421742148647c5ea8ca534bf23b9cad38fdb + EntropyPredictionResistanceB.14 = 92632b542fbe20c00c8071037c15a2434cc23b3b6ba800dc9e419e105c1a4c4c + Output.14 = b457c370a8bd4451f4185f7c925b90365ecdf0cf1a4e809967ca9218fc7350447c32d25bb3ac36d8d0de69e2f8d6e7f0276cde6d9a615d5644654be11ccae2a556d331310494ecdb961468ed6283dfd9342be478f0e3d5bbcfcbfbfab86625a3fab5c43296bfe1fd9218ec5cac2da563adef29084fb7906a7284da44872a957a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66871,6 +67181,7 @@ AdditionalInputB.14 = 0eb21b9dd429b7ccf6183587400ff57ccb84e13513a553c83bd18695eb + EntropyPredictionResistanceB.14 = e65beb2bb257e5b9770af1404e58743540ce7d6338089906464de3350c481f59 + Output.14 = 30ad11bfc18d3fa9c7ca2adf01bca76f8f2513c2aab3e830b1ec8892cd6544ad9e25f2c8369a034a25962634fe86e833aa32baa24ea608c91818994601be78ab1fa772cd80b6eb3006c4c2d4b0b1268f7d8759b7e0193e15a69f7e13def2e4af35536d92c1b8dfe3b7ac72104543a8e99585bad53728899fc5cd4ffa509b4b79 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -66966,6 +67277,7 @@ EntropyPredictionResistanceA.14 = ca849cd2397ed598a1f4a5fe1ac34d9bd72ba79cf44b89 + EntropyPredictionResistanceB.14 = bf75a707fe7d86993dfa00386ce07f94898f484a9f936d47e4923bd6bd8e2121 + Output.14 = 63fd0934c1c510ed19955471552a645ebc7ffcb90ec904994fcbe89ad938ca0b6ac3c0bf958d453af8ef7b4cdfa1bf20a5e79a68d1801a91dbe63ca254d8088d7d508971d203fd9dd4fb4fdcd9e8f1f25e899912dee3f59ee1815efe0959c7e4ae06453ae9031a8cc94ae38d7d634fc46233ed8d11ea8e20e326841d3cb40680 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67091,6 +67403,7 @@ AdditionalInputB.14 = ca63db9ef242fc5132d291600fbfe99b72649a2c51080bf46501286c27 + EntropyPredictionResistanceB.14 = aa1d3e08e011aecbeb852bd054066d44b5f66a71682427d9a49deb6fd43ac6a3 + Output.14 = c44e0709fe70b56c0d612f354f796e33f6008e8dd9346ce75894e3a09186fe54b4a7988060e48488a329387bf1bbde11de1525f14caa0af8d6e4d4b32b5dce06d71b368d5cf181535557accfbd9ae55d4b844479a8c959fd0ef0739f1fcccfa2d4e053194b90b8ab9fa4135db408018c3d4895c44cfefc05951d1cffb8da24e5 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67171,6 +67484,7 @@ EntropyPredictionResistanceA.14 = 3b12c8af1e7f747f5307c4a0e7af0efa7a34039b4f2c5f + EntropyPredictionResistanceB.14 = 90e07e1b5ea4915b23d18d52dd1a5d79ed0feaaf4c3b9176ae92c85f28c5ef0a + Output.14 = 6c2ad7e3738c856374ab4b7a56ef4b3e1aea65f69fd6fffdc0fc06c585eeca2761fda70234b844b37ee8fdd43f8f58b5f73accc0943b8da2544f3a7ea7e7107786d9de4f457519fc80782d0ce64e5b33c82b6935f80d0e1e241ed1c119621d43ce1d18fc016b136ca1eb7907c6fdc14f77d807cd0ff1a1ffef73f6eab009b02c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67281,6 +67595,7 @@ AdditionalInputB.14 = 5138951ad6b555496eb1005bc403f5937dae4e05f1254d7ae2406a3f81 + EntropyPredictionResistanceB.14 = 9eaeba16579b23aa55adb7f2b33430e5f9006c6247944b16cca7f36ce6eb0cb2 + Output.14 = 60cb8d3a0d921d6895033f75330a82de2121abcc7f0ca1391687a510ee79c7e99154483f20ceee8cd85c6be7dabf93ca5c535b42980dbca8b308375f44ea3c1682d0edb7391e468898eca762b39b2ca5beeba498881e116e45429b49ae3936e1d11baace14b11c64aaa17f4c830ed62df0d66ccf0093c73f705e32067904ce8a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67376,6 +67691,7 @@ EntropyPredictionResistanceA.14 = 5dd6463be2b566208350dd70f0d7132cf2249ff1069c97 + EntropyPredictionResistanceB.14 = b59a5c1e855d888a76aef8a2bdc0e6701eb7cf7d6d0da08c9e9764ac31311d3b + Output.14 = 69fd03a37b267d6f2a9f338ba844a69f700089f3348c7dce12497ed6637e294b9b958ab36f85d986b1f311400d2e58bf5251cfda4c6e173e0a0eb0c25b529057e458951e8a9ca233f578ede226fcbc16fc95b9421f4db1b939e77110d1e7ba0d486aad8d62f0e417ef3a5f39145d05423113d8901493b866c3dff2a213ab8dff + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67501,6 +67817,7 @@ AdditionalInputB.14 = cba2a6a01cc09238e9a8e9fe56663a8eb4ebc186f4927042f7f19bc8e8 + EntropyPredictionResistanceB.14 = 4c691865c160d187f5c3654e3fa2eca8e818b2f6ead070dc69b2585d5d4589cf + Output.14 = 004e5ce98e6f7a64a98ae577c3c702b8aa489148edb61e57cbb980c2383723918bc380e07944049631a8f88044a7954570086cb972c6653ebfa49a5c174f8fbb788005aeb7bbfba2039eb495cad2c23836f94bb6029f3ae3dc2dd8525aef77614d3bf5ad62c48ac56c1cf1155653243d4d10da4c4ad9e8fde33802d46026212a + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67581,6 +67898,7 @@ EntropyPredictionResistanceA.14 = e67d0f28c142a83bab1572b0b44c83f0fd9ff3ccc2efbf + EntropyPredictionResistanceB.14 = 5b7ae1170e439d0f9b8d5279fb29da66fe280483e0dbfb6e289d63b80c0e9662 + Output.14 = 4168445948f0108eee7c346820bde513375c403736ac22b6b51a0237ce84c9f6ec3f85be5e5af9f1a23123692794704825c4e1935ccf790413725fc44ff64c457a58a700265c04dfd9674ecf952af9105b0b62e9f2867aa15cc18077063f1be603a4fdb0060a272aae224bacd1f45d172c8fe03ae1b4dc4616bb47be9ca6fb3c + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67691,6 +68009,7 @@ AdditionalInputB.14 = e5cbbe21f36bdb46d389a479bc23ed7162ccc9fd07e3c15b2af38da548 + EntropyPredictionResistanceB.14 = 524506ce82bc8e9813b12258b87eef1021c3df39de0b377529c3614a88a5ef9b + Output.14 = 942432679f040520258501966ea68fb5044cb44c4d02b0eee3041d3e43e3c283e76d4bab79305d16888b42581ee087dde5e2b0e2c3bfc7d1122c2fc450729343a45331df3cbf7b9a4253a5f8550d37672a73a75b3cc8abd68f98803643b6eb69ec95cf55c2cfa037b69523afdd045c740708f1f7403621c8074d497e0efe689e + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -67786,6 +68105,7 @@ EntropyPredictionResistanceA.14 = 711415888490d7ff523e9883f6bf0226dc6d446901fb41 + EntropyPredictionResistanceB.14 = e15d421f53c1c843c847b2abace780caad977a337d81469d973ddae6aecdd1a2 + Output.14 = 79071920bd431dc5156b6f03932ae2aa4dfa06a61994bd07ed65cea1ec8c08416c7ee5c045f0fc63b4ca237e85d29d8987b65f3e9ad22a984aad16676a9a0b50af959f19b57863c43fd316516cc7d8516bd4705193be20d3ffa42f843905ad64a5288c875f55a8996ecb239700136b6a57a43f2c6dcb11af5e8fba3597fd8870 + ++Availablein = default + RAND = HASH-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -69553,6 +69873,7 @@ AdditionalInputB.14 = a0ee5a3a9a8c5eccb62b9e7ed45d04d8 + EntropyPredictionResistanceB.14 = c588bc21bfe29ac749639bcce28f17fb + Output.14 = b519ee28f38bcc0305ac49eeaaf9f27eb6af797ac95e13431d1f5611e89930bb2c362a9abbf4fb8d89605e5db756fadaea2f36e953751006361b94f89c893e2505b77e41ba27eb9d56d9124111e7c12d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -69633,6 +69954,7 @@ EntropyPredictionResistanceA.14 = cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a + EntropyPredictionResistanceB.14 = 5c820ea46bb9091054d75a892a83c3850da0a31c15e0d021 + Output.14 = e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -69743,6 +70065,7 @@ AdditionalInputB.14 = 4505c0664e59bb4388020470838bb098c4ae1338c268adf2 + EntropyPredictionResistanceB.14 = fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a + Output.14 = 4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -69838,6 +70161,7 @@ EntropyPredictionResistanceA.14 = 90e391a33dc21281372589e2a667cdbbe4267710d5244f + EntropyPredictionResistanceB.14 = 42c959b7272b39e5cdf67701d47665b61782541e94aa224f + Output.14 = 4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -69963,6 +70287,7 @@ AdditionalInputB.14 = 764705681b7781573af811fa7751dbc27d667af7a1e59dce + EntropyPredictionResistanceB.14 = 76a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7 + Output.14 = ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70043,6 +70368,7 @@ EntropyPredictionResistanceA.14 = 85ef26b185a0aa99aa8761981cf02a634b62f47baccf27 + EntropyPredictionResistanceB.14 = 2e9d56a2fb6ca0bef9a286d23e7d38457790f97f2b7ea5fc + Output.14 = 5c7bb6bedc97cd38837beb0d963d76a953d4c53827e24ffeb278acce8350c43fa6e289672fe6452b769b921937ea8059cac8326332966d3490f57b8fa89aa86deeb3edcdc108d1899eaaa2d568d78e26b8ed674282ce16a0cc03f3c3b1da6d5c73afe8f392b32151e938d99c94bf8152 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70153,6 +70479,7 @@ AdditionalInputB.14 = a05a3af78f164652504f38cbb262a93f5fbe72c55e28aa55 + EntropyPredictionResistanceB.14 = 0dedd1d3b74beb9c3ed9a6af24ba4a8fab11aed95d829a11 + Output.14 = 4e6dc09aabcb0fdfded4f1d6ac2339add1b5d7528c3676203b09341a1cf70f0e838301f7a78dfe6960daa674517162f4819a37027845c260186325846604db350969ca2abbabf713159669260b80de6e42bc33a64c796280402da8b3c3bf6e8255a11b82b046f1b3800cad132c2c0cc6 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70248,6 +70575,7 @@ EntropyPredictionResistanceA.14 = e5f524fde813bd2478fee8dbbb6284f3863b43a8cdb2f8 + EntropyPredictionResistanceB.14 = 178f885705e506129a137c64daab8870149344d82990e454 + Output.14 = cc687b9fc638af68d71c2e12ff8727f2cb2eef42a888216af09167ee23f5b432ba896ccd508afae8670dac9fae348eff0f8db63c3fe86f6a1e2d97f9b11813a56ddc1d5c99cdf79afb5d281fd1682dfada3c608ac1cd8ed28e70e21d3ecf7c13c410e8e657d7d0714aabef78795e46d1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70373,6 +70701,7 @@ AdditionalInputB.14 = 29729358e5e488ac8924536a8806d242952da8ade0d4e4ab + EntropyPredictionResistanceB.14 = 0a0148aa002eb800291d3bb5fedcc8a6b80897ce459710f5 + Output.14 = c97f446cd3d9c96f63782925178e879b3fdf0d46a2e67d2489a39c55ded3330d70a7be34128f3e8ea442989ba7ad90ccf7f66bfe1f7c1b17585cfb5786d764a44e39bc021e06a193254ec26b7b93e33fb883408756e651176a098a4b75b3ca48ffc4b66f0f5519592d529500dfb30287 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70453,6 +70782,7 @@ EntropyPredictionResistanceA.14 = 3ef188e76f0d26d790b51c9eea46b0a9d15fd631f044dc + EntropyPredictionResistanceB.14 = b2d0c40fc7c3e6fa3fa030d54f4548cc664ad604eb9ebf7a + Output.14 = 966790327a7fd7dad98fbfc5c86d8d678d28dccab766dbe0a10bf917b59e85cfafc1a948b0abcd89fe6cbd30352e8c672a849b2b6b598b495719303d17b22f879361078e1dfc13052879e7fb8613a0d5fe764377e98e8c4d41faf8aac94ebd299caea002a93f5e56b6a78e6869190c33 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70563,6 +70893,7 @@ AdditionalInputB.14 = b4c6dec979f2875bd6ab575c884b9c82a7f87b0e8536fc63 + EntropyPredictionResistanceB.14 = 812de24e2801b83b5938cf87ccd697d29e1e47dbb773e8ae + Output.14 = 42e656b2bd89c6b87eeeb4cbc88da7b7ea63f2d0e34ccfda69f1306982727b65248742030974bc2013af0fc0e04792ac57a6b33f7a0e1c106b4877abcc43649ea67c7706c2c6a32341ab03f35ef5429b634c546ad46e9f4ed65835246047ec510de96d544dcf5cfd5cf38b1191844699 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70658,6 +70989,7 @@ EntropyPredictionResistanceA.14 = f3519a57f18c23306e613cd6701a63b476750bc86a2c3e + EntropyPredictionResistanceB.14 = 970a0425e52d2ec2cfdaf196d46e132483021785e3be083d + Output.14 = 92e7614f08b0bd0356849559567fcc18f467f7ef0d31801c9d38d48adfb1a49d464abca4764e5a9da227d20dea34e9d05535de6daba95db7ae42ad94155f795c06ba3241e897ffdcdb1c0cb1ed2767bc8b1259359e70739b52f87c947fc0ed293990fc1a9d452c18afaf5586a7a4e828 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70783,6 +71115,7 @@ AdditionalInputB.14 = f7bd5c7a7e998407efc71f4bc2a6c811edf1687b019ceb9e + EntropyPredictionResistanceB.14 = 84f15292035fcbd61337c733fed157b3e7db3097c2a3bd9c + Output.14 = d59bde2388f07c18be829b8fd08376a93af24145700238175859ee3f89a7dba009c628d749c9ad72abfa3609dd0a5d38ef1abf261225b988db1d3d3183b5c5ffcc19303f4eea88df2df4b65df1ad28796e9ef1340731ad6c3bef33043c90880e3ed5b8b336d5d125b89df17028983f4d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70863,6 +71196,7 @@ EntropyPredictionResistanceA.14 = d16361e926630ea7eab852d3fbaacd4ed8bcd4437311da + EntropyPredictionResistanceB.14 = 15d2ef5b010ae9f49d738919580a99985fa6e749f4f25e4b + Output.14 = a34007c66a63071fd9b88fcac4e0438961458595c5fa9d39453af1a8260a5810461f55cc8bc9135b24713c82d9a8f7caa720ece42a7a94ba9142c7f25120f2cb57265a83e2a40129357234dff36f320935a2e88559a334e33044d6e6694a9485ffc243fde57a28958975d40342d17c0e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -70973,6 +71307,7 @@ AdditionalInputB.14 = 6a59ff9e4710c11794930434f5084196353fb44fd07b2e25 + EntropyPredictionResistanceB.14 = 7b9f7f89a03e06aaf45b165d68c6275db97352d04c8fc977 + Output.14 = 7f72c56664a786385db6206c39a8fcc6d2ad278abb7270961c79f17f3123b62ac1118a814fc8d22d2f2c0219cf12879bc688056f39d79849c6eb4f3bf2d48939372313d46c6f816205e71a162c8ac3373f39905c19b1003183a14f1a993851a2f9a961bcf3fdeb656d7190c7ed5348ba + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -71068,6 +71403,7 @@ EntropyPredictionResistanceA.14 = 40da9bf2a3adce3bed58d5ca64411ace999f0dd1be0849 + EntropyPredictionResistanceB.14 = caa117803af0fe7ded86e010dd37e4945fb8b32256663cfa + Output.14 = e1468e54df5d693ae5094982e155a74033e4079dd1086d45a91ee213b3ab4486640dac0342e6aa82f76569ae9d395f5161d82d27a7c6a8573e3f42e7c57ae6bed8a45a177dd35a999e322a3538a9b8cec51df28eac49ca8a7022200963aa0d4d66868c1cb8dd90a1564cbbf8bf26778f + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-224 + PredictionResistance = 1 +@@ -72833,6 +73169,7 @@ AdditionalInputB.14 = 666ab44b022bd295bb6b516390e14c1a7e746acb6437e33b203779116f + EntropyPredictionResistanceB.14 = fb25b91fb031adb53b1d175a68a9202abdd6b3da5d658b7d3d5e815e62d440a5 + Output.14 = b02cd3e20a39877aa2b5288236990b77e0e9e21987583fbabd6ddd9ae2c5316fa51602d06ae57a55a784dcb163504014a21a1ac2290b6232e8e97d186e6f6a8508f7eb6958a0ffff454f91e1c0b2831a594d31445918c92268b380c017f9911e81c82ae23449976252add67ea901463848696eb31453189fa88d2c999b6d9d81 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -72913,6 +73250,7 @@ EntropyPredictionResistanceA.14 = c5650c33f68b5d33502b1f55e06fe2c1169fb34688a092 + EntropyPredictionResistanceB.14 = 25be4cf15692e3e6ad0ab6ffb22cf3f77b00333517ecb2239c9b81e59a72d087 + Output.14 = 41f335cf727ffec9ebfe7cb348d11cdb4e5e49a9a047d8342a6656e5d235219a5d80715166698cc1f16e34f743811b820e6ea55c2bdd0db1b97ea2269fbf60c739feed818282f447bfe2bd0b9a7c479144f0016703aff450abbd87a50e5e5af0d2d9469175542737bd116de2a73acbb74d9f0077a227704f271fe0696f071914dcb9c0f0191fee35eb66248eb17991b538649457d5d5f9d4bb9cd81c33a14d2becce003c143c9cfe39ccac51048ef169f6a22143eca721d04f6e147749a44a75 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73023,6 +73361,7 @@ AdditionalInputB.14 = 301f91c659f73b618cb46a4343772f1eee9fb4949ec6328109823749bd + EntropyPredictionResistanceB.14 = 24a71d39e627d5efaa1e8f3e5f70114bb03b71ce54e4f8d34e838106b2467cca + Output.14 = 34c532082926e6d530b3a58282eb4666ac7374e8befaa4999dfc9f409e40ff966652295d2940db97061800583bc7d47b053553ad29c89ee61803c1089d30592270d2927031353592d4aa71f59a4bf3f2147cb406322367544c38fa5a3c8ccb534bd884355b06145db62161260162091c795874a2e99e01292a2e39e107738818a211750f858edbe0c2ea4734ad14f1c45bcc9f733f027616926558587f7332be55044dfd6fcdb628ff7d7d581820a217bc64aa092e450722686e0cb291eca45b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73118,6 +73457,7 @@ EntropyPredictionResistanceA.14 = fd947b0a21e580e6c2dbfbd44d01f5fb4a51dcd2199df9 + EntropyPredictionResistanceB.14 = 815302e016aad33254d308c5457f368965c15b6204e191c2a252e4fe88dfb978 + Output.14 = 34f550231d31c1b3a3db331d341ada3b987120d94e431831eea67e8d208f9cf1800549d445fc7befbdcc2488cc7f4340560d574fcd2396e9ecc9a232f1015cfb26db451623fe47ec8bacee1756573e74e519adc62b23ce86fc191ea5e13da9c7a14496426c6c53dfa7c7ccdb67d6164dbe88cbbe7f48d4971993003ab24f3eff18bd52c2661992e8f8da93bfdd28f01fc32edb439ad130352463084041e9871c431ba26c676ecd7812991833113cbbe687651e93aeb22a6a44cffc7a3fb214b2 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73243,6 +73583,7 @@ AdditionalInputB.14 = 5a7434648de82a3552e12aff800093776ca3e86565b29c0b3ad6c0bc31 + EntropyPredictionResistanceB.14 = 2d6b77ff7e612c7c40cd5231eece4018c5b3c0d8181ab44703f7a04c0a1c7c5e + Output.14 = cfc79a89a0a55dc9c6c6eccdfab5a9935335e806b73bab7f5eff5f9fea6aa3f47bf31f06d987a94e2bc2a4a6144ebe94d6f5aa8fcaabbf86a37c8d412207864322d3057b89fef358740c5962cf9e7c37072847fcaa6db693a5238ef270e8414e2b29448bbcc37dceaa75479c2ac5fee2d6fe9ed68516f6dbd90135ddcae8a12d1c1595e0edc34ea2bf00bee7ae773c240c2bc1ed828b7ff91a676891173eec1dabeecb2184df9186c3bd833e349351481655bda91bc0f4e419fb78e426de6b39 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73323,6 +73664,7 @@ EntropyPredictionResistanceA.14 = 6cc5f9e579d80eb1e93876513892307c462383f1b5e591 + EntropyPredictionResistanceB.14 = 2672d3be2c1b741a8a60662e24e2bd6a674def98b16994189c08d7972d275f6b + Output.14 = e7f7f113778234b68dbef00b74b656a52eed3cf3aadab8e5d96d1daa5c253f5ffdcbddbc8dac0acf43a7e2a18303a6ca389db0bd0c5118a869e7e06115df5315ab9962a782281c5c46823d1067a8a5cef28c7ab7aaa70c069841875f02f294e557158da3adfc6c11407d5dc3c783332b4d3e25001b5b1e48dbb45a5ec0c8fbc0343f8d73963b7928e501f5dae8716746a835e121ac748243c90d3d3ba22e11cffd76f53a6e372546e0fd333e46df1056197e5a44a8b69e5b923637212635e6d4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73433,6 +73775,7 @@ AdditionalInputB.14 = c81910a207597a0657cb06cb89897f9ca67aaa5e3289159fab1f36cb2f + EntropyPredictionResistanceB.14 = 0fe27d8d5ab415f1332cf42f7a6eb23033a9c5eed085b3646ac3fd288de95b63 + Output.14 = 080c95ae4f89185591db9f06e68ec25774ebb1fe9e5cf9acb4a6190341d40c78c1b92dfcfc142bd8719da2d09d879875e5eae3a0f7e4030a61904e45dc5f059e550e85f4f2e081f2b7ff22c47eff29944d5f17396cd1712070a2e1c565253a032e15432489c093561ff61b2729ad785e7d3da276a860d40ffec5f766997260ca2f0bfac1a3d20da5602357d9b8c92c97f8830fc1c93ecc68ad2edf2a559a7f52325ee7c7f9c85205016af24e0833fbd54bac2f6bf42266d3b90c0431783b8a75 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73528,6 +73871,7 @@ EntropyPredictionResistanceA.14 = 0877707fdad56cc9c9de7e9fdb0c0314316ebd529920e9 + EntropyPredictionResistanceB.14 = 208e73cb7f1d5cedab1c8b3b53e0e8677e3ef4664cab9a305fec6dc0246256bd + Output.14 = 97d899881e4f6bd01a6030d211643b3c4d27dd7df30956495497b8748998c7bfd74373293f1c992ca303f0d59e46ca98f97acb101113bf97682ff75de95fcbd9c511f798ff76d7a17ded50948aa2ffa15013e1d486de1368c5ff009a2c0ad062fb9045f89d8867aaf8799089bc9b7eebd5a9069690076538a589483c7af29c48b6726982ccecce027b87b1ded6875015195c60604d2e564ee3014d9114f5a2d900829d449a69ae4dc23e5df063c103260163509bfc38690f8d274c620b53feba + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73653,6 +73997,7 @@ AdditionalInputB.14 = 30dd5a23a1cc9acb87060b151274df28882f3d442d1b9ee6ca58dc118f + EntropyPredictionResistanceB.14 = d980c14049c6d9e9bfa9340c92ba188091416e7eab2849f347f72840d79f9f59 + Output.14 = 97db825c1019bdd33f0f67b32adb6490a8f38e96fa34658f93edaf6d000ca806bbf7fe6af0b5b17c9e850a6dc41f8899355849f04e58ba0f75872021cfa7cc4410160324312fe8a7b6e9d8f42778a1b8496d9f0bb40eb336039ea3f762147fdef0d53603591b0fdb9f4d0b345c8f1cdbaecca96e5411a960933f52ba9b3457a0058ac464cb30118ce65f027e8a7584cf9eba11754ad3d26d3600a3af3bbaa9caff6ad4a28a8a76abff9c5d710530270cbd9972b90bc767ad7e76eca03dd13549 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73733,6 +74078,7 @@ EntropyPredictionResistanceA.14 = bd108a354d8b8448d8add8059b0c40ce026bbd85209c87 + EntropyPredictionResistanceB.14 = baddefae7c08ddd069296022aaedf0eb70e44df7a1aa04a030bca6cf9ad89211 + Output.14 = 8360787a7febcd2965a605f03a76a46bc3b842097936c0df13fb778feeeb3f7c12af610fc1d845ef71d5b4b834f1659004834c107e084de52e2303fd81930eec8aea7fa86893e58ae764f1894965b04bd8bb65a308e4f38d390ab11d93dc77c69e86650bdc20e7a3fc616a996f4a4bd5668d31c6155644867ad93e31f8d78f512a99b6b368350c53adc5de36fc13052e600dffeeaefd06b2a4b969782c046087ac07a4e02aa5302e499ac11e26116186f32d4169454eec4eb29f2e75e544a0e9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73843,6 +74189,7 @@ AdditionalInputB.14 = 8316fb114ead33f4d6cf236cc711432f42a699c1c8207865428de36375 + EntropyPredictionResistanceB.14 = e4e9129ee1cc84738d8eb8db7404da8c0f9f16a5dfe1b2cd99ed2b08bfe635ad + Output.14 = 18daf46771e8acd38c2cb82aa837a239a145c48c303dc26feef47d5cd74b01cd53546fe54e300bd3212e1c13c1bf3a9d17165c89399539c07e30816ab1c7bd1b598e1b07cfd4ad0785cf6f6a5b835d8f212c825a4ed2d7821bb29255428c468c84ec2e609cfe23f79468f60b236ed228b5252a95bd4c0bfef62f2b640c7823e32d72e5f1bddd56835e0b8428ceafada24efe0de582678545de63cbdeee77d6b3929d83d9b5db2134349444926c6fdf2422c786a67e017a8f98659b9c80ce95ef + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -73938,6 +74285,7 @@ EntropyPredictionResistanceA.14 = 7a7721ea04f0e15f08ac5bc6f52ba3cc2c9f62f0bd8adb + EntropyPredictionResistanceB.14 = b38c8a67366b0aa435d71cb0050039a98447b1a40a0eeec63b33eb6b37e2edda + Output.14 = f5fd860edbe302d1448ff77d56b368c4eb156490aaf07a640a87a7036201fb816bf24066b7caa9cdd709da7234882939e717298193f9dcd634c8975dd95ab56c38e8407db56dd8713b0c85842f85516640d3faa7b5e12a390ddf0d4d80c96a407b9a2a4767fdcf9c37d504134dfe0a90c8b10ec9bbcdbc56e54180022461c69379c7aed3f5732e1e56d03d078bd8b6e7c621f518a631f0eb493d5b747877a9cfcd06e61674a2f5295a91830b5dae43e30c1e72fc8c91528acd13566b723acd6d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -74063,6 +74411,7 @@ AdditionalInputB.14 = 9fd99df9cba9f0cd2445ad2d4b2c6d34c112d882b7c364b1d52f47d880 + EntropyPredictionResistanceB.14 = 3c2b67fcb3929cbfe60ea272a0295c1a59c631ba2f9619c0c93337646731a8df + Output.14 = cb3c238037a3165f17d416dc04fa07a41eeb7041afb26f5d02de1ae45a9ddf37eef688c9c29ac05fa9dfc35947123cb3db0125f5bd5453f4e48a3b2cb027465ca74f9952456d3bb0efdbc047f96a201e78d813ee37e213240eac293479444723d63148333d93dd7cf81b2e19a7c6feb217c32b25a4cd184a8bf7c2aaac149744cc53134d38eb4a2bcdec0d69950171847fa97d0766a19c3f96e9076520d25b1741a9c4fa31bcfd6b3ad8e4aad6f0c33751d128b9bdf4975e0819985c3b00dcb0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -74143,6 +74492,7 @@ EntropyPredictionResistanceA.14 = d5029f8d6b538542043669856f1f443d1b0cba26f5a075 + EntropyPredictionResistanceB.14 = e184b0afcf6bc3bf9c121b0df5aeb8f8fb94eeab939de04b5deea470ab94de15 + Output.14 = 86c8cd6a92b103b0d88e54be7d4c1a9f8e2ebfebeb66cd812298fcfef3a7eb84dd84d0683a12497716c4325e8105b39c9841dca2d60da1dc875b904839b18d1681805d058faa0ae897bdcea8528b8e99bc6899f96ce635f3176a645224d668afedaef3d65336b91c78cbb7f0a5090e95938e15f0e43d827bc22a4cc714aac95d69b90553b06a9f3a76cdc0e04d0f6e24a91ef5468bee2f77b631d5a5bd95d74eb91be516027c86a17240611746aa99c6c84003aad7b809c0ae72f221c564c8ca + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -74253,6 +74603,7 @@ AdditionalInputB.14 = 1161d440c1db4c8bbef4967dbb70d8054c1713dac5c1bf62866e1f0327 + EntropyPredictionResistanceB.14 = 5cf03ac2109ac324991b13b84b25d44bf6edd86f634a2358c3eccc9e3f477ee9 + Output.14 = e0793def2fb3674f7401517bc0645973b7f97091c3b96b3bdcebd96b882ed393ed38f7b7f5a6e381dad287f642c99e9cc6b6eb090092e468c96d743b20c7c71371a1c64637256d041211300213a9aa330c05e80db3456de1d55e6d7e3aa3d7a501450ec24c74da213b7184f4ee481c416f6b7e0877d947393921b72a6636d642c8d33b9e57a35efa2490d37f8fe584644e0c19a54941248fbbd2fa31310a4592926db7092f5e8b3ad1111454e04705f79e46f4f6e4d109f4c0fc67a253550bb4 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -74348,6 +74699,7 @@ EntropyPredictionResistanceA.14 = b35a6d3ba1b4b3d62389ff2dfe1a8a9ff527d4fd3b2cba + EntropyPredictionResistanceB.14 = 325043f919f312cac2102d97cdc26a58637120c01c09448be861dd97751e8672 + Output.14 = 32ccfedd45cd80172e146ce0982f6046a96735237e6df0033eb5d61d134383efe454da37a8ff31689613a808ef649f5eada3214ea50ff21b673bd407662006c157f98a36418bfe72493134f6d8e2b5276610d6626977cb725d43a526ab523ddb97ce76e6802c60da568402ed854bb9e1af9cc74f123493b19b765aed7dca28bfed8bfaa58601c1f2d1e1b782b83337cd42c0c304e7415da0ddffc9078d42fe6b59e5454dfcd71d59cdd453303018c28015d88c914b62d8c3fcb94eaf5654b02d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-384 + PredictionResistance = 1 +@@ -76113,6 +76465,7 @@ AdditionalInputB.14 = b969d2503e5dea21ce90fe8ce89cf9e6e9165313fbf44286ca91a689b4 + EntropyPredictionResistanceB.14 = 0735d5d8322df6f7568e2bb29a8d63461d8b28ed9af5f7323ab96292c31cb59f + Output.14 = 7ecd4eef593d3c8c2ad90851d17501e666cf22ade15471b3739882cfbf0b03acdb6b83288f22f4a6246fccb608c98cb906a5e9a42fdfbefa52e968e903d175b90f51369d21bd8f408a723768d6de02606a15f37e9a16469146de7340d8c6e58d293a2fce0de7217f7a16e9bb7000f54f35b5b58ab24c0dea43508f52a718eeb46be9618461afcbfc2ea4ad3a38ccb180db88a0fcdfb2d883f82e27fc119a249e668ced1e33dd66ba23ddd0ecef668e91d17654ba13dccb5f8b858f44171f4629ad4a91459b6c257eb20cfeb814e289518947d94f9827514aaad7036bc19cb0b73857b1d9ca3ef069d2d20eb5ada8505fcf404052d9889138cf51e137e70468f1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76193,6 +76546,7 @@ EntropyPredictionResistanceA.14 = f80eee174bd5b1b8abdcbec30c62b3aa85ade4d9a43e2a + EntropyPredictionResistanceB.14 = a150d5528a5f79914074a783738af08eae5c95b49f407929 + Output.14 = 88ff82264427067d717027de8edc886c01c782379ccb937cd6434703d4f0ab13acb4142149372fffc793813733ebdc9058c85d900f4e442a2369c16057e4dec1a75f5c5858d2fd1d69a48227b293a953b24fe38adda48f080a9cc5666e299ce301d2f230ad5581fb05aa78a00dd35a9d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76303,6 +76657,7 @@ AdditionalInputB.14 = ee19a759562c231ecfc777c588087e790d5e170956b11c08 + EntropyPredictionResistanceB.14 = 4a004a5c4a0ec328a0ff26ac0aca82ce35ee9064add86094 + Output.14 = ae21ee878e4664c73f22e88ec4a646c0192b5c52a7bebb7b17a94a7c4630568b81da000983bf0d1a96e96432175a214ce7bc9332bb7e99f2a81e588ee4c1120c1eb22cc6b24a386ac5a11c4d63de4f20bfc8d9e4094613730f900ad7b54498954040a1fe7b53cd2a0989b3bf8946aa1e + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76398,6 +76753,7 @@ EntropyPredictionResistanceA.14 = 4f0d9e7c269ab360dbdf47e9ea7d655c204dce80082451 + EntropyPredictionResistanceB.14 = 8290ade448d2d83445b96ac682366659b228f952faa1f9a3 + Output.14 = 0d6bd0196ae2b3af4a750e4ea529b353979b30ab1bd05e96bf3c6f0c40b527ad07d90db5a1f392fef1d33bac5cc2a47cf4d9f20b8388a922d869f073e65ce6340cf30d45645a03a951dadbe81cffdcd145a32519658d0efe9f28175871b45cd6ca16e4efbd37802a1b88682819e5800a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76523,6 +76879,7 @@ AdditionalInputB.14 = 4e29e32346671af3b726d7030ccf470f72ca369687b489dc + EntropyPredictionResistanceB.14 = 21d5eebf3f54780f046fe2cffb2cc9b52eed850d1b44d675 + Output.14 = abc8ffaebfda52cf3a9bc037b965f9e97ba7aafbe1575efe8fa7182229d58a2d1282776225af0ea87dd79de7b210f654388c718f8dfe22aedbb4cfe92a964664904b960f2577f43f6c48783a8423788de7aa693ed859c8269e3c8b8b59eca1659c0473aae8b0a444d4aaff23991709cb + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76603,6 +76960,7 @@ EntropyPredictionResistanceA.14 = 02496883d50bc28e037a370890edab9be1a69e003e70a7 + EntropyPredictionResistanceB.14 = db072d2518f7b6b73292f7e167bec9cf5fcbeb265c316ae5 + Output.14 = cc01e951f15bdcfe94288a0de84ce187bad281683773f1b8341efecba656d62528ba91ca864c440b085be142dc565c1b7a326dfc9ac47a84623c2cff20b6c047d2f39e3db0b02fab4c1ac82e63bcc06b032c16f6e9ddd8c60f03f5b55cc40acb3b5e2de6ae3938f0e2fe21d72134346d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76713,6 +77071,7 @@ AdditionalInputB.14 = cad366cc562a45f74fda0bf6fd3eafc0f3dd59c666b33881 + EntropyPredictionResistanceB.14 = acbf8dcb97c61718c9cc8adeca8873e31b794086d7b84cc3 + Output.14 = a6ddaf00876c5bf50d7a2f5b986a770685f64ef54e2273c51ec1e594378fcd08f16316d1589f1c5948f524b3fd57d40b4ad732ae06f3bfb5359e6282105bc70fdddc9d1920c5092cabcf0c8ec14642d50be19de439ffafdedf3ec9e0672eb7754814eeea09430d65ba181525c616c31d + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76808,6 +77167,7 @@ EntropyPredictionResistanceA.14 = d1c3175c4853102ed4b306eea013cc448d325938c52940 + EntropyPredictionResistanceB.14 = c0139e13d5d7c5bbf9c2394973d00487d49d4241ae7e90cc + Output.14 = df70ba5809a640b8fa1ab712d6ea7048f8609944d63bf4fa958556ae020d95a9011ddf0041a75b708a372a486e9ca8e0d2c361e4f75171710ab42d49ba3c0b6dfc4b3614b3577ddca5adbfb2d096acc4a72bdf1c6113cf6f0bfb5e8f1d69ef0a4a4edae75ccafd614ae1e718f60e3196 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -76933,6 +77293,7 @@ AdditionalInputB.14 = a3c2f11654592e478c8ac1a1fce2224627ca37bd0efb44ab + EntropyPredictionResistanceB.14 = f986d7f33aad227e98d9087fe30c34f1c18b42f85d56b72c + Output.14 = b1fad8f7950787c949b41dbc5581069f0920058614c3ea7bf1edf3812027a4c989d8b029e08c4ee77c76c4457aaa3d89dc775c6c60bb125dfb969729fe669152a173256b4d2181e84bbc63bcad8ae645f4371682a39ae65d00f004e344ddff5374b257d8881f63d4ab960017258815c1 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77013,6 +77374,7 @@ EntropyPredictionResistanceA.14 = 42d19ff5c985c31c955a0aed5ed02581ffbf2a0ae62d78 + EntropyPredictionResistanceB.14 = 7f9af6a606c9b315c04faf5ce3c0412092edb19f9463784c + Output.14 = 219072e8b6d939f75ab90edc91ade50b8e40f2c1fae68aa5fb5bb297506ebc5f18d20492b55fd73ec118e6d74e4796c1dd28d50f903dca70960ba66b33b0a6c3d06e2ba79eada96b613324914b19224f0c710af7793722687f9d464093fc651a5d613b03c6d71bcad9bf2c74a4844718 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77123,6 +77485,7 @@ AdditionalInputB.14 = ecced4ace2d11cb2e02c253d81d15ecfaf555a51189d2051 + EntropyPredictionResistanceB.14 = cff57ef512d7da05e7ea7d197c797962099c64ad89f52a24 + Output.14 = 40f8480b22c24bde9c66f91761b1ecf25a6486024315b58028ddb8a88088f7deffc671a9465671c370f7877527e72c4259669890abc4efbdbb09550a84fa2f60a41d74c9d7960d5fa05e9f66ecd5ac344970aacc23ab1361d364eb697abfd6cd621773f4ea7ec2dc7795cc533abe664a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77218,6 +77581,7 @@ EntropyPredictionResistanceA.14 = 4de293b3ea5c26925d39d5376ed5fd43b9b775b80c6cac + EntropyPredictionResistanceB.14 = 4e7f27a772fb8de77031b24cc514c06086de59989856694c + Output.14 = c1ec91ec7585ffc05d765d0a9e30f62bcdc115426af9947eab68b6c9a88e6a11890704b623eb7acaec77bc6988da9246e10aa3eaf65380f3083bbecd4a41ccb09879ed9c46669a78102b7822b157d0d2a3bf09b452300ccac217db03b455382d8990e3bdd9a2a6461b19dfdfbad5910a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77343,6 +77707,7 @@ AdditionalInputB.14 = b87bf3d164ac955913ae4a780ac654d9a67c37c8df1f79c7 + EntropyPredictionResistanceB.14 = e2b5224119118410592ae0b238dfd75ad576b3eaa1848313 + Output.14 = cbf31760cbefcebf50289b9ad8e9443cde14fd6beee80c0bae83cdf77deb6e9c77ddcd0316667373b28b9431857e6e7cdccd8b6906927f66b362452325339a035b23baca8ce1697663e4879cc2084fceed28e9bbb2dbb91f868ba7626f6b7e5ea87eaa48ca50f9b76ac2c74b39bc9a86 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77423,6 +77788,7 @@ EntropyPredictionResistanceA.14 = d931a0cbda3985a34b0a2eac42e9bc5ead10520de4e7d1 + EntropyPredictionResistanceB.14 = 518e2480b742f9c30098a6d543d1669678084b3208b5375b + Output.14 = ef57d91db4d94aef743f1528e0c27b69654e3a854fb7479d25a8796b06c85884f328db9a09deb9be55cdeb9cca2a5a00ba56e28d2fa0057ef1ccb00b22a0a747bf15e7b303b990bf2fc3903f96cc55e69d8808c9da93231e5e859f7ec9edc9961dfc9b30b30ce0f43a3d65da93a82377 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77533,6 +77899,7 @@ AdditionalInputB.14 = 51f6a64ad57705cbae6b92cdeb622a0701f5500e6ad7eb0a + EntropyPredictionResistanceB.14 = d5f8c2ba94bd849bd1434ff9d0b72517a7e6d381f13387a0 + Output.14 = 15d882c8ec0a8ff1544813ba2a6cebe81281117628fc4e79371b7e84027d0d9322a76e42c733c73ba90c4b204bbe329a4ff344c3fd8204e0c220154ca9cd04c80457cebc33f9466c33358fe1c05d49bf83d174f8abf530b46b701c0ba24b081dda46ae38f58815a996fe878fa6884845 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77628,6 +77995,7 @@ EntropyPredictionResistanceA.14 = 7ac8115615a29c535ce9b45d3e57d6f9ab0e6d4a021fe9 + EntropyPredictionResistanceB.14 = f6ab8840edeb3c20d7bddf7fdaa5c980c58bfd116551d1ae + Output.14 = a85a3ede0e85ce593be2a2a2c650d49a740e9b8f07c24348d2bd968c917d442ed8de8a0d8ec8ff09ff86e6f279159001382cdb92f4625d12365443881df226c9a3833ba051a92f29fb55b788ab4b2d01958b9c067b43bb86c4e547b24e609e0d86aa3b75ea8d73e2c90092a50bcc6ce9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/224 + PredictionResistance = 1 +@@ -77753,6 +78121,7 @@ AdditionalInputB.14 = f0431c9d8925aaaf8f28d112773e5f5fed7feff633c9b056 + EntropyPredictionResistanceB.14 = 5e27635c34a1b793b2b1f23c9a72eb3e58c6ad63ac752dda + Output.14 = 20a84f074794921d7c1ba7463c4cd5f165ef6ff003555a69a71d529ea8177b3b4845898f031428b320b9dc59b16260d80baab34e7cc6daba5463cb496e4a6588ca5f3547412e63d36d560d9549f87a3ca346968f4dfdda3d0cf9b82384b3e830a8368c659c5aea26b03c4bbb8bbd3878 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -77833,6 +78202,7 @@ EntropyPredictionResistanceA.14 = 33fd3300d120786b2f756459b222b72728c1b2c53d09aa + EntropyPredictionResistanceB.14 = 96aa233b407f0cb14d6ecf2a243efcd7c1b7ed3fede97dfeb269cf8331189412 + Output.14 = 6a34b428c4ff416d3ae907318928663ac8683ef6328d37b19bd2c179aeb7e56a73c6ed096ebfeb85a263f2c868fb4a2d977d5d41fe12b135b1c9017555b36a9f6775a43c42be37a78eb067f520f091ccd94b38c62fa7d48c494b05b072fee34ba262a4fe1a70c98fea2fae40513723a52d6ea44f5fa168f4c03ae2c73d793ef0 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -77943,6 +78313,7 @@ AdditionalInputB.14 = 2563ad078ad8eda919ed40a81b634073064c22f2b21926bbd9cc1d7c2a + EntropyPredictionResistanceB.14 = 45ddc44189bbcd60713c40e811d6b2acdd1659c670f715703f5b80eb4152311f + Output.14 = c2554fc1931b72acd98e4949707802ab471c4f2eb62813f87f137e698cf89a13fa7366a97b49587d9a0c4d42a62eb0bce27e2ce0e67324739c49eb180216beb51fc82d45b7900fa1c2d3db3a0c781ef93ee57f6a186a61e0f0fd25a8d8d2d9170bd18714cfc1a6e7fb6dc992579cfb0306de5b67c01522b3ea3955d63a775cce + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78038,6 +78409,7 @@ EntropyPredictionResistanceA.14 = e43ba5b540971c4f02f0212bbc0ba521f3e64a627c1d0a + EntropyPredictionResistanceB.14 = 3ca4a33a72e7aed850e64984c28407327d94e6858a65d42b16f985d010b783bd + Output.14 = 2567b74d4d1eeceb6321817f5ada210954643e1212b766bf2eb84d2ce6231c58e346ed57824c409f3c73de40395608a7d3c52708f07ee7e721b7c42ccce5b0baae67364e1cffb7fb0e363eadf3415c99bdc7b730b8c66201da1f8a2290cbd6165912484def03a96b237b793b76b76043cf9fadcd5e66ea94e6110c4b2b025232 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78163,6 +78535,7 @@ AdditionalInputB.14 = 7978071c7a648cf7f02c9cdf544d6ff9dbe3c5636f73fe50deb7e89695 + EntropyPredictionResistanceB.14 = aaf9320ee7c103d51512232305aab44b946a73ddb13270f42903a37f84c9da01 + Output.14 = cf5ed4b6208a0db15373d472e240dee04a34e630000f9751cf8d3f15dd6a4fa3a4602ec539dbb1811978493f920e84b2e3ac78bcfd619b6c4e7e0072381a7bc150a91b31a0280dd843ca1c4332ba0757d6f6f0f2f830a623cb78011dec8c4d844f71427b09be4e9fdff4bc1cf3a72a773e06121cd8792232d387170a66ca384b + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78243,6 +78616,7 @@ EntropyPredictionResistanceA.14 = f124c88bad32cf4ff49ccc4271c7f4046f277c0b1fc73c + EntropyPredictionResistanceB.14 = c32b11359b7ed121c87b85716c2ce83aebdd46cd4c19168ad3930be351ea1ff9 + Output.14 = 9f382e0382f2e6b3ba85ace2cec7301ea6f7d0d3b0895937033df9f710471e468b8162492d18ab45ca809e8aa2f37c15ec599d4b2774947b90c269bc2f8553e639f21e1c371f7a49edb4cb4e51bd1e9fd7d66e3b313ce227373dd2548870378206b4b5fd0d22c48ce03a72003be53ec378d9eab25bc432c7a8bd0eed89adf941 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78353,6 +78727,7 @@ AdditionalInputB.14 = df48314d76c0d698923dabd3d23024ac2aa5fd236ad3c6e3b4cf2244a8 + EntropyPredictionResistanceB.14 = 3387fb65c8c1dd5e3d4f64bebb45da1a7e288a22e16f2fbb882dc2f9534717e5 + Output.14 = 31998e0784579bc7aaf5130b747eb295a089a12c1844406aa18c06f19607a2e497adf5352e10c145b3cd2a2532389f771af3028042605f0abe705f8540561c4e376d405c6f2dc23b3d3fe0c14790beea99705e69fac2518154613680012c5a140d45fba7e381f55c61ec7f3850dc586bb1f3cf928685a9d60e06fd93eb1fd8cb + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78448,6 +78823,7 @@ EntropyPredictionResistanceA.14 = bf2e966737aaa8abbccaa45ac5371db4c4dd0bf2b3c9f1 + EntropyPredictionResistanceB.14 = f316f2613b068f607c2fb5218e037c5ab1d80b7d75fda419a7e0caedcfd7ce1a + Output.14 = 36e385da783dd146364fead3dc2dc71bdaa6d30c6ab5f94e007b1ced51b2f45947c57652e305204a0cad2ba7b43056461aed10132d89aea8f9ec7ccf0e7487aa2d97fc40f65b399df732b03f8e6834903c60e2e5d6f5ab1b3a034b3eaaa73936770324ea02bd2830e6b26e00d7b49022ce0454afcecbfb912511cd13090d9693 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78573,6 +78949,7 @@ AdditionalInputB.14 = b395f988467a2a5f4f3ddef792f16f2461886caf9d6f12c4d643d20775 + EntropyPredictionResistanceB.14 = 22f2693142e42848bf4c00f65337ec2405cd22bc06c6d035a5acec0a5b7d5d9a + Output.14 = 3edeba227da675e1b9e684317e54c4537691f9a412102a21e32e699ff0c6e95655d3342e94daf37dd08114d16b45328795e24d7381195711792226769975167ccdd10df89410e485c880865676a081ce6a61641fc805d6d06cb4aebbc731de0a7df69ed1107da07821d64e9f8bc124f094bb799fe50a001914a47221a45ca2c9 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78653,6 +79030,7 @@ EntropyPredictionResistanceA.14 = dac0795c36fd9cb6eff0cd7137190d573dde7148fc19c2 + EntropyPredictionResistanceB.14 = 1a29a4fb16a73c2c187c6d1b5a1a1394b63b6878abcfffeb94aab5dcd593037b + Output.14 = 835efa36b1ff38ed845f3c2e8f5ec0f89a60f7def6d36f8577192625fb89cb634be535a791e28b1c27320e40f594b1705e712e43856a1a5aba0e98b987fd1b5e6ca78458c98b3f8de449f4f23d0dbfe374e8241a2f12b6cdaeaa896b9953c32d756fc2b70e1edcde45aaab0df6e816fe0d04b2cec88ea159dadbae9b1eed3125 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78763,6 +79141,7 @@ AdditionalInputB.14 = a908058d07b69a7e7f53869d81128e47303fffa4f0400b3bee7acc4e45 + EntropyPredictionResistanceB.14 = 040c9859c26e54e9d5f92485888bb67acc5092ce679e6a54730ffebaa0fac226 + Output.14 = 3caf4baa5fab5bed4d50b0b4ace9c2ec8c21a1e952d81ebcf23a6cfbd177f53168a876f7e5b7d2c63cd7bba4a1b61b3ef59e1cf87b353ff64c7f798fb0c5d6e375fc1e8653f8d22be965abcc87f178e4023d1ef85baa278faa1eb205e4c05219222f543c5b9ac6a86b00071e34a7b2b9c6983f8ab6f187295f5095b801466a76 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78858,6 +79237,7 @@ EntropyPredictionResistanceA.14 = c689be45ecddc94daaf823c6ddd6491b028ace5c25c407 + EntropyPredictionResistanceB.14 = 2f81e665f02331531ca37635b8664ba5641b8a200031677aba00253f8f1fe035 + Output.14 = 9bfdeef565b0979be0f88e3b9e283433bd1fa2333662445302aa84332aa601a61a5b3d449eb5fe33db385254571eedff49b8d2f49ade41c12133263d447e7edf49998f5c05582504775f5b18bc7a0c075c6bfa4596178d95a019402937712afe69f3ad534fd44259312c63f1970b3d8bd404e758c9e884b19330350020896b37 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -78983,6 +79363,7 @@ AdditionalInputB.14 = a63bd3ef8cfeca1e2552bc111786a992526802e51cd30f0e9e7b7a398a + EntropyPredictionResistanceB.14 = defd0a8320a31b94998e74e0e5e40422e80735b281b9901e9fd1c8ecc50ff2b3 + Output.14 = ffc830d5029f42c1c9aa10d6d90d94abf3bc39269bf4fc4a4ed14435a985cb14da64d79ad4d8951e582b0b793836ef3380dff4d063682a4e8ac8796ca74e74d3933e5111bb92d219b72b28f4198b23446e422aaa7f33ade182801506aec4293fd69c3fc86cf39297867d16b98738740f1b7465043e0eaf7480d1c328ce2b4cfc + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -79063,6 +79444,7 @@ EntropyPredictionResistanceA.14 = 29fa15be2259b4b164b3d232809cd7eeb3c5c24aec81c7 + EntropyPredictionResistanceB.14 = babf7813c6a24d4e68e09025a0d3b0242e9a98779ecdcaa64baf1ef82e8d4a77 + Output.14 = e6528c03849f1535b6f443e30817d3deccc7ea4699fc88ec9d6f3e28e72cc4b199afa5db7ba2da1ffd1a1ce7aa1a15be4892d0d98e27332f6d45ed63a2636073d12b8a99089ac5b55c93aecdb5e584e32ec75e44390016421822158d3596daaca561245bf1b8740d1f3c885be5149505f9591b0679f9b88df45741b767f423ec + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -79173,6 +79555,7 @@ AdditionalInputB.14 = 711bf57411337724960392a9319e580c226abff909e28d4696fcf5f0e7 + EntropyPredictionResistanceB.14 = 9fac27583fbf9335c2a8d7f1edfb99b18ee5f8e58e537749fb674bcb46ef537a + Output.14 = ab08f911c4c87135c3f9de33cda823f91a1a8cdfd10f59b81f77dd2158890634f7c5373bc40e158a7881f62a18b0b553d3f075fb96112a04e39ad6918fb2f139ae6fe11856e6a0f17a2e1c0cf88ac49563c08ba5c9c48ad6a7a99825148132ccf3a9a46b92597d0a971f33e43c5a3746c0d8564e19d1681173f24e22fa54521a + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +@@ -79268,6 +79651,7 @@ EntropyPredictionResistanceA.14 = ed3bd1e78d7f3cadcf45170dcbb605913140f68bdf4e36 + EntropyPredictionResistanceB.14 = 214b7501096bf1d7605e9082a9238334ca15522cf2eed77bce6dd3872106dab3 + Output.14 = bdd8721d12e9cafb73070a13d70db1020e95cac5f93037716ae10045007f5ecb8ea90c529e9aa8b0f312a2f81a5086713509e7909bd7081d0c25a33971904e3b90b486c71e185c752311dfa309b53c8cccd9cde63868bced00af0113eeaa77395c717792373ea708973a2f084dfa050cfdd0e73a8c51cc25651cdf8b6b8b3a02 + ++Availablein = default + RAND = HMAC-DRBG + Digest = SHA-512/256 + PredictionResistance = 1 +-- +2.38.1 + diff --git a/SOURCES/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/SOURCES/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch new file mode 100644 index 0000000..83b5b0a --- /dev/null +++ b/SOURCES/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch @@ -0,0 +1,288 @@ +From 4de5fa26873297f5c2eeed53e5c988437f837f55 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 17 Nov 2022 13:53:31 +0100 +Subject: [PATCH] signature: Remove X9.31 padding from FIPS prov + +The current draft of FIPS 186-5 [1] no longer contains specifications +for X9.31 signature padding. Instead, it contains the following +information in Appendix E: + +> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from +> this standard. + +Since this situation is unlikely to change in future revisions of the +draft, and future FIPS 140-3 validations of the provider will require +X9.31 to be disabled or marked as not approved with an explicit +indicator, disallow this padding mode now. + +Remove the X9.31 tests from the acvp test, since they will always fail +now. + + [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf + +Signed-off-by: Clemens Lang +--- + providers/implementations/signature/rsa_sig.c | 6 + + test/acvp_test.inc | 214 ------------------ + 2 files changed, 6 insertions(+), 214 deletions(-) + +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 34f45175e8..49e7f9158a 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -1233,7 +1233,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + err_extra_text = "No padding not allowed with RSA-PSS"; + goto cont; + case RSA_X931_PADDING: ++#ifndef FIPS_MODULE + err_extra_text = "X.931 padding not allowed with RSA-PSS"; ++#else /* !defined(FIPS_MODULE) */ ++ err_extra_text = "X.931 padding no longer allowed in FIPS mode," ++ " since it was removed from FIPS 186-5"; ++ goto bad_pad; ++#endif /* !defined(FIPS_MODULE) */ + cont: + if (RSA_test_flags(prsactx->rsa, + RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA) +diff --git a/test/acvp_test.inc b/test/acvp_test.inc +index 73b24bdb0c..96a72073f9 100644 +--- a/test/acvp_test.inc ++++ b/test/acvp_test.inc +@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = { + ITM(rsa_siggen0_msg), + NO_PSS_SALT_LEN, + }, +- { +- "x931", +- 2048, +- "SHA384", +- ITM(rsa_siggen0_msg), +- NO_PSS_SALT_LEN, +- }, + { + "pss", + 2048, +@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = { + 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, + }; + +-static const unsigned char rsa_sigverx931_0_n[] = { +- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad, +- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83, +- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87, +- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6, +- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c, +- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73, +- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10, +- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6, +- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79, +- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7, +- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b, +- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02, +- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41, +- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f, +- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf, +- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d, +- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54, +- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e, +- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04, +- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79, +- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16, +- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e, +- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b, +- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8, +- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89, +- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b, +- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62, +- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73, +- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b, +- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f, +- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77, +- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33, +- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66, +- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4, +- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c, +- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28, +- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8, +- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4, +- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0, +- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07, +- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60, +- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a, +- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e, +- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e, +- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81, +- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a, +- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45, +- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7, +- +-}; +-static const unsigned char rsa_sigverx931_0_e[] = { +- 0x01, 0x00, 0x01, +-}; +-static const unsigned char rsa_sigverx931_0_msg[] = { +- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47, +- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd, +- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9, +- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52, +- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41, +- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54, +- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c, +- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf, +- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47, +- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01, +- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f, +- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67, +- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41, +- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd, +- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca, +- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00, +- +-}; +-static const unsigned char rsa_sigverx931_0_sig[] = { +- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb, +- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3, +- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e, +- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00, +- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18, +- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc, +- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5, +- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f, +- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75, +- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74, +- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4, +- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1, +- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19, +- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82, +- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef, +- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5, +- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2, +- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04, +- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf, +- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a, +- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c, +- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d, +- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74, +- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75, +- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd, +- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57, +- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07, +- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05, +- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c, +- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca, +- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57, +- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e, +- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a, +- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e, +- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b, +- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a, +- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10, +- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d, +- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52, +- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f, +- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda, +- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59, +- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37, +- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15, +- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec, +- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0, +- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13, +- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb, +-}; +- +-#define rsa_sigverx931_1_n rsa_sigverx931_0_n +-#define rsa_sigverx931_1_e rsa_sigverx931_0_e +-static const unsigned char rsa_sigverx931_1_msg[] = { +- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8, +- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d, +- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9, +- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3, +- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26, +- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f, +- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2, +- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5, +- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42, +- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59, +- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd, +- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72, +- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45, +- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44, +- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42, +- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55, +-}; +- +-static const unsigned char rsa_sigverx931_1_sig[] = { +- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5, +- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67, +- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95, +- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a, +- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3, +- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69, +- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23, +- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14, +- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75, +- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f, +- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37, +- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef, +- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60, +- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94, +- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93, +- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde, +- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b, +- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99, +- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb, +- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef, +- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6, +- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe, +- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9, +- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63, +- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9, +- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48, +- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd, +- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16, +- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8, +- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54, +- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66, +- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56, +- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99, +- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90, +- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3, +- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25, +- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34, +- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70, +- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75, +- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3, +- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53, +- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c, +- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07, +- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85, +- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab, +- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b, +- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4, +- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d, +-}; +- + static const struct rsa_sigver_st rsa_sigver_data[] = { + { + "pkcs1", /* pkcs1v1.5 */ +@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = { + NO_PSS_SALT_LEN, + FAIL + }, +- { +- "x931", +- 3072, +- "SHA256", +- ITM(rsa_sigverx931_1_msg), +- ITM(rsa_sigverx931_1_n), +- ITM(rsa_sigverx931_1_e), +- ITM(rsa_sigverx931_1_sig), +- NO_PSS_SALT_LEN, +- FAIL +- }, + { + "pss", + 4096, +-- +2.38.1 + diff --git a/SOURCES/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch b/SOURCES/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch new file mode 100644 index 0000000..8542af9 --- /dev/null +++ b/SOURCES/0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch @@ -0,0 +1,74 @@ +From 185fbbfea732588187c81d1b2cafb3e1fae9eb77 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 17 Nov 2022 16:38:45 +0100 +Subject: [PATCH 2/2] kbkdf: Add explicit FIPS indicator for key length + +NIST SP 800-131Ar2, section 8 "Deriving Additional Keys from +a Cryptographic Key" says that for KDFs defined in SP 800-108, "[t]he +length of the key-derivation key shall be at least 112 bits". It further +specifies that HMAC-based KDFs "with a key whose length is at least 112 +bits" are acceptable. + +Add an explicit indicator for SP 800-108 KDFs that will mark shorter key +lengths as unapproved. The indicator can be queried from the EVP_KDF_CTX +object using EVP_KDF_CTX_get_params() with the + OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR +parameter. + +Signed-off-by: Clemens Lang +--- + providers/implementations/kdfs/kbkdf.c | 32 +++++++++++++++++++++----- + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c +index a542f84dfa..93a8a10537 100644 +--- a/providers/implementations/kdfs/kbkdf.c ++++ b/providers/implementations/kdfs/kbkdf.c +@@ -365,18 +365,38 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE); +- if (p == NULL) +- return -2; ++ if (p != NULL) ++ /* KBKDF can produce results as large as you like. */ ++ return OSSL_PARAM_set_size_t(p, SIZE_MAX); ++ ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ KBKDF *ctx = (KBKDF *)vctx; ++ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED; ++ /* According to NIST Special Publication 800-131Ar2, Section 8: ++ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of ++ * the key-derivation key [i.e., the input key] shall be at least 112 ++ * bits". */ ++ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif + +- /* KBKDF can produce results as large as you like. */ +- return OSSL_PARAM_set_size_t(p, SIZE_MAX); ++ return -2; + } + + static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) + { +- static const OSSL_PARAM known_gettable_ctx_params[] = +- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END }; ++ static const OSSL_PARAM known_gettable_ctx_params[] = { ++ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ ++ OSSL_PARAM_END ++ }; + return known_gettable_ctx_params; + } + +-- +2.38.1 + diff --git a/SOURCES/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/SOURCES/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch new file mode 100644 index 0000000..81a6544 --- /dev/null +++ b/SOURCES/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch @@ -0,0 +1,112 @@ +From e1eba21921ceeffa45ffd2115868c14e4c7fb8d9 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 17 Nov 2022 18:08:24 +0100 +Subject: [PATCH] hmac: Add explicit FIPS indicator for key length + +NIST SP 800-131Ar2, table 9 "Approval Status of MAC Algorithms" +specifies key lengths < 112 bytes are disallowed for HMAC generation and +are legacy use for HMAC verification. + +Add an explicit indicator that will mark shorter key lengths as +unsupported. The indicator can be queries from the EVP_MAC_CTX object +using EVP_MAC_CTX_get_params() with the + OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR +parameter. + +Signed-off-by: Clemens Lang +--- + include/crypto/evp.h | 7 +++++++ + include/openssl/core_names.h | 1 + + include/openssl/evp.h | 3 +++ + providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++ + 4 files changed, 28 insertions(+) + +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index 76fb990de4..1e2240516e 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -196,6 +196,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); + const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); + const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); + ++#ifdef FIPS_MODULE ++/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key ++ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for ++ * HMAC verification. */ ++# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8) ++#endif ++ + struct evp_mac_st { + OSSL_PROVIDER *prov; + int name_id; +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index c019afbbb0..94fab83193 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -173,6 +173,7 @@ extern "C" { + #define OSSL_MAC_PARAM_SIZE "size" /* size_t */ + #define OSSL_MAC_PARAM_BLOCK_SIZE "block-size" /* size_t */ + #define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */ ++#define OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* Known MAC names */ + #define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index 49e8e1df78..a5e78efd6e 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -1192,6 +1192,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, + void *arg); + + /* MAC stuff */ ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 + + EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, + const char *properties); +diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c +index 52ebb08b8f..cf5c3ecbe7 100644 +--- a/providers/implementations/macs/hmac_prov.c ++++ b/providers/implementations/macs/hmac_prov.c +@@ -21,6 +21,8 @@ + #include + #include + ++#include "crypto/evp.h" ++ + #include "prov/implementations.h" + #include "prov/provider_ctx.h" + #include "prov/provider_util.h" +@@ -244,6 +246,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif /* defined(FIPS_MODULE) */ + OSSL_PARAM_END + }; + static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx, +@@ -265,6 +270,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) + && !OSSL_PARAM_set_int(p, hmac_block_size(macctx))) + return 0; + ++#ifdef FIPS_MODULE ++ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) { ++ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED; ++ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms ++ * specifies key lengths < 112 bytes are disallowed for HMAC generation ++ * and legacy use for HMAC verification. */ ++ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN) ++ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif /* defined(FIPS_MODULE) */ ++ + return 1; + } + +-- +2.38.1 + diff --git a/SOURCES/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/SOURCES/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch new file mode 100644 index 0000000..181fedd --- /dev/null +++ b/SOURCES/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch @@ -0,0 +1,86 @@ +From 754862899058cfb5f2341c81f9e04dd2f7b37056 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 17 Nov 2022 18:37:17 +0100 +Subject: [PATCH] pbkdf2: Set minimum password length of 8 bytes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The Implementation Guidance for FIPS 140-3 says in section D.N +"Password-Based Key Derivation for Storage Applications" that "the +vendor shall document in the module’s Security Policy the length of +a password/passphrase used in key derivation and establish an upper +bound for the probability of having this parameter guessed at random. +This probability shall take into account not only the length of the +password/passphrase, but also the difficulty of guessing it. The +decision on the minimum length of a password used for key derivation is +the vendor’s, but the vendor shall at a minimum informally justify the +decision." + +We are choosing a minimum password length of 8 bytes, because NIST's +ACVP testing uses passwords as short as 8 bytes, and requiring longer +passwords combined with an implicit indicator (i.e., returning an error) +would cause the module to fail ACVP testing. + +Signed-off-by: Clemens Lang +--- + providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c +index 2a0ae63acc..aa0adce5e6 100644 +--- a/providers/implementations/kdfs/pbkdf2.c ++++ b/providers/implementations/kdfs/pbkdf2.c +@@ -35,6 +35,21 @@ + #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF + #define KDF_PBKDF2_MIN_ITERATIONS 1000 + #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8) ++/* The Implementation Guidance for FIPS 140-3 says in section D.N ++ * "Password-Based Key Derivation for Storage Applications" that "the vendor ++ * shall document in the module’s Security Policy the length of ++ * a password/passphrase used in key derivation and establish an upper bound ++ * for the probability of having this parameter guessed at random. This ++ * probability shall take into account not only the length of the ++ * password/passphrase, but also the difficulty of guessing it. The decision on ++ * the minimum length of a password used for key derivation is the vendor’s, ++ * but the vendor shall at a minimum informally justify the decision." ++ * ++ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP ++ * testing uses passwords as short as 8 bytes, and requiring longer passwords ++ * combined with an implicit indicator (i.e., returning an error) would cause ++ * the module to fail ACVP testing. */ ++#define KDF_PBKDF2_MIN_PASSWORD_LEN (8) + + static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new; + static OSSL_FUNC_kdf_freectx_fn kdf_pbkdf2_free; +@@ -186,9 +201,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[]) + ctx->lower_bound_checks = pkcs5 == 0; + } + +- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) ++ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) { ++ if (ctx->lower_bound_checks != 0 ++ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } + if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p)) + return 0; ++ } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { + if (ctx->lower_bound_checks != 0 +@@ -297,6 +318,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen, + } + + if (lower_bound_checks) { ++ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); ++ return 0; ++ } + if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) { + ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); + return 0; +-- +2.38.1 + diff --git a/SOURCES/0085-FIPS-RSA-disable-shake.patch b/SOURCES/0085-FIPS-RSA-disable-shake.patch new file mode 100644 index 0000000..8aa3d45 --- /dev/null +++ b/SOURCES/0085-FIPS-RSA-disable-shake.patch @@ -0,0 +1,113 @@ +From 52b347703ba2b98a0efee86c1a483c2f0f9f73d6 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Wed, 11 Jan 2023 12:52:59 +0100 +Subject: [PATCH] rsa: Disallow SHAKE in OAEP and PSS in FIPS prov + +According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms +must not be used in higher-level algorithms (such as RSA-OAEP and +RSASSA-PSS): + +"To be used in an approved mode of operation, the SHA-3 hash functions +may be implemented either as part of an approved higher-level algorithm, +for example, a digital signature algorithm, or as the standalone +functions. The SHAKE128 and SHAKE256 extendable-output functions may +only be used as the standalone algorithms." + +Add a check to prevent their use as message digest in PSS signatures and +as MGF1 hash function in both OAEP and PSS. + +Signed-off-by: Clemens Lang +--- + crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++ + crypto/rsa/rsa_pss.c | 16 ++++++++++++++++ + 2 files changed, 44 insertions(+) + +diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c +index d9be1a4f98..dfe9c9f0e8 100644 +--- a/crypto/rsa/rsa_oaep.c ++++ b/crypto/rsa/rsa_oaep.c +@@ -73,9 +73,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, + return 0; + #endif + } ++ ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return 0; ++ } ++#endif + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return 0; ++ } ++#endif ++ + mdlen = EVP_MD_get_size(md); + if (mdlen <= 0) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); +@@ -181,9 +195,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + #endif + } + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return -1; ++ } ++#endif ++ + if (mgf1md == NULL) + mgf1md = md; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) { ++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); ++ return -1; ++ } ++#endif ++ + mdlen = EVP_MD_get_size(md); + + if (tlen <= 0 || flen <= 0) +diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c +index 33874bfef8..e8681b0351 100644 +--- a/crypto/rsa/rsa_pss.c ++++ b/crypto/rsa/rsa_pss.c +@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen < 0) + goto err; +@@ -164,6 +172,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + if (mgf1Hash == NULL) + mgf1Hash = Hash; + ++#ifdef FIPS_MODULE ++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256")) ++ goto err; ++ ++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256")) ++ goto err; ++#endif ++ + hLen = EVP_MD_get_size(Hash); + if (hLen < 0) + goto err; +-- +2.39.0 + diff --git a/SOURCES/0088-signature-Add-indicator-for-PSS-salt-length.patch b/SOURCES/0088-signature-Add-indicator-for-PSS-salt-length.patch new file mode 100644 index 0000000..97a0679 --- /dev/null +++ b/SOURCES/0088-signature-Add-indicator-for-PSS-salt-length.patch @@ -0,0 +1,110 @@ +From a325a23bc83f4efd60130001c417ca5b96bdbff1 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Thu, 17 Nov 2022 19:33:02 +0100 +Subject: [PATCH 1/3] signature: Add indicator for PSS salt length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection +5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the +salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of +the hash function output block (in bytes)." + +It is not exactly clear from this text whether hLen refers to the +message digest or the hash function used for the mask generation +function MGF1. PKCS#1 v2.1 suggests it is the former: + +| Typical salt lengths in octets are hLen (the length of the output of +| the hash function Hash) and 0. In both cases the security of +| RSASSA-PSS can be closely related to the hardness of inverting RSAVP1. +| Bellare and Rogaway [4] give a tight lower bound for the security of +| the original RSA-PSS scheme, which corresponds roughly to the former +| case, while Coron [12] gives a lower bound for the related Full Domain +| Hashing scheme, which corresponds roughly to the latter case. In [13] +| Coron provides a general treatment with various salt lengths ranging +| from 0 to hLen; see [27] for discussion. See also [31], which adapts +| the security proofs in [4][13] to address the differences between the +| original and the present version of RSA-PSS as listed in Note 1 above. + +Since OpenSSL defaults to creating signatures with the maximum salt +length, blocking the use of longer salts would probably lead to +significant problems in practice. Instead, introduce an explicit +indicator that can be obtained from the EVP_PKEY_CTX object using +EVP_PKEY_CTX_get_params() with the + OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR +parameter. + +Signed-off-by: Clemens Lang +--- + include/openssl/core_names.h | 1 + + include/openssl/evp.h | 4 ++++ + providers/implementations/signature/rsa_sig.c | 18 ++++++++++++++++++ + 3 files changed, 23 insertions(+) + +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 94fab83193..69c59f0b46 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -453,6 +453,7 @@ extern "C" { + #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ + OSSL_PKEY_PARAM_MGF1_PROPERTIES + #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE ++#define OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR "redhat-fips-indicator" + + /* Asym cipher parameters */ + #define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST +diff --git a/include/openssl/evp.h b/include/openssl/evp.h +index a5e78efd6e..f239200465 100644 +--- a/include/openssl/evp.h ++++ b/include/openssl/evp.h +@@ -797,6 +797,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, + __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, + int *outl); + ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0 ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1 ++# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2 ++ + __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 49e7f9158a..0c45008a00 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -1127,6 +1127,21 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + } + } + ++#ifdef FIPS_MODULE ++ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR); ++ if (p != NULL) { ++ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED; ++ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) { ++ if (prsactx->md == NULL) { ++ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED; ++ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) { ++ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED; ++ } ++ } ++ return OSSL_PARAM_set_int(p, fips_indicator); ++ } ++#endif ++ + return 1; + } + +@@ -1136,6 +1151,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), ++#ifdef FIPS_MODULE ++ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL), ++#endif + OSSL_PARAM_END + }; + +-- +2.38.1 + diff --git a/SOURCES/0089-PSS-salt-length-from-provider.patch b/SOURCES/0089-PSS-salt-length-from-provider.patch new file mode 100644 index 0000000..8e61747 --- /dev/null +++ b/SOURCES/0089-PSS-salt-length-from-provider.patch @@ -0,0 +1,114 @@ +From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Mon, 21 Nov 2022 14:33:57 +0100 +Subject: [PATCH 2/3] Obtain PSS salt length from provider + +Rather than computing the PSS salt length again in core using +ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the +salt length, obtain it from the provider using the +OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the +interpretation of the magic constants in the provider differs from that +of OpenSSL core. + +Signed-off-by: Clemens Lang +--- + crypto/cms/cms_rsa.c | 19 +++++++++++++++---- + crypto/rsa/rsa_ameth.c | 34 +++++++++++++++++++++------------- + 2 files changed, 36 insertions(+), 17 deletions(-) + +diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c +index 20ed816918..997567fdbf 100644 +--- a/crypto/cms/cms_rsa.c ++++ b/crypto/cms/cms_rsa.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include "crypto/asn1.h" + #include "crypto/rsa.h" + #include "cms_local.h" +@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si) + int pad_mode = RSA_PKCS1_PADDING; + X509_ALGOR *alg; + EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); +- ASN1_STRING *os = NULL; ++ unsigned char aid[128]; ++ const unsigned char *pp = aid; ++ size_t aid_len = 0; ++ OSSL_PARAM params[2]; + + CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); + if (pkctx != NULL) { +@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si) + /* We don't support it */ + if (pad_mode != RSA_PKCS1_PSS_PADDING) + return 0; +- os = ossl_rsa_ctx_to_pss_string(pkctx); +- if (os == NULL) ++ ++ params[0] = OSSL_PARAM_construct_octet_string( ++ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); ++ params[1] = OSSL_PARAM_construct_end(); ++ ++ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) ++ return 0; ++ if ((aid_len = params[0].return_size) == 0) ++ return 0; ++ if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL) + return 0; +- X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); + return 1; + } + +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index c15554505b..61ec53d424 100644 +--- a/crypto/rsa/rsa_ameth.c ++++ b/crypto/rsa/rsa_ameth.c +@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, + if (pad_mode == RSA_PKCS1_PADDING) + return 2; + if (pad_mode == RSA_PKCS1_PSS_PADDING) { +- ASN1_STRING *os1 = NULL; +- os1 = ossl_rsa_ctx_to_pss_string(pkctx); +- if (!os1) ++ unsigned char aid[128]; ++ size_t aid_len = 0; ++ OSSL_PARAM params[2]; ++ ++ params[0] = OSSL_PARAM_construct_octet_string( ++ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); ++ params[1] = OSSL_PARAM_construct_end(); ++ ++ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) + return 0; +- /* Duplicate parameters if we have to */ +- if (alg2) { +- ASN1_STRING *os2 = ASN1_STRING_dup(os1); +- if (!os2) { +- ASN1_STRING_free(os1); ++ if ((aid_len = params[0].return_size) == 0) ++ return 0; ++ ++ if (alg1 != NULL) { ++ const unsigned char *pp = aid; ++ if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL) ++ return 0; ++ } ++ if (alg2 != NULL) { ++ const unsigned char *pp = aid; ++ if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL) + return 0; +- } +- X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), +- V_ASN1_SEQUENCE, os2); + } +- X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), +- V_ASN1_SEQUENCE, os1); ++ + return 3; + } + return 2; +-- +2.38.1 + diff --git a/SOURCES/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch b/SOURCES/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch new file mode 100644 index 0000000..efe7751 --- /dev/null +++ b/SOURCES/0090-signature-Clamp-PSS-salt-len-to-MD-len.patch @@ -0,0 +1,338 @@ +From 9cc914ff3e1fda124bdc76d72ebc9349ec19f8ae Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 18 Nov 2022 12:35:33 +0100 +Subject: [PATCH 3/3] signature: Clamp PSS salt len to MD len +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection +5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the +salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of +the hash function output block (in bytes)." + +Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the +default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will +not use more than the digest legth when signing, so that FIPS 186-4 is +not violated. This value has two advantages when compared with +RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when +verifying signatures for maximum compatibility, where +RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will +work for combinations where the maximum salt length is smaller than the +digest size, which typically happens with large digest sizes (e.g., +SHA-512) and small RSA keys. + +Signed-off-by: Clemens Lang +--- + crypto/rsa/rsa_ameth.c | 18 ++++++++- + crypto/rsa/rsa_pss.c | 26 ++++++++++-- + doc/man3/EVP_PKEY_CTX_ctrl.pod | 11 ++++- + doc/man7/EVP_SIGNATURE-RSA.pod | 5 +++ + include/openssl/core_names.h | 1 + + include/openssl/rsa.h | 3 ++ + providers/implementations/signature/rsa_sig.c | 40 ++++++++++++++----- + test/recipes/25-test_req.t | 2 +- + 8 files changed, 87 insertions(+), 19 deletions(-) + +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index 61ec53d424..e69a98d116 100644 +--- a/crypto/rsa/rsa_ameth.c ++++ b/crypto/rsa/rsa_ameth.c +@@ -450,6 +450,7 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) + const EVP_MD *sigmd, *mgf1md; + EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); + int saltlen; ++ int saltlenMax = -1; + + if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) + return NULL; +@@ -457,14 +458,27 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) + return NULL; + if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0) + return NULL; +- if (saltlen == -1) { ++ if (saltlen == RSA_PSS_SALTLEN_DIGEST) { + saltlen = EVP_MD_get_size(sigmd); +- } else if (saltlen == -2 || saltlen == -3) { ++ } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { ++ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", ++ * subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in ++ * bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where ++ * hLen is the length of the hash function output block (in bytes)." ++ * ++ * Provide a way to use at most the digest length, so that the default ++ * does not violate FIPS 186-4. */ ++ saltlen = RSA_PSS_SALTLEN_MAX; ++ saltlenMax = EVP_MD_get_size(sigmd); ++ } ++ if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) { + saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2; + if ((EVP_PKEY_get_bits(pk) & 0x7) == 1) + saltlen--; + if (saltlen < 0) + return NULL; ++ if (saltlenMax >= 0 && saltlen > saltlenMax) ++ saltlen = saltlenMax; + } + + return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen); +diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c +index 33874bfef8..430c36eb2a 100644 +--- a/crypto/rsa/rsa_pss.c ++++ b/crypto/rsa/rsa_pss.c +@@ -61,11 +61,12 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -3 salt length is maximized ++ * -4 salt length is autorecovered from signature + * -N reserved + */ + if (sLen == RSA_PSS_SALTLEN_DIGEST) { + sLen = hLen; +- } else if (sLen < RSA_PSS_SALTLEN_MAX) { ++ } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { + ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); + goto err; + } +@@ -112,7 +113,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED); + goto err; + } +- if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { ++ if (sLen != RSA_PSS_SALTLEN_AUTO ++ && sLen != RSA_PSS_SALTLEN_AUTO_DIGEST_MAX ++ && (maskedDBLen - i) != sLen) { + ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED, + "expected: %d retrieved: %d", sLen, + maskedDBLen - i); +@@ -160,6 +163,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + int hLen, maskedDBLen, MSBits, emLen; + unsigned char *H, *salt = NULL, *p; + EVP_MD_CTX *ctx = NULL; ++ int sLenMax = -1; + + if (mgf1Hash == NULL) + mgf1Hash = Hash; +@@ -172,13 +176,25 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + * -1 sLen == hLen + * -2 salt length is maximized + * -3 same as above (on signing) ++ * -4 salt length is min(hLen, maximum salt length) + * -N reserved + */ ++ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection ++ * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the ++ * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of ++ * the hash function output block (in bytes)." ++ * ++ * Provide a way to use at most the digest length, so that the default does ++ * not violate FIPS 186-4. */ + if (sLen == RSA_PSS_SALTLEN_DIGEST) { + sLen = hLen; +- } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) { ++ } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN ++ || sLen == RSA_PSS_SALTLEN_AUTO) { + sLen = RSA_PSS_SALTLEN_MAX; +- } else if (sLen < RSA_PSS_SALTLEN_MAX) { ++ } else if (sLen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { ++ sLen = RSA_PSS_SALTLEN_MAX; ++ sLenMax = hLen; ++ } else if (sLen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { + ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); + goto err; + } +@@ -195,6 +211,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + } + if (sLen == RSA_PSS_SALTLEN_MAX) { + sLen = emLen - hLen - 2; ++ if (sLenMax >= 0 && sLen > sLenMax) ++ sLen = sLenMax; + } else if (sLen > emLen - hLen - 2) { + ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; +diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod +index 3075eaafd6..9b96f42dbc 100644 +--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod ++++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod +@@ -270,8 +270,8 @@ EVP_PKEY_CTX_get_rsa_padding() gets the RSA padding mode for I. + + EVP_PKEY_CTX_set_rsa_pss_saltlen() sets the RSA PSS salt length to I. + As its name implies it is only supported for PSS padding. If this function is +-not called then the maximum salt length is used when signing and auto detection +-when verifying. Three special values are supported: ++not called then the salt length is maximized up to the digest length when ++signing and auto detection when verifying. Four special values are supported: + + =over 4 + +@@ -289,6 +289,13 @@ causes the salt length to be automatically determined based on the + B block structure when verifying. When signing, it has the same + meaning as B. + ++=item B ++ ++causes the salt length to be automatically determined based on the B block ++structure when verifying, like B. When signing, the salt ++length is maximized up to a maximum of the digest length to comply with FIPS ++186-4 section 5.5. ++ + =back + + EVP_PKEY_CTX_get_rsa_pss_saltlen() gets the RSA PSS salt length for I. +diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod +index 1ce32cc443..13d053e262 100644 +--- a/doc/man7/EVP_SIGNATURE-RSA.pod ++++ b/doc/man7/EVP_SIGNATURE-RSA.pod +@@ -68,6 +68,11 @@ Use the maximum salt length. + + Auto detect the salt length. + ++=item "auto-digestmax" (B) ++ ++Auto detect the salt length when verifying. Maximize the salt length up to the ++digest size when signing to comply with FIPS 186-4 section 5.5. ++ + =back + + =back +diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h +index 69c59f0b46..5779f41427 100644 +--- a/include/openssl/core_names.h ++++ b/include/openssl/core_names.h +@@ -399,6 +399,7 @@ extern "C" { + #define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" + #define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" + #define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" ++#define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" + + /* Key generation parameters */ + #define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS +diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h +index a55c9727c6..daf55bc6d4 100644 +--- a/include/openssl/rsa.h ++++ b/include/openssl/rsa.h +@@ -137,6 +137,9 @@ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); + # define RSA_PSS_SALTLEN_AUTO -2 + /* Set salt length to maximum possible */ + # define RSA_PSS_SALTLEN_MAX -3 ++/* Auto-detect on verify, set salt length to min(maximum possible, digest ++ * length) on sign */ ++# define RSA_PSS_SALTLEN_AUTO_DIGEST_MAX -4 + /* Old compatible max salt length for sign only */ + # define RSA_PSS_SALTLEN_MAX_SIGN -2 + +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 0c45008a00..1a787d77db 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -191,8 +191,8 @@ static void *rsa_newctx(void *provctx, const char *propq) + prsactx->libctx = PROV_LIBCTX_OF(provctx); + prsactx->flag_allow_md = 1; + prsactx->propq = propq_copy; +- /* Maximum for sign, auto for verify */ +- prsactx->saltlen = RSA_PSS_SALTLEN_AUTO; ++ /* Maximum up to digest length for sign, auto for verify */ ++ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX; + prsactx->min_saltlen = -1; + return prsactx; + } +@@ -200,13 +200,27 @@ static void *rsa_newctx(void *provctx, const char *propq) + static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx) + { + int saltlen = ctx->saltlen; +- ++ int saltlenMax = -1; ++ ++ /* FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection ++ * 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the ++ * salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of ++ * the hash function output block (in bytes)." ++ * ++ * Provide a way to use at most the digest length, so that the default does ++ * not violate FIPS 186-4. */ + if (saltlen == RSA_PSS_SALTLEN_DIGEST) { + saltlen = EVP_MD_get_size(ctx->md); +- } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) { ++ } else if (saltlen == RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { ++ saltlen = RSA_PSS_SALTLEN_MAX; ++ saltlenMax = EVP_MD_get_size(ctx->md); ++ } ++ if (saltlen == RSA_PSS_SALTLEN_MAX || saltlen == RSA_PSS_SALTLEN_AUTO) { + saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2; + if ((RSA_bits(ctx->rsa) & 0x7) == 1) + saltlen--; ++ if (saltlenMax >= 0 && saltlen > saltlenMax) ++ saltlen = saltlenMax; + } + if (saltlen < 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); +@@ -411,8 +425,8 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, + + prsactx->operation = operation; + +- /* Maximum for sign, auto for verify */ +- prsactx->saltlen = RSA_PSS_SALTLEN_AUTO; ++ /* Maximize up to digest length for sign, auto for verify */ ++ prsactx->saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX; + prsactx->min_saltlen = -1; + + switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { +@@ -1110,6 +1124,9 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) + case RSA_PSS_SALTLEN_AUTO: + value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO; + break; ++ case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX: ++ value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX; ++ break; + default: + { + int len = BIO_snprintf(p->data, p->data_size, "%d", +@@ -1297,6 +1314,8 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + saltlen = RSA_PSS_SALTLEN_MAX; + else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0) + saltlen = RSA_PSS_SALTLEN_AUTO; ++ else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0) ++ saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX; + else + saltlen = atoi(p->data); + break; +@@ -1305,11 +1324,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + } + + /* +- * RSA_PSS_SALTLEN_MAX seems curiously named in this check. +- * Contrary to what it's name suggests, it's the currently +- * lowest saltlen number possible. ++ * RSA_PSS_SALTLEN_AUTO_DIGEST_MAX seems curiously named in this check. ++ * Contrary to what it's name suggests, it's the currently lowest ++ * saltlen number possible. + */ +- if (saltlen < RSA_PSS_SALTLEN_MAX) { ++ if (saltlen < RSA_PSS_SALTLEN_AUTO_DIGEST_MAX) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return 0; + } +@@ -1317,6 +1336,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) + if (rsa_pss_restricted(prsactx)) { + switch (saltlen) { + case RSA_PSS_SALTLEN_AUTO: ++ case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX: + if (prsactx->operation == EVP_PKEY_OP_VERIFY) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH, + "Cannot use autodetected salt length"); +diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t +index e615f1b338..35541aed12 100644 +--- a/test/recipes/25-test_req.t ++++ b/test/recipes/25-test_req.t +@@ -199,7 +199,7 @@ subtest "generating certificate requests with RSA-PSS" => sub { + ok(!run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq-rsapss3.pem", "-utf8", +- "-sigopt", "rsa_pss_saltlen:-4", ++ "-sigopt", "rsa_pss_saltlen:-5", + "-key", srctop_file("test", "testrsapss.pem")])), + "Generating request with expected failure"); + +-- +2.38.1 + diff --git a/SOURCES/0091-FIPS-RSA-encapsulate.patch b/SOURCES/0091-FIPS-RSA-encapsulate.patch new file mode 100644 index 0000000..0e24cf8 --- /dev/null +++ b/SOURCES/0091-FIPS-RSA-encapsulate.patch @@ -0,0 +1,32 @@ +diff -up openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap openssl-3.0.1/providers/implementations/kem/rsa_kem.c +--- openssl-3.0.1/providers/implementations/kem/rsa_kem.c.encap 2022-11-22 12:27:30.994530801 +0100 ++++ openssl-3.0.1/providers/implementations/kem/rsa_kem.c 2022-11-22 12:32:15.916875495 +0100 +@@ -264,6 +264,14 @@ static int rsasve_generate(PROV_RSA_CTX + *secretlen = nlen; + return 1; + } ++ ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* + * Step (2): Generate a random byte string z of nlen bytes where + * 1 < z < n - 1 +@@ -307,6 +315,13 @@ static int rsasve_recover(PROV_RSA_CTX * + return 1; + } + ++#ifdef FIPS_MODULE ++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++#endif ++ + /* Step (2): check the input ciphertext 'inlen' matches the nlen */ + if (inlen != nlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); diff --git a/SOURCES/0092-provider-improvements.patch b/SOURCES/0092-provider-improvements.patch new file mode 100644 index 0000000..b850fc3 --- /dev/null +++ b/SOURCES/0092-provider-improvements.patch @@ -0,0 +1,705 @@ +From 98642df4ba886818900ab7e6b23703544e6addd4 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 10 Nov 2022 10:46:32 -0500 +Subject: [PATCH 1/3] Propagate selection all the way on key export + +EVP_PKEY_eq() is used to check, among other things, if a certificate +public key corresponds to a private key. When the private key belongs to +a provider that does not allow to export private keys this currently +fails as the internal functions used to import/export keys ignored the +selection given (which specifies that only the public key needs to be +considered) and instead tries to export everything. + +This patch allows to propagate the selection all the way down including +adding it in the cache so that a following operation actually looking +for other selection parameters does not mistakenly pick up an export +containing only partial information. + +Signed-off-by: Simo Sorce + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/19648) + +diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c +index b06730dc7a..2d0238ee27 100644 +--- a/crypto/evp/keymgmt_lib.c ++++ b/crypto/evp/keymgmt_lib.c +@@ -93,7 +93,8 @@ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, + export_cb, export_cbarg); + } + +-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) ++void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ int selection) + { + struct evp_keymgmt_util_try_import_data_st import_data; + OP_CACHE_ELEM *op; +@@ -127,7 +128,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) + */ + if (pk->dirty_cnt == pk->dirty_cnt_copy) { + /* If this key is already exported to |keymgmt|, no more to do */ +- op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); ++ op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); + if (op != NULL && op->keymgmt != NULL) { + void *ret = op->keydata; + +@@ -157,13 +158,13 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) + /* Setup for the export callback */ + import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ + import_data.keymgmt = keymgmt; +- import_data.selection = OSSL_KEYMGMT_SELECT_ALL; ++ import_data.selection = selection; + + /* + * The export function calls the callback (evp_keymgmt_util_try_import), + * which does the import for us. If successful, we're done. + */ +- if (!evp_keymgmt_util_export(pk, OSSL_KEYMGMT_SELECT_ALL, ++ if (!evp_keymgmt_util_export(pk, selection, + &evp_keymgmt_util_try_import, &import_data)) + /* If there was an error, bail out */ + return NULL; +@@ -173,7 +174,7 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) + return NULL; + } + /* Check to make sure some other thread didn't get there first */ +- op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); ++ op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); + if (op != NULL && op->keydata != NULL) { + void *ret = op->keydata; + +@@ -196,7 +197,8 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) + evp_keymgmt_util_clear_operation_cache(pk, 0); + + /* Add the new export to the operation cache */ +- if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata)) { ++ if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata, ++ selection)) { + CRYPTO_THREAD_unlock(pk->lock); + evp_keymgmt_freedata(keymgmt, import_data.keydata); + return NULL; +@@ -232,7 +234,8 @@ int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking) + } + + OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt) ++ EVP_KEYMGMT *keymgmt, ++ int selection) + { + int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache); + OP_CACHE_ELEM *p; +@@ -243,14 +246,14 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, + */ + for (i = 0; i < end; i++) { + p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); +- if (keymgmt == p->keymgmt) ++ if (keymgmt == p->keymgmt && (p->selection & selection) == selection) + return p; + } + return NULL; + } + +-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt, void *keydata) ++int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ void *keydata, int selection) + { + OP_CACHE_ELEM *p = NULL; + +@@ -266,6 +269,7 @@ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, + return 0; + p->keydata = keydata; + p->keymgmt = keymgmt; ++ p->selection = selection; + + if (!EVP_KEYMGMT_up_ref(keymgmt)) { + OPENSSL_free(p); +@@ -391,7 +395,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) + ok = 1; + if (keydata1 != NULL) { + tmp_keydata = +- evp_keymgmt_util_export_to_provider(pk1, keymgmt2); ++ evp_keymgmt_util_export_to_provider(pk1, keymgmt2, ++ selection); + ok = (tmp_keydata != NULL); + } + if (ok) { +@@ -411,7 +416,8 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) + ok = 1; + if (keydata2 != NULL) { + tmp_keydata = +- evp_keymgmt_util_export_to_provider(pk2, keymgmt1); ++ evp_keymgmt_util_export_to_provider(pk2, keymgmt1, ++ selection); + ok = (tmp_keydata != NULL); + } + if (ok) { +diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c +index 70d17ec37e..905e9c9ce4 100644 +--- a/crypto/evp/p_lib.c ++++ b/crypto/evp/p_lib.c +@@ -1822,6 +1822,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + { + EVP_KEYMGMT *allocated_keymgmt = NULL; + EVP_KEYMGMT *tmp_keymgmt = NULL; ++ int selection = OSSL_KEYMGMT_SELECT_ALL; + void *keydata = NULL; + int check; + +@@ -1883,7 +1884,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + if (pk->ameth->dirty_cnt(pk) == pk->dirty_cnt_copy) { + if (!CRYPTO_THREAD_read_lock(pk->lock)) + goto end; +- op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); ++ op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, ++ selection); + + /* + * If |tmp_keymgmt| is present in the operation cache, it means +@@ -1938,7 +1940,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + EVP_KEYMGMT_free(tmp_keymgmt); /* refcnt-- */ + + /* Check to make sure some other thread didn't get there first */ +- op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); ++ op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, selection); + if (op != NULL && op->keymgmt != NULL) { + void *tmp_keydata = op->keydata; + +@@ -1949,7 +1951,8 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + } + + /* Add the new export to the operation cache */ +- if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata)) { ++ if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata, ++ selection)) { + CRYPTO_THREAD_unlock(pk->lock); + evp_keymgmt_freedata(tmp_keymgmt, keydata); + keydata = NULL; +@@ -1964,7 +1967,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, + } + #endif /* FIPS_MODULE */ + +- keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt); ++ keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, selection); + + end: + /* +diff --git a/include/crypto/evp.h b/include/crypto/evp.h +index f601b72807..dbbdcccbda 100644 +--- a/include/crypto/evp.h ++++ b/include/crypto/evp.h +@@ -589,6 +589,7 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + typedef struct { + EVP_KEYMGMT *keymgmt; + void *keydata; ++ int selection; + } OP_CACHE_ELEM; + + DEFINE_STACK_OF(OP_CACHE_ELEM) +@@ -778,12 +779,14 @@ EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); + + int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, + OSSL_CALLBACK *export_cb, void *export_cbarg); +-void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); ++void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ int selection); + OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt); ++ EVP_KEYMGMT *keymgmt, ++ int selection); + int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); +-int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt, void *keydata); ++int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ void *keydata, int selection); + void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); + void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, + int selection, const OSSL_PARAM params[]); +-- +2.38.1 + +From 504427eb5f32108dd64ff7858012863fe47b369b Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Thu, 10 Nov 2022 16:58:28 -0500 +Subject: [PATCH 2/3] Update documentation for keymgmt export utils + +Change function prototypes and explain how to use the selection +argument. + +Signed-off-by: Simo Sorce + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/19648) + +diff --git a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod +index 1fee9f6ff9..7099e44964 100644 +--- a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod ++++ b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod +@@ -20,12 +20,14 @@ OP_CACHE_ELEM + + int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, + OSSL_CALLBACK *export_cb, void *export_cbarg); +- void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); ++ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ int selection); + OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt); ++ EVP_KEYMGMT *keymgmt, ++ int selection); + int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); +- int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, +- EVP_KEYMGMT *keymgmt, void *keydata); ++ int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, ++ void *keydata, int selection); + void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); + void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, + int selection, const OSSL_PARAM params[]); +@@ -65,6 +67,11 @@ evp_keymgmt_util_fromdata() can be used to add key object data to a + given key I via a B interface. This is used as a + helper for L. + ++In all functions that take a I argument, the selection is used to ++constraint the information requested on export. It is also used in the cache ++so that key data is guaranteed to contain all the information requested in ++the selection. ++ + =head1 RETURN VALUES + + evp_keymgmt_export_to_provider() and evp_keymgmt_util_fromdata() +-- +2.38.1 + +From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Fri, 11 Nov 2022 12:18:26 -0500 +Subject: [PATCH 3/3] Add test for EVP_PKEY_eq + +This tests that the comparison work even if a provider can only return +a public key. + +Signed-off-by: Simo Sorce + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/19648) + +diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c +index d556551bb6..5e92e72d4b 100644 +--- a/test/fake_rsaprov.c ++++ b/test/fake_rsaprov.c +@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has; + static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query; + static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import; + static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes; ++static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export; ++static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes; + static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load; + + static int has_selection; + static int imptypes_selection; ++static int exptypes_selection; + static int query_id; + ++struct fake_rsa_keydata { ++ int selection; ++ int status; ++}; ++ + static void *fake_rsa_keymgmt_new(void *provctx) + { +- unsigned char *keydata = OPENSSL_zalloc(1); ++ struct fake_rsa_keydata *key; + +- TEST_ptr(keydata); ++ if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata)))) ++ return NULL; + + /* clear test globals */ + has_selection = 0; + imptypes_selection = 0; ++ exptypes_selection = 0; + query_id = 0; + +- return keydata; ++ return key; + } + + static void fake_rsa_keymgmt_free(void *keydata) +@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id) + static int fake_rsa_keymgmt_import(void *keydata, int selection, + const OSSL_PARAM *p) + { +- unsigned char *fake_rsa_key = keydata; ++ struct fake_rsa_keydata *fake_rsa_key = keydata; + + /* key was imported */ +- *fake_rsa_key = 1; ++ fake_rsa_key->status = 1; + + return 1; + } + ++static unsigned char fake_rsa_n[] = ++ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" ++ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" ++ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" ++ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" ++ "\xF5"; ++ ++static unsigned char fake_rsa_e[] = "\x11"; ++ ++static unsigned char fake_rsa_d[] = ++ "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" ++ "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" ++ "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" ++ "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; ++ ++static unsigned char fake_rsa_p[] = ++ "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" ++ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" ++ "\x0D"; ++ ++static unsigned char fake_rsa_q[] = ++ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" ++ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" ++ "\x89"; ++ ++static unsigned char fake_rsa_dmp1[] = ++ "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" ++ "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; ++ ++static unsigned char fake_rsa_dmq1[] = ++ "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" ++ "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" ++ "\x51"; ++ ++static unsigned char fake_rsa_iqmp[] = ++ "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" ++ "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; ++ ++OSSL_PARAM *fake_rsa_key_params(int priv) ++{ ++ if (priv) { ++ OSSL_PARAM params[] = { ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, ++ sizeof(fake_rsa_n) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, ++ sizeof(fake_rsa_e) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d, ++ sizeof(fake_rsa_d) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p, ++ sizeof(fake_rsa_p) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q, ++ sizeof(fake_rsa_q) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1, ++ sizeof(fake_rsa_dmp1) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1, ++ sizeof(fake_rsa_dmq1) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp, ++ sizeof(fake_rsa_iqmp) -1), ++ OSSL_PARAM_END ++ }; ++ return OSSL_PARAM_dup(params); ++ } else { ++ OSSL_PARAM params[] = { ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, ++ sizeof(fake_rsa_n) -1), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, ++ sizeof(fake_rsa_e) -1), ++ OSSL_PARAM_END ++ }; ++ return OSSL_PARAM_dup(params); ++ } ++} ++ ++static int fake_rsa_keymgmt_export(void *keydata, int selection, ++ OSSL_CALLBACK *param_callback, void *cbarg) ++{ ++ OSSL_PARAM *params = NULL; ++ int ret; ++ ++ if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) ++ return 0; ++ ++ if (!TEST_ptr(params = fake_rsa_key_params(0))) ++ return 0; ++ ++ ret = param_callback(params, cbarg); ++ OSSL_PARAM_free(params); ++ return ret; ++} ++ + static const OSSL_PARAM fake_rsa_import_key_types[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), +@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection) + return fake_rsa_import_key_types; + } + ++static const OSSL_PARAM fake_rsa_export_key_types[] = { ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), ++ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), ++ OSSL_PARAM_END ++}; ++ ++static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection) ++{ ++ /* record global for checking */ ++ exptypes_selection = selection; ++ ++ return fake_rsa_export_key_types; ++} ++ + static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz) + { +- unsigned char *key = NULL; ++ struct fake_rsa_keydata *key = NULL; + +- if (reference_sz != sizeof(key)) ++ if (reference_sz != sizeof(*key)) + return NULL; + +- key = *(unsigned char **)reference; +- if (*key != 1) ++ key = *(struct fake_rsa_keydata **)reference; ++ if (key->status != 1) + return NULL; + + /* detach the reference */ +- *(unsigned char **)reference = NULL; ++ *(struct fake_rsa_keydata **)reference = NULL; + + return key; + } +@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + { + unsigned char *gctx = genctx; + static const unsigned char inited[] = { 1 }; +- unsigned char *keydata; ++ struct fake_rsa_keydata *keydata; + + if (!TEST_ptr(gctx) + || !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited))) +@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) + if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL))) + return NULL; + +- *keydata = 2; ++ keydata->status = 2; + return keydata; + } + +@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = { + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, + (void (*)(void))fake_rsa_keymgmt_imptypes }, ++ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export }, ++ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, ++ (void (*)(void))fake_rsa_keymgmt_exptypes }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen }, +@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey, + const OSSL_PARAM params[]) + { + unsigned char *sigctx = ctx; +- unsigned char *keydata = provkey; ++ struct fake_rsa_keydata *keydata = provkey; + + /* we must have a ctx */ + if (!TEST_ptr(sigctx)) + return 0; + + /* we must have some initialized key */ +- if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0)) ++ if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0)) + return 0; + + /* record that sign init was called */ +@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx, + unsigned char *storectx = loaderctx; + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; +- void *key = NULL; ++ struct fake_rsa_keydata *key = NULL; + int rv = 0; + + switch (*storectx) { +@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx, + /* The address of the key becomes the octet string */ + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, +- &key, sizeof(key)); ++ &key, sizeof(*key)); + params[3] = OSSL_PARAM_construct_end(); + rv = object_cb(params, object_cbarg); + *storectx = 1; +diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h +index 57de1ecf8d..190c46a285 100644 +--- a/test/fake_rsaprov.h ++++ b/test/fake_rsaprov.h +@@ -12,3 +12,4 @@ + /* Fake RSA provider implementation */ + OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); + void fake_rsa_finish(OSSL_PROVIDER *p); ++OSSL_PARAM *fake_rsa_key_params(int priv); +diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c +index 5c398398f4..3b190baa5e 100644 +--- a/test/provider_pkey_test.c ++++ b/test/provider_pkey_test.c +@@ -176,6 +176,67 @@ end: + return ret; + } + ++static int test_pkey_eq(void) ++{ ++ OSSL_PROVIDER *deflt = NULL; ++ OSSL_PROVIDER *fake_rsa = NULL; ++ EVP_PKEY *pkey_fake = NULL; ++ EVP_PKEY *pkey_dflt = NULL; ++ EVP_PKEY_CTX *ctx = NULL; ++ OSSL_PARAM *params = NULL; ++ int ret = 0; ++ ++ if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) ++ return 0; ++ ++ if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default"))) ++ goto end; ++ ++ /* Construct a public key for fake-rsa */ ++ if (!TEST_ptr(params = fake_rsa_key_params(0)) ++ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", ++ "provider=fake-rsa")) ++ || !TEST_true(EVP_PKEY_fromdata_init(ctx)) ++ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, ++ params)) ++ || !TEST_ptr(pkey_fake)) ++ goto end; ++ ++ EVP_PKEY_CTX_free(ctx); ++ ctx = NULL; ++ OSSL_PARAM_free(params); ++ params = NULL; ++ ++ /* Construct a public key for default */ ++ if (!TEST_ptr(params = fake_rsa_key_params(0)) ++ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", ++ "provider=default")) ++ || !TEST_true(EVP_PKEY_fromdata_init(ctx)) ++ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY, ++ params)) ++ || !TEST_ptr(pkey_dflt)) ++ goto end; ++ ++ EVP_PKEY_CTX_free(ctx); ++ ctx = NULL; ++ OSSL_PARAM_free(params); ++ params = NULL; ++ ++ /* now test for equality */ ++ if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1)) ++ goto end; ++ ++ ret = 1; ++end: ++ fake_rsa_finish(fake_rsa); ++ OSSL_PROVIDER_unload(deflt); ++ EVP_PKEY_CTX_free(ctx); ++ EVP_PKEY_free(pkey_fake); ++ EVP_PKEY_free(pkey_dflt); ++ OSSL_PARAM_free(params); ++ return ret; ++} ++ + static int test_pkey_store(int idx) + { + OSSL_PROVIDER *deflt = NULL; +@@ -235,6 +296,7 @@ int setup_tests(void) + + ADD_TEST(test_pkey_sig); + ADD_TEST(test_alternative_keygen_init); ++ ADD_TEST(test_pkey_eq); + ADD_ALL_TESTS(test_pkey_store, 2); + + return 1; +-- +2.38.1 + +From 2fea56832780248af2aba2e4433ece2d18428515 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Mon, 14 Nov 2022 10:25:15 -0500 +Subject: [PATCH] Drop explicit check for engines in opt_legacy_okay + +The providers indication should always indicate that this is not a +legacy request. +This makes a check for engines redundant as the default return is that +legacy is ok if there are no explicit providers. + +Fixes #19662 + +Signed-off-by: Simo Sorce + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/19671) +--- + apps/lib/apps.c | 8 -------- + test/recipes/20-test_legacy_okay.t | 23 +++++++++++++++++++++++ + 2 files changed, 23 insertions(+), 8 deletions(-) + create mode 100755 test/recipes/20-test_legacy_okay.t + +diff --git a/apps/lib/apps.c b/apps/lib/apps.c +index 3d52e030ab7e258f9cd983b2d9755d954cb3aee5..bbe0d009efb35fcf1a902c86cbddc61e657e57f1 100644 +--- a/apps/lib/apps.c ++++ b/apps/lib/apps.c +@@ -3405,14 +3405,6 @@ int opt_legacy_okay(void) + { + int provider_options = opt_provider_option_given(); + int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL; +-#ifndef OPENSSL_NO_ENGINE +- ENGINE *e = ENGINE_get_first(); +- +- if (e != NULL) { +- ENGINE_free(e); +- return 1; +- } +-#endif + /* + * Having a provider option specified or a custom library context or + * property query, is a sure sign we're not using legacy. +diff --git a/test/recipes/20-test_legacy_okay.t b/test/recipes/20-test_legacy_okay.t +new file mode 100755 +index 0000000000000000000000000000000000000000..183499f3fd93f97e8a4a30681a9f383d2f6e0c56 +--- /dev/null ++++ b/test/recipes/20-test_legacy_okay.t +@@ -0,0 +1,23 @@ ++#! /usr/bin/env perl ++# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the Apache License 2.0 (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++use strict; ++use warnings; ++ ++use OpenSSL::Test; ++ ++setup("test_legacy"); ++ ++plan tests => 3; ++ ++ok(run(app(['openssl', 'rand', '-out', 'rand.txt', '256'])), "Generate random file"); ++ ++ok(run(app(['openssl', 'dgst', '-sha256', 'rand.txt'])), "Generate a digest"); ++ ++ok(!run(app(['openssl', 'dgst', '-sha256', '-propquery', 'foo=1', ++ 'rand.txt'])), "Fail to generate a digest"); +-- +2.38.1 + diff --git a/SOURCES/0101-CVE-2022-4203-nc-match.patch b/SOURCES/0101-CVE-2022-4203-nc-match.patch new file mode 100644 index 0000000..860deac --- /dev/null +++ b/SOURCES/0101-CVE-2022-4203-nc-match.patch @@ -0,0 +1,281 @@ +From c927a3492698c254637da836762f9b1f86cffabc Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Tue, 13 Dec 2022 08:49:13 +0100 +Subject: [PATCH 01/18] Fix type confusion in nc_match_single() + +This function assumes that if the "gen" is an OtherName, then the "base" +is a rfc822Name constraint. This assumption is not true in all cases. +If the end-entity certificate contains an OtherName SAN of any type besides +SmtpUtf8Mailbox and the CA certificate contains a name constraint of +OtherName (of any type), then "nc_email_eai" will be invoked, with the +OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING. + +Reported by Corey Bonnell from Digicert. + +CVE-2022-4203 + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +--- + crypto/x509/v3_ncons.c | 45 +++++++++++++++++++++++++++++------------- + 1 file changed, 31 insertions(+), 14 deletions(-) + +diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c +index 70a7e8304e..5101598512 100644 +--- a/crypto/x509/v3_ncons.c ++++ b/crypto/x509/v3_ncons.c +@@ -31,7 +31,8 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + + static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); ++static int nc_match_single(int effective_type, GENERAL_NAME *sub, ++ GENERAL_NAME *gen); + static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); + static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); + static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); +@@ -472,14 +473,17 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + { + GENERAL_SUBTREE *sub; + int i, r, match = 0; ++ int effective_type = gen->type; ++ + /* + * We need to compare not gen->type field but an "effective" type because + * the otherName field may contain EAI email address treated specially + * according to RFC 8398, section 6 + */ +- int effective_type = ((gen->type == GEN_OTHERNAME) && +- (OBJ_obj2nid(gen->d.otherName->type_id) == +- NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type; ++ if (effective_type == GEN_OTHERNAME && ++ (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) { ++ effective_type = GEN_EMAIL; ++ } + + /* + * Permitted subtrees: if any subtrees exist of matching the type at +@@ -488,7 +492,10 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); +- if (effective_type != sub->base->type) ++ if (effective_type != sub->base->type ++ || (effective_type == GEN_OTHERNAME && ++ OBJ_cmp(gen->d.otherName->type_id, ++ sub->base->d.otherName->type_id) != 0)) + continue; + if (!nc_minmax_valid(sub)) + return X509_V_ERR_SUBTREE_MINMAX; +@@ -497,7 +504,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + continue; + if (match == 0) + match = 1; +- r = nc_match_single(gen, sub->base); ++ r = nc_match_single(effective_type, gen, sub->base); + if (r == X509_V_OK) + match = 2; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) +@@ -511,12 +518,15 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); +- if (effective_type != sub->base->type) ++ if (effective_type != sub->base->type ++ || (effective_type == GEN_OTHERNAME && ++ OBJ_cmp(gen->d.otherName->type_id, ++ sub->base->d.otherName->type_id) != 0)) + continue; + if (!nc_minmax_valid(sub)) + return X509_V_ERR_SUBTREE_MINMAX; + +- r = nc_match_single(gen, sub->base); ++ r = nc_match_single(effective_type, gen, sub->base); + if (r == X509_V_OK) + return X509_V_ERR_EXCLUDED_VIOLATION; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) +@@ -528,15 +538,22 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + } + +-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) ++static int nc_match_single(int effective_type, GENERAL_NAME *gen, ++ GENERAL_NAME *base) + { + switch (gen->type) { + case GEN_OTHERNAME: +- /* +- * We are here only when we have SmtpUTF8 name, +- * so we match the value of othername with base->d.rfc822Name +- */ +- return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); ++ switch (effective_type) { ++ case GEN_EMAIL: ++ /* ++ * We are here only when we have SmtpUTF8 name, ++ * so we match the value of othername with base->d.rfc822Name ++ */ ++ return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); ++ ++ default: ++ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; ++ } + + case GEN_DIRNAME: + return nc_dn(gen->d.directoryName, base->d.directoryName); +-- +2.39.1 + +From fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 13 Dec 2022 19:45:09 +0100 +Subject: [PATCH 02/18] Add testcase for nc_match_single type confusion + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +--- + test/certs/bad-othername-cert.pem | 20 ++++++++++++++++++++ + test/certs/nccaothername-cert.pem | 20 ++++++++++++++++++++ + test/certs/nccaothername-key.pem | 28 ++++++++++++++++++++++++++++ + test/certs/setup.sh | 11 +++++++++++ + test/recipes/25-test_verify.t | 5 ++++- + 5 files changed, 83 insertions(+), 1 deletion(-) + create mode 100644 test/certs/bad-othername-cert.pem + create mode 100644 test/certs/nccaothername-cert.pem + create mode 100644 test/certs/nccaothername-key.pem + +diff --git a/test/certs/bad-othername-cert.pem b/test/certs/bad-othername-cert.pem +new file mode 100644 +index 0000000000..cf279de5ea +--- /dev/null ++++ b/test/certs/bad-othername-cert.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 ++IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx ++NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm ++aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt ++JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2 ++kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5 ++Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S ++Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b ++75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7 ++6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf ++BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud ++EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB ++CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru ++t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr ++NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq ++enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O ++vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka ++1AR5KN8h5SYKltSXknjs0pp1w4k49aHl ++-----END CERTIFICATE----- +diff --git a/test/certs/nccaothername-cert.pem b/test/certs/nccaothername-cert.pem +new file mode 100644 +index 0000000000..f9b9b07b80 +--- /dev/null ++++ b/test/certs/nccaothername-cert.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 ++IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD ++DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC ++AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN ++vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H ++d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh ++IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA ++mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB ++gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD ++AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw ++HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g ++HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB ++AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4 ++hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu ++dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR ++2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y ++OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx ++LKQu2Aw2+bOEZ2vUtz0dBhX8 ++-----END CERTIFICATE----- +diff --git a/test/certs/nccaothername-key.pem b/test/certs/nccaothername-key.pem +new file mode 100644 +index 0000000000..d3e300ac2f +--- /dev/null ++++ b/test/certs/nccaothername-key.pem +@@ -0,0 +1,28 @@ ++-----BEGIN PRIVATE KEY----- ++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp ++w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV ++3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo ++bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls ++k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p ++2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF// ++RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR ++B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF ++dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy ++2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw ++gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq ++uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV ++zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7 ++eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+ ++JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP ++3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX ++8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t ++62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2 ++EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo ++1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc ++RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi ++ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf +++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2 ++ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J ++QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW ++5FtOCFEmwQHTR8lu4c63qfxkEQ== ++-----END PRIVATE KEY----- +diff --git a/test/certs/setup.sh b/test/certs/setup.sh +index b9766aab20..2240cd9df0 100755 +--- a/test/certs/setup.sh ++++ b/test/certs/setup.sh +@@ -388,6 +388,17 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + ++# Certs for CVE-2022-4203 testcase ++ ++NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \ ++ "Test NC CA othername" nccaothername-key nccaothername-cert \ ++ root-key root-cert ++ ++./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \ ++ ./mkcert.sh geneealt bad-othername-key bad-othername-cert \ ++ nccaothername-key nccaothername-cert \ ++ "otherName.1 = SRVName;UTF8STRING:foo@example.org" ++ + # RSA-PSS signatures + # SHA1 + ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index 4613489f57..e6a2bca731 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -29,7 +29,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 162; ++plan tests => 163; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -402,6 +402,9 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name constraints nested DNS name excluded"); + ++ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ), ++ "CVE-2022-4203 type confusion test"); ++ + #Check that we get the expected failure return code + with({ exit_checker => sub { return shift == 2; } }, + sub { +-- +2.39.1 + diff --git a/SOURCES/0102-CVE-2022-4304-RSA-time-oracle.patch b/SOURCES/0102-CVE-2022-4304-RSA-time-oracle.patch new file mode 100644 index 0000000..a650715 --- /dev/null +++ b/SOURCES/0102-CVE-2022-4304-RSA-time-oracle.patch @@ -0,0 +1,750 @@ +From 8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Fri, 20 Jan 2023 15:03:40 +0000 +Subject: [PATCH 03/18] Fix Timing Oracle in RSA decryption + +A timing based side channel exists in the OpenSSL RSA Decryption +implementation which could be sufficient to recover a plaintext across +a network in a Bleichenbacher style attack. To achieve a successful +decryption an attacker would have to be able to send a very large number +of trial messages for decryption. The vulnerability affects all RSA +padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. + +Patch written by Dmitry Belyavsky and Hubert Kario + +CVE-2022-4304 + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +--- + crypto/bn/bn_blind.c | 14 - + crypto/bn/bn_local.h | 14 + + crypto/bn/build.info | 2 +- + crypto/bn/rsa_sup_mul.c | 604 ++++++++++++++++++++++++++++++++++++++++ + crypto/rsa/rsa_ossl.c | 19 +- + include/crypto/bn.h | 6 + + 6 files changed, 638 insertions(+), 21 deletions(-) + create mode 100644 crypto/bn/rsa_sup_mul.c + +diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c +index 72457b34cf..6061ebb4c0 100644 +--- a/crypto/bn/bn_blind.c ++++ b/crypto/bn/bn_blind.c +@@ -13,20 +13,6 @@ + + #define BN_BLINDING_COUNTER 32 + +-struct bn_blinding_st { +- BIGNUM *A; +- BIGNUM *Ai; +- BIGNUM *e; +- BIGNUM *mod; /* just a reference */ +- CRYPTO_THREAD_ID tid; +- int counter; +- unsigned long flags; +- BN_MONT_CTX *m_ctx; +- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +- CRYPTO_RWLOCK *lock; +-}; +- + BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + { + BN_BLINDING *ret = NULL; +diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h +index c9a7ecf298..8c428f919d 100644 +--- a/crypto/bn/bn_local.h ++++ b/crypto/bn/bn_local.h +@@ -290,6 +290,20 @@ struct bn_gencb_st { + } cb; + }; + ++struct bn_blinding_st { ++ BIGNUM *A; ++ BIGNUM *Ai; ++ BIGNUM *e; ++ BIGNUM *mod; /* just a reference */ ++ CRYPTO_THREAD_ID tid; ++ int counter; ++ unsigned long flags; ++ BN_MONT_CTX *m_ctx; ++ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ CRYPTO_RWLOCK *lock; ++}; ++ + /*- + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * +diff --git a/crypto/bn/build.info b/crypto/bn/build.info +index c4ba51b265..f4ff619239 100644 +--- a/crypto/bn/build.info ++++ b/crypto/bn/build.info +@@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ + bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ + bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ +- bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c ++ bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c + SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c + DEFINE[../../libcrypto]=$BNDEF + IF[{- !$disabled{'deprecated-0.9.8'} -}] +diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c +new file mode 100644 +index 0000000000..0e0d02e194 +--- /dev/null ++++ b/crypto/bn/rsa_sup_mul.c +@@ -0,0 +1,604 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "internal/endian.h" ++#include "internal/numbers.h" ++#include "internal/constant_time.h" ++#include "bn_local.h" ++ ++# if BN_BYTES == 8 ++typedef uint64_t limb_t; ++# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 ++typedef uint128_t limb2_t; ++# define HAVE_LIMB2_T ++# endif ++# define LIMB_BIT_SIZE 64 ++# define LIMB_BYTE_SIZE 8 ++# elif BN_BYTES == 4 ++typedef uint32_t limb_t; ++typedef uint64_t limb2_t; ++# define LIMB_BIT_SIZE 32 ++# define LIMB_BYTE_SIZE 4 ++# define HAVE_LIMB2_T ++# else ++# error "Not supported" ++# endif ++ ++/* ++ * For multiplication we're using schoolbook multiplication, ++ * so if we have two numbers, each with 6 "digits" (words) ++ * the multiplication is calculated as follows: ++ * A B C D E F ++ * x I J K L M N ++ * -------------- ++ * N*F ++ * N*E ++ * N*D ++ * N*C ++ * N*B ++ * N*A ++ * M*F ++ * M*E ++ * M*D ++ * M*C ++ * M*B ++ * M*A ++ * L*F ++ * L*E ++ * L*D ++ * L*C ++ * L*B ++ * L*A ++ * K*F ++ * K*E ++ * K*D ++ * K*C ++ * K*B ++ * K*A ++ * J*F ++ * J*E ++ * J*D ++ * J*C ++ * J*B ++ * J*A ++ * I*F ++ * I*E ++ * I*D ++ * I*C ++ * I*B ++ * + I*A ++ * ========================== ++ * N*B N*D N*F ++ * + N*A N*C N*E ++ * + M*B M*D M*F ++ * + M*A M*C M*E ++ * + L*B L*D L*F ++ * + L*A L*C L*E ++ * + K*B K*D K*F ++ * + K*A K*C K*E ++ * + J*B J*D J*F ++ * + J*A J*C J*E ++ * + I*B I*D I*F ++ * + I*A I*C I*E ++ * ++ * 1+1 1+3 1+5 ++ * 1+0 1+2 1+4 ++ * 0+1 0+3 0+5 ++ * 0+0 0+2 0+4 ++ * ++ * 0 1 2 3 4 5 6 ++ * which requires n^2 multiplications and 2n full length additions ++ * as we can keep every other result of limb multiplication in two separate ++ * limbs ++ */ ++ ++#if defined HAVE_LIMB2_T ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ limb2_t t; ++ /* ++ * this is idiomatic code to tell compiler to use the native mul ++ * those three lines will actually compile to single instruction ++ */ ++ ++ t = (limb2_t)a * b; ++ *hi = t >> LIMB_BIT_SIZE; ++ *lo = (limb_t)t; ++} ++#elif (BN_BYTES == 8) && (defined _MSC_VER) ++/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */ ++#pragma intrinsic(_umul128) ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ *lo = _umul128(a, b, hi); ++} ++#else ++/* ++ * if the compiler doesn't have either a 128bit data type nor a "return ++ * high 64 bits of multiplication" ++ */ ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ limb_t a_low = (limb_t)(uint32_t)a; ++ limb_t a_hi = a >> 32; ++ limb_t b_low = (limb_t)(uint32_t)b; ++ limb_t b_hi = b >> 32; ++ ++ limb_t p0 = a_low * b_low; ++ limb_t p1 = a_low * b_hi; ++ limb_t p2 = a_hi * b_low; ++ limb_t p3 = a_hi * b_hi; ++ ++ uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32); ++ ++ *lo = p0 + (p1 << 32) + (p2 << 32); ++ *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy; ++} ++#endif ++ ++/* add two limbs with carry in, return carry out */ ++static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry) ++{ ++ limb_t carry1, carry2, t; ++ /* ++ * `c = a + b; if (c < a)` is idiomatic code that makes compilers ++ * use add with carry on assembly level ++ */ ++ ++ *ret = a + carry; ++ if (*ret < a) ++ carry1 = 1; ++ else ++ carry1 = 0; ++ ++ t = *ret; ++ *ret = t + b; ++ if (*ret < t) ++ carry2 = 1; ++ else ++ carry2 = 0; ++ ++ return carry1 + carry2; ++} ++ ++/* ++ * add two numbers of the same size, return overflow ++ * ++ * add a to b, place result in ret; all arrays need to be n limbs long ++ * return overflow from addition (0 or 1) ++ */ ++static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ limb_t c = 0; ++ ossl_ssize_t i; ++ ++ for(i = n - 1; i > -1; i--) ++ c = _add_limb(&ret[i], a[i], b[i], c); ++ ++ return c; ++} ++ ++/* ++ * return number of limbs necessary for temporary values ++ * when multiplying numbers n limbs large ++ */ ++static ossl_inline size_t mul_limb_numb(size_t n) ++{ ++ return 2 * n * 2; ++} ++ ++/* ++ * multiply two numbers of the same size ++ * ++ * multiply a by b, place result in ret; a and b need to be n limbs long ++ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs ++ * long ++ */ ++static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp) ++{ ++ limb_t *r_odd, *r_even; ++ size_t i, j, k; ++ ++ r_odd = tmp; ++ r_even = &tmp[2 * n]; ++ ++ memset(ret, 0, 2 * n * sizeof(limb_t)); ++ ++ for (i = 0; i < n; i++) { ++ for (k = 0; k < i + n + 1; k++) { ++ r_even[k] = 0; ++ r_odd[k] = 0; ++ } ++ for (j = 0; j < n; j++) { ++ /* ++ * place results from even and odd limbs in separate arrays so that ++ * we don't have to calculate overflow every time we get individual ++ * limb multiplication result ++ */ ++ if (j % 2 == 0) ++ _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]); ++ else ++ _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]); ++ } ++ /* ++ * skip the least significant limbs when adding multiples of ++ * more significant limbs (they're zero anyway) ++ */ ++ add(ret, ret, r_even, n + i + 1); ++ add(ret, ret, r_odd, n + i + 1); ++ } ++} ++ ++/* modifies the value in place by performing a right shift by one bit */ ++static ossl_inline void rshift1(limb_t *val, size_t n) ++{ ++ limb_t shift_in = 0, shift_out = 0; ++ size_t i; ++ ++ for (i = 0; i < n; i++) { ++ shift_out = val[i] & 1; ++ val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1); ++ shift_in = shift_out; ++ } ++} ++ ++/* extend the LSB of flag to all bits of limb */ ++static ossl_inline limb_t mk_mask(limb_t flag) ++{ ++ flag |= flag << 1; ++ flag |= flag << 2; ++ flag |= flag << 4; ++ flag |= flag << 8; ++ flag |= flag << 16; ++#if (LIMB_BYTE_SIZE == 8) ++ flag |= flag << 32; ++#endif ++ return flag; ++} ++ ++/* ++ * copy from either a or b to ret based on flag ++ * when flag == 0, then copies from b ++ * when flag == 1, then copies from a ++ */ ++static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ /* ++ * would be more efficient with non volatile mask, but then gcc ++ * generates code with jumps ++ */ ++ volatile limb_t mask; ++ size_t i; ++ ++ mask = mk_mask(flag); ++ for (i = 0; i < n; i++) { ++#if (LIMB_BYTE_SIZE == 8) ++ ret[i] = constant_time_select_64(mask, a[i], b[i]); ++#else ++ ret[i] = constant_time_select_32(mask, a[i], b[i]); ++#endif ++ } ++} ++ ++static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow) ++{ ++ limb_t borrow1, borrow2, t; ++ /* ++ * while it doesn't look constant-time, this is idiomatic code ++ * to tell compilers to use the carry bit from subtraction ++ */ ++ ++ *ret = a - borrow; ++ if (*ret > a) ++ borrow1 = 1; ++ else ++ borrow1 = 0; ++ ++ t = *ret; ++ *ret = t - b; ++ if (*ret > t) ++ borrow2 = 1; ++ else ++ borrow2 = 0; ++ ++ return borrow1 + borrow2; ++} ++ ++/* ++ * place the result of a - b into ret, return the borrow bit. ++ * All arrays need to be n limbs long ++ */ ++static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ limb_t borrow = 0; ++ ossl_ssize_t i; ++ ++ for (i = n - 1; i > -1; i--) ++ borrow = _sub_limb(&ret[i], a[i], b[i], borrow); ++ ++ return borrow; ++} ++ ++/* return the number of limbs necessary to allocate for the mod() tmp operand */ ++static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum) ++{ ++ return (anum + modnum) * 3; ++} ++ ++/* ++ * calculate a % mod, place the result in ret ++ * size of a is defined by anum, size of ret and mod is modnum, ++ * size of tmp is returned by mod_limb_numb() ++ */ ++static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod, ++ size_t modnum, limb_t *tmp) ++{ ++ limb_t *atmp, *modtmp, *rettmp; ++ limb_t res; ++ size_t i; ++ ++ memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE); ++ ++ atmp = tmp; ++ modtmp = &tmp[anum + modnum]; ++ rettmp = &tmp[(anum + modnum) * 2]; ++ ++ for (i = modnum; i 0; i--, rp--) { ++ v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2); ++ v = v + carry + rp[-1]; ++ carry |= (v != rp[-1]); ++ carry &= (v <= rp[-1]); ++ rp[-1] = v; ++ } ++ ++ /* perform the final reduction by mod... */ ++ carry -= sub(ret, rp, mod, modnum); ++ ++ /* ...conditionally */ ++ cselect(carry, ret, rp, ret, modnum); ++} ++ ++/* allocated buffer should be freed afterwards */ ++static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs) ++{ ++ int i; ++ int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ limb_t *ptr = buf + (limbs - real_limbs); ++ ++ for (i = 0; i < real_limbs; i++) ++ ptr[i] = bn->d[real_limbs - i - 1]; ++} ++ ++#if LIMB_BYTE_SIZE == 8 ++static ossl_inline uint64_t be64(uint64_t host) ++{ ++ uint64_t big = 0; ++ DECLARE_IS_ENDIAN; ++ ++ if (!IS_LITTLE_ENDIAN) ++ return host; ++ ++ big |= (host & 0xff00000000000000) >> 56; ++ big |= (host & 0x00ff000000000000) >> 40; ++ big |= (host & 0x0000ff0000000000) >> 24; ++ big |= (host & 0x000000ff00000000) >> 8; ++ big |= (host & 0x00000000ff000000) << 8; ++ big |= (host & 0x0000000000ff0000) << 24; ++ big |= (host & 0x000000000000ff00) << 40; ++ big |= (host & 0x00000000000000ff) << 56; ++ return big; ++} ++ ++#else ++/* Not all platforms have htobe32(). */ ++static ossl_inline uint32_t be32(uint32_t host) ++{ ++ uint32_t big = 0; ++ DECLARE_IS_ENDIAN; ++ ++ if (!IS_LITTLE_ENDIAN) ++ return host; ++ ++ big |= (host & 0xff000000) >> 24; ++ big |= (host & 0x00ff0000) >> 8; ++ big |= (host & 0x0000ff00) << 8; ++ big |= (host & 0x000000ff) << 24; ++ return big; ++} ++#endif ++ ++/* ++ * We assume that intermediate, possible_arg2, blinding, and ctx are used ++ * similar to BN_BLINDING_invert_ex() arguments. ++ * to_mod is RSA modulus. ++ * buf and num is the serialization buffer and its length. ++ * ++ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished ++ * we serialize the new structure instead of BIGNUMs taking endianness into account. ++ */ ++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, ++ const BN_BLINDING *blinding, ++ const BIGNUM *possible_arg2, ++ const BIGNUM *to_mod, BN_CTX *ctx, ++ unsigned char *buf, int num) ++{ ++ limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL; ++ limb_t *l_ret = NULL, *l_tmp = NULL, l_buf; ++ size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0; ++ size_t l_tmp_count = 0; ++ int ret = 0; ++ size_t i; ++ unsigned char *tmp; ++ const BIGNUM *arg1 = intermediate; ++ const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2; ++ ++ l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ ++ l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count; ++ l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); ++ l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); ++ l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE); ++ ++ if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL)) ++ goto err; ++ ++ BN_to_limb(arg1, l_im, l_size); ++ BN_to_limb(arg2, l_mul, l_size); ++ BN_to_limb(to_mod, l_mod, l_mod_count); ++ ++ l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE); ++ ++ if (blinding->m_ctx != NULL) { ++ l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ? ++ mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count); ++ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); ++ } else { ++ l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ? ++ mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count); ++ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); ++ } ++ ++ if ((l_ret == NULL) || (l_tmp == NULL)) ++ goto err; ++ ++ if (blinding->m_ctx != NULL) { ++ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); ++ mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, ++ blinding->m_ctx->n0[0], l_tmp); ++ } else { ++ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); ++ mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp); ++ } ++ ++ /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */ ++ if (num < BN_num_bytes(to_mod)) { ++ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); ++ goto err; ++ } ++ ++ memset(buf, 0, num); ++ tmp = buf + num - BN_num_bytes(to_mod); ++ for (i = 0; i < l_mod_count; i++) { ++#if LIMB_BYTE_SIZE == 8 ++ l_buf = be64(l_ret[i]); ++#else ++ l_buf = be32(l_ret[i]); ++#endif ++ if (i == 0) { ++ int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num); ++ ++ memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta); ++ tmp += delta; ++ } else { ++ memcpy(tmp, &l_buf, LIMB_BYTE_SIZE); ++ tmp += LIMB_BYTE_SIZE; ++ } ++ } ++ ret = num; ++ ++ err: ++ OPENSSL_free(l_im); ++ OPENSSL_free(l_mul); ++ OPENSSL_free(l_mod); ++ OPENSSL_free(l_tmp); ++ OPENSSL_free(l_ret); ++ ++ return ret; ++} +diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c +index 381c659352..7e8b791fba 100644 +--- a/crypto/rsa/rsa_ossl.c ++++ b/crypto/rsa/rsa_ossl.c +@@ -469,13 +469,20 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, + BN_free(d); + } + +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ if (blinding) { ++ /* ++ * ossl_bn_rsa_do_unblind() combines blinding inversion and ++ * 0-padded BN BE serialization ++ */ ++ j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx, ++ buf, num); ++ if (j == 0) + goto err; +- +- j = BN_bn2binpad(ret, buf, num); +- if (j < 0) +- goto err; ++ } else { ++ j = BN_bn2binpad(ret, buf, num); ++ if (j < 0) ++ goto err; ++ } + + switch (padding) { + case RSA_PKCS1_PADDING: +diff --git a/include/crypto/bn.h b/include/crypto/bn.h +index cf69bea848..cd45654210 100644 +--- a/include/crypto/bn.h ++++ b/include/crypto/bn.h +@@ -114,4 +114,10 @@ OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx); + + extern const BIGNUM ossl_bn_inv_sqrt_2; + ++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, ++ const BN_BLINDING *blinding, ++ const BIGNUM *possible_arg2, ++ const BIGNUM *to_mod, BN_CTX *ctx, ++ unsigned char *buf, int num); ++ + #endif +-- +2.39.1 + diff --git a/SOURCES/0103-CVE-2022-4450-pem-read-bio.patch b/SOURCES/0103-CVE-2022-4450-pem-read-bio.patch new file mode 100644 index 0000000..7d86395 --- /dev/null +++ b/SOURCES/0103-CVE-2022-4450-pem-read-bio.patch @@ -0,0 +1,106 @@ +From 63bcf189be73a9cc1264059bed6f57974be74a83 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 13 Dec 2022 14:54:55 +0000 +Subject: [PATCH 04/18] Avoid dangling ptrs in header and data params for + PEM_read_bio_ex + +In the event of a failure in PEM_read_bio_ex() we free the buffers we +allocated for the header and data buffers. However we were not clearing +the ptrs stored in *header and *data. Since, on success, the caller is +responsible for freeing these ptrs this can potentially lead to a double +free if the caller frees them even on failure. + +Thanks to Dawei Wang for reporting this issue. + +Based on a proposed patch by Kurt Roeckx. + +CVE-2022-4450 + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +--- + crypto/pem/pem_lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c +index f9ff80162a..85c47fb627 100644 +--- a/crypto/pem/pem_lib.c ++++ b/crypto/pem/pem_lib.c +@@ -989,7 +989,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, + + out_free: + pem_free(*header, flags, 0); ++ *header = NULL; + pem_free(*data, flags, 0); ++ *data = NULL; + end: + EVP_ENCODE_CTX_free(ctx); + pem_free(name, flags, 0); +-- +2.39.1 + +From cbafa34b5a057794c5c08cd4657038e1f643c1ac Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 13 Dec 2022 15:02:26 +0000 +Subject: [PATCH 05/18] Add a test for CVE-2022-4450 + +Call PEM_read_bio_ex() and expect a failure. There should be no dangling +ptrs and therefore there should be no double free if we free the ptrs on +error. + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +--- + test/pemtest.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/test/pemtest.c b/test/pemtest.c +index a8d2d49bb5..a5d28cb256 100644 +--- a/test/pemtest.c ++++ b/test/pemtest.c +@@ -96,6 +96,35 @@ static int test_cert_key_cert(void) + return 1; + } + ++static int test_empty_payload(void) ++{ ++ BIO *b; ++ static char *emptypay = ++ "-----BEGIN CERTIFICATE-----\n" ++ "-\n" /* Base64 EOF character */ ++ "-----END CERTIFICATE-----"; ++ char *name = NULL, *header = NULL; ++ unsigned char *data = NULL; ++ long len; ++ int ret = 0; ++ ++ b = BIO_new_mem_buf(emptypay, strlen(emptypay)); ++ if (!TEST_ptr(b)) ++ return 0; ++ ++ /* Expected to fail because the payload is empty */ ++ if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0))) ++ goto err; ++ ++ ret = 1; ++ err: ++ OPENSSL_free(name); ++ OPENSSL_free(header); ++ OPENSSL_free(data); ++ BIO_free(b); ++ return ret; ++} ++ + int setup_tests(void) + { + if (!TEST_ptr(pemfile = test_get_argument(0))) +@@ -103,5 +132,6 @@ int setup_tests(void) + ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data)); + ADD_TEST(test_invalid); + ADD_TEST(test_cert_key_cert); ++ ADD_TEST(test_empty_payload); + return 1; + } +-- +2.39.1 + diff --git a/SOURCES/0104-CVE-2023-0215-UAF-bio.patch b/SOURCES/0104-CVE-2023-0215-UAF-bio.patch new file mode 100644 index 0000000..4140219 --- /dev/null +++ b/SOURCES/0104-CVE-2023-0215-UAF-bio.patch @@ -0,0 +1,187 @@ +From 8818064ce3c3c0f1b740a5aaba2a987e75bfbafd Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 14 Dec 2022 16:18:14 +0000 +Subject: [PATCH 06/18] Fix a UAF resulting from a bug in BIO_new_NDEF + +If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will +be part of an invalid BIO chain. This causes a "use after free" when the +BIO is eventually freed. + +Based on an original patch by Viktor Dukhovni and an idea from Theo +Buehler. + +Thanks to Octavio Galland for reporting this issue. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +--- + crypto/asn1/bio_ndef.c | 40 ++++++++++++++++++++++++++++++++-------- + 1 file changed, 32 insertions(+), 8 deletions(-) + +diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c +index d94e3a3644..b9df3a7a47 100644 +--- a/crypto/asn1/bio_ndef.c ++++ b/crypto/asn1/bio_ndef.c +@@ -49,13 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg); + static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, + void *parg); + +-/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */ ++/* ++ * On success, the returned BIO owns the input BIO as part of its BIO chain. ++ * On failure, NULL is returned and the input BIO is owned by the caller. ++ * ++ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() ++ */ + BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + { + NDEF_SUPPORT *ndef_aux = NULL; + BIO *asn_bio = NULL; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; ++ BIO *pop_bio = NULL; + + if (!aux || !aux->asn1_cb) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); +@@ -70,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + out = BIO_push(asn_bio, out); + if (out == NULL) + goto err; ++ pop_bio = asn_bio; + +- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); +- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); ++ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0 ++ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 ++ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) ++ goto err; + + /* +- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure +- * needs. ++ * Now let the callback prepend any digest, cipher, etc., that the BIO's ++ * ASN1 structure needs. + */ + + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; + +- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) ++ /* ++ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the ++ * middle of some partially built, but not returned BIO chain. ++ */ ++ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) { ++ /* ++ * ndef_aux is now owned by asn_bio so we must not free it in the err ++ * clean up block ++ */ ++ ndef_aux = NULL; + goto err; ++ } ++ ++ /* ++ * We must not fail now because the callback has prepended additional ++ * BIOs to the chain ++ */ + + ndef_aux->val = val; + ndef_aux->it = it; +@@ -92,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + ndef_aux->boundary = sarg.boundary; + ndef_aux->out = out; + +- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); +- + return sarg.ndef_bio; + + err: ++ /* BIO_pop() is NULL safe */ ++ (void)BIO_pop(pop_bio); + BIO_free(asn_bio); + OPENSSL_free(ndef_aux); + return NULL; +-- +2.39.1 + +From f596ec8a6f9f5fcfa8e46a73b60f78a609725294 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 14 Dec 2022 17:15:18 +0000 +Subject: [PATCH 07/18] Check CMS failure during BIO setup with -stream is + handled correctly + +Test for the issue fixed in the previous commit + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +--- + test/recipes/80-test_cms.t | 15 +++++++++++++-- + test/smime-certs/badrsa.pem | 18 ++++++++++++++++++ + 2 files changed, 31 insertions(+), 2 deletions(-) + create mode 100644 test/smime-certs/badrsa.pem + +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index 610f1cbc51..fd53683e6b 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -13,7 +13,7 @@ use warnings; + use POSIX; + use File::Spec::Functions qw/catfile/; + use File::Compare qw/compare_text compare/; +-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; ++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/; + + use OpenSSL::Test::Utils; + +@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) + + $no_rc2 = 1 if disabled("legacy"); + +-plan tests => 12; ++plan tests => 13; + + ok(run(test(["pkcs7_test"])), "test pkcs7"); + +@@ -972,3 +972,14 @@ ok(!run(app(['openssl', 'cms', '-verify', + + return ""; + } ++ ++# Check that we get the expected failure return code ++with({ exit_checker => sub { return shift == 6; } }, ++ sub { ++ ok(run(app(['openssl', 'cms', '-encrypt', ++ '-in', srctop_file("test", "smcont.txt"), ++ '-stream', '-recip', ++ srctop_file("test/smime-certs", "badrsa.pem"), ++ ])), ++ "Check failure during BIO setup with -stream is handled correctly"); ++ }); +diff --git a/test/smime-certs/badrsa.pem b/test/smime-certs/badrsa.pem +new file mode 100644 +index 0000000000..f824fc2267 +--- /dev/null ++++ b/test/smime-certs/badrsa.pem +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD ++VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY ++DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN ++AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw ++I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A ++/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s ++yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0 ++zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB ++lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww ++CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm ++ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW ++eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt ++5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d ++rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv ++yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/ ++j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg= ++-----END CERTIFICATE----- +-- +2.39.1 + diff --git a/SOURCES/0105-CVE-2023-0216-pkcs7-deref.patch b/SOURCES/0105-CVE-2023-0216-pkcs7-deref.patch new file mode 100644 index 0000000..bbcd594 --- /dev/null +++ b/SOURCES/0105-CVE-2023-0216-pkcs7-deref.patch @@ -0,0 +1,110 @@ +From 934a04f0e775309cadbef0aa6b9692e1b12a76c6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 16 Jan 2023 19:45:23 +0100 +Subject: [PATCH 08/18] Do not dereference PKCS7 object data if not set + +Fixes CVE-2023-0216 + +Reviewed-by: Shane Lontis +Reviewed-by: Paul Dale +--- + crypto/pkcs7/pk7_lib.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c +index 753f1276e6..936e50da54 100644 +--- a/crypto/pkcs7/pk7_lib.c ++++ b/crypto/pkcs7/pk7_lib.c +@@ -414,6 +414,8 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, + + static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7) + { ++ if (p7->d.ptr == NULL) ++ return NULL; + if (PKCS7_type_is_signed(p7)) + return p7->d.sign->cert; + if (PKCS7_type_is_signedAndEnveloped(p7)) +@@ -423,6 +425,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7) + + static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7) + { ++ if (p7->d.ptr == NULL) ++ return NULL; + if (PKCS7_type_is_signedAndEnveloped(p7)) + return p7->d.signed_and_enveloped->recipientinfo; + if (PKCS7_type_is_enveloped(p7)) +@@ -440,13 +444,17 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7) + const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); + OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); + const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); +- STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7); +- STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7); +- STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7); ++ STACK_OF(PKCS7_RECIP_INFO) *rinfos; ++ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; ++ STACK_OF(X509) *certs; + +- if (ctx == NULL) ++ if (ctx == NULL || p7->d.ptr == NULL) + return; + ++ rinfos = pkcs7_get_recipient_info(p7); ++ sinfos = PKCS7_get_signer_info(p7); ++ certs = pkcs7_get_signer_certs(p7); ++ + for (i = 0; i < sk_X509_num(certs); i++) + ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq); + +-- +2.39.1 + +From 67813d8a4d110f4174bbd2fee8a2f15388e324b5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 16 Jan 2023 19:56:20 +0100 +Subject: [PATCH 09/18] Add test for d2i_PKCS7 NULL dereference + +Reviewed-by: Shane Lontis +Reviewed-by: Paul Dale +--- + test/recipes/25-test_pkcs7.t | 7 +++++-- + test/recipes/25-test_pkcs7_data/malformed.pkcs7 | 3 +++ + 2 files changed, 8 insertions(+), 2 deletions(-) + create mode 100644 test/recipes/25-test_pkcs7_data/malformed.pkcs7 + +diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t +index 37cd43dc6b..d61cd6abad 100644 +--- a/test/recipes/25-test_pkcs7.t ++++ b/test/recipes/25-test_pkcs7.t +@@ -11,11 +11,11 @@ use strict; + use warnings; + + use File::Spec; +-use OpenSSL::Test qw/:DEFAULT srctop_file/; ++use OpenSSL::Test qw/:DEFAULT srctop_file data_file/; + + setup("test_pkcs7"); + +-plan tests => 3; ++plan tests => 4; + + require_ok(srctop_file('test','recipes','tconversion.pl')); + +@@ -27,3 +27,6 @@ subtest 'pkcs7 conversions -- pkcs7d' => sub { + tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), + -args => ["pkcs7"] ); + }; ++ ++my $malformed = data_file('malformed.pkcs7'); ++ok(run(app(["openssl", "pkcs7", "-in", $malformed]))); +diff --git a/test/recipes/25-test_pkcs7_data/malformed.pkcs7 b/test/recipes/25-test_pkcs7_data/malformed.pkcs7 +new file mode 100644 +index 0000000000..e30d1b582c +--- /dev/null ++++ b/test/recipes/25-test_pkcs7_data/malformed.pkcs7 +@@ -0,0 +1,3 @@ ++-----BEGIN PKCS7----- ++MAsGCSqGSIb3DQEHAg== ++-----END PKCS7----- +-- +2.39.1 + diff --git a/SOURCES/0106-CVE-2023-0217-dsa.patch b/SOURCES/0106-CVE-2023-0217-dsa.patch new file mode 100644 index 0000000..d2db996 --- /dev/null +++ b/SOURCES/0106-CVE-2023-0217-dsa.patch @@ -0,0 +1,404 @@ +From 23985bac83fd50c8e29431009302b5442f985096 Mon Sep 17 00:00:00 2001 +From: slontis +Date: Wed, 11 Jan 2023 11:05:04 +1000 +Subject: [PATCH 10/18] Fix NULL deference when validating FFC public key. + +Fixes CVE-2023-0217 + +When attempting to do a BN_Copy of params->p there was no NULL check. +Since BN_copy does not check for NULL this is a NULL reference. + +As an aside BN_cmp() does do a NULL check, so there are other checks +that fail because a NULL is passed. A more general check for NULL params +has been added for both FFC public and private key validation instead. + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +--- + crypto/ffc/ffc_key_validate.c | 9 +++++++++ + include/internal/ffc.h | 1 + + test/ffc_internal_test.c | 31 +++++++++++++++++++++++++++++++ + 3 files changed, 41 insertions(+) + +diff --git a/crypto/ffc/ffc_key_validate.c b/crypto/ffc/ffc_key_validate.c +index 9f6525a2c8..442303e4b3 100644 +--- a/crypto/ffc/ffc_key_validate.c ++++ b/crypto/ffc/ffc_key_validate.c +@@ -24,6 +24,11 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, + BN_CTX *ctx = NULL; + + *ret = 0; ++ if (params == NULL || pub_key == NULL || params->p == NULL) { ++ *ret = FFC_ERROR_PASSED_NULL_PARAM; ++ return 0; ++ } ++ + ctx = BN_CTX_new_ex(NULL); + if (ctx == NULL) + goto err; +@@ -107,6 +112,10 @@ int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv, + + *ret = 0; + ++ if (priv == NULL || upper == NULL) { ++ *ret = FFC_ERROR_PASSED_NULL_PARAM; ++ goto err; ++ } + if (BN_cmp(priv, BN_value_one()) < 0) { + *ret |= FFC_ERROR_PRIVKEY_TOO_SMALL; + goto err; +diff --git a/include/internal/ffc.h b/include/internal/ffc.h +index 732514a6c2..b8b7140857 100644 +--- a/include/internal/ffc.h ++++ b/include/internal/ffc.h +@@ -76,6 +76,7 @@ + # define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 + # define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 + # define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 ++# define FFC_ERROR_PASSED_NULL_PARAM 0x40 + + /* + * Finite field cryptography (FFC) domain parameters are used by DH and DSA. +diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c +index 2c97293573..9f67bd29b9 100644 +--- a/test/ffc_internal_test.c ++++ b/test/ffc_internal_test.c +@@ -510,6 +510,27 @@ static int ffc_public_validate_test(void) + if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) + goto err; + ++ /* Fail if params is NULL */ ++ if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res))) ++ goto err; ++ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) ++ goto err; ++ res = -1; ++ /* Fail if pubkey is NULL */ ++ if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res))) ++ goto err; ++ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) ++ goto err; ++ res = -1; ++ ++ BN_free(params->p); ++ params->p = NULL; ++ /* Fail if params->p is NULL */ ++ if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) ++ goto err; ++ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) ++ goto err; ++ + ret = 1; + err: + DH_free(dh); +@@ -567,6 +588,16 @@ static int ffc_private_validate_test(void) + if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) + goto err; + ++ if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res))) ++ goto err; ++ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) ++ goto err; ++ res = -1; ++ if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res))) ++ goto err; ++ if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) ++ goto err; ++ + ret = 1; + err: + DH_free(dh); +-- +2.39.1 + +From c1b4467a7cc129a74fc5205b80a5c47556b99416 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 13 Jan 2023 17:57:59 +0100 +Subject: [PATCH 11/18] Prevent creating DSA and DH keys without parameters + through import + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +--- + providers/implementations/keymgmt/dh_kmgmt.c | 4 ++-- + providers/implementations/keymgmt/dsa_kmgmt.c | 5 +++-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index 58a5fd009f..c2d87b4a7f 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -198,8 +198,8 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) + if ((selection & DH_POSSIBLE_SELECTIONS) == 0) + return 0; + +- if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) +- ok = ok && ossl_dh_params_fromdata(dh, params); ++ /* a key without parameters is meaningless */ ++ ok = ok && ossl_dh_params_fromdata(dh, params); + + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = +diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c +index 100e917167..881680c085 100644 +--- a/providers/implementations/keymgmt/dsa_kmgmt.c ++++ b/providers/implementations/keymgmt/dsa_kmgmt.c +@@ -199,8 +199,9 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[]) + if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) + return 0; + +- if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) +- ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); ++ /* a key without parameters is meaningless */ ++ ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); ++ + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; +-- +2.39.1 + +From fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 13 Jan 2023 17:59:52 +0100 +Subject: [PATCH 12/18] Do not create DSA keys without parameters by decoder + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +--- + crypto/x509/x_pubkey.c | 24 +++++++++++++++++++ + include/crypto/x509.h | 3 +++ + .../encode_decode/decode_der2key.c | 2 +- + 3 files changed, 28 insertions(+), 1 deletion(-) + +diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c +index bc90ddd89b..77790faa1f 100644 +--- a/crypto/x509/x_pubkey.c ++++ b/crypto/x509/x_pubkey.c +@@ -745,6 +745,30 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) + return key; + } + ++/* Called from decoders; disallows provided DSA keys without parameters. */ ++DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) ++{ ++ DSA *key = NULL; ++ const unsigned char *data; ++ const BIGNUM *p, *q, *g; ++ ++ data = *pp; ++ key = d2i_DSA_PUBKEY(NULL, &data, length); ++ if (key == NULL) ++ return NULL; ++ DSA_get0_pqg(key, &p, &q, &g); ++ if (p == NULL || q == NULL || g == NULL) { ++ DSA_free(key); ++ return NULL; ++ } ++ *pp = data; ++ if (a != NULL) { ++ DSA_free(*a); ++ *a = key; ++ } ++ return key; ++} ++ + int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) + { + EVP_PKEY *pktmp; +diff --git a/include/crypto/x509.h b/include/crypto/x509.h +index 1f00178e89..0c42730ee9 100644 +--- a/include/crypto/x509.h ++++ b/include/crypto/x509.h +@@ -339,6 +339,9 @@ void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub); + + RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); + int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp); ++# ifndef OPENSSL_NO_DSA ++DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); ++# endif /* OPENSSL_NO_DSA */ + # ifndef OPENSSL_NO_DH + DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); + int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); +diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c +index ebc2d24833..d6ad738ef3 100644 +--- a/providers/implementations/encode_decode/decode_der2key.c ++++ b/providers/implementations/encode_decode/decode_der2key.c +@@ -374,7 +374,7 @@ static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, + (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); + } + +-# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY ++# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY + # define dsa_free (free_key_fn *)DSA_free + # define dsa_check NULL + +-- +2.39.1 + +From 7e37185582995b35f885fec9dcc3670af9ffcbef Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 13 Jan 2023 18:46:15 +0100 +Subject: [PATCH 13/18] Add test for DSA pubkey without param import and check + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +--- + test/recipes/91-test_pkey_check.t | 48 ++++++++++++++---- + .../91-test_pkey_check_data/dsapub.pem | 12 +++++ + .../dsapub_noparam.der | Bin 0 -> 108 bytes + 3 files changed, 49 insertions(+), 11 deletions(-) + create mode 100644 test/recipes/91-test_pkey_check_data/dsapub.pem + create mode 100644 test/recipes/91-test_pkey_check_data/dsapub_noparam.der + +diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t +index 612a3e3d6c..015d7805db 100644 +--- a/test/recipes/91-test_pkey_check.t ++++ b/test/recipes/91-test_pkey_check.t +@@ -11,19 +11,24 @@ use strict; + use warnings; + + use File::Spec; +-use OpenSSL::Test qw/:DEFAULT data_file/; ++use OpenSSL::Test qw/:DEFAULT data_file with/; + use OpenSSL::Test::Utils; + + sub pkey_check { + my $f = shift; ++ my $pubcheck = shift; ++ my @checkopt = ('-check'); + +- return run(app(['openssl', 'pkey', '-check', '-text', ++ @checkopt = ('-pubcheck', '-pubin') if $pubcheck; ++ ++ return run(app(['openssl', 'pkey', @checkopt, '-text', + '-in', $f])); + } + + sub check_key { + my $f = shift; + my $should_fail = shift; ++ my $pubcheck = shift; + my $str; + + +@@ -33,11 +38,10 @@ sub check_key { + $f = data_file($f); + + if ( -s $f ) { +- if ($should_fail) { +- ok(!pkey_check($f), $str); +- } else { +- ok(pkey_check($f), $str); +- } ++ with({ exit_checker => sub { return shift == $should_fail; } }, ++ sub { ++ ok(pkey_check($f, $pubcheck), $str); ++ }); + } else { + fail("Missing file $f"); + } +@@ -66,15 +70,37 @@ push(@positive_tests, ( + "dhpkey.pem" + )) unless disabled("dh"); + ++my @negative_pubtests = (); ++ ++push(@negative_pubtests, ( ++ "dsapub_noparam.der" ++ )) unless disabled("dsa"); ++ ++my @positive_pubtests = (); ++ ++push(@positive_pubtests, ( ++ "dsapub.pem" ++ )) unless disabled("dsa"); ++ + plan skip_all => "No tests within the current enabled feature set" +- unless @negative_tests && @positive_tests; ++ unless @negative_tests && @positive_tests ++ && @negative_pubtests && @positive_pubtests; + +-plan tests => scalar(@negative_tests) + scalar(@positive_tests); ++plan tests => scalar(@negative_tests) + scalar(@positive_tests) ++ + scalar(@negative_pubtests) + scalar(@positive_pubtests); + + foreach my $t (@negative_tests) { +- check_key($t, 1); ++ check_key($t, 1, 0); + } + + foreach my $t (@positive_tests) { +- check_key($t, 0); ++ check_key($t, 0, 0); ++} ++ ++foreach my $t (@negative_pubtests) { ++ check_key($t, 1, 1); ++} ++ ++foreach my $t (@positive_pubtests) { ++ check_key($t, 0, 1); + } +diff --git a/test/recipes/91-test_pkey_check_data/dsapub.pem b/test/recipes/91-test_pkey_check_data/dsapub.pem +new file mode 100644 +index 0000000000..0ff4bd83ed +--- /dev/null ++++ b/test/recipes/91-test_pkey_check_data/dsapub.pem +@@ -0,0 +1,12 @@ ++-----BEGIN PUBLIC KEY----- ++MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4 ++4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD ++9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD ++CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV ++lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+ ++4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq ++bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr ++YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER ++kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys ++DRjhKHBjdo0rZeSM8DAk3ctrXA== ++-----END PUBLIC KEY----- +diff --git a/test/recipes/91-test_pkey_check_data/dsapub_noparam.der b/test/recipes/91-test_pkey_check_data/dsapub_noparam.der +new file mode 100644 +index 0000000000000000000000000000000000000000..b8135f1ca94da914b6829421e0c13f6daa731862 +GIT binary patch +literal 108 +zcmXpIGT>xm*J|@PXTieE%*wz71|F5F-Nv0Bz9(=Kufz + +literal 0 +HcmV?d00001 + +-- +2.39.1 + +From 2ad9928170768653d19d81881deabc5f9c1665c0 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 3 Feb 2023 14:57:04 +0100 +Subject: [PATCH 18/18] Internaly declare the DSA type for no-deprecated builds + +Reviewed-by: Hugo Landau +Reviewed-by: Richard Levitte +(cherry picked from commit 7a21a1b5fa2dac438892cf3292d1f9c445d870d9) +--- + include/crypto/types.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/include/crypto/types.h b/include/crypto/types.h +index 0d81404091..0a75f03a3f 100644 +--- a/include/crypto/types.h ++++ b/include/crypto/types.h +@@ -20,6 +20,9 @@ typedef struct rsa_meth_st RSA_METHOD; + typedef struct ec_key_st EC_KEY; + typedef struct ec_key_method_st EC_KEY_METHOD; + # endif ++# ifndef OPENSSL_NO_DSA ++typedef struct dsa_st DSA; ++# endif + # endif + + # ifndef OPENSSL_NO_EC +-- +2.39.1 + diff --git a/SOURCES/0107-CVE-2023-0286-X400.patch b/SOURCES/0107-CVE-2023-0286-X400.patch new file mode 100644 index 0000000..b3d7a15 --- /dev/null +++ b/SOURCES/0107-CVE-2023-0286-X400.patch @@ -0,0 +1,63 @@ +From 2f7530077e0ef79d98718138716bc51ca0cad658 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Tue, 17 Jan 2023 17:45:42 +0000 +Subject: [PATCH 14/18] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address + (3.0) + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +--- + CHANGES.md | 19 +++++++++++++++++++ + crypto/x509/v3_genn.c | 2 +- + include/openssl/x509v3.h.in | 2 +- + test/v3nametest.c | 8 ++++++++ + 4 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c +index c0a7166cd0..1741c2d2f6 100644 +--- a/crypto/x509/v3_genn.c ++++ b/crypto/x509/v3_genn.c +@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) + return -1; + switch (a->type) { + case GEN_X400: +- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address); + break; + + case GEN_EDIPARTY: +diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in +index d00a66a343..c087e3cf92 100644 +--- a/include/openssl/x509v3.h.in ++++ b/include/openssl/x509v3.h.in +@@ -154,7 +154,7 @@ typedef struct GENERAL_NAME_st { + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; +- ASN1_TYPE *x400Address; ++ ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; +diff --git a/test/v3nametest.c b/test/v3nametest.c +index 6d2e2f8e27..0341995dde 100644 +--- a/test/v3nametest.c ++++ b/test/v3nametest.c +@@ -644,6 +644,14 @@ static struct gennamedata { + 0xb7, 0x09, 0x02, 0x02 + }, + 15 ++ }, { ++ /* ++ * Regression test for CVE-2023-0286. ++ */ ++ { ++ 0xa3, 0x00 ++ }, ++ 2 + } + }; + +-- +2.39.1 + diff --git a/SOURCES/0108-CVE-2023-0401-pkcs7-md.patch b/SOURCES/0108-CVE-2023-0401-pkcs7-md.patch new file mode 100644 index 0000000..7608f56 --- /dev/null +++ b/SOURCES/0108-CVE-2023-0401-pkcs7-md.patch @@ -0,0 +1,150 @@ +From d3b6dfd70db844c4499bec6ad6601623a565e674 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Wed, 18 Jan 2023 09:27:53 +0100 +Subject: [PATCH 15/18] pk7_doit.c: Check return of BIO_set_md() calls + +These calls invoke EVP_DigestInit() which can fail for digests +with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write() +or EVP_DigestFinal() from BIO_read() will segfault on NULL +dereference. This can be triggered by an attacker providing +PKCS7 data digested with MD4 for example if the legacy provider +is not loaded. + +If BIO_set_md() fails the md BIO cannot be used. + +CVE-2023-0401 + +Reviewed-by: Paul Dale +Reviewed-by: Dmitry Belyavskiy +--- + crypto/pkcs7/pk7_doit.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c +index bde9ac4787..5e562fbea5 100644 +--- a/crypto/pkcs7/pk7_doit.c ++++ b/crypto/pkcs7/pk7_doit.c +@@ -84,7 +84,11 @@ static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, + } + (void)ERR_pop_to_mark(); + +- BIO_set_md(btmp, md); ++ if (BIO_set_md(btmp, md) <= 0) { ++ ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); ++ EVP_MD_free(fetched); ++ goto err; ++ } + EVP_MD_free(fetched); + if (*pbio == NULL) + *pbio = btmp; +@@ -522,7 +526,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + } + (void)ERR_pop_to_mark(); + +- BIO_set_md(btmp, md); ++ if (BIO_set_md(btmp, md) <= 0) { ++ EVP_MD_free(evp_md); ++ ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); ++ goto err; ++ } + EVP_MD_free(evp_md); + if (out == NULL) + out = btmp; +-- +2.39.1 + +From a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Wed, 18 Jan 2023 17:07:24 +0100 +Subject: [PATCH 16/18] Add testcase for missing return check of BIO_set_md() + calls + +Reviewed-by: Paul Dale +Reviewed-by: Dmitry Belyavskiy +--- + test/recipes/80-test_cms.t | 15 ++++++++-- + test/recipes/80-test_cms_data/pkcs7-md4.pem | 32 +++++++++++++++++++++ + 2 files changed, 45 insertions(+), 2 deletions(-) + create mode 100644 test/recipes/80-test_cms_data/pkcs7-md4.pem + +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index fd53683e6b..d45789de70 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -13,7 +13,7 @@ use warnings; + use POSIX; + use File::Spec::Functions qw/catfile/; + use File::Compare qw/compare_text compare/; +-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with/; ++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with data_file/; + + use OpenSSL::Test::Utils; + +@@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) + + $no_rc2 = 1 if disabled("legacy"); + +-plan tests => 13; ++plan tests => 14; + + ok(run(test(["pkcs7_test"])), "test pkcs7"); + +@@ -941,6 +941,17 @@ subtest "CMS binary input tests\n" => sub { + "verify binary input with -binary missing -crlfeol"); + }; + ++# Test case for missing MD algorithm (must not segfault) ++ ++with({ exit_checker => sub { return shift == 4; } }, ++ sub { ++ ok(run(app(['openssl', 'smime', '-verify', '-noverify', ++ '-inform', 'PEM', ++ '-in', data_file("pkcs7-md4.pem"), ++ ])), ++ "Check failure of EVP_DigestInit is handled correctly"); ++ }); ++ + sub check_availability { + my $tnam = shift; + +diff --git a/test/recipes/80-test_cms_data/pkcs7-md4.pem b/test/recipes/80-test_cms_data/pkcs7-md4.pem +new file mode 100644 +index 0000000000..ecff611deb +--- /dev/null ++++ b/test/recipes/80-test_cms_data/pkcs7-md4.pem +@@ -0,0 +1,32 @@ ++-----BEGIN PKCS7----- ++MIIFhAYJKoZIhvcNAQcCoIIFdTCCBXECAQExDjAMBggqhkiG9w0CBAUAMB0GCSqG ++SIb3DQEHAaAQBA5UZXN0IGNvbnRlbnQNCqCCAyQwggMgMIICCKADAgECAgECMA0G ++CSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMCAXDTE2MDExNTA4MTk0OVoYDzIx ++MTYwMTE2MDgxOTQ5WjAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJ ++KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU ++fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC ++76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz ++BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl ++V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv ++0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaN9 ++MHswHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOiMB8GA1UdIwQYMBaAFLQR ++M/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH ++AwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEB ++AEG0PE9hQuXlvtUULv9TQ2BXy9MmTjOk+dQwxDhAXYBYMUB6TygsqvPXwpDwz8MS ++EPGCRqh5cQwtPoElQRU1i4URgcQMZquXScwNFcvE6AATF/PdN/+mOwtqFrlpYfs3 ++IJIpYL6ViQg4n8pv+b/pCwMmhewQLwCGs9+omHNTOwKjEiVoNaprAfj5Lxt15fS2 +++zZW0mT9Y4kfEypetrqSAjh8CDK+vaQhkeKdDfJyBfjS4ALfxvCkT3mQnsWFJ9CU ++TVG3uw6ylSPT3wN3RE0Ofa4rI5PESogQsd/DgBc7dcDO3yoPKGjycR3/GJDqqCxC ++e9dr6FJEnDjaDf9zNWyTFHExggITMIICDwIBATASMA0xCzAJBgNVBAMMAkNBAgEC ++MAwGCCqGSIb3DQIEBQCggdQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq ++hkiG9w0BCQUxDxcNMjMwMTE4MTU0NzExWjAfBgkqhkiG9w0BCQQxEgQQRXO4TKpp ++RgA4XHb8bD1pczB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgB ++ZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN ++BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B ++AQEFAASCAQAe+xlm/TGg/s/7b0xBc3FFnmmUDEe7ljkehIx61OnBV9ZWA+LcBX/7 ++kmMSMdaHjRq4w8FmwBMLzn0ttXVqf0QuPbBF/E6X5EqK9lpOdkUQhNiN2v+ZfY6c ++lrH4ADsSD9D+UHw0sxo5KEF+PPuneUfYCJZosFUJosBbuSEXK0C9yfJoDKVE8Syp ++0vdqh73ogLeNgZLAUGSSB66OmHDxwgAj4qPAv6FHFBy1Xs4uFZER5vniYrH9OrAk ++Z6XdvzDoYZC4XcGMDtcOpOM6D4owqy5svHPDw8wIlM4GVhrTw7CQmuBz5uRNnf6a ++ZK3jZIxG1hr/INaNWheHoPIhPblYaVc6 ++-----END PKCS7----- +-- +2.39.1 + diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 005e9ab..f8d2451 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -28,13 +28,13 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.0.1 -Release: 41%{?dist} +Version: 3.0.7 +Release: 5%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. -Source: openssl-%{version}-hobbled.tar.xz +Source: openssl-%{version}-hobbled.tar.gz Source1: hobble-openssl Source2: Makefile.certificate Source3: genpatches @@ -70,12 +70,6 @@ Patch11: 0011-Remove-EC-curves.patch # Disable explicit EC curves # https://bugzilla.redhat.com/show_bug.cgi?id=2066412 Patch12: 0012-Disable-explicit-ec.patch -# https://github.com/openssl/openssl/pull/17981 -Patch13: 0013-FIPS-provider-explicit-ec.patch -# https://github.com/openssl/openssl/pull/17998 -Patch14: 0014-FIPS-disable-explicit-ec.patch -# https://github.com/openssl/openssl/pull/18609 -Patch15: 0015-FIPS-decoded-from-explicit.patch # Instructions to load legacy provider in openssl.cnf Patch24: 0024-load-legacy-prov.patch # Tmp: test name change @@ -92,12 +86,8 @@ Patch35: 0035-speed-skip-unavailable-dgst.patch Patch44: 0044-FIPS-140-3-keychecks.patch # Minimize fips services Patch45: 0045-FIPS-services-minimize.patch -# Backport of s390x hardening, https://github.com/openssl/openssl/pull/17486 -Patch46: 0046-FIPS-s390x-hardening.patch # Execute KATS before HMAC verification Patch47: 0047-FIPS-early-KATS.patch -# Backport of correctly handle 2^14 byte long records #17538 -Patch48: 0048-correctly-handle-records.patch # Selectively disallow SHA1 signatures Patch49: 0049-Selectively-disallow-SHA1-signatures.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2049265 @@ -106,16 +96,12 @@ Patch50: 0050-FIPS-enable-pkcs12-mac.patch Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch # Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch -# CVE 2022-0778 -Patch53: 0053-CVE-2022-0778.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 -Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch -# https://github.com/openssl/openssl/pull/17324 -Patch55: 0055-nonlegacy-fetch-null-deref.patch -# https://github.com/openssl/openssl/pull/18103 +# Originally from https://github.com/openssl/openssl/pull/18103 +# As we rebased to 3.0.7 and used the version of the function +# not matching the upstream one, we have to use aliasing. +# When we eliminate this patch, the `-Wl,--allow-multiple-definition` +# should also be removed Patch56: 0056-strcasecmp.patch -# https://github.com/openssl/openssl/pull/18175 -Patch57: 0057-strcasecmp-fix.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2053289 Patch58: 0058-FIPS-limit-rsa-encrypt.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2069235 @@ -123,25 +109,9 @@ Patch60: 0060-FIPS-KAT-signature-tests.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2087147 Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch Patch62: 0062-fips-Expose-a-FIPS-indicator.patch -# https://github.com/openssl/openssl/pull/18141 -Patch63: 0063-CVE-2022-1473.patch -# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a -Patch64: 0064-CVE-2022-1343.diff -# upstream commit 1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 -Patch65: 0065-CVE-2022-1292.patch -# https://github.com/openssl/openssl/pull/18444 -# https://github.com/openssl/openssl/pull/18467 -Patch66: 0066-replace-expired-certs.patch -# https://github.com/openssl/openssl/pull/18512 -Patch67: 0067-fix-ppc64-montgomery.patch -#https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa -#https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739 -Patch68: 0068-CVE-2022-2068.patch -# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93 -# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8 -Patch69: 0069-CVE-2022-2097.patch -# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483 -Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2130708 +# https://github.com/openssl/openssl/pull/18883 +Patch67: 0067-ppc64le-Montgomery-multiply.patch # https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c # https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd Patch71: 0071-AES-GCM-performance-optimization.patch @@ -162,6 +132,38 @@ Patch76: 0076-FIPS-140-3-DRBG.patch Patch77: 0077-FIPS-140-3-zeroization.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2114772 Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch +#https://bugzilla.redhat.com/show_bug.cgi?id=2141748 +Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2142131 +Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2141695 +Patch82: 0082-kbkdf-Add-explicit-FIPS-indicator-for-key-length.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2136250 +Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2137557 +Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch +#https://bugzilla.redhat.com/show_bug.cgi?id=2142121 +Patch85: 0085-FIPS-RSA-disable-shake.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2142087 +Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2142087 +Patch89: 0089-PSS-salt-length-from-provider.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2142087 +Patch90: 0090-signature-Clamp-PSS-salt-len-to-MD-len.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2144561 +Patch91: 0091-FIPS-RSA-encapsulate.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2142517 +Patch92: 0092-provider-improvements.patch + +# OpenSSL 3.0.8 CVEs +Patch101: 0101-CVE-2022-4203-nc-match.patch +Patch102: 0102-CVE-2022-4304-RSA-time-oracle.patch +Patch103: 0103-CVE-2022-4450-pem-read-bio.patch +Patch104: 0104-CVE-2023-0215-UAF-bio.patch +Patch105: 0105-CVE-2023-0216-pkcs7-deref.patch +Patch106: 0106-CVE-2023-0217-dsa.patch +Patch107: 0107-CVE-2023-0286-X400.patch +Patch108: 0108-CVE-2023-0401-pkcs7-md.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -189,7 +191,6 @@ protocols. Summary: A general purpose cryptography library with TLS implementation Requires: ca-certificates >= 2008-5 Requires: crypto-policies >= 20180730 -Recommends: openssl-pkcs11%{?_isa} %description libs OpenSSL is a toolkit for supporting cryptography. The openssl-libs @@ -305,7 +306,8 @@ export HASHBANGPERL=/usr/bin/perl zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ no-mdc2 no-ec2m no-sm2 no-sm4 enable-buildtest-c++\ - shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""' + shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\ + -Wl,--allow-multiple-definition # Do not run this in a production package the FIPS symbols must be patched-in #util/mkdef.pl crypto update @@ -492,38 +494,116 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Wed Feb 08 2023 Dmitry Belyavskiy - 1:3.0.7-5 +- Fixed X.509 Name Constraints Read Buffer Overflow + Resolves: CVE-2022-4203 +- Fixed Timing Oracle in RSA Decryption + Resolves: CVE-2022-4304 +- Fixed Double free after calling PEM_read_bio_ex + Resolves: CVE-2022-4450 +- Fixed Use-after-free following BIO_new_NDEF + Resolves: CVE-2023-0215 +- Fixed Invalid pointer dereference in d2i_PKCS7 functions + Resolves: CVE-2023-0216 +- Fixed NULL dereference validating DSA public key + Resolves: CVE-2023-0217 +- Fixed X.400 address type confusion in X.509 GeneralName + Resolves: CVE-2023-0286 +- Fixed NULL dereference during PKCS7 data verification + Resolves: CVE-2023-0401 + +* Wed Jan 11 2023 Clemens Lang - 1:3.0.7-4 +- Disallow SHAKE in RSA-OAEP decryption in FIPS mode + Resolves: rhbz#2142121 + +* Thu Jan 05 2023 Dmitry Belyavskiy - 1:3.0.7-3 +- Refactor OpenSSL fips module MAC verification + Resolves: rhbz#2157965 + +* Thu Nov 24 2022 Dmitry Belyavskiy - 1:3.0.7-2 +- Various provider-related imrovements necessary for PKCS#11 provider correct operations + Resolves: rhbz#2142517 +- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream + Resolves: rhbz#2133809 +- Removed recommended package for openssl-libs + Resolves: rhbz#2093804 +- Adjusting include for the FIPS_mode macro + Resolves: rhbz#2083879 +- Backport of ppc64le Montgomery multiply enhancement + Resolves: rhbz#2130708 +- Fix explicit indicator for PSS salt length in FIPS mode when used with + negative magic values + Resolves: rhbz#2142087 +- Update change to default PSS salt length with patch state from upstream + Related: rhbz#2142087 + +* Tue Nov 22 2022 Dmitry Belyavskiy - 1:3.0.7-1 +- Rebasing to OpenSSL 3.0.7 + Resolves: rhbz#2129063 + +* Mon Nov 14 2022 Dmitry Belyavskiy - 1:3.0.1-44 +- SHAKE-128/256 are not allowed with RSA in FIPS mode + Resolves: rhbz#2144010 +- Avoid memory leaks in TLS + Resolves: rhbz#2144008 +- FIPS RSA CRT tests must use correct parameters + Resolves: rhbz#2144006 +- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC + Resolves: rhbz#2144017 +- Remove support for X9.31 signature padding in FIPS mode + Resolves: rhbz#2144015 +- Add explicit indicator for SP 800-108 KDFs with short key lengths + Resolves: rhbz#2144019 +- Add explicit indicator for HMAC with short key lengths + Resolves: rhbz#2144000 +- Set minimum password length for PBKDF2 in FIPS mode + Resolves: rhbz#2144003 +- Add explicit indicator for PSS salt length in FIPS mode + Resolves: rhbz#2144012 +- Clamp default PSS salt length to digest size for FIPS 186-4 compliance + Related: rhbz#2144012 +- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode + Resolves: rhbz#2145170 + +* Tue Nov 01 2022 Dmitry Belyavskiy - 1:3.0.1-43 +- CVE-2022-3602: X.509 Email Address Buffer Overflow +- CVE-2022-3786: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 + +* Wed Oct 26 2022 Dmitry Belyavskiy - 1:3.0.1-42 +- CVE-2022-3602: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 (rhbz#2137723) + * Thu Aug 11 2022 Clemens Lang - 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 - Resolves: rhbz#2115861 + Related: rhbz#2102542 - Add FIPS indicator for HKDF - Resolves: rhbz#2118388 + Related: rhbz#2114772 * Fri Aug 05 2022 Dmitry Belyavskiy - 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements - Related: rhbz#2115856 + Related: rhbz#2102536 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements - Related: rhbz#2115857 + Related: rhbz#2102537 - Use signature for RSA pairwise test according FIPS-140-3 requirements - Related: rhbz#2115858 + Related: rhbz#2102540 - Reseed all the parent DRBGs in chain on reseeding a DRBG - Related: rhbz#2115859 -- Zeroization according to FIPS-140-3 requirements - Related: rhbz#2115861 + Related: rhbz#2102541 * Mon Aug 01 2022 Clemens Lang - 1:3.0.1-39 - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test - Resolves: rhbz#2112978 + Resolves: rhbz#2102535 * Thu Jul 14 2022 Clemens Lang - 1:3.0.1-38 - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. - Resolves: rhbz#2107530 + Resolves: rhbz#2103289 - Improve AES-GCM performance on Power9 and Power10 ppc64le - Resolves: rhbz#2103044 + Resolves: rhbz#2051312 - Improve ChaCha20 performance on Power10 ppc64le - Resolves: rhbz#2103044 + Resolves: rhbz#2051312 * Tue Jul 05 2022 Clemens Lang - 1:3.0.1-37 - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 @@ -531,122 +611,123 @@ install -m644 %{SOURCE9} \ * Thu Jun 16 2022 Dmitry Belyavskiy - 1:3.0.1-36 - Ciphersuites with RSAPSK KX should be filterd in FIPS mode -- Related: rhbz#2091994 +- Related: rhbz#2085088 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough -- Related: rhbz#2091977 +- Related: rhbz#2053289 - Improve diagnostics when passing unsupported groups in TLS -- Related: rhbz#2086554 +- Related: rhbz#2070197 - Fix PPC64 Montgomery multiplication bug -- Related: rhbz#2101346 +- Related: rhbz#2098199 - Strict certificates validation shouldn't allow explicit EC parameters -- Related: rhbz#2085521 +- Related: rhbz#2058663 - CVE-2022-2068: the c_rehash script allows command injection -- Related: rhbz#2098276 +- Related: rhbz#2098277 * Wed Jun 08 2022 Clemens Lang - 1:3.0.1-35 - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. - Resolves: rhbz#2087234 + Resolves: rhbz#2087147 * Fri Jun 03 2022 Dmitry Belyavskiy - 1:3.0.1-34 - Some OpenSSL test certificates are expired, updating -- Resolves: rhbz#2095696 +- Resolves: rhbz#2092456 * Thu May 26 2022 Dmitry Belyavskiy - 1:3.0.1-33 - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory -- Resolves: rhbz#2089443 +- Resolves: rhbz#2089444 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS -- Resolves: rhbz#2089439 +- Resolves: rhbz#2087911 - CVE-2022-1292 openssl: c_rehash script allows command injection -- Resolves: rhbz#2090361 +- Resolves: rhbz#2090362 - Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" - Related: rhbz#2087234 + Related: rhbz#2087147 - Use KAT for ECDSA signature tests, s390 arch -- Resolves: rhbz#2086866 +- Resolves: rhbz#2069235 * Thu May 19 2022 Dmitry Belyavskiy - 1:3.0.1-32 - `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode -- Resolves: rhbz#2091929 +- Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode -- Related: rhbz#2091994 +- Related: rhbz#2085088 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits -- Resolves: rhbz#2091938 +- Resolves: rhbz#2077884 * Wed May 18 2022 Clemens Lang - 1:3.0.1-31 - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode - Resolves: rhbz#2087234 + Resolves: rhbz#2087147 * Mon May 16 2022 Dmitry Belyavskiy - 1:3.0.1-30 - Use KAT for ECDSA signature tests -- Resolves: rhbz#2086866 +- Resolves: rhbz#2069235 * Thu May 12 2022 Dmitry Belyavskiy - 1:3.0.1-29 - `-config` argument of openssl app should work properly in FIPS mode -- Resolves: rhbz#2085500 +- Resolves: rhbz#2083274 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC -- Resolves: rhbz#2085499 +- Resolves: rhbz#2063947 * Fri May 06 2022 Dmitry Belyavskiy - 1:3.0.1-28 - OpenSSL should not accept custom elliptic curve parameters -- Resolves rhbz#2085508 +- Resolves rhbz#2066412 - OpenSSL should not accept explicit curve parameters in FIPS mode -- Resolves rhbz#2085521 +- Resolves rhbz#2058663 * Fri May 06 2022 Clemens Lang - 1:3.0.1-27 - Change FIPS module version to include hash of specfile, patches and sources - Resolves: rhbz#2082585 + Resolves: rhbz#2070550 * Thu May 05 2022 Dmitry Belyavskiy - 1:3.0.1-26 - OpenSSL FIPS module should not build in non-approved algorithms - Resolves: rhbz#2082584 +- Resolves: rhbz#2081378 * Mon May 02 2022 Dmitry Belyavskiy - 1:3.0.1-25 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 -* Mon May 02 2022 Clemens Lang - 1:3.0.1-24 -- Fix occasional internal error in TLS when DHE is used - Resolves: rhbz#2080323 +* Thu Apr 28 2022 Clemens Lang - 1:3.0.1-24 +- Fix regression in evp_pkey_name2type caused by tr_TR locale fix + Resolves: rhbz#2071631 -* Tue Apr 26 2022 Clemens Lang - 1:3.0.1-23 -- Update missing initialization patch with feedback from upstream - Resolves: rhbz#2076654 +* Wed Apr 20 2022 Dmitry Belyavskiy - 1:3.0.1-23 +- Fix openssl curl error with LANG=tr_TR.utf8 +- Resolves: rhbz#2071631 -* Fri Apr 22 2022 Dmitry Belyavskiy - 1:3.0.1-22 -- Invocation of the missing initialization -- Resolves: rhbz#2076654 +* Mon Mar 28 2022 Dmitry Belyavskiy - 1:3.0.1-22 +- FIPS provider should block RSA encryption for key transport +- Resolves: rhbz#2053289 -* Wed Apr 20 2022 Dmitry Belyavskiy - 1:3.0.1-21 -- Fix openssl curl error with LANG=tr_TR.utf8 -- Resolves: rhbz#2076654 +* Tue Mar 22 2022 Clemens Lang - 1:3.0.1-21 +- Fix occasional internal error in TLS when DHE is used +- Resolves: rhbz#2004915 * Fri Mar 18 2022 Clemens Lang - 1:3.0.1-20 - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set -- Resolves: rhbz#2063306 +- Resolves: rhbz#2065400 * Fri Mar 18 2022 Clemens Lang - 1:3.0.1-19 - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes -- Resolves: rhbz#2063306 +- Resolves: rhbz#2065400 * Wed Mar 16 2022 Dmitry Belyavskiy - 1:3.0.1-18 - CVE-2022-0778 fix -- Resolves: rhbz#2062314 +- Resolves: rhbz#2062315 -* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-15.1 +* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-17 - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() -- Resolves: rhbz#2061607 +- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch +- Resolves: rhbz#2062640 -* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-14.1 +* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-15 - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes -- Resolves: rhbz#2031742 +- Resolves: rhbz#2060510 * Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14 - Prevent use of SHA1 with ECDSA