public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: Rebase to upstream release 3.1.1
@ 2026-06-09 12:45 Sahana Prasad
0 siblings, 0 replies; only message in thread
From: Sahana Prasad @ 2026-06-09 12:45 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 9409bc7044cf4b5773639cce20f51399888c45fd
Author : Sahana Prasad <sahana@redhat.com>
Date : 2023-07-28T15:26:00+02:00
Stats : +343/-7322 in 29 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/9409bc7044cf4b5773639cce20f51399888c45fd?branch=rebase_40beta
Log:
Rebase to upstream release 3.1.1
Signed-off-by: Sahana Prasad <sahana@redhat.com>
---
diff --git a/.gitignore b/.gitignore
index d8bab5a..c518dfe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -58,3 +58,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-3.0.7-hobbled.tar.gz
/openssl-3.0.8-hobbled.tar.gz
/openssl-3.0.8.tar.gz
+/openssl-3.1.1.tar.gz
diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index 18ff59c..4c313ff 100644
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -272,9 +272,9 @@ index 404a706fab..e81fa9ec3e 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5282,3 +5282,4 @@ OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION:
- OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
- OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
- OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
+ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
+ BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
+ OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
--
2.26.2
diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch
index 50c3343..3f25180 100644
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ b/0009-Add-Kernel-FIPS-mode-flag-support.patch
@@ -1,9 +1,9 @@
diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha13/crypto/context.c
--- openssl-3.0.0-alpha13/crypto/context.c.kernel-fips 2021-03-16 00:09:55.814826432 +0100
+++ openssl-3.0.0-alpha13/crypto/context.c 2021-03-16 00:15:55.129043811 +0100
-@@ -12,11 +12,46 @@
- #include "crypto/ctype.h"
- #include "crypto/rand.h"
+@@ -12,6 +12,41 @@
+ #include "internal/provider.h"
+ #include "crypto/context.h"
+# include <sys/types.h>
+# include <sys/stat.h>
@@ -11,11 +11,6 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
+# include <unistd.h>
+# include <openssl/evp.h>
+
- struct ossl_lib_ctx_onfree_list_st {
- ossl_lib_ctx_onfree_fn *fn;
- struct ossl_lib_ctx_onfree_list_st *next;
- };
-
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static int kernel_fips_flag;
@@ -46,16 +41,16 @@ diff -up openssl-3.0.0-alpha13/crypto/context.c.kernel-fips openssl-3.0.0-alpha1
+
+
struct ossl_lib_ctx_st {
- CRYPTO_RWLOCK *lock;
- CRYPTO_EX_DATA data;
+ CRYPTO_RWLOCK *lock, *rand_crngt_lock;
+ OSSL_EX_DATA_GLOBAL global;
@@ -121,6 +170,7 @@ static CRYPTO_THREAD_LOCAL default_conte
DEFINE_RUN_ONCE_STATIC(default_context_do_init)
{
+ read_kernel_fips_flag();
- return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
- && context_init(&default_context_int);
- }
+ if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
+ goto err;
+
diff -up openssl-3.0.1/include/internal/provider.h.embed-fips openssl-3.0.1/include/internal/provider.h
--- openssl-3.0.1/include/internal/provider.h.embed-fips 2022-01-11 13:13:08.323238760 +0100
+++ openssl-3.0.1/include/internal/provider.h 2022-01-11 13:13:43.522558909 +0100
diff --git a/0031-tmp-Fix-test-names.patch b/0031-tmp-Fix-test-names.patch
index 42b3c0a..9647978 100644
--- a/0031-tmp-Fix-test-names.patch
+++ b/0031-tmp-Fix-test-names.patch
@@ -1,15 +1,3 @@
-diff -up openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit openssl-3.0.0/test/recipes/90-test_sslapi.t
---- openssl-3.0.0/test/recipes/90-test_sslapi.t.beldmit 2021-09-22 11:56:49.452507975 +0200
-+++ openssl-3.0.0/test/recipes/90-test_sslapi.t 2021-09-22 11:57:19.371764742 +0200
-@@ -40,7 +40,7 @@ unless ($no_fips) {
- "recipes",
- "90-test_sslapi_data",
- "dhparams.pem")])),
-- "running sslapitest");
-+ "running sslapitest - FIPS");
- }
-
- unlink $tmpfilename;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index e95d2657f46c..7af0eab3fce0 100644
--- a/test/sslapitest.c
diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch
index 514ab67..47e5f26 100644
--- a/0032-Force-fips.patch
+++ b/0032-Force-fips.patch
@@ -1,9 +1,3 @@
-#Note: provider_conf_activate() is introduced in downstream only. It is a rewrite
-#(partial) of the function provider_conf_load() under the 'if (activate) section.
-#If there is any change to this section, after deleting it in provider_conf_load()
-#ensure that you also add those changes to the provider_conf_activate() function.
-#additionally please add this check for cnf explicitly as shown below.
-#'ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;'
diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provider_conf.c
--- openssl-3.0.1/crypto/provider_conf.c.fipsact 2022-05-12 12:44:31.199034948 +0200
+++ openssl-3.0.1/crypto/provider_conf.c 2022-05-12 12:49:17.468318373 +0200
@@ -15,151 +9,21 @@ diff -up openssl-3.0.1/crypto/provider_conf.c.fipsact openssl-3.0.1/crypto/provi
#include <openssl/conf.h>
#include <openssl/safestack.h>
#include <openssl/provider.h>
-@@ -136,58 +136,18 @@ static int prov_already_activated(const
- return 0;
- }
-
--static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
-- const char *value, const CONF *cnf)
-+static int provider_conf_activate(OSSL_LIB_CTX *libctx,const char *name,
-+ const char *value, const char *path,
-+ int soft, const CONF *cnf)
- {
-- int i;
-- STACK_OF(CONF_VALUE) *ecmds;
-- int soft = 0;
-- OSSL_PROVIDER *prov = NULL, *actual = NULL;
-- const char *path = NULL;
-- long activate = 0;
- int ok = 0;
--
-- name = skip_dot(name);
-- OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
-- /* Value is a section containing PROVIDER commands */
-- ecmds = NCONF_get_section(cnf, value);
--
-- if (!ecmds) {
-- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
-- "section=%s not found", value);
-- return 0;
-- }
--
-- /* Find the needed data first */
-- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
-- CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
-- const char *confname = skip_dot(ecmd->name);
-- const char *confvalue = ecmd->value;
--
-- OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
-- confname, confvalue);
--
-- /* First handle some special pseudo confs */
--
-- /* Override provider name to use */
-- if (strcmp(confname, "identity") == 0)
-- name = confvalue;
-- else if (strcmp(confname, "soft_load") == 0)
-- soft = 1;
-- /* Load a dynamic PROVIDER */
-- else if (strcmp(confname, "module") == 0)
-- path = confvalue;
-- else if (strcmp(confname, "activate") == 0)
-- activate = 1;
-- }
--
-- if (activate) {
-- PROVIDER_CONF_GLOBAL *pcgbl
-- = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
-- &provider_conf_ossl_ctx_method);
-+ OSSL_PROVIDER *prov = NULL, *actual = NULL;
-+ PROVIDER_CONF_GLOBAL *pcgbl
-+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
-+ &provider_conf_ossl_ctx_method);
-
- if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
-- ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
-+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- if (!prov_already_activated(name, pcgbl->activated_providers)) {
@@ -216,7 +176,7 @@ static int provider_conf_load(OSSL_LIB_C
- if (path != NULL)
- ossl_provider_set_module_path(prov, path);
+ if (path != NULL)
+ ossl_provider_set_module_path(prov, path);
-- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
-+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
-
- if (ok) {
- if (!ossl_provider_activate(prov, 1, 0)) {
-@@ -244,8 +204,59 @@ static int provider_conf_load(OSSL_LIB_C
- }
- if (!ok)
- ossl_provider_free(prov);
-+ } else { /* No reason to activate the provider twice, returning OK */
-+ ok = 1;
- }
- CRYPTO_THREAD_unlock(pcgbl->lock);
-+ return ok;
-+}
-+
-+static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
-+ const char *value, const CONF *cnf)
-+{
-+ int i;
-+ STACK_OF(CONF_VALUE) *ecmds;
-+ int soft = 0;
-+ const char *path = NULL;
-+ long activate = 0;
-+ int ok = 0;
-+
-+ name = skip_dot(name);
-+ OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
-+ /* Value is a section containing PROVIDER commands */
-+ ecmds = NCONF_get_section(cnf, value);
-+
-+ if (!ecmds) {
-+ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
-+ "section=%s not found", value);
-+ return 0;
-+ }
-+
-+ /* Find the needed data first */
-+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
-+ CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
-+ const char *confname = skip_dot(ecmd->name);
-+ const char *confvalue = ecmd->value;
-+
-+ OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
-+ confname, confvalue);
-+
-+ /* First handle some special pseudo confs */
-+
-+ /* Override provider name to use */
-+ if (strcmp(confname, "identity") == 0)
-+ name = confvalue;
-+ else if (strcmp(confname, "soft_load") == 0)
-+ soft = 1;
-+ /* Load a dynamic PROVIDER */
-+ else if (strcmp(confname, "module") == 0)
-+ path = confvalue;
-+ else if (strcmp(confname, "activate") == 0)
-+ activate = 1;
-+ }
-+
-+ if (activate) {
-+ ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
- } else {
- OSSL_PROVIDER_INFO entry;
+- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
-@@ -306,6 +317,19 @@ static int provider_conf_init(CONF_IMODU
+ if (ok) {
+ if (!ossl_provider_activate(prov, 1, 0)) {
+@@ -306,6 +317,16 @@ static int provider_conf_init(CONF_IMODU
return 0;
}
+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
-+ PROVIDER_CONF_GLOBAL *pcgbl
-+ = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
-+ &provider_conf_ossl_ctx_method);
+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
+ return 0;
+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch
index 484a75e..f014a07 100644
--- a/0033-FIPS-embed-hmac.patch
+++ b/0033-FIPS-embed-hmac.patch
@@ -2,8 +2,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
--- openssl-3.0.7/providers/fips/self_test.c.embed-hmac 2023-01-05 10:03:44.864869710 +0100
+++ openssl-3.0.7/providers/fips/self_test.c 2023-01-05 10:15:17.041606472 +0100
@@ -172,11 +172,27 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
+ return ok;
}
- #endif
+#define HMAC_LEN 32
+/*
@@ -29,7 +29,7 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -189,9 +205,20 @@ static int verify_integrity(OSSL_CORE_BI
+@@ -189,12 +205,23 @@ static int verify_integrity(OSSL_CORE_BI
EVP_MAC *mac = NULL;
EVP_MAC_CTX *ctx = NULL;
OSSL_PARAM params[2], *p = params;
@@ -39,6 +39,9 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
+ unsigned long paddr;
+ unsigned long off = 0;
+ if (!integrity_self_test(ev, libctx))
+ goto err;
+
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
+ if (!dladdr1 ((const void *)fips_hmac_container,
@@ -118,8 +121,8 @@ diff -up openssl-3.0.7/providers/fips/self_test.c.embed-hmac openssl-3.0.7/provi
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
goto end;
@@ -356,7 +413,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS
- ok = 1;
end:
+ EVP_RAND_free(testrand);
OSSL_SELF_TEST_free(ev);
- OPENSSL_free(module_checksum);
OPENSSL_free(indicator_checksum);
@@ -159,8 +162,8 @@ diff -ruN openssl-3.0.0/test/recipes/03-test_fipsinstall.t openssl-3.0.0-xxx/tes
-plan skip_all => "Test only supported in a fips build" if disabled("fips");
+plan skip_all => "Test only supported in a fips build" if 1;
- plan tests => 29;
-
+ # Compatible options for pedantic FIPS compliance
+ my @pedantic_okay =
diff -ruN openssl-3.0.0/test/recipes/30-test_defltfips.t openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t
--- openssl-3.0.0/test/recipes/30-test_defltfips.t 2021-09-07 13:46:32.000000000 +0200
+++ openssl-3.0.0-xxx/test/recipes/30-test_defltfips.t 2021-11-18 10:22:54.179659682 +0100
@@ -194,9 +197,9 @@ diff -ruN openssl-3.0.0/test/recipes/90-test_sslapi.t openssl-3.0.0-xxx/test/rec
-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
+ my $fipsmodcfg_filename = "fipsmodule.cnf";
+ my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
- plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
- if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls"));
--- /dev/null 2021-11-16 15:27:32.915000000 +0100
+++ openssl-3.0.0/test/fipsmodule.cnf 2021-11-18 11:15:34.538060408 +0100
@@ -0,0 +1,2 @@
diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch
index ab9d460..11779fe 100644
--- a/0034.fipsinstall_disable.patch
+++ b/0034.fipsinstall_disable.patch
@@ -164,7 +164,7 @@ diff -up openssl-3.0.0/doc/man7/OSSL_PROVIDER-FIPS.pod.xxx openssl-3.0.0/doc/man
diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in
--- openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac 2022-01-11 13:26:33.279906225 +0100
+++ openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in 2022-01-11 13:33:18.757994419 +0100
-@@ -8,236 +8,11 @@ openssl-fipsinstall - perform FIPS confi
+@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS confi
=head1 SYNOPSIS
B<openssl fipsinstall>
@@ -179,14 +179,18 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
-[B<-macopt> I<nm>:I<v>]
-[B<-noout>]
-[B<-quiet>]
+-[B<-pedantic>]
-[B<-no_conditional_errors>]
-[B<-no_security_checks>]
+-[B<-ems_check>]
+-[B<-no_drbg_truncated_digests>]
-[B<-self_test_onload>]
+-[B<-self_test_oninstall>]
-[B<-corrupt_desc> I<selftest_description>]
-[B<-corrupt_type> I<selftest_type>]
-[B<-config> I<parent_config>]
-
- =head1 DESCRIPTION
+-
+-=head1 DESCRIPTION
-
-This command is used to generate a FIPS module configuration file.
-This configuration file can be used each time a FIPS module is loaded
@@ -315,6 +319,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
-
-Disable logging of the self tests.
-
+-=item B<-pedantic>
+-
+-Configure the module so that it is strictly FIPS compliant rather
+-than being backwards compatible. This enables conditional errors,
+-security checks etc. Note that any previous configuration options will
+-be overwritten and any subsequent configuration options that violate
+-FIPS compliance will result in an error.
+-
-=item B<-no_conditional_errors>
-
-Configure the module to not enter an error state if a conditional self test
@@ -324,6 +336,20 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
-
-Configure the module to not perform run-time security checks as described above.
-
+-Enabling the configuration option "no-fips-securitychecks" provides another way to
+-turn off the check at compile time.
+-
+-=item B<-ems_check>
+-
+-Configure the module to enable a run-time Extended Master Secret (EMS) check
+-when using the TLS1_PRF KDF algorithm. This check is disabled by default.
+-See RFC 7627 for information related to EMS.
+-
+-=item B<-no_drbg_truncated_digests>
+-
+-Configure the module to not allow truncated digests to be used with Hash and
+-HMAC DRBGs. See FIPS 140-3 IG D.R for details.
+-
-=item B<-self_test_onload>
-
-Do not write the two fields related to the "test status indicator" and
@@ -334,6 +360,14 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
-could possibly then add the 2 fields into the configuration using some other
-mechanism.
-
+-This is the default.
+-
+-=item B<-self_test_oninstall>
+-
+-The converse of B<-self_test_oninstall>. The two fields related to the
+-"test status indicator" and "MAC status indicator" are written to the
+-output configuration file.
+-
-=item B<-quiet>
-
-Do not output pass/fail messages. Implies B<-noout>.
@@ -369,6 +403,11 @@ diff -up openssl-3.0.1/doc/man1/openssl-fipsinstall.pod.in.embed-hmac openssl-3.
-For normal usage the base configuration file should use the default provider
-when generating the fips configuration file.
-
+-The B<-self_test_oninstall> option was added and the
+-B<-self_test_onload> option was made the default in OpenSSL 3.1.
+-
+-The command and all remaining options were added in OpenSSL 3.0.
+-
-=head1 EXAMPLES
-
-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch
index a0ec627..137a26d 100644
--- a/0044-FIPS-140-3-keychecks.patch
+++ b/0044-FIPS-140-3-keychecks.patch
@@ -89,21 +89,6 @@ diff -up openssl-3.0.1/providers/implementations/exchange/ecdh_exch.c.fips3 open
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
-diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips3 openssl-3.0.1/crypto/ec/ec_key.c
---- openssl-3.0.1/crypto/ec/ec_key.c.fips3 2022-07-25 14:03:34.420222507 +0200
-+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-07-25 14:09:00.728164294 +0200
-@@ -336,6 +336,11 @@ static int ec_generate_key(EC_KEY *eckey
-
- OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg);
- ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg);
-+
-+#ifdef FIPS_MODULE
-+ ok &= ossl_ec_key_public_check(eckey, ctx);
-+ ok &= ossl_ec_key_pairwise_check(eckey, ctx);
-+#endif /* FIPS_MODULE */
- }
- err:
- /* Step (9): If there is an error return an invalid keypair. */
diff -up openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 openssl-3.0.1/crypto/rsa/rsa_gen.c
--- openssl-3.0.1/crypto/rsa/rsa_gen.c.fips3 2022-07-25 17:02:17.807271297 +0200
+++ openssl-3.0.1/crypto/rsa/rsa_gen.c 2022-07-25 17:18:24.931959649 +0200
diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
index e8e6fd9..6e667b8 100644
--- a/0045-FIPS-services-minimize.patch
+++ b/0045-FIPS-services-minimize.patch
@@ -15,16 +15,8 @@ diff -up openssl-3.0.1/providers/common/capabilities.c.fipsmin3 openssl-3.0.1/pr
diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/providers/fips/fipsprov.c
--- openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 2022-05-05 11:42:58.596848856 +0200
+++ openssl-3.0.1/providers/fips/fipsprov.c 2022-05-05 11:55:42.997562712 +0200
-@@ -54,7 +54,6 @@ static void fips_deinit_casecmp(void);
-
- #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
- #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
--
- extern OSSL_FUNC_core_thread_start_fn *c_thread_start;
- int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx);
-
@@ -191,13 +190,13 @@ static int fips_get_params(void *provctx
- &fips_prov_ossl_ctx_method);
+ OSSL_LIB_CTX_FIPS_PROV_INDEX);
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
@@ -58,8 +50,8 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
#ifndef OPENSSL_NO_DES
-- ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
-- ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+ /* We don't certify 3DES in our FIPS provider */
+ /* ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
@@ -90,7 +82,7 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
#endif
{ PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
ossl_kdf_tls1_prf_keyexch_functions },
-@@ -403,12 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
+@@ -403,13 +406,14 @@ static const OSSL_ALGORITHM fips_keyexch
static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA
@@ -100,8 +92,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
#endif
{ PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
#ifndef OPENSSL_NO_EC
-- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
-- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions },
+- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
+- ossl_ed25519_signature_functions },
+- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
+ /* We don't certify Edwards curves in our FIPS provider */
+ /* { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions },
+ { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, */
@@ -130,9 +123,9 @@ diff -up openssl-3.0.1/providers/fips/fipsprov.c.fipsmin2 openssl-3.0.1/provider
PROV_DESCS_X25519 },
{ PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
PROV_DESCS_X448 },
- { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions,
+ { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
PROV_DESCS_ED25519 },
- { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions,
+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
- PROV_DESCS_ED448 },
+ PROV_DESCS_ED448 }, */
#endif
@@ -158,22 +151,6 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
-@@ -235,6 +236,7 @@ static const unsigned char aes_128_ecb_c
- };
-
- static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
-+#if 0
- #ifndef OPENSSL_NO_DES
- {
- {
-@@ -248,6 +250,7 @@ static const ST_KAT_CIPHER st_kat_cipher
- ITM(des_ede3_cbc_iv),
- },
- #endif
-+#endif
- {
- {
- OSSL_SELF_TEST_DESC_CIPHER_AES_GCM,
@@ -1424,8 +1427,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[
# endif /* OPENSSL_NO_EC2M */
#endif /* OPENSSL_NO_EC */
@@ -193,9 +170,9 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
-
+#endif
+#endif
- static const ST_KAT_SIGN st_kat_sign_tests[] = {
- {
- OSSL_SELF_TEST_DESC_SIGN_RSA,
+ /* Hash DRBG inputs for signature KATs */
+ static const unsigned char sig_kat_entropyin[] = {
+ 0x06, 0x6d, 0xc8, 0xce, 0x75, 0xb2, 0x89, 0x66, 0xa6, 0x85, 0x16, 0x3f,
@@ -1583,6 +1587,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
},
# endif
@@ -205,7 +182,7 @@ diff -up openssl-3.0.1/providers/fips/self_test_data.inc.fipsmin3 openssl-3.0.1/
{
OSSL_SELF_TEST_DESC_SIGN_DSA,
@@ -1595,6 +1600,7 @@ static const ST_KAT_SIGN st_kat_sign_tes
- */
+ ITM(dsa_expected_sig)
},
#endif /* OPENSSL_NO_DSA */
+#endif
@@ -395,14 +372,17 @@ diff -up openssl-3.0.1/test/recipes/80-test_cms.t.fipsmin3 openssl-3.0.1/test/re
diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/recipes/30-test_evp.t
--- openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 2022-05-05 14:43:04.276857033 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp.t 2022-05-05 14:43:35.975138234 +0200
-@@ -43,7 +43,6 @@ my @files = qw(
+@@ -43,10 +43,8 @@ my @files = qw(
evpciph_aes_cts.txt
evpciph_aes_wrap.txt
evpciph_aes_stitched.txt
- evpciph_des3_common.txt
evpkdf_hkdf.txt
+ evpkdf_kbkdf_counter.txt
+- evpkdf_kbkdf_kmac.txt
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
+ evpkdf_ss.txt
@@ -66,12 +65,6 @@ push @files, qw(
evppkey_dh.txt
) unless $no_dh;
@@ -416,11 +396,12 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp.t.fipsmin3 openssl-3.0.1/test/re
evppkey_ecc.txt
evppkey_ecdh.txt
evppkey_ecdsa.txt
-@@ -91,6 +84,7 @@ my @defltfiles = qw(
+@@ -91,6 +84,8 @@ my @defltfiles = qw(
evpciph_cast5.txt
evpciph_chacha.txt
evpciph_des.txt
+ evpciph_des3_common.txt
++ evpkdf_kbkdf_kmac.txt
evpciph_idea.txt
evpciph_rc2.txt
evpciph_rc4.txt
@@ -441,8 +422,8 @@ diff -up openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3
--- openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt.fipsmin3 2022-05-05 14:46:32.721700697 +0200
+++ openssl-3.0.1/test/recipes/30-test_evp_data/evpmac_common.txt 2022-05-05 14:51:40.205418897 +0200
@@ -328,6 +328,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E54100
- Output = 00BDA1B7E87608BCBF470F12157F4C07
-
+ Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
+ Result = MAC_INIT_ERROR
+Availablein = default
Title = KMAC Tests (From NIST)
diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch
index ef2d081..3604e6f 100644
--- a/0047-FIPS-early-KATS.patch
+++ b/0047-FIPS-early-KATS.patch
@@ -34,6 +34,6 @@ diff -up openssl-3.0.1/providers/fips/self_test.c.earlykats openssl-3.0.1/provid
- goto end;
- }
- }
- ok = 1;
- end:
- OSSL_SELF_TEST_free(ev);
+
+ /* Verify that the RNG has been restored properly */
+ testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL);
diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch
index 7485b95..559342f 100644
--- a/0049-Allow-disabling-of-SHA1-signatures.patch
+++ b/0049-Allow-disabling-of-SHA1-signatures.patch
@@ -1,4 +1,4 @@
-From b4f8964ad1903e24cd2ee07f42ce97c3047f4af4 Mon Sep 17 00:00:00 2001
+From 51d52096122cc73413d55aac06d5e0641f58ffcb Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 21 Feb 2022 17:24:44 +0100
Subject: [PATCH] Allow disabling of SHA1 signatures
@@ -40,21 +40,69 @@ This happens because in the first case, OpenSSL's signature
implementation does not know that it is signing a SHA1 hash (it could be
signing arbitrary data).
---
+ crypto/context.c | 14 ++++
crypto/evp/evp_cnf.c | 13 +++
- crypto/evp/m_sigver.c | 85 +++++++++++++++++++
+ crypto/evp/m_sigver.c | 79 +++++++++++++++++++
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 13 +++
+ include/crypto/context.h | 3 +
include/internal/cryptlib.h | 3 +-
include/internal/sslconf.h | 4 +
providers/common/securitycheck.c | 20 +++++
- providers/common/securitycheck_default.c | 9 +-
+ providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
.../implementations/signature/ecdsa_sig.c | 4 +
providers/implementations/signature/rsa_sig.c | 20 ++++-
ssl/t1_lib.c | 8 ++
util/libcrypto.num | 2 +
- 13 files changed, 198 insertions(+), 9 deletions(-)
+ 15 files changed, 209 insertions(+), 9 deletions(-)
+diff --git a/crypto/context.c b/crypto/context.c
+index e294ea1512..ab6abf44ab 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
+ void *fips_prov;
+ #endif
+
++ void *legacy_digest_signatures;
++
+ unsigned int ischild:1;
+ };
+
+@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
+ goto err;
+ #endif
+
++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
++ if (ctx->legacy_digest_signatures == NULL)
++ goto err;
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ ctx->child_provider = ossl_child_prov_ctx_new(ctx);
+@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
+ }
+ #endif
+
++ if (ctx->legacy_digest_signatures != NULL) {
++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
++ ctx->legacy_digest_signatures = NULL;
++ }
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ if (ctx->child_provider != NULL) {
+@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
+ return ctx->fips_prov;
+ #endif
+
++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
++ return ctx->legacy_digest_signatures;
++
+ default:
+ return NULL;
+ }
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644
--- a/crypto/evp/evp_cnf.c
@@ -87,18 +135,20 @@ index 0e7fe64cf9..b9d3b6d226 100644
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 76a6814b42..8da2183ce0 100644
+index 630d339c35..6e4e9f5ae7 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
-@@ -16,6 +16,79 @@
+@@ -15,6 +15,73 @@
+ #include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
-
++#include "crypto/context.h"
++
+typedef struct ossl_legacy_digest_signatures_st {
+ int allowed;
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+
-+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
+
@@ -107,7 +157,7 @@ index 76a6814b42..8da2183ce0 100644
+ }
+}
+
-+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
@@ -117,12 +167,6 @@ index 76a6814b42..8da2183ce0 100644
+ return ldsigs;
+}
+
-+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
-+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
-+ ossl_ctx_legacy_digest_signatures_new,
-+ ossl_ctx_legacy_digest_signatures_free,
-+};
-+
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
+ OSSL_LIB_CTX *libctx, int loadconfig)
+{
@@ -131,8 +175,7 @@ index 76a6814b42..8da2183ce0 100644
+ return NULL;
+#endif
+
-+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
-+ &ossl_ctx_legacy_digest_signatures_method);
++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
@@ -166,11 +209,10 @@ index 76a6814b42..8da2183ce0 100644
+ ldsigs->allowed = allow;
+ return 1;
+}
-+
+
#ifndef FIPS_MODULE
- static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
-@@ -258,6 +331,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
@@ -190,7 +232,7 @@ index 76a6814b42..8da2183ce0 100644
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 2b9c6c2351..3c5a1e6f5d 100644
+index ce6e1a1ccb..003926247b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
@@ -201,7 +243,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644
#include "evp_local.h"
#ifndef FIPS_MODULE
-@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
@@ -223,7 +265,7 @@ index 2b9c6c2351..3c5a1e6f5d 100644
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index 77a8055e81..0c9110d28a 100644
+index 8d312c661f..979683e0a5 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -296,6 +296,19 @@ Within the algorithm properties section, the following names have meaning:
@@ -246,8 +288,19 @@ index 77a8055e81..0c9110d28a 100644
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
+diff --git a/include/crypto/context.h b/include/crypto/context.h
+index cc06c71be8..e9f74a414d 100644
+--- a/include/crypto/context.h
++++ b/include/crypto/context.h
+@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
+ void ossl_thread_event_ctx_free(void *);
+ void ossl_fips_prov_ossl_ctx_free(void *);
+ void ossl_release_default_drbg_ctx(void);
++
++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
++void ossl_ctx_legacy_digest_signatures_free(void *);
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index 1291299b6e..e234341e6a 100644
+index ac50eb3bbd..3b115cc7df 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
@@ -255,11 +308,11 @@ index 1291299b6e..e234341e6a 100644
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
-+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
- # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
- # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
+ OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
+ int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
index fd7f7e3331..05464b0655 100644
--- a/include/internal/sslconf.h
@@ -318,7 +371,7 @@ index 699ada7c52..e534ad0a5f 100644
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index de7f0d3a0a..ce54a94fbc 100644
+index 246323493e..2ca7a59f39 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
@@ -329,7 +382,7 @@ index de7f0d3a0a..ce54a94fbc 100644
/* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
-@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
}
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
@@ -341,7 +394,7 @@ index de7f0d3a0a..ce54a94fbc 100644
static const OSSL_ITEM name_to_nid[] = {
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
-@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
@@ -355,10 +408,10 @@ index de7f0d3a0a..ce54a94fbc 100644
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index 28fd7c498e..fa3822f39f 100644
+index 70d0ea5d24..3c482e0181 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
-@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
@@ -396,10 +449,10 @@ index 865d49d100..99b228e82c 100644
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 325e855333..bea397f0c1 100644
+index cd5de6bd51..25a51df878 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
-@@ -26,6 +26,7 @@
+@@ -25,6 +25,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -407,7 +460,7 @@ index 325e855333..bea397f0c1 100644
#include "crypto/rsa.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
-@@ -34,6 +35,7 @@
+@@ -33,6 +34,7 @@
#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
@@ -415,7 +468,7 @@ index 325e855333..bea397f0c1 100644
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
-@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -433,7 +486,7 @@ index 325e855333..bea397f0c1 100644
if (md == NULL
|| md_nid <= 0
-@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
@@ -451,7 +504,7 @@ index 325e855333..bea397f0c1 100644
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 41fddf22a7..dcd487ec2e 100644
+index e6f4bcc045..8bc550ea5b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
@@ -462,7 +515,7 @@ index 41fddf22a7..dcd487ec2e 100644
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
-@@ -1145,11 +1146,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
@@ -476,7 +529,7 @@ index 41fddf22a7..dcd487ec2e 100644
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
-@@ -1169,6 +1172,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
@@ -489,15 +542,15 @@ index 41fddf22a7..dcd487ec2e 100644
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 10b4e57d79..2d3c363bb0 100644
+index 9cb8a4dda2..feb660d030 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
-@@ -5426,3 +5426,5 @@ ASN1_item_d2i_ex 5552 3_0_0 EXIST::FUNCTION:
- OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
- OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
+@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
+ BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
+ OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
-2.35.1
+2.40.1
diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch
index f8fda92..5be033e 100644
--- a/0049-Selectively-disallow-SHA1-signatures.patch
+++ b/0049-Selectively-disallow-SHA1-signatures.patch
@@ -1,4 +1,4 @@
-From e738d17c45869eda31cb94f2832e65ec7cf8afa9 Mon Sep 17 00:00:00 2001
+From ead41bc1b69b697187a97460c7f210ad5a7a1395 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 17 Aug 2022 12:56:29 -0400
Subject: [PATCH] Selectively disallow SHA1 signatures
@@ -38,23 +38,71 @@ Resolves: rhbz#2031742
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
+ crypto/context.c | 14 ++++
crypto/evp/evp_cnf.c | 13 ++++
- crypto/evp/m_sigver.c | 77 +++++++++++++++++++
+ crypto/evp/m_sigver.c | 71 +++++++++++++++++++
crypto/evp/pmeth_lib.c | 15 ++++
doc/man5/config.pod | 11 +++
+ include/crypto/context.h | 3 +
include/internal/cryptlib.h | 3 +-
- include/internal/sslconf.h | 4 +
- providers/common/securitycheck.c | 20 +++++
+ include/internal/sslconf.h | 4 ++
+ providers/common/securitycheck.c | 20 ++++++
providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
- .../implementations/signature/ecdsa_sig.c | 4 +
- providers/implementations/signature/rsa_sig.c | 20 ++++-
- ssl/t1_lib.c | 8 ++
+ .../implementations/signature/ecdsa_sig.c | 4 ++
+ providers/implementations/signature/rsa_sig.c | 20 +++++-
+ ssl/t1_lib.c | 8 +++
util/libcrypto.num | 2 +
- 13 files changed, 188 insertions(+), 9 deletions(-)
+ 15 files changed, 199 insertions(+), 9 deletions(-)
+diff --git a/crypto/context.c b/crypto/context.c
+index e294ea1512..ab6abf44ab 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -43,6 +43,8 @@ struct ossl_lib_ctx_st {
+ void *fips_prov;
+ #endif
+
++ void *legacy_digest_signatures;
++
+ unsigned int ischild:1;
+ };
+
+@@ -171,6 +173,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
+ goto err;
+ #endif
+
++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
++ if (ctx->legacy_digest_signatures == NULL)
++ goto err;
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ ctx->child_provider = ossl_child_prov_ctx_new(ctx);
+@@ -299,6 +305,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
+ }
+ #endif
+
++ if (ctx->legacy_digest_signatures != NULL) {
++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
++ ctx->legacy_digest_signatures = NULL;
++ }
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ if (ctx->child_provider != NULL) {
+@@ -589,6 +600,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
+ return ctx->fips_prov;
+ #endif
+
++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
++ return ctx->legacy_digest_signatures;
++
+ default:
+ return NULL;
+ }
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
-index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976a0d02572 100644
+index 0e7fe64cf9..b9d3b6d226 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
@@ -85,18 +133,20 @@ index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..b9d3b6d226ca07a65d972bb8505b7976
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2ccd5df13 100644
+index 630d339c35..06028b082e 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
-@@ -16,6 +16,71 @@
+@@ -15,6 +15,65 @@
+ #include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h"
-
++#include "crypto/context.h"
++
+typedef struct ossl_legacy_digest_signatures_st {
+ int allowed;
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+
-+static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
++void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+{
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
+
@@ -105,27 +155,20 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
+ }
+}
+
-+static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+{
+ return OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+}
+
-+static const OSSL_LIB_CTX_METHOD ossl_ctx_legacy_digest_signatures_method = {
-+ OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
-+ ossl_ctx_legacy_digest_signatures_new,
-+ ossl_ctx_legacy_digest_signatures_free,
-+};
-+
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
+ OSSL_LIB_CTX *libctx, int loadconfig)
+{
+#ifndef FIPS_MODULE
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
-+ return 0;
++ return NULL;
+#endif
+
-+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES,
-+ &ossl_ctx_legacy_digest_signatures_method);
++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
+}
+
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
@@ -156,11 +199,10 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
+ ldsigs->allowed = allow;
+ return 1;
+}
-+
+
#ifndef FIPS_MODULE
- static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
-@@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+@@ -251,6 +310,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
@@ -180,7 +222,7 @@ index 76a6814b424bec3479bdf61374f0178b9cd96ded..4b2f1fcfb886661d98460c240d542df2
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425dce100e43 100644
+index ce6e1a1ccb..003926247b 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
@@ -191,7 +233,7 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d
#include "evp_local.h"
#ifndef FIPS_MODULE
-@@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2;
}
@@ -213,10 +255,10 @@ index da367ed05fbe42abb328c6e23cafe99e76d26819..ee6edf1e85e71cdbe58bf7e9f443425d
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73ed316341 100644
+index 8d312c661f..e5a88d11aa 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
-@@ -304,6 +304,17 @@ Within the algorithm properties section, the following names have meaning:
+@@ -296,6 +296,17 @@ Within the algorithm properties section, the following names have meaning:
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
@@ -234,8 +276,19 @@ index a84113287c3d0edf6c67726aee7d8abb87401445..f1536258470563b4fe74f8d1e3db6d73
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
+diff --git a/include/crypto/context.h b/include/crypto/context.h
+index cc06c71be8..e9f74a414d 100644
+--- a/include/crypto/context.h
++++ b/include/crypto/context.h
+@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
+ void ossl_thread_event_ctx_free(void *);
+ void ossl_fips_prov_ossl_ctx_free(void *);
+ void ossl_release_default_drbg_ctx(void);
++
++void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
++void ossl_ctx_legacy_digest_signatures_free(void *);
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0873cf6f6 100644
+index ac50eb3bbd..3b115cc7df 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
@@ -243,13 +296,13 @@ index 934d4b089c209a16b01a364da0f528afd4d12475..45346d7d0b0c91eae4a9d4466ed314c0
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
-# define OSSL_LIB_CTX_MAX_INDEXES 19
-+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES 19
++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
+# define OSSL_LIB_CTX_MAX_INDEXES 20
- # define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1
- # define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0
+ OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
+ int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
-index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577e895fc8a 100644
+index fd7f7e3331..05464b0655 100644
--- a/include/internal/sslconf.h
+++ b/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
@@ -262,7 +315,7 @@ index fd7f7e333183dde57a283dab7372f9afb38c0eb4..05464b0655b20da2035f6781f44ac577
+ int loadconfig);
#endif
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6c7d2fe5b 100644
+index 699ada7c52..e534ad0a5f 100644
--- a/providers/common/securitycheck.c
+++ b/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
@@ -306,7 +359,7 @@ index 446ad6b4c11cf8dcad9dcb86df38816eff4bf772..9e47f5655957e661fa4f66f5e67a78c6
return 1;
}
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa349c4e91 100644
+index 246323493e..2ca7a59f39 100644
--- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
@@ -317,7 +370,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
/* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
-@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
}
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
@@ -329,7 +382,7 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
static const OSSL_ITEM name_to_nid[] = {
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
-@@ -36,8 +38,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
+@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
};
@@ -343,10 +396,10 @@ index de7f0d3a0a5718bd06a55d3d92236c27ffb7d0d5..ce54a94fbc9b3f48052c0bd5acf5b0aa
return mdnid;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c68868f35c7d 100644
+index 70d0ea5d24..3c482e0181 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
-@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
mdprops = ctx->propq;
if (mdname != NULL) {
@@ -368,7 +421,7 @@ index 28fd7c498e9922b6fabd1fafa452afe7ca3734ec..fa3822f39fd14a16c761b316e276c688
if (md == NULL || md_nid < 0) {
if (md == NULL)
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763e32a19fb 100644
+index 865d49d100..99b228e82c 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
@@ -384,7 +437,7 @@ index 865d49d1004f0031c82c24c218828a7d9c7269c6..99b228e82c408171bb2458244d2cf763
sha1_allowed);
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d5696f678ee7 100644
+index cd5de6bd51..25a51df878 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -25,6 +25,7 @@
@@ -403,7 +456,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
-@@ -288,10 +290,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -421,7 +474,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
if (md == NULL
|| md_nid <= 0
-@@ -1347,8 +1354,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+@@ -1370,8 +1377,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
@@ -439,7 +492,7 @@ index 7023a866131e38c214ac7326fdd83274dab81833..f66d7705c35add553694c5808b51d569
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b6c8e1a03 100644
+index e6f4bcc045..8bc550ea5b 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
@@ -450,7 +503,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
-@@ -1150,11 +1151,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
EVP_PKEY *tmpkey = EVP_PKEY_new();
int ret = 0;
@@ -464,7 +517,7 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
EVP_PKEY_CTX *pctx;
-@@ -1174,6 +1177,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
+@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
cache[i].enabled = 0;
continue;
}
@@ -477,15 +530,15 @@ index 51c2283db915d792fa3020a2d7cbdc0d91fc9dca..89c1dd31c72271b1923ab972e3d3359b
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].enabled = 0;
diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 4e729be97d7b31b4caf0c3bab06dbce908dc2628..2ad515028ac6522e43cdb48794ba2cc96de56049 100644
+index 9cb8a4dda2..feb660d030 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
-@@ -5429,3 +5429,5 @@ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
- OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
- OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
+@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
+ BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
+ OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
--
-2.39.1
+2.40.1
diff --git a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch b/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
deleted file mode 100644
index c240628..0000000
--- a/0051-Support-different-R_BITS-lengths-for-KBKDF.patch
+++ /dev/null
@@ -1,2151 +0,0 @@
-From 0e9a265e42890699dfce82f1ff6905de6aafbd41 Mon Sep 17 00:00:00 2001
-From: Patrick Uiterwijk <puiterwijk@redhat.com>
-Date: Thu, 18 Nov 2021 10:47:14 +0100
-Subject: [PATCH] Support different R_BITS lengths for KBKDF
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <pauli@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/17063)
----
- doc/man7/EVP_KDF-KB.pod | 7 +
- include/openssl/core_names.h | 1 +
- providers/implementations/kdfs/kbkdf.c | 30 +-
- test/evp_kdf_test.c | 47 +-
- test/evp_test.c | 6 +
- test/recipes/30-test_evp.t | 1 +
- .../30-test_evp_data/evpkdf_kbkdf_counter.txt | 1843 +++++++++++++++++
- 7 files changed, 1924 insertions(+), 11 deletions(-)
- create mode 100644 test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
-
-diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
-index d4fad66f7654..a67268afa7d5 100644
---- a/doc/man7/EVP_KDF-KB.pod
-+++ b/doc/man7/EVP_KDF-KB.pod
-@@ -58,6 +58,13 @@ Set to B<0> to disable use of the optional Fixed Input data 'zero separator'
- (see SP800-108) that is placed between the Label and Context.
- The default value of B<1> will be used if unspecified.
-
-+=item "r" (B<OSSL_KDF_PARAM_KBKDF_R>) <integer>
-+
-+Set the fixed value 'r', indicating the length of the counter in bits.
-+
-+Supported values are B<8>, B<16>, B<24>, and B<32>.
-+The default value of B<32> will be used if unspecified.
-+
- =back
-
- Depending on whether mac is CMAC or HMAC, either digest or cipher is required
-diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
-index b549dae9167c..78418dc6e0a2 100644
---- a/include/openssl/core_names.h
-+++ b/include/openssl/core_names.h
-@@ -217,6 +217,7 @@ extern "C" {
- #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
- #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
- #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
-+#define OSSL_KDF_PARAM_KBKDF_R "r" /* int */
- #define OSSL_KDF_PARAM_X942_ACVPINFO "acvp-info"
- #define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
- #define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
-diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
-index 01f7f0d4fd2e..a81cc6e0c0d6 100644
---- a/providers/implementations/kdfs/kbkdf.c
-+++ b/providers/implementations/kdfs/kbkdf.c
-@@ -60,6 +60,7 @@ typedef struct {
- EVP_MAC_CTX *ctx_init;
-
- /* Names are lowercased versions of those found in SP800-108. */
-+ int r;
- unsigned char *ki;
- size_t ki_len;
- unsigned char *label;
-@@ -100,6 +101,7 @@ static uint32_t be32(uint32_t host)
-
- static void init(KBKDF *ctx)
- {
-+ ctx->r = 32;
- ctx->use_l = 1;
- ctx->use_separator = 1;
- }
-@@ -152,7 +154,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
- size_t iv_len, unsigned char *label, size_t label_len,
- unsigned char *context, size_t context_len,
- unsigned char *k_i, size_t h, uint32_t l, int has_separator,
-- unsigned char *ko, size_t ko_len)
-+ unsigned char *ko, size_t ko_len, int r)
- {
- int ret = 0;
- EVP_MAC_CTX *ctx = NULL;
-@@ -186,7 +188,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
- if (mode == FEEDBACK && !EVP_MAC_update(ctx, k_i, k_i_len))
- goto done;
-
-- if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4)
-+ if (!EVP_MAC_update(ctx, 4 - (r / 8) + (unsigned char *)&i, r / 8)
- || !EVP_MAC_update(ctx, label, label_len)
- || (has_separator && !EVP_MAC_update(ctx, &zero, 1))
- || !EVP_MAC_update(ctx, context, context_len)
-@@ -217,6 +219,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
- unsigned char *k_i = NULL;
- uint32_t l = 0;
- size_t h = 0;
-+ uint64_t counter_max;
-
- if (!ossl_prov_is_running() || !kbkdf_set_ctx_params(ctx, params))
- return 0;
-@@ -248,6 +251,15 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
- goto done;
- }
-
-+ if (ctx->mode == COUNTER) {
-+ /* Fail if keylen is too large for r */
-+ counter_max = (uint64_t)1 << (uint64_t)ctx->r;
-+ if ((uint64_t)(keylen / h) >= counter_max) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-+ goto done;
-+ }
-+ }
-+
- if (ctx->use_l != 0)
- l = be32(keylen * 8);
-
-@@ -257,7 +269,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
-
- ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label,
- ctx->label_len, ctx->context, ctx->context_len, k_i, h, l,
-- ctx->use_separator, key, keylen);
-+ ctx->use_separator, key, keylen, ctx->r);
- done:
- if (ret != 1)
- OPENSSL_cleanse(key, keylen);
-@@ -328,6 +340,17 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l))
- return 0;
-
-+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R);
-+ if (p != NULL) {
-+ int new_r = 0;
-+
-+ if (!OSSL_PARAM_get_int(p, &new_r))
-+ return 0;
-+ if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32)
-+ return 0;
-+ ctx->r = new_r;
-+ }
-+
- p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR);
- if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator))
- return 0;
-@@ -354,6 +377,7 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
- OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
- OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL),
- OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL),
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL),
- OSSL_PARAM_END,
- };
- return known_settable_ctx_params;
-diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
-index 7fde5ea4111c..173d8cb8b87b 100644
---- a/test/evp_kdf_test.c
-+++ b/test/evp_kdf_test.c
-@@ -1068,9 +1068,9 @@ static int test_kdf_kbkdf_6803_256(void)
- #endif
-
- static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
-- size_t keylen, char *salt, char *info)
-+ size_t keylen, char *salt, char *info, int *r)
- {
-- OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
-+ OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8);
- OSSL_PARAM *p = params;
-
- if (params == NULL)
-@@ -1088,6 +1088,8 @@ static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char
- OSSL_KDF_PARAM_SALT, salt, strlen(salt));
- *p++ = OSSL_PARAM_construct_octet_string(
- OSSL_KDF_PARAM_INFO, info, strlen(info));
-+ *p++ = OSSL_PARAM_construct_int(
-+ OSSL_KDF_PARAM_KBKDF_R, r);
- *p = OSSL_PARAM_construct_end();
-
- return params;
-@@ -1100,8 +1102,9 @@ static int test_kdf_kbkdf_invalid_digest(void)
- OSSL_PARAM *params;
-
- static unsigned char key[] = {0x01};
-+ int r = 32;
-
-- params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
-+ params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r);
- if (!TEST_ptr(params))
- return 0;
-
-@@ -1122,8 +1125,9 @@ static int test_kdf_kbkdf_invalid_mac(void)
- OSSL_PARAM *params;
-
- static unsigned char key[] = {0x01};
-+ int r = 32;
-
-- params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
-+ params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r);
- if (!TEST_ptr(params))
- return 0;
-
-@@ -1137,6 +1141,30 @@ static int test_kdf_kbkdf_invalid_mac(void)
- return ret;
- }
-
-+static int test_kdf_kbkdf_invalid_r(void)
-+{
-+ int ret;
-+ EVP_KDF_CTX *kctx;
-+ OSSL_PARAM *params;
-+
-+ static unsigned char key[] = {0x01};
-+ int r = 31;
-+
-+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
-+ if (!TEST_ptr(params))
-+ return 0;
-+
-+ /* Negative test case - derive should fail */
-+ kctx = get_kdfbyname("KBKDF");
-+ ret = TEST_ptr(kctx)
-+ && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
-+
-+ EVP_KDF_CTX_free(kctx);
-+ OPENSSL_free(params);
-+ return ret;
-+}
-+
-+
- static int test_kdf_kbkdf_empty_key(void)
- {
- int ret;
-@@ -1145,8 +1173,9 @@ static int test_kdf_kbkdf_empty_key(void)
-
- static unsigned char key[] = {0x01};
- unsigned char result[32] = { 0 };
-+ int r = 32;
-
-- params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
-+ params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r);
- if (!TEST_ptr(params))
- return 0;
-
-@@ -1169,8 +1198,9 @@ static int test_kdf_kbkdf_1byte_key(void)
-
- static unsigned char key[] = {0x01};
- unsigned char result[32] = { 0 };
-+ int r = 32;
-
-- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
-+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
- if (!TEST_ptr(params))
- return 0;
-
-@@ -1191,8 +1221,9 @@ static int test_kdf_kbkdf_zero_output_size(void)
-
- static unsigned char key[] = {0x01};
- unsigned char result[32] = { 0 };
-+ int r = 32;
-
-- params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
-+ params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
- if (!TEST_ptr(params))
- return 0;
-
-@@ -1298,7 +1329,6 @@ static int test_kdf_kbkdf_8009_prf2(void)
- * Test vector taken from
- * https://csrc.nist.gov/CSRC/media/Projects/
- * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
-- * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
- */
- static int test_kdf_kbkdf_fixedinfo(void)
- {
-@@ -1628,6 +1658,7 @@ int setup_tests(void)
- #endif
- ADD_TEST(test_kdf_kbkdf_invalid_digest);
- ADD_TEST(test_kdf_kbkdf_invalid_mac);
-+ ADD_TEST(test_kdf_kbkdf_invalid_r);
- ADD_TEST(test_kdf_kbkdf_zero_output_size);
- ADD_TEST(test_kdf_kbkdf_empty_key);
- ADD_TEST(test_kdf_kbkdf_1byte_key);
-diff --git a/test/evp_test.c b/test/evp_test.c
-index 70996195f0cb..6ae862b04403 100644
---- a/test/evp_test.c
-+++ b/test/evp_test.c
-@@ -2639,6 +2639,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
- TEST_info("skipping, '%s' is disabled", p);
- t->skip = 1;
- }
-+ if (p != NULL
-+ && (strcmp(name, "mac") == 0)
-+ && is_mac_disabled(p)) {
-+ TEST_info("skipping, '%s' is disabled", p);
-+ t->skip = 1;
-+ }
- OPENSSL_free(name);
- return 1;
- }
-diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
-index 7ae546e1d70c..7b976c0a1b5e 100644
---- a/test/recipes/30-test_evp.t
-+++ b/test/recipes/30-test_evp.t
-@@ -45,6 +45,7 @@ my @files = qw(
- evpciph_aes_wrap.txt
- evpciph_aes_stitched.txt
- evpkdf_hkdf.txt
-+ evpkdf_kbkdf_counter.txt
- evpkdf_pbkdf1.txt
- evpkdf_pbkdf2.txt
- evpkdf_ss.txt
-diff --git a/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
-new file mode 100644
-index 000000000000..04ab8ff0fad7
---- /dev/null
-+++ b/test/recipes/30-test_evp_data/evpkdf_kbkdf_counter.txt
-@@ -0,0 +1,1843 @@
-+#
-+# Copyright 2021-2021 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+# Tests start with one of these keywords
-+# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
-+# PrivPubKeyPair Sign Verify VerifyRecover
-+# and continue until a blank line. Lines starting with a pound sign are ignored.
-+
-+Title = KBKDF tests
-+
-+# Test vectors taken from
-+# https://csrc.nist.gov/CSRC/media/Projects/
-+# Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
-+
-+
-+# [PRF=CMAC_AES128]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:dff1e50ac0b69dc40f1051d46c2b069c
-+Ctrl.hexinfo = hexinfo:c16e6e02c5a3dcc8d78b9ac1306877761310455b4e41469951d9e6c2245a064b33fd8c3b01203a7824485bf0a64060c4648b707d2607935699316ea5
-+Output = 8be8f0869b3c0ba97b71863d1b9f7813
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:682e814d872397eba71170a693514904
-+Ctrl.hexinfo = hexinfo:e323cdfa7873a0d72cd86ffb4468744f097db60498f7d0e3a43bafd2d1af675e4a88338723b1236199705357c47bf1d89b2f4617a340980e6331625c
-+Output = dac9b6ca405749cfb065a0f1e42c7c4224d3d5db32fdafe9dee6ca193316f2c7
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:7aa9973481d560f3be217ac3341144d8
-+Ctrl.hexinfo = hexinfo:46f88b5af7fb9e29262dd4e010143a0a9c465c627450ec74ab7251889529193e995c4b56ff55bc2fc8992a0df1ee8056f6816b7614fba4c12d3be1a5
-+Output = 1746ae4f09903f74bfbe1b8ae2b79d74576a3b09
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:e91e0d06ab23a4e495bbcc430efddcaf
-+Ctrl.hexinfo = hexinfo:24acb8e9227b180f2ccebea48051cbdbcd1be2bf94400d1e92945fe9b887585a295f46c469036107697813a3e12c45ae2ffde9a940f8f8c181018a93
-+Output = e81ef2483729d4165aaa4866c17f26496e6c6924e2fe34f608efef0c35835f86df29a1e19ce166a8
-+
-+
-+# [PRF=CMAC_AES128]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:30ec5f6fa1def33cff008178c4454211
-+Ctrl.hexinfo = hexinfo:c95e7b1d4f2570259abfc05bb00730f0284c3bb9a61d07259848a1cb57c81d8a6c3382c500bf801dfc8f70726b082cf4c3fa34386c1e7bf0e5471438
-+Output = 00018fff9574994f5c4457f461c7a67e
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:145c9e9365041f075ebde8ce26aa2149
-+Ctrl.hexinfo = hexinfo:0d39b1c9c34d95b5b521971828c81d9f2dbdbc4af2ddd14f628721117e5c39faa030522b93cc07beb8f142fe36f674942453ec5518ca46c3e6842a73
-+Output = 8a204ce7eab882fae3e2b8317fe431dba16dabb8fe5235525e7b61135e1b3c16
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:6f3f8cbf40d2a694274cfa2eb2f265a3
-+Ctrl.hexinfo = hexinfo:e7b88baa4a2c22b3d78f41d509996c95468c8cb834b035dd5e09e0a455da254b8b5687a1433861751d2dd603f69b2d4ba4ae47776335d37c98b44b4b
-+Output = d147f1c78121c583cbcb9d4b0d3767a357bd7232
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:5e534bea459e54c58a6942abfd4df8ab
-+Ctrl.hexinfo = hexinfo:e9a5cc15d223aaa74abd122983b2a10512199b9cc87663fd8a62d417cef53770264fc51f683890fe42da2df7be0f60898c5b09d5c4932137b6b1e06e
-+Output = 92480eb4860123ceda76f1e6bf2668520bea49ed72bb900ae50725bb8cfcdb733af1a9de71fe1af5
-+
-+
-+# [PRF=CMAC_AES128]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:ca1cf43e5ccd512cc719a2f9de41734c
-+Ctrl.hexinfo = hexinfo:e3884ac963196f02ddd09fc04c20c88b60faa775b5ef6feb1faf8c5e098b5210e2b4e45d62cc0bf907fd68022ee7b15631b5c8daf903d99642c5b831
-+Output = 1cb2b12326cc5ec1eba248167f0efd58
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:1bfaf4cd6efd25a132e2a1d41b124465
-+Ctrl.hexinfo = hexinfo:b933cfbb223ea65ed0e8db822f83be64ee21d3b9ca1eb0bc32f9d77f145a3e4ed4e2cc72cb3d93ea44824ab81eefdf71bbdb62067e0eb34a79914e4f
-+Output = 75f4d20c558d71646ec062d2ca75369a218cedb7104be3abf27026af003e98f3
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:80168f187848a68b0b82a7ef43b4eedc
-+Ctrl.hexinfo = hexinfo:9357281df7665ae5ae961fe5f93a3124416cab3deb11583429c5e529af3fc71094aad560cbc279168fe1c3327787f91a414acfff063832bcd78ed1b5
-+Output = be4517c9e6de96929e655a08f5b6d5bb77364f85
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:26fa0e32e7e08f9b157ebae9f579710f
-+Ctrl.hexinfo = hexinfo:ceab805efbe0c50a8aef62e59d95e7a54daa74ed86aa9b1ae8abf68b985b5af4b0ee150e83e6c063b59c7bf813ede9826af149237aed85b415898fa8
-+Output = f1d9138afcc3db6001eb54c4da567a5db3659fc0ed48e664a0408946bcee0742127c17cabf348c7a
-+
-+
-+# [PRF=CMAC_AES128]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:c10b152e8c97b77e18704e0f0bd38305
-+Ctrl.hexinfo = hexinfo:98cd4cbbbebe15d17dc86e6dbad800a2dcbd64f7c7ad0e78e9cf94ffdba89d03e97eadf6c4f7b806caf52aa38f09d0eb71d71f497bcc6906b48d36c4
-+Output = 26faf61908ad9ee881b8305c221db53f
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:695f1b1a16c949cea51cdf2554ec9d42
-+Ctrl.hexinfo = hexinfo:4fce5942832a390aa1cbe8a0bf9d202cb799e986c9d6b51f45e4d597a6b57f06a4ebfec6467335d116b7f5f9c5b954062f661820f5db2a5bbb3e0625
-+Output = d34b601ec18c34dfa0f9e0b7523e218bdddb9befe8d08b6c0202d75ace0dba89
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:b523ae21fc36bc58cc46e5a3cda97493
-+Ctrl.hexinfo = hexinfo:8dbe6d4d9b09b2eabd165b6e6e97e3bc782f8335cb1ea04ad0403affd88a5071db5f36ce2e84ab296261730b2226a9189d867991fbd4ff86f43a3cfb
-+Output = 530211df01975dd6c08064c34105f88a6007f2b2
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES128
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:b2fcf854b1029888aeb0274ca09bb21a
-+Ctrl.hexinfo = hexinfo:a6b84baae7a6ceb1d63ed704757500c510c0a8bdc22d2f42af09f79c815f37f33b67dad0b30f428fc1e2d355f7f91f65acbedd2fdd5b8c38dd890407
-+Output = fe4c2c0242c5a295c008aeb87ae0815171de6173773292347f4f5ec07185c3f860b5667c199aad55
-+
-+
-+# [PRF=CMAC_AES192]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:53d1705caab7b06886e2dbb53eea349aa7419a034e2d92b9
-+Ctrl.hexinfo = hexinfo:b120f7ce30235784664deae3c40723ca0539b4521b9aece43501366cc5df1d9ea163c602702d0974665277c8a7f6a057733d66f928eb7548cf43e374
-+Output = eae32661a323f6d06d0116bb739bd76a
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:d10046bb18c3f363e87f4e57b961b294d4edf2ca91dc3e38
-+Ctrl.hexinfo = hexinfo:2d043069de979bffb1be38a3cef2869dc07d5d3e99bde2e2204f10138081743f423f0c0b1aec0735a25bc61a8e2936dec6a25bb0ae105ab46caf8a2a
-+Output = 8991a58882a0488bb5478996f2893989adb66d08d5030ad90f6ce5fdfca7754b
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:bf0abb70098d6c203074f1bce3d7468116cd1e5e8e618f20
-+Ctrl.hexinfo = hexinfo:d9ce030a48668ada6c67a2ac163515ec22383c4b5332e18d06901bacbb63dd649c683cfd4fee2f33346817b23cb4c734060a1c727b0c72c12448f4f9
-+Output = ecd1eef152b5835376f1a4324cd968bcb0cf850a
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:8725918ca07ad8e108473e5ffdf43eb1cf5c44baf0bd1cec
-+Ctrl.hexinfo = hexinfo:f4a57b84a881cf282aac5402cfa8fc4ede0db6f8e902d5c0c41c4712077306484e626e3ffc4129d9b43b46cbb6c53d2838a811dc8aedad7253cf94d4
-+Output = 5a795fd0d7661968c478860b526cca40eb8702083fdbff3ff8adfa697e795398ca7106bc950fbb45
-+
-+
-+# [PRF=CMAC_AES192]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:d7e8eefc503a39e70d931f16645958ad06fb789f0cbc518b
-+Ctrl.hexinfo = hexinfo:b10ea2d67904a8b3b7ce5eef7d9ee49768e8deb3506ee74a2ad8dd8661146fde74137a8f6dfc69a370945d15335e0d6403fa029da19d34140c7e3da0
-+Output = 95278b8883852f6676c587507b0aa162
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:5e6695d7c3f5b156c7b457c8c2b801ba2ae30c9c8a36ee61
-+Ctrl.hexinfo = hexinfo:1406756f40efb8e29d5455d2da4bf1993b3c3901d67ec90934895f5de7845f573ae8a0dc8a6ad77d80da29e81329440d61d63dda8eaa7851bc7a172d
-+Output = 72046d5eed909f6ab25810ead446ace7422fd87e6bd496ff2e84b115b8e0d27e
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:e3b88f40c9974410955820a8f8392701e9c67cc6efd3b0ff
-+Ctrl.hexinfo = hexinfo:a520f36b6b60dfce34dc1d1f6b16132efa82566efa49f3140113fbc59e309c40db42962c06123721f122f433fa417ce3319bca9c58b4184fd8c7be8f
-+Output = 134b6236a80c257591cc1437ab007b3fa4bd7191
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:51574d47f2f1d202a30252823b52ba7858b729d5ed4c92f7
-+Ctrl.hexinfo = hexinfo:0819c17dd3f9a68493a958c46152d04ba450043908a0016b99cc124d5e75b0d11e7c26f27365609c110eee7f8baa88a7d99fecc690e617150f93bd6c
-+Output = c46db4cd822e9841408fba79932d6c748bc7ab17421ed1ad188aed327c2a0d694e380c0cade8b37f
-+
-+
-+# [PRF=CMAC_AES192]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:f7c1e0682a12f1f17d23dc8af5c463b8aa28f87ed82fad22
-+Ctrl.hexinfo = hexinfo:890ec4966a8ac3fd635bd264a4c726c87341611c6e282766b7ffe621080d0c00ac9cf8e2784a80166303505f820b2a309e9c3a463d2e3fd4814e3af5
-+Output = a71b0cbe30331fdbb63f8d51249ae50b
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:3eeed1560e17aaffe9f6ca9d81815b89a6879a56ebe4182a
-+Ctrl.hexinfo = hexinfo:a643378a557af69ce2c606bc623a04b568a848207534d25bfa22664f9148997a6b4c00f4624b5100b4eb01857240b119876c3a86c1e8b02335475939
-+Output = 8a1dc0f616353bf3ecf5553d7a7651e9ea6d884a32172d3391ad342bfaf60785
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:c984c3f65cdc32e7503678764a9e84292a1f50e335167a36
-+Ctrl.hexinfo = hexinfo:0061cd40f9eef84d6c8b04e0142d70aa50d4690e0a1de8e3ff5f5cea10cd2d28281eb1df90c519b8b51f7aa0d63a313ebbf80538b54dd11a66115be6
-+Output = afe93ae91930261344e30ef9e1718e76f74225d9
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:993305e59f34a94f62931fd7662bb5b73c77d8d4bc6a33ba
-+Ctrl.hexinfo = hexinfo:fcceb2d7ac6a68717c2490ec95bebea484c4930d156683c43164dc53bff0bafcbfb31e920109927ef08e12f66f258b6f8ba284908faee7d3376e1bac
-+Output = 40e358cfdeee0286d152fcb4626ff22e67eea3b65d8750a273001b67645804cbf613832201b0a9ba
-+
-+
-+# [PRF=CMAC_AES192]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:f4267280cb8667c2cf82bb37f389da6391f58cc74deba0cc
-+Ctrl.hexinfo = hexinfo:34abbc9f7b12622309a827de5abfdd51fb5bb824838fcde88ca7bc5f3953abdcb445147f13e809e294f75e6d4e3f13b66e47f2dfc881ed392e3a1bf6
-+Output = 2d1b4b5694b6741b2ed9c02c05474225
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dc866a038c4f78f22d46caca65892bcdb15c1eb49b275827
-+Ctrl.hexinfo = hexinfo:b4a123bad4890c7a791f5e192bd8b6e9c8c3620329f99249f11e1eb517a5b27b9e5b047a6591b45f6fff53e6d04b32d82e052af2eb8519bd21c10f93
-+Output = 731a2e23ab2e58551490254041ee8fabd9c5a1918d76307f1048535be0763b20
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dd5e0f1a30b0b722b00626ee663df29601af58082708e18c
-+Ctrl.hexinfo = hexinfo:b7c6eb48c80b071080fd07a827d0bfdc781599862084f7ffd968a4cbff0be9a6adef5ea206aa8af4d8a85705953e33cd7c4cbb69969c73698f54c6b8
-+Output = 84e1ca286776cda0784c4fc48b054384ca565d17
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES192
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:d64c598436507f4d05d7ebe780092996f281901dc9c8612f
-+Ctrl.hexinfo = hexinfo:0ea737cfca2560856917f3a2ff5e2175930d0719bba85a9c8d8cb311a0a1b8caf8ffe03e9a86ab17046670011c9fec5c5cd697d9cd931f615cdfe649
-+Output = 3c26968bd3997c653f79bb725c36d784b590d18a64678cf312abe8a57b2891c27282e37b6a49cd73
-+
-+
-+# [PRF=CMAC_AES256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:aeb7201d055f754212b3e497bd0b25789a49e51da9f363df414a0f80e6f4e42c
-+Ctrl.hexinfo = hexinfo:11ec30761780d4c44acb1f26ca1eb770f87c0e74505e15b7e456b019ce0c38103c4d14afa1de71d340db51410596627512cf199fffa20ef8c5f4841e
-+Output = 2a9e2fe078bd4f5d3076d14d46f39fb2
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:5402c978955128558789bee7b571465174a60582a7640037387f99ac16683173
-+Ctrl.hexinfo = hexinfo:5c7eb447481c2884a5398449eaecbb8b55f1f1981ba0fd187818d8b3581b430c3da52ab83d444e003625ff36fcbd160c67b18d85b6c9d00da1a15d15
-+Output = f22a4686abe599c2194d21fc9071ffceb023dd9b24c13f05a3d44cfc77fec44a
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:cac968a8ffd81c73948bdfb48bf8a29c1378517d3be294df9a8a80724075bdbd
-+Ctrl.hexinfo = hexinfo:08817bcd560edf810aa004194c817e455fb66bbc3b84fef1d66df2d1cebb3403c24231fa822f130c5d8fe886217122dcab15cb725197bbcbeb8010f5
-+Output = 651c43e113b32026b204119af394301f0cb9831c
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:9debd1762a9643e967dbc174f2040e177b8053afb0829189a81fed94f8c365ee
-+Ctrl.hexinfo = hexinfo:6c4e1e3fdd7f5c97d58bcdda792642cbd271d6968f6a8e368013d88763d0b306c832b7ab46b84d099596972d12220a4e9c81f82d6f5003d18b93c595
-+Output = 2518a44ea347e924b03a7b4c966ec4e4bd76c1456d09096be9387638c2737faeebba4e2b921b19db
-+
-+
-+# [PRF=CMAC_AES256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:4df60800bf8e2f6055c5ad6be43ee3deb54e2a445bc88a576e111b9f7f66756f
-+Ctrl.hexinfo = hexinfo:962adcaf12764c87dad298dbd9ae234b1ff37fed24baee0649562d466a80c0dcf0a65f04fe5b477fd00db6767199fa4d1b26c68158c8e656e740ab4d
-+Output = eca99d4894cdda31fe355b82059a845c
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:4c30b96d9beff5cc3c37527694eeec8207fae2c13ef295556919a7a46e5b90c1
-+Ctrl.hexinfo = hexinfo:86e1ad34bd7a998281a822129a23102f799812864cf5349f3f21cec7729f83ad8c8aa6517fafcc9521cde887686629048159ed3f15c01408984f547e
-+Output = 815fe232e0e89f7eeaa87c3ba5007694a43c1577657ccb3018076c5a5c035d95
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:e508ce78aca2cc50c80a6cbdb2b178f8ee5e315dad71ddfa700eb6cf503239b3
-+Ctrl.hexinfo = hexinfo:28c47ddd23d349e3b30bf97975c5fa591f2158e001dae3faa154d93c615c89fc7449c901a2585e618f68a0b2cbd3f35f53424d5ea015cbf7e8e09f68
-+Output = 6bc69b4c11aa7c04ac3c03baa44daeac4a047992
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:ee0a0f88b3b441826264de7a31b890a66edf7c2a28d0286eab285846b586fb8e
-+Ctrl.hexinfo = hexinfo:1ea9771ab763056260d885073e80e835e20e5d7ca9659fdf5dd3b7f2ae6286608f8bc7a6728e41346c55544942b1bf06642fb6a6738fb5b7f0128f9c
-+Output = 5484f170b6602b505e9e6ccffccf2262b55c3554728244bba94daff0adbc619400b33f38013a2293
-+
-+
-+# [PRF=CMAC_AES256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:1612a40daa7fce6c6788b3b71311188ffb850613fd81d0e87a891831348e2f28
-+Ctrl.hexinfo = hexinfo:1696438fcdf9a85284759b2604b64d7ea76199514709e711ecde5a505b5f27ae38d154aba14322481ddc9fd9169364b991460a0c9a05c7fcb2d099c9
-+Output = d101f4f2b5e239bae881cb488995bd52
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:77b50e24b859725d1cab531c885a6e60e7d5b0432f37408185ae688dffa5f6a5
-+Ctrl.hexinfo = hexinfo:0b2c907499cddaa1fcfb02002ab8b9756c5f1f9fea482d79b8a6aa9fa2fb48e69df94dca4cb6f2e90a462678279ddaacc482fdd76581996b43974a22
-+Output = c2a02b3743d506cdc1a41d4c2ae4c67610c5d607df0c26cbf7f4fe2198cb35f1
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:18a5c3e669967b42e9a29bad8fe86699f2b5d496ff767cd3171d1c7195ecef59
-+Ctrl.hexinfo = hexinfo:33231c50326592c25ec3eee2c61a3ad4c8a23c098dd83eafe5db411d0948eb122bb6eb7a1d04d2dbcd0b98d0b70b7ff305bb3ef6ac9d4e8e3f7ecd4f
-+Output = e80afb5cd274cb5fa4952aa95177ae83337f4c8f
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:0b589e556b7583f0fa9144868603b59262f457dee1e887ffc0e39968218959b9
-+Ctrl.hexinfo = hexinfo:1b95b940e0b950a58f09ea09941b80852cb29838940bb146dc3db0ddcd87f72ee28813c09fcef773e95438c0ed3dbcf29e78de0c78377561c5869d5f
-+Output = 260aef65eefd58816fe1a77120d047548b00c475c25178a2a33d4c801d49e8a0fb830513d0b3ff17
-+
-+
-+# [PRF=CMAC_AES256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:d0b1b3b70b2393c48ca05159e7e28cbeadea93f28a7cdae964e5136070c45d5c
-+Ctrl.hexinfo = hexinfo:dd2f151a3f173492a6fbbb602189d51ddf8ef79fc8e96b8fcbe6dabe73a35b48104f9dff2d63d48786d2b3af177091d646a9efae005bdfacb61a1214
-+Output = 8c449fb474d1c1d4d2a33827103b656a
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:d54b6fd94f7cf98fd955517f937e9927f9536caebe148fba1818c1ba46bba3a4
-+Ctrl.hexinfo = hexinfo:94c4a0c69526196c1377cebf0a2ae0fb4b57797c61bea8eeb0518ca08652d14a5e1bd1b116b1794ac8a476acbdbbcd4f6142d7b8515bad09ec72f7af
-+Output = 2e1efed4aef3fdd324e098c0a07c0d97f8fd2c748a996ce29861ca042474daea
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:99f212241a343c1c8c2104ca6d28062413d985c21e6bba27fde0c622e2e4e6b7
-+Ctrl.hexinfo = hexinfo:af8dc1cb7d1f82ca834628c20f0fc81920eb3ff3f75d3f4e3000593e9c15872479711d99d1b7be794f58d80a31bb112219dc16e6354111ab1161e21d
-+Output = 7f778c625bf0d083169a51584f6683f24af7c35e
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.cipher = cipher:AES256
-+Ctrl.mac = mac:CMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dabde95d751ff1c132bd49f80f4ee347bf39218cf8bfec61bc3ad865d9aa1182
-+Ctrl.hexinfo = hexinfo:55da554307ed756764d4e97febb77ce85391b53225ee09417ad57def48ead090e3d1e7c2ed04f02462a6324ea0163b18f86201c69db27fd50b4c42c5
-+Output = 5cc29221cfa6f3a4ded7afeef5a59c05bac787fc5e98a35ee0c96ba582b05c42f758966566084f69
-+
-+
-+# [PRF=HMAC_SHA1]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:00a39bd547fb88b2d98727cf64c195c61e1cad6c
-+Ctrl.hexinfo = hexinfo:98132c1ffaf59ae5cbc0a3133d84c551bb97e0c75ecaddfc30056f6876f59803009bffc7d75c4ed46f40b8f80426750d15bc1ddb14ac5dcb69a68242
-+Output = 0611e1903609b47ad7a5fc2c82e47702
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:1ee222f5cdd60b0ae956eeeaa838c51bd767672c
-+Ctrl.hexinfo = hexinfo:4b10500ba5c9391da83d2ef78d01bcdccda32ff6f242960323324474b9d0685d99dc9143ac6d667a5b46dcc89784b3a4af7a7684b01efee41b144f48
-+Output = 806e342013853083a3f7294c63a9ec9a6dba75b256c62fac1e480ef26276cd4b
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:0e71d9e9c9e951978ada75c831d627dd5d3b4c59
-+Ctrl.hexinfo = hexinfo:08b6f69698e8eb6c8c63953abd3538531d722cc4e9ca7ffcb68abba4dd4b027b3787efa107902ace8abb54549bede4ffdadabec3f282865b2166d46e
-+Output = 86137b96ec15b7954fdc5df8d371ee2d8016e97a
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:f0e5ad280b3465e719afdf86377bbcda59f5c59b
-+Ctrl.hexinfo = hexinfo:231b6d83f0194499f27848108fd1fcdcf9520e67522cf54486fb919a839532d165019388242ce373a89ce644d7818e7415f5730a0b743595ab19add4
-+Output = 9a9ddd19818bb085d24e48ee99d6e628235a422fb2ae383282b7bbbf0e5f5edf42d7237b8ed6aa1d
-+
-+
-+# [PRF=HMAC_SHA1]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:a510fe5ad1640d345a6dbba65d629c2a2fedd1ae
-+Ctrl.hexinfo = hexinfo:9953de43418a85aa8db2278a1e380e83fb1e47744d902e8f0d1b3053f185bbcc734d12f219576e75477d7f7b799b7afed1a4847730be8fd2ef3f342e
-+Output = c00707a18c57acdb84f17ef05a322da2
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:abec6c894ae9df32e5afdf5d06a0434e8940ca71
-+Ctrl.hexinfo = hexinfo:9a6574a0ea1123ab9580906f8a2c4a0ecba9a8a84079c37a6e283ad4d4e957c3d16db66ae4be99e688b221c359a8dd2505868beb6a49fd7ce6c35df4
-+Output = 5b37675aec199c7d08435ef6321cf6235c12453a4530072d4a73ba0ad34634a5
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:df4e835a2f201a3d0f840eab38a18adf72adf9eb
-+Ctrl.hexinfo = hexinfo:84c6ca541d24a8b419037b9657ee4e0d5ef96d8b198355940a30b09bf8784e81d3b93558de21c46f04aec4afd610c3b230d17473c80b47b5004955e7
-+Output = 1202915544844b1f913caab512c582735bf76fed
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:cbe1d2895640dcd1545e60e04ce9d995707ec539
-+Ctrl.hexinfo = hexinfo:c80d735ec5fd0bf811a4a71c55e99373f83f4111194ec24a8e9fe24ef03f56ed15b4e135e02488d96dba8c0d60c26592df55a492691cf3b7eced40d1
-+Output = 1fd5a183be95c2d909deed31d686417d5c08bb88e6f75b150df330c8e7703bb8ccdffacb3e9ee3ff
-+
-+
-+# [PRF=HMAC_SHA1]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:928c170199473291bf719a1985a13673afb8f298
-+Ctrl.hexinfo = hexinfo:f54388503cde2bf544db4c9510ff7a2759ba9b4e66da3baf41c90ce796d5ea7045bc27424afb03e137abfafe95158954c832090abdba02d86bab569d
-+Output = 8c01160c72c925178d616a5c953df0a7
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:df7ecebec20e14be6db5d46af2769fe4e4ed689c
-+Ctrl.hexinfo = hexinfo:308ec6953d4945f075d37932d5dd335c7de0d2e7899a8321724a50b52240191fcdf991520c47a25b04ce6eecc835e4265b623c68d687afc615f74ae5
-+Output = c2129eeb33ee6783b6b187e5ae884f8f5bd78ca224e5e01c04a68ecef376ea38
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:2539c58bba8ae61be8b867b767ad698eb1f52a0b
-+Ctrl.hexinfo = hexinfo:9f6de21c93176f8814e9290a40149f749f946d376eb65f888eddcc4a24a58dbdbb3222fb53487e0abb08efff6d6a43511b18c40f489abe4013647273
-+Output = 20bc5ab8c27dd3f6f6fa5485f2eed8bd8b8b3d35
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:66002f224106971edc62a7c6957931b2097aabc3
-+Ctrl.hexinfo = hexinfo:f5fe599fac3bac5b10a4296b0783e2fc78cb498347ff3f74e2d9d230dfb6653e1a274e7bc37f0319eac2b0b48533b7be9d3633eed32101837ee460ff
-+Output = c195b9139fee020eda70b8a161aef28474977412c0612afafe23b16b1594871548b5889b38e0cf2a
-+
-+
-+# [PRF=HMAC_SHA1]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:f7591733c856593565130975351954d0155abf3c
-+Ctrl.hexinfo = hexinfo:8e347ef55d5f5e99eab6de706b51de7ce004f3882889e259ff4e5cff102167a5a4bd711578d4ce17dd9abe56e51c1f2df950e2fc812ec1b217ca08d6
-+Output = 34fe44b0d8c41b93f5fa64fb96f00e5b
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:c1efb8d25affc61ed060d994fcd5017c2adfc388
-+Ctrl.hexinfo = hexinfo:b92fc055057fec71b9c53e7c44872423a57ed186d6ba66d980fecd1253bf71479320b7bf38d505ef79ca4d62d78ca662642cdcedb99503ea04c1dbe8
-+Output = 8db784cf90b573b06f9b7c7dca63a1ea16d93ee7d70ff9d87fa2558e83dc4eaa
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:e02ba5d5c410e855bbd13f840124273e6b864237
-+Ctrl.hexinfo = hexinfo:b14e227b4438f973d671141c6246acdc794eee91bc7efd1d5ff02a7b8fb044009fb6f1f0f64f35365fb1098e1995a34f8b70a71ed0265ed17ae7ae40
-+Output = f077c2d5d36a658031c74ef5a66aa48b4456530a
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA1
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:693adb9037184627ad300f176985bd379f388a95
-+Ctrl.hexinfo = hexinfo:7f09570c2d9304ec743ab845a8761c126c18f5cf72358eada2b5d1deb43dc6a0f4ff8f933bef7af0bcfacb33fa07f8ca04a06afe231835d5075996be
-+Output = 52f55f51010e9bd78e4f58cab274ecafa561bd4e0f20da84f0303a1e5ff9bebc514361ec6df5c77e
-+
-+
-+# [PRF=HMAC_SHA224]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:7e2f7a5ab3e82ef927a005308456823da473787bf33d18a864aca63f
-+Ctrl.hexinfo = hexinfo:b35695a6e23a765105b87756468d442a53a60cd4225186dc94221c06c5d6f1e98462135656ebca90468a939f29112b811413567d498df9867914d94c
-+Output = 10ba5c6ea609da8fa8abe8be552c97a1
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:667f72fc660e32943de386af9670c78e975c838cae91dca97f4f8508
-+Ctrl.hexinfo = hexinfo:e713e8c38e92c8ba0f0791cc4a0d00c98d8dda8f3137a775104e7aa65b5f04fed12ee78a88262b2931717b7ac5624162fd5f0307f4faef038dcc210c
-+Output = 835b343242a489249eec3cd56384ea2a5b295e29a4430fec2aae0c8b9fa36d20
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:3344fb80fd655b16f08c78150516cbbc009fbdf1b510905f9113d275
-+Ctrl.hexinfo = hexinfo:dc2aa42084d645baeb822c0c1d9b8e200737e9a2c7dcd922d8f056d6c02552295d95a488758919724207eebb4c21887f71b51a2a7ce98827cf7af4bb
-+Output = e281d09a31c57d053f0c2f902792c8bbb9a0f443
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:eb9386450d7b2da5492da5b139cf4b0b951a5b0c7d40c22ae2c20677
-+Ctrl.hexinfo = hexinfo:bd8b73969e3e2d7a943b937c3bffe3a9199d1cf27e289bb10c3b88696a5ae36b3b868b4fc6a20ca93dd0b328f3351f71ce656bb558fa33c74741398d
-+Output = bc902dfba79fb4084339b6666c7f72b9f47675229dc24ec61068bb05082717eead35647ff147d7de
-+
-+
-+# [PRF=HMAC_SHA224]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:093b2ce84c6175d1723fbe94b9ee963b6251d018fcf8c05c2e3e9b0b
-+Ctrl.hexinfo = hexinfo:083e114aca1f97166551b03f27b135c0c802294aa4845a46170b26ec0549cb59c70a85557a3fc3a37d23eed6947d50f10c15baf5c52a7b918ca80bf5
-+Output = 94ced61c3665616d4a368f83a7283648
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:ffb5c9d920522477cb2ecf16ae1e075587b7598348e019df85ca3d43
-+Ctrl.hexinfo = hexinfo:252743519ab4e03f8bb0ed137e2d315aac5010b951645c7626c6f5a77c4a6c4e0b0b4030abf937141f7142bcd702678b15d2d4e8850e0570ec782c79
-+Output = 3d1813da0322201ed45ac2aaf3542843913bb32fd832a33a5dc94bad964bfe56
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:7f0ea811340cddbbf261d0260b0c98dec790133cffd2b04b8f8be2b1
-+Ctrl.hexinfo = hexinfo:0a744543acddf7d8c0a205372a0450e32631a33bb89ad2e3bb2d9766c248ab755fec152a6da866ef50baeab607d88e5177042056970013aa18f9fb1e
-+Output = e55120e7848cf61254159e79c2ac47a9a906a73c
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:6e237178c4884e13470b6b4848b40389d9856311735da4eefa2f6f38
-+Ctrl.hexinfo = hexinfo:9cd9f9ad88471668f3b25515851fff63d3a886b8c6cf371eae159bab58f997b83eda5815567a142c4264978d8f24d24fe2d513c0eeaff983b86fdbd8
-+Output = 1e6638ea717338cfeb7dea373785c3c763bd5e509358e4940e9a4e4fd0a3e0347973858bc20243b8
-+
-+
-+# [PRF=HMAC_SHA224]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:f09e65e8de7500847b43bd95e6c3506e01aadd484e9699b027897542
-+Ctrl.hexinfo = hexinfo:c20f6188517b2ca10086b9f7f8d6f2d38d66f24193c037008d035f361c6bd74db26aef588a87aa8a1c3cdad2ba0207f7e7b39def0df797c4cb3bf614
-+Output = 73d30c2af54744eb1efb70429f8e303a
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:6079eafeba179a915e194b14e12ffee1e2bad56a62077897a4654e4b
-+Ctrl.hexinfo = hexinfo:87686603814d619107aabfab85b4c4fe38ae1a5c2a4d78df12119871b8a4f85d583e7d842ee15e7fe03f61dd02b10784838ed163dc67cca43586d628
-+Output = d888a21e1a698654fa46288509ae7a28dc7b05e6fc696a909451c2437097056b
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:2efe2905a1b7e1993da0316f2a747be1e91415ca1e6ad14d04341fee
-+Ctrl.hexinfo = hexinfo:4d283c0f6d209379facd8a26aa889780863cf6a81893dc3bd2c928a7f8d922ced9c829bf627d2c556441d0d41a1eb00c0deea78349429de56a275f04
-+Output = ec162b6ff6413f5eae9336fd489fab538d042db8
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:0b15638489d3ac7729a7db82797754e7a7c8d52da0cf3638a27a1a9c
-+Ctrl.hexinfo = hexinfo:90988848764dacc6eeba817e0b74086b1233bca9d573717b8e3dd3bd23a532aac7db8b196e4c4702f54cc71bb8882dc776b0317457803a632b429776
-+Output = 481293e1e621ad8bab5c9f5090594bb2507a1456ee8ffc30db159cb5b02d69110c3e5270880bf4a7
-+
-+
-+# [PRF=HMAC_SHA224]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:f5cb7cc6207f5920dd60155ddb68c3fbbdf5104365305d2c1abcd311
-+Ctrl.hexinfo = hexinfo:4e5ac7539803da89581ee088c7d10235a10536360054b72b8e9f18f77c25af01019b290656b60428024ce01fccf49022d831941407e6bd27ff9e2d28
-+Output = 0adbaab43edd532b560a322c84ac540e
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:992815121d88ffb26c337606723c02ef317713086e2cfbbd37e1a167
-+Ctrl.hexinfo = hexinfo:152d974eb2719b9027d32054a327312361125959df9d96a1832e2056c2571d4f1cf45f6e8f6544c87f15861cef627d2f16e9b0b4ab799bb3362f4aae
-+Output = 475eda3a32d569932e043db64dbf0e9bb0945b54dcdfa203be1a28524c147075
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:2eabb6b922c24326ef9ae3c192dfd341caf57efe15dd649772a2ac3b
-+Ctrl.hexinfo = hexinfo:c75f6f5a1561aab39ea0e22702a6cf7dba3ca4dd9f046bb0abea2d3284168fd9fb39ff725523a660d21f8c2ade03d18d4273c52fb6f22c9e39d6bc2e
-+Output = ae50acebe308a1cf1747b9b178a0720748fa5fe5
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA224
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:9b75e7fa216c884037c7d6953092ed335c4efd88ca57a742d6ac3221
-+Ctrl.hexinfo = hexinfo:12bea97865df99315259ff620302432ecafc9dce2619e87dfb4979410456a524434315dd3920e2b1aa1c79d5e07132a758a7b7b71ef10bcf1bb877f3
-+Output = 60071bd0ceea0fe0f879223b940d3de7dde02ca6858f8450fb9c0032e49f968ef9cd9b5703163dbc
-+
-+
-+# [PRF=HMAC_SHA256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:3edc6b5b8f7aadbd713732b482b8f979286e1ea3b8f8f99c30c884cfe3349b83
-+Ctrl.hexinfo = hexinfo:98e9988bb4cc8b34d7922e1c68ad692ba2a1d9ae15149571675f17a77ad49e80c8d2a85e831a26445b1f0ff44d7084a17206b4896c8112daad18605a
-+Output = 6c037652990674a07844732d0ad985f9
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:f109513435d72f14863660dfc027118e47e13995ad44a02415c9c8f63d38675c
-+Ctrl.hexinfo = hexinfo:53696208d6f42909136a575010e135e142e31f631d72386a631cc704e5ad4049a889422cd6da7f1805e59a273c6f4fa986bc3082952fca658979f1b0
-+Output = 1aaf080fd51b37585ea464a9c617bc3ab859cc78cbe1f2d5d557148ee36821a0
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:6ed1b41a1fc2ca8c7e09d5bccc410661683ec29d41a0fd01dd820a2e824ff672
-+Ctrl.hexinfo = hexinfo:f6dc72adbd8ad4ea91259b61237a042a02546f37d58d933d3efadc54a5e1936a8faf70c33e707c473125bd5006b7dfa6883c04bf27cf53010e1d10bc
-+Output = 4090ee711fa361f03267a6ff2a5ace977c8c1db5
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:63a657fb6c5bacb9a124d3e7db8bbb7d42bfdfaf8f04cb6359cd888c70669652
-+Ctrl.hexinfo = hexinfo:2697b6ec112cab4d6f1714c991c17d44fb36a0b6ef0b0f5451619ab248950f56f403215c78711aa563683ced05be7246f32574fa294f162dbbeb3dee
-+Output = 1992e75756fa64734d5caecc5f6420fcb28b8b90421eee97dc8b6140ce18518405688bea489d2aaa
-+
-+
-+# [PRF=HMAC_SHA256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:743434c930fe923c350ec202bef28b768cd6062cf233324e21a86c31f9406583
-+Ctrl.hexinfo = hexinfo:9bdb8a454bd55ab30ced3fd420fde6d946252c875bfe986ed34927c7f7f0b106dab9cc85b4c702804965eb24c37ad883a8f695587a7b6094d3335bbc
-+Output = 19c8a56db1d2a9afb793dc96fbde4c31
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:365592398d23d31f2cac8bf6211f1ad5f52608efcdc5997b144ea6ded3866cf6
-+Ctrl.hexinfo = hexinfo:07dce524556d3f68d2d91d4c15c9c6212635e0df1aef54938490db46f98737064d6a5624d7f938c263af01e632c45d9fe7a871b67f7d4bf110796eb4
-+Output = 5624c6911dc1b08e090c8c95347adf17895b696aae211932cde3ec8227fcbea8
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:c104e187e344668997b7bd9c8cdf097320518dd7dbcb541c414418b55b58cbb2
-+Ctrl.hexinfo = hexinfo:32f6bd59840c61909f2f92f98f54bd238083577e33c3d071c1abe4c694bd87c1ad235eb9a2d272b3dc67c955574d5e6cad84615120476d6e7e04f51f
-+Output = 1b5d9e60aa909aeb973e76d9bf6be208327bb096
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:d4349c26108719debacc04e166a09063ffb5e17bcbaf8738dc2618aa7d1e97ae
-+Ctrl.hexinfo = hexinfo:da1f5ed45ead428689b0ecca9dbc2569e76953cda0df085499cca6d5949d8995e1e42bbdc94b0dd78c164867c364a64c894de85294ad89d267ff443d
-+Output = 00550ae0f29a2373269af175e7f829ec32c3d05099a39f8c0e02caa00b68afb7457669334383ffb2
-+
-+
-+# [PRF=HMAC_SHA256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:388e93e0273e62f086f52f6f5369d9e4626d143dce3b6afc7caf2c6e7344276b
-+Ctrl.hexinfo = hexinfo:697bb34b3fbe6853864cac3e1bc6c8c44a4335565479403d949fcbb5e2c1795f9a3849df743389d1a99fe75ef566e6227c591104122a6477dd8e8c8e
-+Output = d697442b3dd51f96cae949586357b9a6
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:f5207566ad012002ae6f2b501f0c24180228345889c20616d043b868a76d015a
-+Ctrl.hexinfo = hexinfo:f36dbc8d1dfda60d4ba05214f8773aaa9f01944150bca68812d0d8deb5492f3f68f09809ba5e8b89e9dca86c70f6f353b3d5f49ef27e2fd01cfa911d
-+Output = 0faed440796a0685a24a1c5e1cacde566c7a1a4189885229251c6308a53c3f6e
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:e2758918edcf15d957a556055602d283dbdf9c95b6025a3cddf1eeac1e0ac889
-+Ctrl.hexinfo = hexinfo:eda2f792580d6129b43e7b89c661786a29ab502ec6198f4a2bec6d0ffca1a75b8807d4313e7bf769a94fbf4b41c4cc309358a211105312c05818d8f3
-+Output = 67e3273b2cfa4c663377f5841606679aee420dce
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:c9063598d6cf8660300073b5c25603baf3ade910c182deea15d8107d6f6be295
-+Ctrl.hexinfo = hexinfo:22d27eec90c2dd4ae5cf4a705abecfd781b9051ba512b048ea9499364b791e9cdf63215db43680dacffe6f19d77fc93f8a46d84dd52146389d9ec308
-+Output = f3a5b521b435a8c83eaf2d264b5b1a6dcc32c21b4897511203f97f01f2a691eef080b4cd7ca4fc38
-+
-+
-+# [PRF=HMAC_SHA256]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dd1d91b7d90b2bd3138533ce92b272fbf8a369316aefe242e659cc0ae238afe0
-+Ctrl.hexinfo = hexinfo:01322b96b30acd197979444e468e1c5c6859bf1b1cf951b7e725303e237e46b864a145fab25e517b08f8683d0315bb2911d80a0e8aba17f3b413faac
-+Output = 10621342bfb0fd40046c0e29f2cfdbf0
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:e204d6d466aad507ffaf6d6dab0a5b26152c9e21e764370464e360c8fbc765c6
-+Ctrl.hexinfo = hexinfo:7b03b98d9f94b899e591f3ef264b71b193fba7043c7e953cde23bc5384bc1a6293580115fae3495fd845dadbd02bd6455cf48d0f62b33e62364a3a80
-+Output = 770dfab6a6a4a4bee0257ff335213f78d8287b4fd537d5c1fffa956910e7c779
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dc60338d884eecb72975c603c27b360605011756c697c4fc388f5176ef81efb1
-+Ctrl.hexinfo = hexinfo:44d7aa08feba26093c14979c122c2437c3117b63b78841cd10a4bc5ed55c56586ad8986d55307dca1d198edcffbc516a8fbe6152aa428cdd800c062d
-+Output = 29ac07dccf1f28d506cd623e6e3fc2fa255bd60b
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA256
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:c4bedbddb66493e7c7259a3bbbc25f8c7e0ca7fe284d92d431d9cd99a0d214ac
-+Ctrl.hexinfo = hexinfo:1c69c54766791e315c2cc5c47ecd3ffab87d0d273dd920e70955814c220eacace6a5946542da3dfe24ff626b4897898cafb7db83bdff3c14fa46fd4b
-+Output = 1da47638d6c9c4d04d74d4640bbd42ab814d9e8cc22f4326695239f96b0693f12d0dd1152cf44430
-+
-+
-+# [PRF=HMAC_SHA384]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:0be1999848a7a14a555649048fcadf2f644304d163190dc9b23a21b80e3c8c373515d6267d9c5cfd31b560ffd6a2cd5c
-+Ctrl.hexinfo = hexinfo:11340cfbdb40f20f84cac4b8455bdd76c730adcecd0484af9011bacd46e22ff2d87755dfb4d5ba7217c37cb83259bdbe0983cc716adc2e6c826ed53c
-+Output = c2ea7454de25afb27065f4676a392385
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:218f47301a3adf39a4e1ddc25a1df2b7db53d7780c207f47ab4cefcaa960ed82cb6cbc34b97b4c332d52ca81cc40cb9a
-+Ctrl.hexinfo = hexinfo:60dcb116d7cfd3cca7315c9dc7e9650f886b67d9fbcd98c226239a0f66eff075da23c6cb750a2129ae71b9582934f57423a815249cac2c61f958b35d
-+Output = 26b01d94c4dd51a9c8b54f78647257f9e937a8d67dffa78f85749cdfb22db620
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:426c4facbacecb654555bc9843f9864a53e14c9a5e19600abf57b03cf8b6f825f71191eaaf3cfd70961314acbf1e6e29
-+Ctrl.hexinfo = hexinfo:d224dc52dd16bde3391fab24fa875b695d63215e182efa970537904f4cd1d7f929f87c17fa97bd490f10cfc3bb80353ea4a4bb403f79e18677c39d29
-+Output = 431c73810e9fe4f4982202f55eb5f0212f302142
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:522a72c006a6b77911915c78952dd61848725a4b0789b2cfce3b29d947d9faa145417740c0365bd81a860a600012543b
-+Ctrl.hexinfo = hexinfo:4a3cd102c4b95fe193660c4c174f02c725207449b785edb8fa8c4404f01a25bef3238637d3bae370758332c678deb578322e031ec3970876600196d2
-+Output = 2f5d52226949aecfe6359561a5fdd87a843457019e24faacacedd34177cda6cba18cc78cc8c78cef
-+
-+
-+# [PRF=HMAC_SHA384]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:26ef897e4b617b597f766ec8d8ccf44c543e790a7d218f029dcb4a3695ae2caccce9d3e935f6741581f2f53e49cd46f8
-+Ctrl.hexinfo = hexinfo:bc2c728f9dc6db426dd4e85fdb493826a31fec0607644209f9bf2264b6401b5db3004c1a76aa08d93f08d3d9e2ba434b682e480004fb0d9271a8e8cd
-+Output = a43d31f07f0ee484455ae11805803f60
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:269cce234dd4783067ceaa04a70deb1c9700acf705548495767c22f78493851ca9c699077a002874caacb760106016c6
-+Ctrl.hexinfo = hexinfo:f64bfb4bdaac81b5801d2f9f08bc2e4d009990b67290fd49b3730c3a145696447aceae6a82f7508a19c396a548c9c33d943dab82b2538c18b8eee871
-+Output = ab4182261c5d9c0d23a26477f14a507dd7f5e9550d04f48de29e644ed55f3406
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:ec71de96c9520386f9d11bebe474bae0c0549e2b2e8fda6b2336050ee3acbec38bc57d56e6422d3cd493ead69772a059
-+Ctrl.hexinfo = hexinfo:4313d1efba21dded84ce12bf80b1be54400619d3bb1987f18bf85400e335103969e77c819a5360cf1dd3f4addb6b8eec0199508c75adfe2cfc067dc8
-+Output = 8e37ecc86dcb5ee7cf48d8a07f06c47cdce624cc
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:afe2d3a4746792908aca8ece67ba8562382000b4e26122414b3ef2e120511bae68448955cf186be87caf69eaced47e87
-+Ctrl.hexinfo = hexinfo:1f6dd0b17fed7f479c4f62927291a95292a4e232441c30ffcaa1d347543e50db939360bb37976eacb911f76c38ad8cce12a0c263875bbcd7f6011ffd
-+Output = 17b671ca433cea81384b03b69c26a55257085cdfa48e6d8529431464bd439a881de560294afb0073
-+
-+
-+# [PRF=HMAC_SHA384]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:4fab4f1e3512b5f443ec31d2f6425d5f0fc13a5f82c83f72788a48a1bd499495ff18fb7acc0d4c1666c99db12e28f725
-+Ctrl.hexinfo = hexinfo:f0f010f99fbd8ec1bd0f23cd12bb41b2b8acb8713bb031f927e439f616e6ae27aed3f5582f8206893deea1204df125cedce35ce2b01b32bcefb388fd
-+Output = c3c263b5aa6d0cfe5304a7c9d21a44ba
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:af3cd100d14dcb5e63f8915eced4b59477936c48e0e2b9232449a97d53d3eddf9e00bf44a8f2370c38a13434c13e0977
-+Ctrl.hexinfo = hexinfo:81f178f11615309844af84e163ff694f1936f7528aba6f0e60d41b4afac87e9dd48fbb5aebe534733f576950484aab15b386b468a055a1e0be8982c0
-+Output = 0b52be4ebd8b2116df895a42317ac78808993673c99da6391f0eee13cc8470fa
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:fc3ba84439d8b7ead37ac6c825e088fc80152788bbc9c68569213dd6189d5fd552c37ab73b3d53ee9809a485194fb3cd
-+Ctrl.hexinfo = hexinfo:df5728d5d146898b68d8713aa8053d03db52b7227d502d3effcd51a22d52ecd9175a4b01d2f27ecfc8abf02c1dd80f5c90a5e01396c1107dddb02226
-+Output = 87ff36ca26778fcaf4f9209d38095c55c40f5e22
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:08d867a61b13cd8c79d3a1cbec3493925ece900e06993063bc0dfe0247cd059ba50a5fb6afc65ac469793817a1f2dfee
-+Ctrl.hexinfo = hexinfo:af0c83a659267869bd7cde387bf1c29c9c0ff3c6cabf512c73fd671748e4e9e49218de9350fc0dde27839eb1e2878f900689abeb7b540c70203e5a95
-+Output = 3fef69d875b9b6047c33f295619f6e7c7125c875d55409500100f71bee6551d511327fbde607ac41
-+
-+
-+# [PRF=HMAC_SHA384]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:216ed044769c4c3908188ece61601af8819c30f501d12995df608e06f5e0e607ab54f542ee2da41906dfdb4971f20f9d
-+Ctrl.hexinfo = hexinfo:638e9506a2c7be69ea346b84629a010c0e225b7548f508162c89f29c1ddbfd70472c2b58e7dc8aa6a5b06602f1c8ed4948cda79c62708218e26ac0e2
-+Output = d4b144bb40c7cabed13963d7d4318e72
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:8fca201473433f2dc8f6ae51e48de1a5654ce687e711d2d65f0dc5da6fee9a6a3db9d8535d3e4455ab53d35850c88272
-+Ctrl.hexinfo = hexinfo:195bd88aa2d4211912334fe2fd9bd24522f7d9fb08e04747609bc34f2538089a9d28bbc70b2e1336c3643753cec6e5cd3f246caa915e3c3a6b94d3b6
-+Output = f51ac86b0f462388d189ed0197ef99c2ff3a65816d8442e5ea304397b98dd11f
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:bc3157b8932e88d1b1cf8e4622137010a242d3527b1d23d6d9c0db9cc9edfc20e5135de823977bf4defafae44d6cdab6
-+Ctrl.hexinfo = hexinfo:b42a8e43cc2d4e5c69ee5e4f6b19ff6b8071d26bab4dfe45650b92b1f47652d25162d4b61441d8448c54918ae568ae2fb53091c624dbfffacee51d88
-+Output = 91314bdf542162031643247d6507838eaba50f1a
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA384
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:582f968a54b8797b9ea8c655b42e397adb73d773b1984b1e1c429cd597b8015d2f91d59e4136a9d523bf6491a4733c7a
-+Ctrl.hexinfo = hexinfo:e6d3c193eff34e34f8b7b00e66565aeb01f63206bb27e27aa281592afc06ae1ec5b7eb97a39684ce773d7c3528f2667c1f5d428406e78ce4cf39f652
-+Output = 691726c111e5030b5f9657069107861ecc18bc5835a814c3d2e5092c901cb1fb6c1a7cd3eb0be2a7
-+
-+
-+# [PRF=HMAC_SHA512]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=8_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:6ea2c385bb3e7bbafc2225cee1d3ee103ce300c1fdf033d0c1e99c57e6a596e037020838e857c0434040b58a5ca5410be672b888ef9955bdd54eb6a67416ff6a
-+Ctrl.hexinfo = hexinfo:be119901ed8679b243508b97663f35da322774d7d2012d6557da6657c1176a115ebc73b0f1bfa1dba6b8c3b124f0a47cff2998b230c955b0ea809784
-+Output = e0755fa6f116ef7a8e8361f47fd57511
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:0ef984d7b4ee76f5c9e080b27f45ccab4ac2362c4cafa68198786b18e239d0f69ee62148373643ad9aa42474700348ef651fee9973130a42e76b7e7633eba1e9
-+Ctrl.hexinfo = hexinfo:56ece7c14c1fc5467f8316f3a931a7ddfa490969f442d7a132f3755809f6ca11dbc9c6493a541c244c32be6656e13ef2868cb79415b807b3882f00d2
-+Output = 19aa765affdd3cc7294b2c97e1bd5adc368523a3283c387d0719761e938f83db
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:a35728d4ec0d7e94019a45d52264e5cd63c7540c21e30a9882d8d531cbb510edaa78e42c03994c18d8efcf7f826a1a9fdbbbacc55c640e7b532cc08e0615a093
-+Ctrl.hexinfo = hexinfo:f501cc527bad6fe5d8e4f1f0f53d416ab17235f380f7e0d1c90dca18206af1fb1d977551e2e0e25c1fe41a8f825fbae2c07c94b768e98ad5ab8ddb2e
-+Output = 54cf238101418ce050eee03aae0c39c4602ab838
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:8
-+Ctrl.hexkey = hexkey:baed493b0294c9a5dbbe4547a30f0602c6124cedb549b45cff0ee4f3689a7ae5b695e5ecdfebf611bba1174e5e3a8824383e555daef396dc58c2842f77d5a674
-+Ctrl.hexinfo = hexinfo:1371182cb0725416b1eccf4ac9fb20cf4e0f77e7d006a531e0ab2b2b46e0859473dad9dcae65ba5eb902228787dae19e735d002c919a4b74012f8904
-+Output = 09bb55c9f3cee604f4bc5544a802be8b02b34b99f7928ceee696221975f947905f1b5979d9d4c2a1
-+
-+
-+# [PRF=HMAC_SHA512]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=16_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:bb0c55c7201ceb2e1369a6c49e2cdc1ae5e4cd1d64638105072c3a9172b2fa6a127c4d6d55132585fb2644b5ae3cf9d347875e0d0bf80945eaabef3b4319605e
-+Ctrl.hexinfo = hexinfo:89bf925033f00635c100e2c88a98ad9f08cd6a002b934617d4ebfffc0fe9bca1d19bd942da3704da127c7493cc62c67f507c415e4cb67d7d0be70005
-+Output = 05efd62522beb9bfff6492ecd24501a7
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:393eb889e9c2f251b95aa147d53e4cd029fd0391110be9c6b2f8ba32857864847c448a9a591686de88da7486d0a0f0f8c927560fa8f79c30e66a7efaacaa638f
-+Ctrl.hexinfo = hexinfo:116bf7f9e5eb884c86cd0d3a2b33d41de7735677e6bd727e83fbde5c8113de56bf84c9f80610db760ae2df73f4f0db9df0cc1655ea9bc98bb06beeda
-+Output = 212e4e4057a6871e166e7563205833bc7f01e86c724b6a61166d9311c55b5044
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:eeec4383a808fae57f24a7a5eb6157cca66483a613590c89ed39f59617ea97fcfa7cdfc83ba8140fa0d8542263d6423a9bcca70e11addb7a646f194ff0878cac
-+Ctrl.hexinfo = hexinfo:b2565a20171eef1eaa04728e6c369405b251062bbd0a2b9171c8c6fedf0ff783691db787f153bbf5167301808f768a03df0deec99f2b9efb90cab571
-+Output = 4f31b7bcd54c74d8a7d31aca187b8736f0a59db7
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:16
-+Ctrl.hexkey = hexkey:62690d8ef259d175911d8eb52a331af29a8e3b797c4b315a67fa5cd1b00e585b2f7d97341284d0fcaa15a080732f7958e3b33e938e730623d1e651dbea9b2233
-+Ctrl.hexinfo = hexinfo:266535b58de26ed62f936bc7147c8c3b31ee0c1bb92c5ef63699ac7225e01cec5afd2e6e39cf095882324c7dc94b0daa2befc50f790da0547d7c6184
-+Output = 9336a88737d9ae01b5c43be5789c8545689557aad295ea3c03d2a2e0143603365fea1656175c20bf
-+
-+
-+# [PRF=HMAC_SHA512]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=24_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:d10933b0683f6787c33eccea1c311b8444270504fb3980bfd56443ba4068722184c31541d9174f71068b7789440bc34cec456e115067f9c65a5f2883c6868204
-+Ctrl.hexinfo = hexinfo:dcb2ea8d715821d6393bd49a3e35f69a6c2519edb614f80fbc3f7ae1d65ff4a04c499e75d08819a09092ddaadba510e03cb2ac898804590dbd61fb7e
-+Output = 876d73040d03d569e2fcae33b241d98e
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:44e6e9abd8572a19ba127dfa2ca6a1b53beaef8c19a1ec5b67f1f6f7919671cd80ade7ded7c0f096525936ef427b152339de915f024964ca9ea908a120e2553a
-+Ctrl.hexinfo = hexinfo:c2884a0c3ea2ff5b0bc848698f49f2c59eff511d77caddba897dec7714a0984e54f330dd9e9fdca9c033dfbc36d3293eca0ce7601e316463966ad4fd
-+Output = b294537440bec490953bf6e9a77c4510536916b84a5a2f45b5bf9f76666d8f12
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:a39131ca2f8df817ea2f155aac72d58a696d915b66b7cbe172a0f48a407aa8af0edbaea051eb027fe8fcc435cc7f160feeb57bd39a39d94104fe35167dac1aae
-+Ctrl.hexinfo = hexinfo:52b6d1f6381fc3dd44baf1c9d36f0c313e58bf4fdb936b78103afdb90373079de90e4bb7d7089e65e0aef23f2a34df5198b8392aac705eb998c1f8cd
-+Output = e707c910b4db3a648815fcad5ca7af18e5354c2e
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:24
-+Ctrl.hexkey = hexkey:af5a39f0303b11bca55584ce24162dabd1625aed14ce54f9e407866e03efb24b12a36e164f96faf36bc92a08acd194285107173fb84caef787672d6471028459
-+Ctrl.hexinfo = hexinfo:1cd84829b89d3149948967494aece985f1df3d7ec7735e8cc468bb3e6fdb50964d32dcde5521a82402577371047bf77e34714437e9d213561055b9db
-+Output = a0e81b336a6f4ab395aada28314d8ba96b9216ae389b01aaec158e166239e554a217e69f603988fb
-+
-+
-+# [PRF=HMAC_SHA512]
-+# [CTRLOCATION=BEFORE_FIXED]
-+# [RLEN=32_BITS]
-+
-+# COUNT=0
-+# L = 128
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:dd5dbd45593ee2ac139748e7645b450f223d2ff297b73fd71cbcebe71d41653c950b88500de5322d99ef18dfdd30428294c4b3094f4c954334e593bd982ec614
-+Ctrl.hexinfo = hexinfo:b50b0c963c6b3034b8cf19cd3f5c4ebe4f4985af0c03e575db62e6fdf1ecfe4f28b95d7ce16df85843246e1557ce95bb26cc9a21974bbd2eb69e8355
-+Output = e5993bf9bd2aa1c45746042e12598155
-+
-+# COUNT=10
-+# L = 256
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:5be2bf7f5e2527e15fe65cde4507d98ba55457006867de9e4f36645bcff4ca38754f92898b1c5544718102593b8c26d45d1fceaea27d97ede9de8b9ebfe88093
-+Ctrl.hexinfo = hexinfo:004b13c1f628cb7a00d9498937bf437b71fe196cc916c47d298fa296c6b86188073543bbc66b7535eb17b5cf43c37944b6ca1225298a9e563413e5bb
-+Output = cee0c11be2d8110b808f738523e718447d785878bbb783fb081a055160590072
-+
-+# COUNT=20
-+# L = 160
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:9dd03864a31aa4156ca7a12000f541680ce0a5f4775eef1088ac13368200b447a78d0bf14416a1d583c54b0f11200ff4a8983dd775ce9c0302d262483e300ae6
-+Ctrl.hexinfo = hexinfo:037369f142d669fca9e87e9f37ae8f2c8d506b753fdfe8a3b72f75cac1c50fa1f8620883b8dcb8dcc67adcc95e70aa624adb9fe1b2cb396692b0d2e8
-+Output = 96e8d1bc01dc95c0bf42c3c38fc54c090373ced4
-+
-+# COUNT=30
-+# L = 320
-+KDF = KBKDF
-+Ctrl.mode = mode:COUNTER
-+Ctrl.digest = digest:SHA512
-+Ctrl.mac = mac:HMAC
-+Ctrl.use-l = use-l:0
-+Ctrl.use-separator = use-separator:0
-+Ctrl.r = r:32
-+Ctrl.hexkey = hexkey:a9f4a2c5af839867f5db5a1e520ab3cca72a166ca60de512fd7fe7e64cf94f92cf1d8b636175f293e003275e021018c3f0ede495997a505ec9a2afeb0495be57
-+Ctrl.hexinfo = hexinfo:8e9db3335779db688bcfe096668d9c3bc64e193e3529c430e68d09d56c837dd6c0f94678f121a68ee1feea4735da85a49d34a5290aa39f7b40de435f
-+Output = 6db880daac98b078ee389a2164252ded61322d661e2b49247ea921e544675d8f17af2bf66dd40d81
-+
diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
index cd61840..5dcc34c 100644
--- a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
+++ b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@@ -1,4 +1,4 @@
-From b9e2912acb72837b2fdef5cd8f96dc4e0d2a8fea Mon Sep 17 00:00:00 2001
+From 033a4a68f259e32ea58e5a9f478f59d7dabe70af Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: [PATCH 23/38] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures =
@@ -13,7 +13,7 @@ References: rhbz#2055796
4 files changed, 79 insertions(+), 18 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd640df26066 100644
+index d19efeaa99..451fa10bf2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
@@ -24,7 +24,7 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64
#include "crypto/x509.h"
#include "x509_local.h"
-@@ -3430,14 +3431,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+@@ -3438,14 +3439,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{
int secbits = -1;
int level = ctx->param->auth_level;
@@ -57,10 +57,10 @@ index 9384f1da9bad9e104550ff270d9ae8dc61da073d..859d5caf4529e193336022bc8a4bdd64
return secbits >= minbits_table[level - 1];
}
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3ef6254a8 100644
+index e5a88d11aa..2d5649f90b 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
-@@ -313,7 +313,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
+@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
digest will fail. For compatibility with older versions of OpenSSL, set this
option to B<yes>. This setting also affects TLS, where signature algorithms
that use SHA1 as digest will no longer be supported if this option is set to
@@ -75,7 +75,7 @@ index f7ac6a743b44c786cf18ccf2ed28105855ceb3ac..f850075d2d0da73e2ab8fc402b1884d3
=item B<fips_mode> (deprecated)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd6d7a06ed 100644
+index 8bc550ea5b..a9d21a6a96 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@
@@ -86,7 +86,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
-@@ -1566,19 +1567,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+@@ -1567,19 +1568,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
@@ -127,7 +127,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
-@@ -2116,6 +2125,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+@@ -2117,6 +2126,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
}
}
@@ -142,7 +142,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
-@@ -2985,6 +3002,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+@@ -2986,6 +3003,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
@@ -151,7 +151,7 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1;
-@@ -2993,6 +3012,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+@@ -2994,6 +3013,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
@@ -178,19 +178,19 @@ index 89c1dd31c72271b1923ab972e3d3359b6c8e1a03..831e594c00f1c048c9cd920b6c7e62cd
return ssl_security(s, op, secbits, nid, x);
else
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9f1393525 100644
+index f69af793e4..a7481254e1 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
--plan tests => 164;
-+plan tests => 163;
+-plan tests => 175;
++plan tests => 174;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -419,8 +419,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
+@@ -439,8 +439,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");
@@ -203,5 +203,5 @@ index 2a4c36e86daff04f87ad4726a9fb359d958189bf..309cda877d15ff18f5e492c05372f5c9
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
"PSS signature using SHA256 and auth level 2");
--
-2.39.1
+2.40.1
diff --git a/0053-Add-SHA1-probes.patch b/0053-Add-SHA1-probes.patch
deleted file mode 100644
index e0493a3..0000000
--- a/0053-Add-SHA1-probes.patch
+++ /dev/null
@@ -1,238 +0,0 @@
-From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Mon, 25 Apr 2022 15:21:46 +0200
-Subject: [PATCH] Instrument SHA-1 signatures with USDT probes
-
-In order to discover remaining uses of SHA-1 in signatures without
-forcefully breaking the code paths, add USDT probes that can be queried
-with systemtap at runtime.
-
-This should allow identifying components that still use SHA-1 signatures
-in production so that they can be transitioned to more modern hash
-algorithms.
----
- crypto/evp/m_sigver.c | 13 +++++++++----
- crypto/evp/pmeth_lib.c | 13 +++++++++----
- crypto/x509/x509_vfy.c | 6 +++++-
- providers/common/securitycheck.c | 22 +++++++++++++++-------
- providers/common/securitycheck_default.c | 13 +++++++++++--
- ssl/t1_lib.c | 8 +++++++-
- 6 files changed, 56 insertions(+), 19 deletions(-)
-
-diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 8da2183ce0..c17cdfa5d5 100644
---- a/crypto/evp/m_sigver.c
-+++ b/crypto/evp/m_sigver.c
-@@ -16,6 +16,8 @@
- #include "internal/numbers.h" /* includes SIZE_MAX */
- #include "evp_local.h"
-
-+#include <sys/sdt.h>
-+
- typedef struct ossl_legacy_digest_signatures_st {
- int allowed;
- } OSSL_LEGACY_DIGEST_SIGNATURES;
-@@ -336,10 +338,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
- && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
- int mdnid = EVP_MD_nid(ctx->reqdigest);
-- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
-- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
-- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-- goto err;
-+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ goto err;
-+ } else {
-+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid);
-+ }
- }
- }
-
-diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index b96f148c0d..54fcf24945 100644
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -37,6 +37,8 @@
- #include "internal/sslconf.h"
- #include "evp_local.h"
-
-+#include <sys/sdt.h>
-+
- #ifndef FIPS_MODULE
-
- static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
-@@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
- && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
- && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
- int mdnid = EVP_MD_nid(md);
-- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
-- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
-- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-- return -1;
-+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ return -1;
-+ } else {
-+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid);
-+ }
- }
- }
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index bf0c608839..78638ce80e 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -29,6 +29,8 @@
- #include "crypto/x509.h"
- #include "x509_local.h"
-
-+#include <sys/sdt.h>
-+
- /* CRL score values */
-
- #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
-@@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
-
- if ((nid == NID_sha1 || nid == NID_md5_sha1)
- && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
-- && ctx->param->auth_level < 2)
-+ && ctx->param->auth_level < 2) {
-+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
- return 1;
-+ }
-
- return secbits >= minbits_table[level - 1];
- }
-diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index e534ad0a5f..bf496450cf 100644
---- a/providers/common/securitycheck.c
-+++ b/providers/common/securitycheck.c
-@@ -21,6 +21,8 @@
- #include "prov/securitycheck.h"
- #include "internal/sslconf.h"
-
-+#include <sys/sdt.h>
-+
- /*
- * FIPS requires a minimum security strength of 112 bits (for encryption or
- * signing), and for legacy purposes 80 bits (for decryption or verifying).
-@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
-
- #ifndef FIPS_MODULE
-- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-- /* SHA1 is globally disabled, check whether we want to locally allow
-- * it. */
-- if (mdnid == NID_sha1 && !sha1_allowed)
-+ if (mdnid == NID_sha1 && !sha1_allowed) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-+ /* SHA1 is globally disabled, check whether we want to locally allow
-+ * it. */
- mdnid = -1;
-+ else
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
-+ }
- #endif
-
- return mdnid;
-@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
- #ifndef FIPS_MODULE
- {
- int mdnid = EVP_MD_nid(md);
-- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
-- && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-- return 0;
-+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-+ return 0;
-+ else
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_is_allowed_1, mdnid);
-+ }
- }
- #endif
-
-diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index ce54a94fbc..2d21e4a7df 100644
---- a/providers/common/securitycheck_default.c
-+++ b/providers/common/securitycheck_default.c
-@@ -17,6 +17,8 @@
- #include "internal/nelem.h"
- #include "internal/sslconf.h"
-
-+#include <sys/sdt.h>
-+
- /* Disable the security checks in the default provider */
- int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
- {
-@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
-
- ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
-+ if (mdnid == NID_sha1)
-+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid);
- if (mdnid == NID_undef)
- mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
-- if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
-- mdnid = -1;
-+ if (mdnid == NID_md5_sha1) {
-+ if (ldsigs_allowed)
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid);
-+ else
-+ mdnid = -1;
-+ }
- return mdnid;
- }
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 0b50266b69..d05e696a28 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -28,6 +28,8 @@
- #include "ssl_local.h"
- #include <openssl/ct.h>
-
-+#include <sys/sdt.h>
-+
- static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
- static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
-
-@@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
- } else {
- /*
- * Make sure security callback allows algorithm. For historical
-@@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
- return 1;
- }
-
-@@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
- && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
- && ((s != NULL && SSL_get_security_level(s) < 2)
- || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
-- ))
-+ )) {
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
- return 1;
-+ }
-
- if (s)
- return ssl_security(s, op, secbits, nid, x);
---
-2.35.1
-
diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
index da64805..a2c8d6e 100644
--- a/0056-strcasecmp.patch
+++ b/0056-strcasecmp.patch
@@ -1,15 +1,13 @@
diff -up openssl-3.0.3/util/libcrypto.num.locale openssl-3.0.3/util/libcrypto.num
--- openssl-3.0.3/util/libcrypto.num.locale 2022-06-01 12:35:52.667498724 +0200
+++ openssl-3.0.3/util/libcrypto.num 2022-06-01 12:36:08.112633093 +0200
-@@ -5425,6 +5425,8 @@ ASN1_item_d2i_ex
- OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
- OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
- OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP
+@@ -5425,4 +5425,6 @@ ASN1_item_d2i_ex
+ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
+ BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
+ OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
diff -up openssl-3.0.7/crypto/o_str.c.cmp openssl-3.0.7/crypto/o_str.c
--- openssl-3.0.7/crypto/o_str.c.cmp 2022-11-25 12:50:22.449760653 +0100
+++ openssl-3.0.7/crypto/o_str.c 2022-11-25 12:51:19.416350584 +0100
diff --git a/0060-FIPS-KAT-signature-tests.patch b/0060-FIPS-KAT-signature-tests.patch
deleted file mode 100644
index 184b150..0000000
--- a/0060-FIPS-KAT-signature-tests.patch
+++ /dev/null
@@ -1,420 +0,0 @@
-diff -up openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_backend.c
---- openssl-3.0.1/crypto/ec/ec_backend.c.fips_kat_signature 2022-04-04 15:49:24.786455707 +0200
-+++ openssl-3.0.1/crypto/ec/ec_backend.c 2022-04-04 16:06:13.250271963 +0200
-@@ -393,6 +393,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
- const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL;
- BN_CTX *ctx = NULL;
- BIGNUM *priv_key = NULL;
-+#ifdef FIPS_MODULE
-+ const OSSL_PARAM *param_sign_kat_k = NULL;
-+ BIGNUM *sign_kat_k = NULL;
-+#endif
- unsigned char *pub_key = NULL;
- size_t pub_key_len;
- const EC_GROUP *ecg = NULL;
-@@ -408,7 +412,10 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
- if (include_private)
- param_priv_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
--
-+#ifdef FIPS_MODULE
-+ param_sign_kat_k =
-+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K);
-+#endif
- ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec));
- if (ctx == NULL)
- goto err;
-@@ -481,6 +489,17 @@ int ossl_ec_key_fromdata(EC_KEY *ec, con
- && !EC_KEY_set_public_key(ec, pub_point))
- goto err;
-
-+#ifdef FIPS_MODULE
-+ if (param_sign_kat_k) {
-+ if ((sign_kat_k = BN_secure_new()) == NULL)
-+ goto err;
-+ BN_set_flags(sign_kat_k, BN_FLG_CONSTTIME);
-+
-+ if (!OSSL_PARAM_get_BN(param_sign_kat_k, &sign_kat_k))
-+ goto err;
-+ ec->sign_kat_k = sign_kat_k;
-+ }
-+#endif
- ok = 1;
-
- err:
-diff -up openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature openssl-3.0.1/crypto/ec/ecdsa_ossl.c
---- openssl-3.0.1/crypto/ec/ecdsa_ossl.c.fips_kat_signature 2022-04-04 17:01:35.725323127 +0200
-+++ openssl-3.0.1/crypto/ec/ecdsa_ossl.c 2022-04-04 17:03:42.000427050 +0200
-@@ -20,6 +20,10 @@
- #include "crypto/bn.h"
- #include "ec_local.h"
-
-+#ifdef FIPS_MODULE
-+extern int REDHAT_FIPS_signature_st;
-+#endif
-+
- int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp)
- {
-@@ -126,6 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *ecke
- goto err;
-
- do {
-+#ifdef FIPS_MODULE
-+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
-+ BN_copy(k, eckey->sign_kat_k);
-+ } else {
-+#endif
- /* get random k */
- do {
- if (dgst != NULL) {
-@@ -141,7 +150,9 @@ static int ecdsa_sign_setup(EC_KEY *ecke
- }
- }
- } while (BN_is_zero(k));
--
-+#ifdef FIPS_MODULE
-+ }
-+#endif
- /* compute r the x-coordinate of generator * k */
- if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
- ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
-diff -up openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature openssl-3.0.1/crypto/ec/ec_key.c
---- openssl-3.0.1/crypto/ec/ec_key.c.fips_kat_signature 2022-04-04 13:48:52.231172299 +0200
-+++ openssl-3.0.1/crypto/ec/ec_key.c 2022-04-04 14:00:35.077368605 +0200
-@@ -97,6 +97,9 @@ void EC_KEY_free(EC_KEY *r)
- EC_GROUP_free(r->group);
- EC_POINT_free(r->pub_key);
- BN_clear_free(r->priv_key);
-+#ifdef FIPS_MODULE
-+ BN_clear_free(r->sign_kat_k);
-+#endif
- OPENSSL_free(r->propq);
-
- OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
-diff -up openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature openssl-3.0.1/crypto/ec/ec_local.h
---- openssl-3.0.1/crypto/ec/ec_local.h.fips_kat_signature 2022-04-04 13:46:57.576161867 +0200
-+++ openssl-3.0.1/crypto/ec/ec_local.h 2022-04-04 13:48:07.827780835 +0200
-@@ -298,6 +298,9 @@ struct ec_key_st {
- #ifndef FIPS_MODULE
- CRYPTO_EX_DATA ex_data;
- #endif
-+#ifdef FIPS_MODULE
-+ BIGNUM *sign_kat_k;
-+#endif
- CRYPTO_RWLOCK *lock;
- OSSL_LIB_CTX *libctx;
- char *propq;
-diff -up openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature openssl-3.0.1/include/openssl/core_names.h
---- openssl-3.0.1/include/openssl/core_names.h.fips_kat_signature 2022-04-04 14:06:15.717370014 +0200
-+++ openssl-3.0.1/include/openssl/core_names.h 2022-04-04 14:07:35.376071229 +0200
-@@ -293,6 +293,7 @@ extern "C" {
- #define OSSL_PKEY_PARAM_DIST_ID "distid"
- #define OSSL_PKEY_PARAM_PUB_KEY "pub"
- #define OSSL_PKEY_PARAM_PRIV_KEY "priv"
-+#define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
-
- /* Diffie-Hellman/DSA Parameters */
- #define OSSL_PKEY_PARAM_FFC_P "p"
-diff -up openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c
---- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c.fips_kat_signature 2022-04-04 14:21:03.043180906 +0200
-+++ openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt.c 2022-04-04 14:38:33.949406645 +0200
-@@ -530,7 +530,8 @@ end:
- # define EC_IMEXPORTABLE_PUBLIC_KEY \
- OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
- # define EC_IMEXPORTABLE_PRIVATE_KEY \
-- OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
-+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), \
-+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, NULL, 0)
- # define EC_IMEXPORTABLE_OTHER_PARAMETERS \
- OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \
- OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
-diff -up openssl-3.0.1/providers/fips/self_test_kats.c.kat openssl-3.0.1/providers/fips/self_test_kats.c
---- openssl-3.0.1/providers/fips/self_test_kats.c.kat 2022-05-10 15:10:32.502185265 +0200
-+++ openssl-3.0.1/providers/fips/self_test_kats.c 2022-05-10 15:13:21.465653720 +0200
-@@ -17,6 +17,8 @@
- #include "self_test.h"
- #include "self_test_data.inc"
-
-+int REDHAT_FIPS_signature_st = 0;
-+
- static int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
- OSSL_LIB_CTX *libctx)
- {
-@@ -446,6 +448,7 @@ static int self_test_sign(const ST_KAT_S
- EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
- BN_CTX *bnctx = NULL;
-+ BIGNUM *K = NULL;
- size_t siglen = sizeof(sig);
- static const unsigned char dgst[] = {
- 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
-@@ -462,6 +465,9 @@ static int self_test_sign(const ST_KAT_S
- bnctx = BN_CTX_new_ex(libctx);
- if (bnctx == NULL)
- goto err;
-+ K = BN_CTX_get(bnctx);
-+ if (K == NULL || BN_bin2bn(dgst, sizeof(dgst), K) == NULL)
-+ goto err;
-
- bld = OSSL_PARAM_BLD_new();
- if (bld == NULL)
-@@ -469,6 +475,9 @@ static int self_test_sign(const ST_KAT_S
-
- if (!add_params(bld, t->key, bnctx))
- goto err;
-+ /* set K for ECDSA KAT tests */
-+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K, K))
-+ goto err;
- params = OSSL_PARAM_BLD_to_param(bld);
-
- /* Create a EVP_PKEY_CTX to load the DSA key into */
-@@ -689,11 +698,13 @@ static int self_test_kas(OSSL_SELF_TEST
- static int self_test_signatures(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
- {
- int i, ret = 1;
-+ REDHAT_FIPS_signature_st = 1;
-
- for (i = 0; i < (int)OSSL_NELEM(st_kat_sign_tests); ++i) {
- if (!self_test_sign(&st_kat_sign_tests[i], st, libctx))
- ret = 0;
- }
-+ REDHAT_FIPS_signature_st = 0;
- return ret;
- }
-
-diff -up openssl-3.0.1/providers/fips/self_test_data.inc.kat openssl-3.0.1/providers/fips/self_test_data.inc
---- openssl-3.0.1/providers/fips/self_test_data.inc.kat 2022-05-16 17:37:34.962807400 +0200
-+++ openssl-3.0.1/providers/fips/self_test_data.inc 2022-05-16 17:48:10.709376779 +0200
-@@ -1399,7 +1399,151 @@ static const ST_KAT_PARAM ecdsa_prime_ke
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv),
- ST_KAT_PARAM_END()
- };
-+static const unsigned char ec224r1_kat_sig[] = {
-+0x30, 0x3c, 0x02, 0x1c, 0x2f, 0x24, 0x30, 0x96, 0x3b, 0x39, 0xe0, 0xab, 0xe2, 0x5a, 0x6f, 0xe0,
-+0x40, 0x7e, 0x19, 0x30, 0x6e, 0x6a, 0xfd, 0x7a, 0x2b, 0x5d, 0xaa, 0xc2, 0x34, 0x6c, 0xc8, 0xce,
-+0x02, 0x1c, 0x47, 0xe1, 0xac, 0xfd, 0xb4, 0xb8, 0x2b, 0x8c, 0x49, 0xb6, 0x36, 0xcd, 0xdd, 0x22,
-+0x2a, 0x2d, 0x29, 0x64, 0x70, 0x61, 0xc3, 0x3e, 0x18, 0x51, 0xec, 0xf2, 0xad, 0x3c
-+};
-
-+static const char ecd_prime_curve_name384[] = "secp384r1";
-+/*
-+priv:
-+ 58:12:2b:94:be:29:23:13:83:f5:c4:20:e8:22:34:
-+ 54:73:49:91:10:05:e9:10:e9:d7:2d:72:9c:5e:6a:
-+ ba:8f:6d:d6:e4:a7:eb:e0:ae:e3:d4:c9:aa:33:87:
-+ 4c:91:87
-+pub:
-+ 04:d1:86:8b:f5:c4:a2:f7:a5:92:e6:85:2a:d2:92:
-+ 81:97:0a:8d:fa:09:3f:84:6c:17:43:03:43:49:23:
-+ 77:c4:31:f4:0a:a4:de:87:ac:5c:c0:d1:bc:e4:43:
-+ 7f:8d:44:e1:3b:5f:bc:27:c8:79:0f:d0:31:9f:a7:
-+ 6d:de:fb:f7:da:19:40:fd:aa:83:dc:69:ce:a6:f3:
-+ 4d:65:20:1c:66:82:80:03:f7:7b:2e:f3:b3:7c:1f:
-+ 11:f2:a3:bf:e8:0e:88
-+*/
-+static const unsigned char ecd_prime_priv384[] = {
-+ 0x58, 0x12, 0x2b, 0x94, 0xbe, 0x29, 0x23, 0x13, 0x83, 0xf5, 0xc4, 0x20, 0xe8, 0x22, 0x34,
-+ 0x54, 0x73, 0x49, 0x91, 0x10, 0x05, 0xe9, 0x10, 0xe9, 0xd7, 0x2d, 0x72, 0x9c, 0x5e, 0x6a,
-+ 0xba, 0x8f, 0x6d, 0xd6, 0xe4, 0xa7, 0xeb, 0xe0, 0xae, 0xe3, 0xd4, 0xc9, 0xaa, 0x33, 0x87,
-+ 0x4c, 0x91, 0x87
-+};
-+static const unsigned char ecd_prime_pub384[] = {
-+ 0x04, 0xd1, 0x86, 0x8b, 0xf5, 0xc4, 0xa2, 0xf7, 0xa5, 0x92, 0xe6, 0x85, 0x2a, 0xd2, 0x92,
-+ 0x81, 0x97, 0x0a, 0x8d, 0xfa, 0x09, 0x3f, 0x84, 0x6c, 0x17, 0x43, 0x03, 0x43, 0x49, 0x23,
-+ 0x77, 0xc4, 0x31, 0xf4, 0x0a, 0xa4, 0xde, 0x87, 0xac, 0x5c, 0xc0, 0xd1, 0xbc, 0xe4, 0x43,
-+ 0x7f, 0x8d, 0x44, 0xe1, 0x3b, 0x5f, 0xbc, 0x27, 0xc8, 0x79, 0x0f, 0xd0, 0x31, 0x9f, 0xa7,
-+ 0x6d, 0xde, 0xfb, 0xf7, 0xda, 0x19, 0x40, 0xfd, 0xaa, 0x83, 0xdc, 0x69, 0xce, 0xa6, 0xf3,
-+ 0x4d, 0x65, 0x20, 0x1c, 0x66, 0x82, 0x80, 0x03, 0xf7, 0x7b, 0x2e, 0xf3, 0xb3, 0x7c, 0x1f,
-+ 0x11, 0xf2, 0xa3, 0xbf, 0xe8, 0x0e, 0x88
-+};
-+static const ST_KAT_PARAM ecdsa_prime_key384[] = {
-+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name384),
-+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub384),
-+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv384),
-+ ST_KAT_PARAM_END()
-+};
-+static const unsigned char ec384r1_kat_sig[] = {
-+0x30, 0x65, 0x02, 0x30, 0x1a, 0xd5, 0x57, 0x1b, 0x28, 0x0f, 0xf1, 0x68, 0x66, 0x68, 0x8a, 0x98,
-+0xe3, 0x9c, 0xce, 0x7f, 0xa7, 0x68, 0xdc, 0x84, 0x5a, 0x65, 0xdc, 0x2b, 0x5d, 0x7e, 0xf3, 0x9b,
-+0xa0, 0x40, 0xe8, 0x7a, 0x02, 0xc7, 0x82, 0xe0, 0x0c, 0x81, 0xa5, 0xda, 0x55, 0x27, 0xbf, 0x79,
-+0xee, 0x72, 0xc2, 0x14, 0x02, 0x31, 0x00, 0xd1, 0x9d, 0x67, 0xda, 0x5a, 0xd2, 0x58, 0x68, 0xe7,
-+0x71, 0x08, 0xb2, 0xa4, 0xe4, 0xe8, 0x74, 0xb4, 0x0a, 0x3d, 0x76, 0x49, 0x31, 0x17, 0x6e, 0x33,
-+0x16, 0xf0, 0x00, 0x1f, 0x3c, 0x1f, 0xf9, 0x7c, 0xdb, 0x93, 0x49, 0x9c, 0x7d, 0xb3, 0xd3, 0x30,
-+0x98, 0x81, 0x6f, 0xb0, 0xc9, 0x30, 0x2f
-+};
-+static const char ecd_prime_curve_name521[] = "secp521r1";
-+/*
-+priv:
-+ 00:44:0f:96:31:a9:87:f2:5f:be:a0:bc:ef:0c:ae:
-+ 58:cc:5f:f8:44:9e:89:86:7e:bf:db:ce:cb:0e:20:
-+ 10:4a:11:ec:0b:51:1d:e4:91:ca:c6:40:fb:c6:69:
-+ ad:68:33:9e:c8:f5:c4:c6:a5:93:a8:4d:a9:a9:a2:
-+ af:fe:6d:cb:c2:3b
-+pub:
-+ 04:01:5f:58:a9:40:0c:ee:9b:ed:4a:f4:7a:3c:a3:
-+ 89:c2:f3:7e:2c:f4:b5:53:80:ae:33:7d:36:d1:b5:
-+ 18:bd:ef:a9:48:00:ea:88:ee:00:5c:ca:07:08:b5:
-+ 67:4a:c3:2b:10:c6:07:b0:c2:45:37:b7:1d:e3:6c:
-+ e1:bf:2c:44:18:4a:aa:01:af:75:40:6a:e3:f5:b2:
-+ 7f:d1:9d:1b:8b:29:1f:91:4d:db:93:bf:bd:8c:b7:
-+ 6a:8d:4b:2c:36:2a:6b:ab:54:9d:7b:31:99:a4:de:
-+ c9:10:c4:f4:a3:f4:6d:94:97:62:16:a5:34:65:1f:
-+ 42:cd:8b:9e:e6:db:14:5d:a9:8d:19:95:8d
-+*/
-+static const unsigned char ecd_prime_priv521[] = {
-+ 0x00, 0x44, 0x0f, 0x96, 0x31, 0xa9, 0x87, 0xf2, 0x5f, 0xbe, 0xa0, 0xbc, 0xef, 0x0c, 0xae,
-+ 0x58, 0xcc, 0x5f, 0xf8, 0x44, 0x9e, 0x89, 0x86, 0x7e, 0xbf, 0xdb, 0xce, 0xcb, 0x0e, 0x20,
-+ 0x10, 0x4a, 0x11, 0xec, 0x0b, 0x51, 0x1d, 0xe4, 0x91, 0xca, 0xc6, 0x40, 0xfb, 0xc6, 0x69,
-+ 0xad, 0x68, 0x33, 0x9e, 0xc8, 0xf5, 0xc4, 0xc6, 0xa5, 0x93, 0xa8, 0x4d, 0xa9, 0xa9, 0xa2,
-+ 0xaf, 0xfe, 0x6d, 0xcb, 0xc2, 0x3b
-+};
-+static const unsigned char ecd_prime_pub521[] = {
-+ 0x04, 0x01, 0x5f, 0x58, 0xa9, 0x40, 0x0c, 0xee, 0x9b, 0xed, 0x4a, 0xf4, 0x7a, 0x3c, 0xa3,
-+ 0x89, 0xc2, 0xf3, 0x7e, 0x2c, 0xf4, 0xb5, 0x53, 0x80, 0xae, 0x33, 0x7d, 0x36, 0xd1, 0xb5,
-+ 0x18, 0xbd, 0xef, 0xa9, 0x48, 0x00, 0xea, 0x88, 0xee, 0x00, 0x5c, 0xca, 0x07, 0x08, 0xb5,
-+ 0x67, 0x4a, 0xc3, 0x2b, 0x10, 0xc6, 0x07, 0xb0, 0xc2, 0x45, 0x37, 0xb7, 0x1d, 0xe3, 0x6c,
-+ 0xe1, 0xbf, 0x2c, 0x44, 0x18, 0x4a, 0xaa, 0x01, 0xaf, 0x75, 0x40, 0x6a, 0xe3, 0xf5, 0xb2,
-+ 0x7f, 0xd1, 0x9d, 0x1b, 0x8b, 0x29, 0x1f, 0x91, 0x4d, 0xdb, 0x93, 0xbf, 0xbd, 0x8c, 0xb7,
-+ 0x6a, 0x8d, 0x4b, 0x2c, 0x36, 0x2a, 0x6b, 0xab, 0x54, 0x9d, 0x7b, 0x31, 0x99, 0xa4, 0xde,
-+ 0xc9, 0x10, 0xc4, 0xf4, 0xa3, 0xf4, 0x6d, 0x94, 0x97, 0x62, 0x16, 0xa5, 0x34, 0x65, 0x1f,
-+ 0x42, 0xcd, 0x8b, 0x9e, 0xe6, 0xdb, 0x14, 0x5d, 0xa9, 0x8d, 0x19, 0x95, 0x8d
-+};
-+static const ST_KAT_PARAM ecdsa_prime_key521[] = {
-+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name521),
-+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub521),
-+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv521),
-+ ST_KAT_PARAM_END()
-+};
-+static const unsigned char ec521r1_kat_sig[] = {
-+0x30, 0x81, 0x88, 0x02, 0x42, 0x00, 0xdf, 0x64, 0x9c, 0xc8, 0x5b, 0xdd, 0x0b, 0x7f, 0x69, 0x7e,
-+0xdb, 0x83, 0x58, 0x67, 0x63, 0x43, 0xb7, 0xfa, 0x40, 0x29, 0xde, 0xb9, 0xde, 0xe9, 0x96, 0x65,
-+0xe6, 0x8e, 0xf4, 0xeb, 0xd0, 0xe9, 0x6a, 0xd3, 0x27, 0x6c, 0x4d, 0x60, 0x47, 0x9c, 0x62, 0xb8,
-+0x6c, 0xc1, 0x36, 0x19, 0x65, 0xff, 0xab, 0xcf, 0x24, 0xa3, 0xde, 0xd1, 0x4b, 0x1b, 0xdd, 0x89,
-+0xcf, 0xf8, 0x72, 0x7b, 0x92, 0xbc, 0x02, 0x02, 0x42, 0x01, 0xf8, 0x07, 0x77, 0xb8, 0xcb, 0xa2,
-+0xe2, 0x1f, 0x53, 0x9a, 0x7c, 0x16, 0xb5, 0x8e, 0xad, 0xe3, 0xc3, 0xac, 0xb7, 0xb2, 0x51, 0x8f,
-+0xf9, 0x09, 0x65, 0x43, 0xf8, 0xd8, 0x3c, 0xe3, 0x5c, 0x4a, 0x5e, 0x3d, 0x6f, 0xb7, 0xbb, 0x5a,
-+0x92, 0x69, 0xec, 0x71, 0xa2, 0x35, 0xe5, 0x29, 0x17, 0xaf, 0xc9, 0x69, 0xa7, 0xaa, 0x94, 0xf9,
-+0xf9, 0x50, 0x87, 0x7b, 0x5d, 0x87, 0xe3, 0xd6, 0x3f, 0xb6, 0x6e
-+};
-+static const char ecd_prime_curve_name256[] = "prime256v1";
-+/*
-+priv:
-+ 84:88:11:3f:a9:c9:9e:23:72:8b:40:cb:a2:b1:88:
-+ 01:1e:92:48:af:13:2d:9b:33:8e:6d:43:40:30:c7:
-+ 30:fa
-+pub:
-+ 04:22:58:b6:f9:01:3b:8c:a6:9b:9f:ae:75:fc:73:
-+ cf:1b:f0:81:dc:55:a3:cc:5d:81:46:85:06:32:34:
-+ 99:0d:c5:7e:a1:95:bb:21:73:33:40:4b:35:17:f6:
-+ 8e:26:61:46:94:2c:4c:ac:9b:20:f8:08:72:25:74:
-+ 98:66:c4:63:a6
-+*/
-+static const unsigned char ecd_prime_priv256[] = {
-+ 0x84, 0x88, 0x11, 0x3f, 0xa9, 0xc9, 0x9e, 0x23, 0x72, 0x8b, 0x40, 0xcb, 0xa2, 0xb1, 0x88,
-+ 0x01, 0x1e, 0x92, 0x48, 0xaf, 0x13, 0x2d, 0x9b, 0x33, 0x8e, 0x6d, 0x43, 0x40, 0x30, 0xc7,
-+ 0x30, 0xfa
-+};
-+static const unsigned char ecd_prime_pub256[] = {
-+ 0x04, 0x22, 0x58, 0xb6, 0xf9, 0x01, 0x3b, 0x8c, 0xa6, 0x9b, 0x9f, 0xae, 0x75, 0xfc, 0x73,
-+ 0xcf, 0x1b, 0xf0, 0x81, 0xdc, 0x55, 0xa3, 0xcc, 0x5d, 0x81, 0x46, 0x85, 0x06, 0x32, 0x34,
-+ 0x99, 0x0d, 0xc5, 0x7e, 0xa1, 0x95, 0xbb, 0x21, 0x73, 0x33, 0x40, 0x4b, 0x35, 0x17, 0xf6,
-+ 0x8e, 0x26, 0x61, 0x46, 0x94, 0x2c, 0x4c, 0xac, 0x9b, 0x20, 0xf8, 0x08, 0x72, 0x25, 0x74,
-+ 0x98, 0x66, 0xc4, 0x63, 0xa6
-+};
-+static const ST_KAT_PARAM ecdsa_prime_key256[] = {
-+ ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name256),
-+ ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub256),
-+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_prime_priv256),
-+ ST_KAT_PARAM_END()
-+};
-+static const unsigned char ec256v1_kat_sig[] = {
-+0x30, 0x46, 0x02, 0x21, 0x00, 0xc9, 0x11, 0x27, 0x06, 0x51, 0x2b, 0x50, 0x8c, 0x6b, 0xc0, 0xa6,
-+0x85, 0xaa, 0xf4, 0x66, 0x0d, 0xe4, 0x54, 0x0a, 0x10, 0xb6, 0x9f, 0x87, 0xfc, 0xa2, 0xbc, 0x8f,
-+0x3c, 0x58, 0xb4, 0xe9, 0x41, 0x02, 0x21, 0x00, 0xc9, 0x72, 0x94, 0xa9, 0xdd, 0x52, 0xca, 0x21,
-+0x82, 0x66, 0x7a, 0x68, 0xcb, 0x1e, 0x3b, 0x12, 0x71, 0x4d, 0x56, 0xb5, 0xb7, 0xdd, 0xca, 0x2b,
-+0x18, 0xa3, 0xa7, 0x08, 0x0d, 0xfa, 0x9c, 0x66
-+};
- # ifndef OPENSSL_NO_EC2M
- static const char ecd_bin_curve_name[] = "sect233r1";
- static const unsigned char ecd_bin_priv[] = {
-@@ -1571,8 +1715,42 @@ static const ST_KAT_SIGN st_kat_sign_tes
- ecdsa_prime_key,
- /*
- * The ECDSA signature changes each time due to it using a random k.
-- * So there is no expected KAT for this case.
-+ * We provide this value in our build
-+ */
-+ ITM(ec224r1_kat_sig)
-+ },
-+ {
-+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
-+ "EC",
-+ "SHA-256",
-+ ecdsa_prime_key384,
-+ /*
-+ * The ECDSA signature changes each time due to it using a random k.
-+ * We provide this value in our build
-+ */
-+ ITM(ec384r1_kat_sig)
-+ },
-+ {
-+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
-+ "EC",
-+ "SHA-256",
-+ ecdsa_prime_key521,
-+ /*
-+ * The ECDSA signature changes each time due to it using a random k.
-+ * We provide this value in our build
-+ */
-+ ITM(ec521r1_kat_sig)
-+ },
-+ {
-+ OSSL_SELF_TEST_DESC_SIGN_ECDSA,
-+ "EC",
-+ "SHA-256",
-+ ecdsa_prime_key256,
-+ /*
-+ * The ECDSA signature changes each time due to it using a random k.
-+ * We provide this value in our build
- */
-+ ITM(ec256v1_kat_sig)
- },
- # ifndef OPENSSL_NO_EC2M
- {
-diff -up openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c
---- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c.fipskat 2022-05-30 14:48:53.180999124 +0200
-+++ openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2022-05-30 14:58:52.841286228 +0200
-@@ -44,6 +44,10 @@
- #define S390X_OFF_RN(n) (4 * n)
- #define S390X_OFF_Y(n) (4 * n)
-
-+#ifdef FIPS_MODULE
-+extern int REDHAT_FIPS_signature_st;
-+#endif
-+
- static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r,
- const BIGNUM *scalar,
- size_t num, const EC_POINT *points[],
-@@ -183,11 +187,21 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign
- * because kdsa instruction constructs an in-range, invertible nonce
- * internally implementing counter-measures for RNG weakness.
- */
-+#ifdef FIPS_MODULE
-+ if (REDHAT_FIPS_signature_st && eckey->sign_kat_k != NULL) {
-+ BN_bn2binpad(eckey->sign_kat_k, param + S390X_OFF_RN(len), len);
-+ /* Turns KDSA internal nonce-generation off. */
-+ fc |= S390X_KDSA_D;
-+ } else {
-+#endif
- if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len),
- (size_t)len, 0) != 1) {
- ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
- goto ret;
- }
-+#ifdef FIPS_MODULE
-+ }
-+#endif
- } else {
- /* Reconstruct k = (k^-1)^-1. */
- if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0
diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
index 286852c..9991c5c 100644
--- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
+++ b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
@@ -568,851 +568,3 @@ index 8c52b637fc..ff75c5b6ec 100644
SKIP: {
skip "No IPv4 available on this machine", 4
-diff -up openssl-3.0.5/test/smime-certs/smdh.pem.0061 openssl-3.0.5/test/smime-certs/smdh.pem
---- openssl-3.0.5/test/smime-certs/smdh.pem.0061 2022-09-02 14:17:15.331436663 +0200
-+++ openssl-3.0.5/test/smime-certs/smdh.pem 2022-09-02 14:17:15.347436804 +0200
-@@ -1,47 +1,47 @@
- -----BEGIN PRIVATE KEY-----
--MIICXAIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCB6AUA/1eXRh+iLWHXe+lUl6e+
--+460tAIIpsQ1jw1ZaTmlH9SlrWSBNVRVHwDuBW7vA+lKgBvDpCIjmhRbgrZIGwcZ
--6ruCYy5KF/B3AW5MApC9QCDaVrG6Hb7NfpMgwuUIKvvvOMrrvn4r5Oxtsx9rORTE
--bdS33MuZCOIbodjs5u+e/2hhssOwgUTMASDwXppJTyeMwAAZ+p78ByrSULP6yYdP
--PTh8sK1begDG6YTSKE3VqYNg1yaE5tQvCQ0U2L4qZ8JqexAVHbR8LA8MNhtA1pma
--Zj4q2WNAEevpprIIRXgJEZY278nPlvVeoKfOef9RBHgQ6ZTnZ1Et5iLMCwYHAoIB
--AFVgJaHfnBVJYfaQh1NyoVZJ5xX6UvvL5xEKUwwEMgs8JSOzp2UI+KRDpy9KbNH7
--93Kwa2d8Q7ynciDiCmd1ygF4CJKb4ZOwjWjpZ4DedHr0XokGhyBCyjaBxOi3i4tP
--EFO8YHs5B/yOZHzcpTfs2VxJqIm3KF8q0Ify9PWDAsgo+d21/+eye60FHjF9o2/D
--l3NRlOhUhHNGykfqFgKEEEof3/3c6r5BS0oRXdsu6dx/y2/v8j9aJoHfyGHkswxr
--ULSBxJENOBB89C+GET6yhbxV1e4SFwzHnXgG8bWXwk7bea6ZqXbHq0pT3kUiQeKe
--assXKqRBAG9NLbQ3mmx8RFkCHQDIVBWPf6VwBa2s1CAcsIziVJ8qr/KAKx9DZ3h5
--BB4CHAF3VZBAC/TB85J4PzsLJ+VrOWr0c8kQlYUR9rw=
-+MIICXQIBADCCAjUGByqGSM4+AgEwggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdT
-+e9OxD/p9DQNKqoLyJ10TAUXuycozVqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJt
-+F1ZLW+1pklZs2m0cLl4raOe8CZGHkSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81l
-+pvL0946LiHfHklMtSOkK3H9PkGB/KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4
-+ieeWprywTaZ8gp3NBMjyuRJniGCQ52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTk
-+VS3wLo5ypgrveRdALKvqkHe0qfNr5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIB
-+AE50cpgSJBYr9+5dj+fJJcXf/KX9rttlBXyveUP+vbSm/oW443/IksO3oLMy1Raq
-+tHTDBhtNrH7rSK6CDStKrMkgHsjTYkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB
-+7QB0kkkUgZ7etsnNxEkz9WQwohTvGBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgt
-+eEiCO8D9xu0sEXT8ZdRqWcmkTfeMRojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxB
-+DrYYkV3LSAweuUQKBocNI7bbbOvPByUvHVMfJBrBmwIJI3vc3091njOH53zATNNv
-+ta+9S7L4zNsvbg8RtJyH8i4CHQCY12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXv
-+BB8CHQCGE6pxpX5lWcH6+TGLDoLo3T5L2/5KTd0tRNdj
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFmDCCBICgAwIBAgIUWlJkHZZ2eZgkGCHFtcMAjlLdDH8wDQYJKoZIhvcNAQEL
-+MIIFljCCBH6gAwIBAgIUMNF4DNf+H6AXGApe99UrJWFcAnwwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgREggIzEwggNCMIICNQYHKoZIzj4C
--ATCCAigCggEBAIHoBQD/V5dGH6ItYdd76VSXp777jrS0AgimxDWPDVlpOaUf1KWt
--ZIE1VFUfAO4Fbu8D6UqAG8OkIiOaFFuCtkgbBxnqu4JjLkoX8HcBbkwCkL1AINpW
--sbodvs1+kyDC5Qgq++84yuu+fivk7G2zH2s5FMRt1Lfcy5kI4huh2Ozm757/aGGy
--w7CBRMwBIPBemklPJ4zAABn6nvwHKtJQs/rJh089OHywrVt6AMbphNIoTdWpg2DX
--JoTm1C8JDRTYvipnwmp7EBUdtHwsDww2G0DWmZpmPirZY0AR6+mmsghFeAkRljbv
--yc+W9V6gp855/1EEeBDplOdnUS3mIswLBgcCggEAVWAlod+cFUlh9pCHU3KhVknn
--FfpS+8vnEQpTDAQyCzwlI7OnZQj4pEOnL0ps0fv3crBrZ3xDvKdyIOIKZ3XKAXgI
--kpvhk7CNaOlngN50evReiQaHIELKNoHE6LeLi08QU7xgezkH/I5kfNylN+zZXEmo
--ibcoXyrQh/L09YMCyCj53bX/57J7rQUeMX2jb8OXc1GU6FSEc0bKR+oWAoQQSh/f
--/dzqvkFLShFd2y7p3H/Lb+/yP1omgd/IYeSzDGtQtIHEkQ04EHz0L4YRPrKFvFXV
--7hIXDMedeAbxtZfCTtt5rpmpdserSlPeRSJB4p5qyxcqpEEAb00ttDeabHxEWQId
--AMhUFY9/pXAFrazUIBywjOJUnyqv8oArH0NneHkDggEFAAKCAQBigH0Mp4jUMSfK
--yOhKlEfyZ/hj/EImsUYW4+u8xjBN+ruOJUTJ06Mtgw3g2iLkhQoO9NROqvC9rdLj
--+j3e+1QWm9EDNKQAa4nUp8/W+XZ5KkQWudmtaojEXD1+kd44ieNLtPGuVnPtDGO4
--zPf04IUq7tDGbMDMMn6YXvW6f28lR3gF5vvVIsnjsd/Lau6orzmNSrymXegsEsFR
--Q7hT+/tPoAtro6Hx9rBrYb/0OCiRe4YuYrFKkC0aaJfUQepVyuVMSTxxKTzq8T06
--M8SBITlmkPFZJHyGzV/+a72hpJsAa0BaDnpxH3cFpEMzeYG1XQK461zexoIYN3ub
--i3xNPUzPo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4E
--FgQULayIqKcWHtUH4pFolI6dKxycIG8wHwYDVR0jBBgwFoAUFcETIWviVV+nah1X
--INbP86lzZFkwDQYJKoZIhvcNAQELBQADggEBAKjKvvJ6Vc9HiQXACqqRZnekz2gO
--ue71nsXXDr2+y4PPpgcDzgtO3vhQc7Akv6Uyca9LY7w/X+temP63yxdLpKXTV19w
--Or0p4VEvTZ8AttMjFh4Hl8caVYk/J4TIudSXLIfKROP6sFu5GOw7W3xpBkL5Zio6
--3dqe6xAYK0woNQPDfj5yOAlqj1Ohth81JywW5h2g8GfLtNe62coAqwjMJT+ExHfU
--EkF/beSqRGOvXwyhSxFpe7HVjUMgrgdfoZnNsoPmpH3eTiF4BjamGWI1+Z0o+RHa
--oPwN+cCzbDsi9uTQJO1D5S697heX00zzzU/KSW7djNzKv55vm24znuFkXTM=
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MzM0NloXDTMyMDMz
-+MTE0MzM0NlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIERIICMxMIIDQjCCAjUGByqGSM4+AgEw
-+ggIoAoIBAQCCyx9ZhD6HY5xgusGDrJZJ+FdTe9OxD/p9DQNKqoLyJ10TAUXuycoz
-+VqDAD4v1wsOAPH0TDOX9Ns87PXgTbd6DpSJtF1ZLW+1pklZs2m0cLl4raOe8CZGH
-+kSgia0wC40LAg/u/JZ6NAG2YSiFEtjbkf81lpvL0946LiHfHklMtSOkK3H9PkGB/
-+KrXMITRR2P1u78AzTvc2YL7iLlCu6mV2g6v4ieeWprywTaZ8gp3NBMjyuRJniGCQ
-+52jPfOvT32w/sBTIfUO+95u/eEHrTP4K+vTkVS3wLo5ypgrveRdALKvqkHe0qfNr
-+5VQRk2Pt6ReH35kjiUPLZCccgJr9h80hAoIBAE50cpgSJBYr9+5dj+fJJcXf/KX9
-+rttlBXyveUP+vbSm/oW443/IksO3oLMy1RaqtHTDBhtNrH7rSK6CDStKrMkgHsjT
-+YkZOU85vCdrVi3UZBz0GiYO/8kQ8aLeTe3LB7QB0kkkUgZ7etsnNxEkz9WQwohTv
-+GBHBFNDKDqWadP9BpNrFoDCYojit7GOZPQgteEiCO8D9xu0sEXT8ZdRqWcmkTfeM
-+Rojrzxt0LpT/vUKHGsBFmUN7kH4Hy9z2LJxBDrYYkV3LSAweuUQKBocNI7bbbOvP
-+ByUvHVMfJBrBmwIJI3vc3091njOH53zATNNvta+9S7L4zNsvbg8RtJyH8i4CHQCY
-+12PTXj6Ipxbqq4d1Q+AoUqnN/H9lAS46teXvA4IBBQACggEAJP4Vy6vcIa7jLa93
-+DWeT0pxe4zeYXxRWbvS7reLoZcBIhH253/QfXj+0UhcjtAa5A2X519anBuetUern
-+ecBmHO9vAj9F7J6feK+pUxE8cl793gmWzcGijMXCuRorW7GZ3XBTuQbWaJLtxB4a
-+rS54+CFMUfqR5coxGrraGPGjR9P6YCpJgWL74yxiQVzjEdwPLEz/0ehKeDkSvuj8
-+Ixe06fY0eA9sfxx7+4lm2Jhw7XaIfguo8mgrfWjBzkkT2mcAHss/fdKcXNYrg+A+
-+xgApPiyuy7S4YkQSsdV5Ns8UFttBCuojzEuWQ49fMZcv/rIHSHSxpbg2Sdka+d6h
-+wOQHK6NgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYE
-+FLG7SOccVVRWmPw87GRrYH/NCegTMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaI
-+qSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQB9J2dIIbIAiB8ToXJcyO7HRPhdWC/Y
-+TE8cqeL+JiWNvIMB9fl2gOx6gj2h+yEr3lCpK/XDoWOs576UScS/vvs6fOjFHfkb
-+L4i9nHXD2KizXkM2hr9FzTRXd9c3XXLyB9t1z38qcpOMxoxAbnH8hWLQDPjFdArC
-+KWIqK/Vqxz4ZcIveM9GcVf78FU2DbQF4pwHjO9TsG7AbXiV4PXyJK75W5okAbZmQ
-+EmMmVXEJdXSOS4prP8DCW/LYJ5UddsVZba2BCHD3c1c2YTA4GsP3ZMoXvQoyj0L2
-+/xazs/AS373Of6H0s00itRTFABxve1I7kE5dQdc3oZjn6A/DbfjYUmr5
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 openssl-3.0.5/test/smime-certs/smdsa1.pem
---- openssl-3.0.5/test/smime-certs/smdsa1.pem.0061 2022-09-02 14:17:15.326436618 +0200
-+++ openssl-3.0.5/test/smime-certs/smdsa1.pem 2022-09-02 14:17:15.346436795 +0200
-@@ -1,47 +1,47 @@
- -----BEGIN PRIVATE KEY-----
--MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
--i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
--4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
--kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
--c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
--8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
--mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
--V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
--ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
--CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
--5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
--QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
--ygQeAhwE9yuqObvNXzUTN+PY2rg00PzdyJw3XJAUrmlY
-+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
-+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
-+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
-+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
-+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
-+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
-+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
-+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
-+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
-+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
-+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
-+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
-+TQMsxQQjAiEAkolGvb/76X3vm5Ov09ezqyBYt9cdj/FLH7DyMkxO7X0=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFmjCCBIKgAwIBAgIUUoOmJmXAY29/2rWY0wJphQ5/pzUwDQYJKoZIhvcNAQEL
-+MIIFmzCCBIOgAwIBAgIUWGMqmBZZ1ykguVDk2Whn+2uKMA0wDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMxMIIDQzCCAjYGByqGSM44
--BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
--J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
--LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
--62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
--MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
--aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
--3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
--bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
--9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
--DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
--E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
--hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBACGS7hCpTL0g
--lx9C1Bwz5xfVd0mwCqx9UGiH8Bf4lRsSagL0Irwvnjz++WH1vecZa2bWsYsPhQ+D
--KDzaCo20CYln4IFEPgY0fSE+KTF1icFj/mD+MgxWgsgKoTI120ENPGHqHpKkv0Uv
--OlwTImU4BxxkctZ5273XEv3VPQE8COGnXgqt7NBazU/O7vibFm0iaEsVjHFHYcoo
--+sMcm3F2E/gvR9IJGaGPeCk0sMW8qloPzErWIugx/OGqM7fni2cIcZwGdju52O+l
--cLV0tZdgC7eTbVDMLspyuiYME+zvEzRwCQF/GqcCDSn68zxJv/zSNZ9XxOgZaBfs
--Na7e8YGATiujYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
--DgQWBBSFVrWPZrHzhHUg0MMEAAKwQIfsazAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
--HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAbm49FB+eyeX7OBUC/akhnkFw
--cDXqw7Fl2OibRK+g/08zp4CruwJdb72j5+pTmG+9SF7tGyQBfHFf1+epa3ZiIc+0
--UzFf2xQBMyHjesL19cTe4i176dHz8pCxx9OEow0GlZVV85+Anev101NskKVNNVA7
--YnB2xKQWgf8HORh66XVCk54xMcd99ng8xQ8vhZC6KckVbheQgdPp7gUAcDgxH2Yo
--JF8jHQlsWNcCGURDldP6FQ49TGWHj24IGjnjGapWxMUjvCz+kV6sGW/OIYu+MM9w
--FMIOyEdUUtKowWT6eXwrITup3T6pspPTicbK61ZCPuxMvP2JBFGZsqat+F5g+w==
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjA0OFoXDTMyMDMz
-+MTE0MjA0OFowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMTCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAZdJAANu5E
-+hkGOJDo2KTBmX7EQMR98gTRFZu/B/W19bHDhm9qc792PLPkV487QAgkMEItSOv0P
-+faeSYgbUe7d1aBXzqSdCwzq4WIxLNj2eQkZk6UffDg0csTvymTvnFHWyDUwRmvjH
-++35r95r1jgBeSUQMJxoe2kwZ4DHdkCpIp5z7NA44DvclY/X+BgcZ1jJNClC3BFOy
-+HQaLmY452mgnS+k7zfFhsUJn5lkpfVFY6Ml7Y5AFG3Dvf2rWdGBrVUwsBP8sVJCx
-+ITcg6nyGJZuOeK3VITqrcgjZr9odkf/Hg7OzN+a1B+Z6u3Ld5BKrduBqN/EKxxyd
-+GNJst42JrNFIo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQU0dBhM47Fpn83rw6nGqMcq5q3DqwwHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAC3W5L4plRWiaX03PncMHnaL
-+sp48+2jJen4avzNpRZF/bTQ621x/KLWelbMzBTMxU6jtU1LwCvsiOTSenUZ6W5vq
-+TGy6nwkMUrBN0nHmymVz5v40VBLtc2/5xF9UBZ1GMnmYko+d7VHBD6qu4hpi6OD1
-+3Z2kxCRaZ87y3IbVnl6zqdqxDxKCj4Ca+TT6AApm/MYVwpuvCVmuXrBBvJYTFFeZ
-+2J90jHlQep2rAaZu41oiIlmQUEf9flV0iPYjj+Pqdzr9ovWVbqt7l1WKOBDYdzJW
-+fQ8TvFSExkDQsDc0nkkLIfJBFUFuOpNmODvq+Ac8AGUBnl/Z3pAV4KVnnobIXHw=
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 openssl-3.0.5/test/smime-certs/smdsa2.pem
---- openssl-3.0.5/test/smime-certs/smdsa2.pem.0061 2022-09-02 14:17:15.332436671 +0200
-+++ openssl-3.0.5/test/smime-certs/smdsa2.pem 2022-09-02 14:17:15.347436804 +0200
-@@ -1,47 +1,47 @@
- -----BEGIN PRIVATE KEY-----
--MIICXQIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
--i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
--4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
--kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
--c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
--8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
--mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
--V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
--ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
--CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
--5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
--QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
--ygQeAhwmRauZi+nQ3kQ+GSKD7JCwv8XkD9NObMGlW018
-+MIICZAIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
-+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
-+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
-+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
-+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
-+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
-+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
-+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
-+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
-+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
-+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
-+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
-+TQMsxQQiAiAdCUJ5n2Q9hIynN8BMpnRcdfH696BKejGx+2Mr2kfnnA==
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFmjCCBIKgAwIBAgIUHGKu2FMhT1wCiJTK3uAnklo55uowDQYJKoZIhvcNAQEL
-+MIIFmzCCBIOgAwIBAgIUXgHGnvOCmrOH9biRq3yTCcDsliUwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMyMIIDQzCCAjYGByqGSM44
--BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
--J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
--LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
--62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
--MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
--aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
--3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
--bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
--9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
--DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
--E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
--hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAE0+OYS0s8/o
--HwuuiPsBZTlRynqdwF6FHdE0Ei2uVTxnJouPYB2HvaMioG2inbISzPtEcnLF9Pyx
--4hsXz7D49yqyMFjE3G8ObBOs/Vdno6E9ZZshWiRDwPf8JmoYp551UuJDoVaOTnhx
--pEs30nuidtqd54PMdWUQPfp58kTu6bXvcRxdUj5CK/PyjavJCnGfppq/6j8jtrji
--mOjIIeLZIbWp7hTVS/ffmfqZ8Lx/ShOcUzDa0VS3lfO28XqXpeqbyHdojsYlG2oA
--shKJL7/scq3ab8cI5QuHEIGSbxinKfjCX4OEQ04CNsgUwMY9emPSaNdYDZOPqq/K
--3bGk2PLcRsyjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
--DgQWBBTQAQyUCqYWGo5RuwGCtHNgXgzEQzAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
--HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAc3rayE2FGgG1RhLXAHYAs1Ky
--4fcVcrzaPaz5jjWbpBCStkx+gNcUiBf+aSxNrRvUoPOSwMDLpMhbNBj2cjJqQ0W1
--oq4RUQth11qH89uPtBqiOqRTdlWAGZJbUTtVfrlc58DsDxFCwdcktSDYZwlO2lGO
--vMCOn9N7oqEEuwRa++xVnYc8ZbY8lGwJD3bGR6iC7NkYk+2LSqPS52m8e0GO8dpf
--RUrndbhmtsYa925dj2LlI218F3XwVcAUPW67dbpeEVw5OG8OCHRHqrwBEJj2PMV3
--tHeNXDEhjTzI3wiFia4kDBAKIsrC/XQ4tEiFzq0V00BiVY0ykhy+v/qNPskTsg==
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjIyNloXDTMyMDMz
-+MTE0MjIyNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMjCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQAi1CUW7S3s
-+zDUcdE667AotL4SHZY01k/3owtBPKA5WWqBolj7WYkvO+X/nUssfph7NfS3z1nYO
-+b/dI4kR02t1sgS21u7mvPKZfEWFzy5ohhkWFJPfyhDAk6MzzAWK0BARJ7r/0dmOR
-+7EypKrH+vloQpNosGKeoDUElEjvZKjX/V2/w/30Vq88AN2PxXt8BxxF4oRAqd+fA
-+DuaucP46UioUoWffAIaTxLDu1In2DqOAIj7MXCsqfbD7D6Ki386DGX3IwC0qYB3r
-+z0gBmvkY8+9XbLQo6iAKJRiBJNJrBmGv6uPIVq98jl0FbMyri0rH/MCLown7qEYm
-+MnyMehP0kA+Zo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQUZrHDTiSqm594ZkL5NMGrygydfKswHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBADhpm4d9pgdWTiX1ci4qxOat
-+MK+eAc3y8dwjacwiTD94fFy+MFzItAI2msF+ILXDCYDUpFZpBjlCNRzMu/ETghJx
-+53g4Hg6ioYmtLcYIAFQVIz4skdgV8npztK3ZQMSN3dcateZBf8KaEdP+cRtQs4IW
-+Y+EAZ6Fve2j/kz1x/cmhSFQdWhhS+WzYUCY+FLWDXMuNLh7rDWy1t8VaRHLBU4TU
-+q6W/qDaN2e6dKrzjEkqUstdGZ+JAkAZ+6CIABEnHeco1dEQUU5Atry7djeRhY68r
-+us++ajRd6DLWXrD4KePyTYSPc7rAcbBBYSwe48cTxlPfKItTCrRXmWJHCCZ0UBA=
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 openssl-3.0.5/test/smime-certs/smdsa3.pem
---- openssl-3.0.5/test/smime-certs/smdsa3.pem.0061 2022-09-02 14:17:15.334436689 +0200
-+++ openssl-3.0.5/test/smime-certs/smdsa3.pem 2022-09-02 14:17:15.348436813 +0200
-@@ -1,47 +1,47 @@
- -----BEGIN PRIVATE KEY-----
--MIICXgIBADCCAjYGByqGSM44BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1
--i0SuHnFvPc5gHMLIxJhDp3cLJ5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t
--4INbA4D+QSkxb4SWNurRBQj5LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAa
--kOxI+l/rPAQlIUMCHSF6xXgd62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLg
--c9HnYvwxlpoV+SHi+QXSrcrtMBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S
--8EP8eXSDD+1Sni2Jk38etU+laS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0A
--mkjrU1XrCahV9d78Rklpd4fK3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huaw
--V6wj7hT99kjzQjZqbvLENW9bbAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7
--ioJmtded5hhS6GDg3Oj4IYiJ9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKR
--CnZ2/FeRyjSS3cUey89GE2N2DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL
--5H4Oo6NaSUc8dl7HWEeWoS8BE7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdL
--QldkaQkHAEg0QqYb2Hv/xHfVhn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwX
--ygQfAh0AkfI6533W5nBIVrDPcp2DCXC8u2SIwBob6OoK5A==
-+MIICZQIBADCCAjkGByqGSM44BAEwggIsAoIBAQCQfLlNdehPnTrGIMhw4rk0uua6
-+k1nCG3zcyfXli17BdB2k0HBPaTA3a3ZHfOt1Awy0Uu0wZ3gdPr9z0I64hnJXIGou
-+zIanZ7nYRImHtX5JMFbXeyxo1Owd2Zs3oEk9nQUoUsMxvmYC/ghPL5Zx1pPxcHCO
-+wzWxoG4yZMjimXOc1/W7zvK/4/g/Cz9fItD3zdcydfgM/hK0/CeYQ21xfhqf4mjK
-+v9plnCcWgToGI+7H8VK80MFbkO2QKRz3vP1/TjK6PRm9sEeB5b10+SvGv2j2w+CC
-+0fXL4s6n7PtBlm/bww8xL1/Az8kwejUcII1Dc8uNwwISwGbwaGBvl7IHpm21AiEA
-+rodZi+nCKZdTL8IgCjX3n0DuhPRkVQPjz/B6VweLW9MCggEAfimkUNwnsGFp7mKM
-+zJKhHoQkMB1qJzyIHjDzQ/J1xjfoF6i27afw1/WKboND5eseZhlhA2TO5ZJB6nGx
-+DOE9lVQxYVml++cQj6foHh1TVJAgGl4mWuveW/Rz+NEhpK4zVeEsfMrbkBypPByy
-+xzF1Z49t568xdIo+e8jLI8FjEdXOIUg4ehB3NY6SL8r4oJ49j/sJWfHcDoWH/LK9
-+ZaBF8NpflJe3F40S8RDvM8j2HC+y2Q4QyKk1DXGiH+7yQLGWzr3M73kC3UBnnH0h
-+Hxb7ISDCT7dCw/lH1nCbVFBOM0ASI26SSsFSXQrvD2kryRcTZ0KkyyhhoPODWpU+
-+TQMsxQQjAiEArJr6p2zTbhRppQurHGTdmdYHqrDdZH4MCsD9tQCw1xY=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIFmjCCBIKgAwIBAgIUO2QHMd9V/S6KlrFDIPd7asRP4FAwDQYJKoZIhvcNAQEL
-+MIIFmzCCBIOgAwIBAgIUMMzeluWS9FTgzFM2PCI6rSt0++QwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgRFNBICMzMIIDQzCCAjYGByqGSM44
--BAEwggIpAoIBAQCg5xGADjdINCKODDX6yq3w8vQ1i0SuHnFvPc5gHMLIxJhDp3cL
--J5eJmcHZ07WflsMgSxD2Wd5lX5Q9uxtv78/erv5t4INbA4D+QSkxb4SWNurRBQj5
--LuoGhFMpCubDYSxiKkTJ4pmOEbsjnlGLiN5R1jAakOxI+l/rPAQlIUMCHSF6xXgd
--62fUdEAnRYj46Lgw+FWKAKNhcH7rOLA7k4JnYCLgc9HnYvwxlpoV+SHi+QXSrcrt
--MBNCmIgIONI5uNuBnZq6jjHE/Wg1+D4wGxOZl+/S8EP8eXSDD+1Sni2Jk38etU+l
--aS0pVV9lh6sV3zV28YXVZl01CHUfwH+3w/XJAh0AmkjrU1XrCahV9d78Rklpd4fK
--3K53+X5MeTgNLQKCAQEAoA32HKvIhx6wvmT9huawV6wj7hT99kjzQjZqbvLENW9b
--bAgOdPzZzusqZmZMgGdDr94oYz1/MhmAKNY4lQv7ioJmtded5hhS6GDg3Oj4IYiJ
--9trAQ/ATrDrSi3sQAZ3Pvip7j4oljvsQBmAj3KKRCnZ2/FeRyjSS3cUey89GE2N2
--DQbHEmuG/F8aDmUhLNusZm6nXs2Y1W7+kQRwswBL5H4Oo6NaSUc8dl7HWEeWoS8B
--E7G4JFCXBQwwgInOJINyQlknxMSpv7dwxp32SgdLQldkaQkHAEg0QqYb2Hv/xHfV
--hn9vTpGJQyWvnT5RvbXSGdTk1CTlZTrUAGmbHOwXygOCAQUAAoIBAEj25Os9f57G
--TaxsP8NzdCRBThCLqZWqLADh6S/aFOQQFpRRk3vGkvrOK/5La8KGKIDyzCEQo7Kg
--sPwI1o4N5GKx15Cer2ekDWLtP4hA2CChs4tWJzEa8VxIDTg4EUnASFCbfDUY/Yt0
--5NM4nxtBhnr6PT7XmRehEFaTAgmsQFJ29jKx4tJkr+Gmj9J4i10CPd9DvIgIEnNt
--rYMAlfbGovaZVCgKp5INVA4IkDfCcbzDeNiOGaACeV+4QuEbgIbUhMq9vbw3Vvqe
--jwozPdrTYjd7oNxx/tY7gqxFRFxdDPXPno230afsAJsHmNF7lpj9Q4vBhy8w/EI1
--jGzuiXjei9qjYDBeMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMB0GA1Ud
--DgQWBBTwbCT+wSR9cvTg70jA2yIWgQSDZjAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
--HVcg1s/zqXNkWTANBgkqhkiG9w0BAQsFAAOCAQEAe5t9oi8K76y+wnV6I21vKgEh
--M6DEe3+XTq10kAgYbcbMm+a6n86beaID7FANGET+3bsShxFeAX9g4Qsdw+Z3PF3P
--wvqiBD8MaXczj28zP6j9TxsjGzpAsV3xo1n7aQ+hHzpopJUxAyx4hLBqSSwdj/xe
--azELeVKoXY/nlokXnONWC5AvtfR7m7mKFPOmUghbeGCJH7+FXnC58eiF7BEpSbQl
--SniAdQFis+Dne6/kwZnQQaSDg55ELfaZOLhaLcRtqqgU+kv24mXGGEBhs9bBKMz5
--ZNiKLafE3tCGRA5iMRwzdeSgrdnkQDHFiYXh3JHk5oKwGOdxusgt3DTHAFej1A==
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjI0MloXDTMyMDMz
-+MTE0MjI0MlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIERTQSAjMzCCA0YwggI5BgcqhkjOOAQB
-+MIICLAKCAQEAkHy5TXXoT506xiDIcOK5NLrmupNZwht83Mn15YtewXQdpNBwT2kw
-+N2t2R3zrdQMMtFLtMGd4HT6/c9COuIZyVyBqLsyGp2e52ESJh7V+STBW13ssaNTs
-+HdmbN6BJPZ0FKFLDMb5mAv4ITy+WcdaT8XBwjsM1saBuMmTI4plznNf1u87yv+P4
-+Pws/XyLQ983XMnX4DP4StPwnmENtcX4an+Joyr/aZZwnFoE6BiPux/FSvNDBW5Dt
-+kCkc97z9f04yuj0ZvbBHgeW9dPkrxr9o9sPggtH1y+LOp+z7QZZv28MPMS9fwM/J
-+MHo1HCCNQ3PLjcMCEsBm8Ghgb5eyB6ZttQIhAK6HWYvpwimXUy/CIAo1959A7oT0
-+ZFUD48/welcHi1vTAoIBAH4ppFDcJ7Bhae5ijMySoR6EJDAdaic8iB4w80PydcY3
-+6Beotu2n8Nf1im6DQ+XrHmYZYQNkzuWSQepxsQzhPZVUMWFZpfvnEI+n6B4dU1SQ
-+IBpeJlrr3lv0c/jRIaSuM1XhLHzK25AcqTwcsscxdWePbeevMXSKPnvIyyPBYxHV
-+ziFIOHoQdzWOki/K+KCePY/7CVnx3A6Fh/yyvWWgRfDaX5SXtxeNEvEQ7zPI9hwv
-+stkOEMipNQ1xoh/u8kCxls69zO95At1AZ5x9IR8W+yEgwk+3QsP5R9Zwm1RQTjNA
-+EiNukkrBUl0K7w9pK8kXE2dCpMsoYaDzg1qVPk0DLMUDggEFAAKCAQBxe+1+Il8h
-+nTCAak3vZl4asn2axRc7GjDvDd8Ns/yvyd9WQE1t+FryvHR5jp9REVVnMg53wQcY
-+rKlwfWBLp5k25x/OCwfWDmvlxFqExmaAZcEQGxauHYhoMbtVIq372CHPbsQqCMBA
-+LPIdAvkUImBHanty/RXhJGqCIAZiUnX3WTZa0s6xV3yRf/+OPWXxNSATtOqm5ISl
-+pLJDifMlE6llZmk3VHAWYJRFF7KQAFT83OKf/6tme9munxahdJcSrF4HiZKFFJof
-+nvEWckKlHAonipLa6EBPMloofu+7reTcON+1tIFWH7fZhfC0dz4EaOzxLZoO0Jbc
-+W0MDtnonwEjFo2AwXjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-+HQ4EFgQUwnFq0MQUIQUaXi6iJBDXTnQm71EwHwYDVR0jBBgwFoAUyZFTCmN7FluL
-+vUTwdoipJObltmwwDQYJKoZIhvcNAQELBQADggEBAJNW/oEmpz6jZ7EjUkHhxDXR
-+egsZVjBO+E2hPCciEoZaM6jIDYphrCVbdOOyy1RvLBv3SRblaECmInsRpCNwf5B5
-+OaGN3hdsvx23IKnLJ7EKDauIOGhkzCMWjO8tez48UL0Wgta0+TpuiOT+UBoKb9fw
-+f0f4ab9wD9pED7ghMKlwI6/oppS4PrhwYS2nwYwGXpmgu6QZDln/cgoU7cQV7r3J
-+deMCpKGPyS429B9mUxlggZYvvJOm35ZiI7UAcGhJWIUrdXBxqx3DQ3CSf75vGP87
-+2vn6ZoXRXSLfE48GpUtQzP6/gZti68vZrHdzKWTyZxMs4+PGoHrW5hbNDsghKDs=
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smec1.pem.0061 openssl-3.0.5/test/smime-certs/smec1.pem
---- openssl-3.0.5/test/smime-certs/smec1.pem.0061 2022-09-02 14:17:15.325436610 +0200
-+++ openssl-3.0.5/test/smime-certs/smec1.pem 2022-09-02 14:17:15.345436786 +0200
-@@ -1,22 +1,22 @@
- -----BEGIN PRIVATE KEY-----
--MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdOomk0EB/oWMnTZB
--Qm5XMjlKnZNF4PMpwgov0Tj3u8OhRANCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ
--7hpSjs4bd95L+Lli+O91/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Ky
-+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXzBRX9Z5Ib4LAVAS
-+DMlYvkj0SmLmYvWULe2LfyXRmpWhRANCAAS+SIj2FY2DouPRuNDp9WVpsqef58tV
-+3gIwV0EOV/xyYTzZhufZi/aBcXugWR1x758x4nHus2uEuEFi3Mr3K3+x
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIICrTCCAZWgAwIBAgIUdLT4B443vbxt0B8Mzy0sR4+6AyowDQYJKoZIhvcNAQEL
-+MIICqzCCAZOgAwIBAgIUZsuXIOmILju0nz1jVSgag5GrPyMwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzEwWTATBgcqhkjOPQIBBggq
--hkjOPQMBBwNCAATbG6XprSqHiD9AxWJiXRFgS+y38DGZ7hpSjs4bd95L+Lli+O91
--/lUy7Tb8aJ6VU2CoyWQjV4sQjbdVqeD+y4Kyo2AwXjAMBgNVHRMBAf8EAjAAMA4G
--A1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUOia9H7l0qw3ftsDgEEeSBrHwQrwwHwYD
--VR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZIhvcNAQELBQADggEB
--AC7h/QkMocYANPqMQAO2okygG+OaE4qpKnlzHPUFMYedJGCvAWrwxu4hWL9T+hZo
--qilM7Fwaxw/P4Zaaa15SOOhXkIdn9Fu2ROmBQtEiklmWGMjiZ6F+9NCZPk0cTAXK
--2WQZOy41YNuvts+20osD4X/8x3fiARlokufj/TVyE73wG8pSSDh4KxWDfKv5Pi1F
--PC5IJh8XVELnFkeY3xjtoux5AYT+1xIQHO4eBua02Y1oPiWG7l/sK3grVlxrupd9
--pXowwFlezWZP9q12VlWkcqwNb9hF9PkZge9bpiOJipSYgyobtAnms/CRHu3e6izl
--LJRua7p4Wt/8GQENDrVkHqU=
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjUyNFoXDTMyMDMz
-+MTE0MjUyNFowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMxMFkwEwYHKoZIzj0CAQYIKoZI
-+zj0DAQcDQgAEvkiI9hWNg6Lj0bjQ6fVlabKnn+fLVd4CMFdBDlf8cmE82Ybn2Yv2
-+gXF7oFkdce+fMeJx7rNrhLhBYtzK9yt/saNgMF4wDAYDVR0TAQH/BAIwADAOBgNV
-+HQ8BAf8EBAMCBeAwHQYDVR0OBBYEFH/JvELYMj4nJ2HHUUyA9sxOYvNHMB8GA1Ud
-+IwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3DQEBCwUAA4IBAQCp
-+sSEupiqT7S6oPS/5qtRF6POyxmhkH/Eh+RJitOODutxneJh+NdDqAQAOCexqcsF9
-+1BH9hB/H6b3mS4CbcRG6R/EwzqMPUgy8OYXTrqWI9jzMKGyrBo59QFfGrwP1h8hj
-+weVOVQU1iOloWPOfvMHehjX1Wt79/6BMMBvw+2qXXLAw2xpLFa4lU6HSoTiwoS5R
-+mimrHnZ9tQZb54bsvdrW84kV3u1FIQ5G7jAduu97Wfr3eZGaJhW1MZLeoL7Z4Usy
-+hRd2TJ6bZanb+wUJBcHOeW5ETj9MPtPsGIp8vETmY5XDm4UlX6tp4gAe4oeoIXFQ
-+V5ASvNRiGWIJK5XF+zRY
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smec2.pem.0061 openssl-3.0.5/test/smime-certs/smec2.pem
---- openssl-3.0.5/test/smime-certs/smec2.pem.0061 2022-09-02 14:17:15.330436654 +0200
-+++ openssl-3.0.5/test/smime-certs/smec2.pem 2022-09-02 14:17:15.347436804 +0200
-@@ -1,23 +1,23 @@
- -----BEGIN PRIVATE KEY-----
--MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAEkuzLBwx5bIw3Q2PMNQ
--HzaY8yL3QLjzaJ8tCHrI/JTb9Q7VoUwDSgAEAu8b2HvLzKd0qhPtIw65Lh3OgF3X
--IN5874qHwt9zPSvokijSAH3v9tcBJPdRLD3Lweh2ZPn5hMwVwVorHqSgASk5vnjp
--HqER
-+MIGPAgEAMBAGByqGSM49AgEGBSuBBAAQBHgwdgIBAQQjhHaq507MOBznelrLG/pl
-+brnnJi/iEJUUp+Pm3PEiteXqckmhTANKAAQF2zs6vobmoT+M+P2+9LZ7asvFBNi7
-+uCzLYF/8j1Scn/spczoC9vNzVhNw+Lg7dnjNL4EDIyYZLl7E0v69luzbvy+q44/8
-+6bQ=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIICsjCCAZqgAwIBAgIUFMjrNKt+D8tzvn7jtjZ5HrLcUlswDQYJKoZIhvcNAQEL
-+MIICsDCCAZigAwIBAgIUWJSICrM9ZdmN6/jF/PoKng63XR0wDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxNFoYDzIxMjIw
--NTA5MTUzMzE0WjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgRUUgRUMgIzIwXjAQBgcqhkjOPQIBBgUr
--gQQAEANKAAQC7xvYe8vMp3SqE+0jDrkuHc6AXdcg3nzviofC33M9K+iSKNIAfe/2
--1wEk91EsPcvB6HZk+fmEzBXBWisepKABKTm+eOkeoRGjYDBeMAwGA1UdEwEB/wQC
--MAAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBSqWRYUy2syIUwfSR31e19LeNXK
--9TAfBgNVHSMEGDAWgBQVwRMha+JVX6dqHVcg1s/zqXNkWTANBgkqhkiG9w0BAQsF
--AAOCAQEASbh+sI03xUMMzPT8bRbWNF5gG3ab8IUzqm05rTa54NCPRSn+ZdMXcCFz
--5fSU0T1dgEjeD+cCRVAZxskTZF7FWmRLc2weJMf7x+nPE5KaWyRAoD7FIKGP2m6m
--IMCVOmiafuzmHASBYOz6RwjgWS0AWES48DJX6o0KpuT4bsknz+H7Xo+4+NYGCRao
--enqIMZmWesGVXJ63pl32jUlXeAg59W6PpV2L9XRWLzDW1t1q2Uji7coCWtNjkojZ
--rv0yRMc1czkT+mAJRAJ8D9MoTnRXm1dH4bOxte4BGUHNQ2P1HeV01vkd1RTL0g0R
--lPyDAlBASvMn7RZ9nX8G3UOOL6gtVA==
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MjgxOVoXDTMyMDMz
-+MTE0MjgxOVowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIEVFIEVDICMyMF4wEAYHKoZIzj0CAQYFK4EE
-+ABADSgAEBds7Or6G5qE/jPj9vvS2e2rLxQTYu7gsy2Bf/I9UnJ/7KXM6Avbzc1YT
-+cPi4O3Z4zS+BAyMmGS5exNL+vZbs278vquOP/Om0o2AwXjAMBgNVHRMBAf8EAjAA
-+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUZ/5BJCWQ3bQ+w03vH6OZAgkENxcw
-+HwYDVR0jBBgwFoAUyZFTCmN7FluLvUTwdoipJObltmwwDQYJKoZIhvcNAQELBQAD
-+ggEBACMGL6tuV/1lfrnx7TN/CnWdLEp55AlmzJ3MT9dXSOO1/df/fO3uAiiBNMyQ
-+Rcf4vOeBZEk/Xq6GIaAbuuT5ECg50uopEGjUDR9sRWC5yiw2CRQ5ZWTcqMapv+E5
-+7/1/tpaVHy+ZkJpbTV6O9gogEPy6uoft+tsel6NFoAj9ulkjuX9TortkVGPTfedd
-+oevI32G3z4L4Gv1PCZvFMwEIiAuFDZBbD86gw7rH4BNihRujJRhpnxeRu8zJYB60
-+cNeR2N7humdUy5uZnj6YHy3g2j0EDKOITHydIvL1KkSlihQrxEX5kMRr9RWRyFXJ
-+/UfNk+5Y3g5Mm642MLvjBEUqurw=
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smroot.pem.0061 openssl-3.0.5/test/smime-certs/smroot.pem
---- openssl-3.0.5/test/smime-certs/smroot.pem.0061 2022-09-02 14:17:15.329436645 +0200
-+++ openssl-3.0.5/test/smime-certs/smroot.pem 2022-09-02 14:17:15.346436795 +0200
-@@ -1,49 +1,49 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZLSl8LdU54OUA
--T8ctFuKLShJul2IMzaEDkFLoL4agccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7Ke
--iSuFJOrQtvDt+HkU5c706YDmw15mBpDSHapkXr80G/ABFbstWafOfagVW45wv65K
--H4cnpcqwrLhagmC8QG0KfWbf+Z2efOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+Ubzg
--cY4Y/hJ7Fw1/IeEhgr/iVJhQIUAklp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR
--0YZWyIKfKzbeJLBzDqY2hQzVL6kAvY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt
--+UTEkuBdAgMBAAECggEAF3Eagz7nPyIZVdlGpIVN2r8aEjng6YTglmPjrxBCNdtS
--F6AxvY9UKklIF2Gg4tXlhU0TlDWvedM4Koif2/VKK1Ez3FvvpePQXPs/YKlB7T1U
--MHnnRII9nUBOva88zv5YcJ97nyKM03q9M18H1a29nShnlc1w56EEpBc5HX/yFYMv
--kMYydvB5j0DQkJlkQNFn4yRag0wIIPeyXwwh5l98SMlr40hO10OYTOQPrrgP/ham
--AOZ//DvGo5gF8hGJYoqG4vcYbxRfTqbc2lQ4XRknOT182l9gRum52ahkBY6LKb4r
--IZXPStS6fCAR5S0lcdBb3uN/ap9SUfb9w/Dhj5DZAQKBgQDr06DcsBpoGV2dK9ib
--YL5MxC5JL7G79IBPi3ThRiOSttKXv3oDAFB0AlJvFKwYmVz8SxXqQ2JUA4BfvMGF
--TNrbhukzo0ou5boExnQW/RjLN3fWVq1JM7iLbNU9YYpPCIG5LXrt4ZDOwITeGe8f
--bmZK9zxWxc6BBJtc3mTFS5tm4QKBgQDrwRyEn6oZ9TPbR69fPgWvDqQwKs+6TtYn
--0otMG9UejbSMcyU4sI+bZouoca2CzoNi2qZVIvI9aOygUHQAP7Dyq1KhsvYtzJub
--KEua379WnzBMMjJ56Q/e4aKTq229QvOk+ZEYl6aklZX7xnYetYNZQrp4QzUyOQTG
--gfxgxKi0/QKBgQCy1esAUJ/F366JOS3rLqNBjehX4c5T7ae8KtJ433qskO4E29TI
--H93jC7u9txyHDw5f2QUGgRE5Cuq4L2lGEDFMFvQUD7l69QVrB6ATqt25hhffuB1z
--DMDfIqpXAPgk1Rui9SVq7gqlb4OS9nHLESqLoQ/l8d2XI4o6FACxSZPQoQKBgQCR
--8AvwSUoqIXDFaB22jpVEJYMb0hSfFxhYtGvIZF5MOJowa0L6UcnD//mp/xzSoXYR
--pppaj3R28VGxd7wnP0YRIl7XfAoKleMpbAtJRwKR458pO9WlQ9GwPeq/ENqw0xYx
--5M+d8pqUvYiHv/X00pYJllYKBkiS21sKawLJAFQTHQKBgQCJCwVHxvxkdQ8G0sU2
--Vtv2W38hWOSg5+cxa+g1W6My2LhX34RkgKzuaUpYMlWGHzILpxIxhPrVLk1ZIjil
--GIP969XJ1BjB/kFtLWdxXG8tH1If3JgzfSHUofPHF3CENoJYEZ1ugEfIPzWPZJDI
--DL5zP8gmBL9ZAOO/J9YacxWYMQ==
-+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyyQXED5HyVWwq
-+nXyzmY317yMUJrIfsKvREG2C691dJNHgNg+oq5sjt/fzkyS84AvdOiicAsao4cYL
-+DulthaLpbC7msEBhvwAil0FNb5g3ERupe1KuTdUV1UuD/i6S2VoaNXUBBn1rD9Wc
-+BBc0lnx/4Wt92eQTI6925pt7ZHPQw2Olp7TQDElyi5qPxCem4uT0g3zbZsWqmmsI
-+MXbu+K3dEprzqA1ucKXbxUmZNkMwVs2XCmlLxrRUj8C3/zENtH17HWCznhR/IVcV
-+kgIuklkeiDsEhbWvUQumVXR7oPh/CPZAbjGqq5mVueHSHrp7brBVZKHZvoUka28Q
-+LWitq1W5AgMBAAECggEASkRnOMKfBeOmQy2Yl6K57eeg0sYgSDnDpd0FINWJ5x9c
-+b58FcjOXBodtYKlHIY6QXx3BsM0WaSEge4d+QBi7S+u8r+eXVwNYswXSArDQsk9R
-+Bl5MQkvisGciL3pvLmFLpIeASyS/BLJXMbAhU58PqK+jT2wr6idwxBuXivJ3ichu
-+ISdT1s2aMmnD86ulCD2DruZ4g0mmk5ffV+Cdj+WWkyvEaJW2GRYov2qdaqwSOxV4
-+Yve9qStvEIWAf2cISQjbnw2Ww6Z5ebrqlOz9etkmwIly6DTbrIneBnoqJlFFWGlF
-+ghuzc5RE2w1GbcKSOt0qXH44MTf/j0r86dlu7UIxgQKBgQDq0pEaiZuXHi9OQAOp
-+PsDEIznCU1bcTDJewANHag5DPEnMKLltTNyLaBRulMypI+CrDbou0nDr29VOzfXx
-+mNvi/c7RttOBOx7kXKvu0JUFKe2oIWRsg0KsyMX7UFMVaHFgrW+8DhQc7HK7URiw
-+nitOnA7YwIHRF9BMmcWcLFEYBQKBgQDC6LPbXV8COKO0YCfGXPnE7EZGD/p0Q92Z
-+8CoSefphEScSdO1IpxFXG7fOZ4x2GQb9q7D3IvaeKAqNjUjkuyxdB30lIWDBwSWw
-+fFgsa2SZwD5P60G/ar50YJr6LiF333aUMDVmC9swFfZERAEmGUz2NTrPWQdIx/lu
-+PyDtUR75JQKBgHaoCCJ8vl5SJl1IA5GV4Bo8IoeLTSzsY9d09zMy6BoZcMD1Ix2T
-+5S2cXhayoegl9PT6bsYSGHVWFCdJ86ktMI826TcXRzDaCvYhzc9THroJQcnfdbtP
-+aHWezkv7fsAmkoPjn75K7ubeo+r7Q5qbkg6a1PW58N8TRXIvkackzaVxAoGBALAq
-+qh3U+AHG9dgbrPeyo6KkuCOtX39ks8/mbfCDRZYkbb9V5f5r2tVz3R93IlK/7jyr
-+yWimtmde46Lrl33922w+T5OW5qBZllo9GWkUrDn3s5qClcuQjJIdmxYTSfbSCJiK
-+NkmE39lHkG5FVRB9f71tgTlWS6ox7TYDYxx83NTtAoGAUJPAkGt4yGAN4Pdebv53
-+bSEpAAULBHntiqDEOu3lVColHuZIucml/gbTpQDruE4ww4wE7dOhY8Q4wEBVYbRI
-+vHkSiWpJUvZCuKG8Foh5pm9hU0qb+rbQV7NhLJ02qn1AMGO3F/WKrHPPY8/b9YhQ
-+KfvPCYimQwBjVrEnSntLPR0=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDezCCAmOgAwIBAgIUBxh2L3ItsVPuBogDI0WfUX1lFnMwDQYJKoZIhvcNAQEL
-+MIIDeTCCAmGgAwIBAgIUF/2lFo3fH3uYuFalQVSIFqcYtd4wDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
--NTEwMTUzMzEzWjBEMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEdMBsGA1UEAwwUVGVzdCBTL01JTUUgUlNBIFJvb3QwggEiMA0GCSqGSIb3DQEB
--AQUAA4IBDwAwggEKAoIBAQDZLSl8LdU54OUAT8ctFuKLShJul2IMzaEDkFLoL4ag
--ccajgvsRxW+8vbc2Re0y1mVMvfNz7Cg5a7KeiSuFJOrQtvDt+HkU5c706YDmw15m
--BpDSHapkXr80G/ABFbstWafOfagVW45wv65KH4cnpcqwrLhagmC8QG0KfWbf+Z2e
--fOxaGu/dTNA3Cnq/BQGTdlkQ28xbrvd+UbzgcY4Y/hJ7Fw1/IeEhgr/iVJhQIUAk
--lp9B+xqDfWuxIt5mNwWWh/Lfk+UxqE99EhQR0YZWyIKfKzbeJLBzDqY2hQzVL6kA
--vY9cR1WbBItTA0G2F5qZ9B/3EHEFWZMBvobt+UTEkuBdAgMBAAGjYzBhMB0GA1Ud
--DgQWBBQVwRMha+JVX6dqHVcg1s/zqXNkWTAfBgNVHSMEGDAWgBQVwRMha+JVX6dq
--HVcg1s/zqXNkWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkq
--hkiG9w0BAQsFAAOCAQEAvdAmpDPi1Wt7Hk30dXKF7Ug6MUKETi+uoO1Suo9JhNko
--/cpvoi8fbo/dnWVDfHVoItEn644Svver5UJdKJY62DvhilpCtAywYfCpgxkpKoKE
--dnpjnRBSMcbVDImsqvf1YjzFKiOiD7kcVvz4V0NZY91ZWwu3vgaSvcTJQkpWN0a+
--LWanpVKqigl8nskttnBeiHDHGebxj3hawlIdtVlkbQwLLwlVkX99x1F73uS33IzB
--Y6+ZJ2is7mD839B8fOVd9pvPvBBgahIrw5tzJ/Q+gITuVQd9E6RVXh10/Aw+i/8S
--7tHpEUgP3hBk1P+wRQBWDxbHB28lE+41jvh3JObQWQ==
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDE1MloXDTMyMDUy
-+MDE0MDE1MlowRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HTAbBgNVBAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MIIBIjANBgkqhkiG9w0BAQEF
-+AAOCAQ8AMIIBCgKCAQEAsskFxA+R8lVsKp18s5mN9e8jFCayH7Cr0RBtguvdXSTR
-+4DYPqKubI7f385MkvOAL3ToonALGqOHGCw7pbYWi6Wwu5rBAYb8AIpdBTW+YNxEb
-+qXtSrk3VFdVLg/4uktlaGjV1AQZ9aw/VnAQXNJZ8f+FrfdnkEyOvduabe2Rz0MNj
-+pae00AxJcouaj8QnpuLk9IN822bFqpprCDF27vit3RKa86gNbnCl28VJmTZDMFbN
-+lwppS8a0VI/At/8xDbR9ex1gs54UfyFXFZICLpJZHog7BIW1r1ELplV0e6D4fwj2
-+QG4xqquZlbnh0h66e26wVWSh2b6FJGtvEC1oratVuQIDAQABo2MwYTAdBgNVHQ4E
-+FgQUyZFTCmN7FluLvUTwdoipJObltmwwHwYDVR0jBBgwFoAUyZFTCmN7FluLvUTw
-+doipJObltmwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
-+hvcNAQELBQADggEBAFUbNCqSA5JTIk4wkLiDxs6sGVgSGS/XyFurT5WtyLwR6eiN
-+r1Osq3DrF1805xzOjFfk3yYk2ctMMMXVEfXZavfNWgGSyUi6GrS+X1+y5snMpP7Z
-+tFlb7iXxiSn5lUE1IS3y9bAlWUwTnOwdX2RuALVAzQ6oAvGIIOhb7FTkMqwsQBDx
-+kBA9sgdCKv4d7zgFGdDMh1PGuia7+ZPWS9Nt3+WfRKzy4cf2p8+FTWkv1z7PtCSo
-+bZySoXgav6WYGdA0VZY29HzVWC5d/LwSkeJr7pw09UjXBPnrDHbJRa+4JpwwsMT2
-+b1E+cp36aagmQW97e8dCf3VzZWcD2bNJ9QM59d8=
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 openssl-3.0.5/test/smime-certs/smrsa1.pem
---- openssl-3.0.5/test/smime-certs/smrsa1.pem.0061 2022-09-02 14:17:15.328436636 +0200
-+++ openssl-3.0.5/test/smime-certs/smrsa1.pem 2022-09-02 14:17:15.346436795 +0200
-@@ -1,49 +1,49 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDax3T7alefZcbm
--CcdN0kEoBLwV8H25vre43RYjuPo64TBjeKUy27ayC1TXydF1eYm3HPrFYfkS0fZ6
--YK0xvwyxiQnesvcfnVe2fpXFPsl5RQvu1JKM7rJAuLC+YTRLez07IHhQnHQ25ZkR
--+B4SL5mIhuOSJ9yyFJYJQ3Kdw/aX/jtnWVR8p3FyghJptWIm90ufW4xWFY0yNSW1
--KmkZuOWF7VPh5RC1C7woB/RHhyD2gOP7tF+eDJ/QbX4iki4gPRFHuNrSV8ZpvDkI
--qqyF5BW8tyJneDkoWW8IuEpmNIzfbOCHvI6y7roeAmRrwH4/o5WxaEIsnQ/3pNvj
--n6+vA+nfAgMBAAECggEAFR5MHQQYCYjDXoDoI7YdgwA+AFIoGLjKYZu5yjX4tZv3
--gJ/si7sTaMlY5cGTU1HUPirxIVeCjv4Eha31BJ3KsGJ9jj6Gm0nOuzd/O+ctKeRv
--2/HaDvpFlk4dsCrlkjmxteuS9u5l9hygniWYutcBwjY0cRnMScZcm0VO+DVVMDj0
--9yNrFzhlmqV+ckawjK/J91r0uvnCVIsGA6akhlc5K0gwvFb/CC1WuceEeGx/38k3
--4OuiHtLyJfIlgyGD8C3QfJlMOBHeQ/DCo6GMqrOAad/chtcO7JklcJ+k2qylP2gu
--e25NJCQVh+L32b9WrH3quH6fbLIg8a8MmUWl6te3FQKBgQDddu0Dp8R8fe2WnAE5
--oXdASAf2BpthRNqUdYpkkO7gOV0MXCKIEiGZ+WuWEYmNlsXZCJRABprqLw9O/5Td
--2q+rCbdG9mSW2x82t/Ia4zd3r0RSHZyKbtOLtgmWfQkwVHy+rED8Juie5bNzHbjS
--1mYtFP2KDQ5yZA95yFg8ZtXOawKBgQD85VOPnfXGOJ783JHepAn4J2x1Edi+ZDQ+
--Ml9g2LwetI46dQ0bF6V8RtcyWp0+6+ydX5U4JKhERFDivolD7Z1KFmlNLPs0cqSX
--5g5kzTD+R+zpr9FRragYKyLdHsLP0ur75Rh5FQkUl2DmeKCMvMKAkio0cduVpVXT
--SvWUBtkHXQKBgBy4VoZZ1GZcolocwx/pK6DfdoDWXIIhvsLv91GRZhkX91QqAqRo
--zYi9StF8Vr1Q5zl9HlSrRp3GGpMhG/olaRCiQu1l+KeDpSmgczo/aysPRKntgyaE
--ttRweA/XCUEGQ+MqTYcluJcarMnp+dUFztxb04F6rfvxs/wUGjVDFMkfAoGBAK+F
--wx9UtPZk6gP6Wsu58qlnQ2Flh5dtGM1qTMR86OQu0OBFyVjaaqL8z/NE7Qp02H7J
--jlmvJ5JqD/Gv6Llau+Zl86P66kcWoqJCrA7OU4jJBueSfadA7gAIQGRUK0Xuz+UQ
--tpGjRfAiuMB9TIEhqaVuzRglRhBw9kZ2KkgZEJyJAoGBANrEpEwOhCv8Vt1Yiw6o
--co96wYj+0LARJXw6rIfEuLkthBRRoHqQMKqwIGMrwjHlHXPnQmajONzIJd+u+OS4
--psCGetAIGegd3xNVpK2uZv9QBWBpQbuofOh/c2Ctmm2phL2sVwCZ0qwIeXuBwJEc
--NOlOojKDO+dELErpShJgFIaU
-+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXr9uzB/20QXKC
-+xhkfNnJvl2xl1hzdOcrQmAqo+AAAcA/D49ImuJDVQRaK2bcj54XB26i1kXuOrxID
-+3/etUb8yudfx8OAVwh8G0xVA4zhr8uXW85W2tBr4v0Lt+W6lSd6Hmfrk4GmE9LTU
-+/vzl9HUPW6SZShN1G0nY6oeUXvLi0vasEUKv3a51T6JFYg4c7qt5RCk/w8kwrQ0D
-+orQwCdkOPEIiC4b+nPStF12SVm5bx8rbYzioxuY/PdSebvt0APeqgRxSpCxqYnHs
-+CoNeHzSrGXcP0COzFeUOz2tdrhmH09JLbGZs4nbojPxMkjpJSv3/ekDG2CHYxXSH
-+XxpJstxZAgMBAAECggEASY4xsJaTEPwY3zxLqPdag2/yibBBW7ivz/9p80HQTlXp
-+KnbxXj8nNXLjCytAZ8A3P2t316PrrTdLP4ML5lGwkM4MNPhek00GY79syhozTa0i
-+cPHVJt+5Kwee/aVI9JmCiGAczh0yHyOM3+6ttIZvvXMVaSl4BUHvJ0ikQBc5YdzL
-+s6VM2gCOR6K6n+39QHDI/T7WwO9FFSNnpWFOCHwAWtyBMlleVj+xeZX8OZ/aT+35
-+27yjsGNBftWKku29VDineiQC+o+fZGJs6w4JZHoBSP8TfxP8fRCFVNA281G78Xak
-+cEnKXwZ54bpoSa3ThKl+56J6NHkkfRGb8Rgt/ipJYQKBgQD5DKb82mLw85iReqsT
-+8bkp408nPOBGz7KYnQsZqAVNGfehM02+dcN5z+w0jOj6GMPLPg5whlEo/O+rt9ze
-+j6c2+8/+B4Bt5oqCKoOCIndH68jl65+oUxFkcHYxa3zYKGC9Uvb+x2BtBmYgvDRG
-+ew6I2Q3Zyd2ThZhJygUZpsjsbQKBgQDdtNiGTkgWOm+WuqBI1LT5cQfoPfgI7/da
-+ZA+37NBUQRe0cM7ddEcNqx7E3uUa1JJOoOYv65VyGI33Ul+evI8h5WE5bupcCEFk
-+LolzbMc4YQUlsySY9eUXM8jQtfVtaWhuQaABt97l+9oADkrhA+YNdEu2yiz3T6W+
-+msI5AnvkHQKBgDEjuPMdF/aY6dqSjJzjzfgg3KZOUaZHJuML4XvPdjRPUlfhKo7Q
-+55/qUZ3Qy8tFBaTderXjGrJurc+A+LiFOaYUq2ZhDosguOWUA9yydjyfnkUXZ6or
-+sbvSoM+BeOGhnezdKNT+e90nLRF6cQoTD7war6vwM6L+8hxlGvqDuRNFAoGAD4K8
-+d0D4yB1Uez4ZQp8m/iCLRhM3zCBFtNw1QU/fD1Xye5w8zL96zRkAsRNLAgKHLdsR
-+355iuTXAkOIBcJCOjveGQsdgvAmT0Zdz5FBi663V91o+IDlryqDD1t40CnCKbtRG
-+hng/ruVczg4x7OYh7SUKuwIP/UlkNh6LogNreX0CgYBQF9troLex6X94VTi1V5hu
-+iCwzDT6AJj63cS3VRO2ait3ZiLdpKdSNNW2WrlZs8FZr/mVutGEcWho8BugGMWST
-+1iZkYwly9Xfjnpd0I00ZIlr2/B3+ZsK8w5cOW5Lpb7frol6+BkDnBjbNZI5kQndn
-+zQpuMJliRlrq/5JkIbH6SA==
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDeTCCAmGgAwIBAgIUM6U1Peo3wzfAJIrzINejJJfmRzkwDQYJKoZIhvcNAQEL
-+MIIDdzCCAl+gAwIBAgIUNrEw2I4NEV0Nbo7AVOF9z4mPBiYwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
--NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMxMIIBIjANBgkqhkiG9w0B
--AQEFAAOCAQ8AMIIBCgKCAQEA2sd0+2pXn2XG5gnHTdJBKAS8FfB9ub63uN0WI7j6
--OuEwY3ilMtu2sgtU18nRdXmJtxz6xWH5EtH2emCtMb8MsYkJ3rL3H51Xtn6VxT7J
--eUUL7tSSjO6yQLiwvmE0S3s9OyB4UJx0NuWZEfgeEi+ZiIbjkifcshSWCUNyncP2
--l/47Z1lUfKdxcoISabViJvdLn1uMVhWNMjUltSppGbjlhe1T4eUQtQu8KAf0R4cg
--9oDj+7Rfngyf0G1+IpIuID0RR7ja0lfGabw5CKqsheQVvLciZ3g5KFlvCLhKZjSM
--32zgh7yOsu66HgJka8B+P6OVsWhCLJ0P96Tb45+vrwPp3wIDAQABo2AwXjAMBgNV
--HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUHw4Us7FXwgLtZ1JB
--MOAHSkNYfEkwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
--hvcNAQELBQADggEBAAMAXEjTNo7evn6BvfEaG2q21q9xfFear/M0zxc5xcTj+WP+
--BKrlxXg5RlVFyvmzGhwZBERsDMJYa54aw8scDJsy/0zPdWST39dNev7xH13pP8nF
--QF4MGPKIqBzX8iDCqhz70p1w2ndLjz1dvsAqn6z9/Sh3T2kj6DfZY3jA49pMEim1
--vYd4lWa5AezU3+cLtBbo2c2iyG2W7SFpnNTjLX823f9rbVPnUb93ZI/tDXDIf5hL
--0hocZs+MWdC7Ly1Ru4PXa6+DeOM0z673me/Q27e24OBbG2eq5g7eW5euxJinGkpI
--XGGKTKrBCPxSdTtwSNHU9HsggT8a0wXL2QocZ3w=
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDczN1oXDTMyMDMz
-+MTE0MDczN1owRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMTCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBANev27MH/bRBcoLGGR82cm+XbGXWHN05ytCYCqj4AABw
-+D8Pj0ia4kNVBForZtyPnhcHbqLWRe46vEgPf961RvzK51/Hw4BXCHwbTFUDjOGvy
-+5dbzlba0Gvi/Qu35bqVJ3oeZ+uTgaYT0tNT+/OX0dQ9bpJlKE3UbSdjqh5Re8uLS
-+9qwRQq/drnVPokViDhzuq3lEKT/DyTCtDQOitDAJ2Q48QiILhv6c9K0XXZJWblvH
-+yttjOKjG5j891J5u+3QA96qBHFKkLGpicewKg14fNKsZdw/QI7MV5Q7Pa12uGYfT
-+0ktsZmziduiM/EySOklK/f96QMbYIdjFdIdfGkmy3FkCAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFOaNz6WtNC5jH9UE4EaM
-+y+59qO+EMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBMz3Ef3U0blTGhfP9HIBq09fWCgUN3aDDLZ/B6biFfWM87wlAm
-+CdIuy2jhiEt8Ld8U9y8dbO7c2gzHBGc9FhScBkfQInrbhSctXL/r/wOc0divK9rq
-+oXL2cL/CFfzcYPWNN3w6JAJyOhkhWnqF+/0T8+NdiRLE3a9NfX3a83GpfBVccYKQ
-+kKKeVIw2K1dYbtlSo1HwOckxqUzN00IPs3xC8U9KNXKy7o0kdetKhk70DzXQ64j0
-+EcmXxqPaCkgo3fl9z9nzKlWhg/qIi/1Bd1bpMP8IXAPEURDqhi0KI0w9GPCQRjfY
-+7NwXrLEayBoL8TNxcJ3FwdI20+bmhhILBZgO
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 openssl-3.0.5/test/smime-certs/smrsa2.pem
---- openssl-3.0.5/test/smime-certs/smrsa2.pem.0061 2022-09-02 14:17:15.333436680 +0200
-+++ openssl-3.0.5/test/smime-certs/smrsa2.pem 2022-09-02 14:17:15.347436804 +0200
-@@ -1,49 +1,49 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDkoMi4sqj2mN8j
--SaFAibXEfeYYrzBHIdCm/uaXWit81fXOSFVw1rbeAppxz7bOcSEN50lpdP2UX3/b
--FYFD3exHXjvch9NPNgQaNkCqTNTuYa2L9wrpltXnon7tH3W/zZfF+/qpUSu1f6rk
--GyxjVXxLwjIawCX0rbLcdFCVVy+EyvQkvSxXjafrDMzshWzPDbtjUv3SH6avqrPn
--4NX0fv3BdBwTfDLAw/m8nN+9B9Mg0V7UNM1IJY/Vo5pLhv+MrEf8SnAS+1Wt43rT
--3PY9iMZMMWUswdgmPY0yCN95ggwNrSMGV60yvEDxINWuJoR8s0lybDdFa+AB5v4T
--hqKpspFNAgMBAAECggEAZmWu0K5QJ7Y7Rlo9ayLicsFyk36vUESQZ6MF0ybzEEPi
--BkR2ZAX+vDuNQckm1pprlAcRZbactl35bT3Z+fQE1cgaZoC8/x6xwq2m0796pNPB
--v0zjqdBBOLAaSgjLm56wyd88GqZ8vZsTBnw3KrxIYcP13e5OcaJ0V/GOf/yfD0lg
--Tq9i7V5Iq++Fpo2KvJA8FMgqcfhvhdo40rRykoBfzEZpBk4Ia/Yijsbx5sE15pFZ
--DfmsMbD+vViuM8IavHo61mBNyYeydwlgIMqUgP/6xbYUov/XSUojrLG+IQuvDx9D
--xzTHGM+IBJxQZMza/mDVcjUAcDEjWt/Mve8ibTQCbwKBgQDyaiGsURtlf/8xmmvT
--RQQFFFsJ8SXHNYmnceNULIjfDxpLk1yC4kBNUD+liAJscoVlOcByHmXQRtnY1PHq
--AwyrwplGd82773mtriDVFSjhD+GB7I0Hv2j+uiFZury0jR/6/AsWKCtTqd0opyuB
--8rGZjguiwZIjeyxd8mL1dncUHwKBgQDxcNxHUvIeDBvAmtK65xWUuLcqtK9BblBH
--YVA7p93RqX4E+w3J0OCvQRQ3r1GCMMzFEO0oOvNfMucU4rbQmx1pbzF8aQU+8iEW
--kYpaWUbPUQ2hmBblhjGYHsigt/BrzaW0QveVIWcGiyVVX9wiCzJH5moJlCRK2oHR
--B36hdlmNEwKBgQCSlWSpOx4y4RQiHXtn9Eq6+5UVTPGIJTKIwxAwnQFiyFIhMwl0
--x3UUixsBcF3uz80j6akaGJF+QOmH+TQTSibGUdS3TMhmBSfxwuJtlu7yMNUu6Chb
--b/4AUfLKvGVRVCjrbq8Rhda1L3jhFTz0xhlofgFBOIWy2M96O5BlV24oBwKBgQDs
--cf93ZfawkGEZVUXsPeQ3mlHe48YCCPtbfCSr13B3JErCq+5L52AyoUQgaHQlUI8o
--qrPmQx0V7O662G/6iP3bxEYtNVgq1cqrpGpeorGi1BjKWPyLWMj21abbJmev21xc
--1XxLMsQHd3tfSZp2SIq8OR09NjP4jla1k2Ziz1lRuwKBgQCUJXjhW4dPoOzC7DJK
--u4PsxcKkJDwwtfNudVDaHcbvvaHELTAkE2639vawH0TRwP6TDwmlbTQJP4EW+/0q
--13VcNXVAZSruA9dvxlh4vNUH3PzTDdFIJzGVbYbV9p5t++EQ7gRLuLZqs99BOzM9
--k6W9F60mEFz1Owh+lQv7WfSIVA==
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcYC4tS2Uvn1Z2
-+iDgtfkJA5tAqgbN6X4yK02RtVH5xekV9+6+eTt/9S+iFAzAnwqR/UB1R67ETrsWq
-+V8u9xLg5fHIwIkmu9/6P31UU9cghO7J1lcrhHvooHaFpcXepPWQacpuBq2VvcKRD
-+lDfVmdM5z6eS3dSZPTOMMP/xk4nhZB8mcw27qiccPieS0PZ9EZB63T1gmwaK1Rd5
-+U94Pl0+zpDqhViuXmBfiIDWjjz0BzHnHSz5Rg4S3oXF1NcojhptIWyI0r7dgn5J3
-+NxC4kgKdjzysxo6iWd0nLgz7h0jUdj79EOis4fg9G4f0EFWyQf7iDxGaA93Y9ePB
-+Jv5iFZVZAgMBAAECggEBAILIPX856EHb0KclbhlpfY4grFcdg9LS04grrcTISQW1
-+J3p9nBpZ+snKe6I8Yx6lf5PiipPsSLlCliHiWpIzJZVQCkAQiSPiHttpEYgP2IYI
-+dH8dtznkdVbLRthZs0bnnPmpHCpW+iqpcYJ9eqkz0cvUNUGOjjWmwWmoRqwp/8CW
-+3S1qbkQiCh0Mk2fQeGar76R06kXQ9MKDEj14zyS3rJX+cokjEoMSlH8Sbmdh2mJz
-+XlNZcvqmeGJZwQWgbVVHOMUuZaKJiFa+lqvOdppbqSx0AsCRq6vjmjEYQEoOefYK
-+3IJM9IvqW5UNx0Cy4kQdjhZFFwMO/ALD3QyF21iP4gECgYEA+isQiaWdaY4UYxwK
-+Dg+pnSCKD7UGZUaCUIv9ds3CbntMOONFe0FxPsgcc4jRYQYj1rpQiFB8F11+qXGa
-+P/IHcnjr2+mTrNY4I9Bt1Lg+pHSS8QCgzeueFybYMLaSsXUo7tGwpvw6UUb6/YWI
-+LNCzZbrCLg1KZjGODhhxtvN45ZkCgYEA4YNSe+GMZlxgsvxbLs86WOm6DzJUPvxN
-+bWmni0+Oe0cbevgGEUjDVc895uMFnpvlgO49/C0AYJ+VVbStjIMgAeMnWj6OZoSX
-+q49rI8KmKUxKgORZiiaMqGWQ7Rxv68+4S8WANsjFxoUrE6dNV3uYDIUsiSLbZeI8
-+38KVTcLohcECgYEAiOdyWHGq0G4xl/9rPUCzCMsa4velNV09yYiiwBZgVgfhsawm
-+hQpOSBZJA60XMGqkyEkT81VgY4UF4QLLcD0qeCnWoXWVHFvrQyY4RNZDacpl87/t
-+QGO2E2NtolL3umesa+2TJ/8Whw46Iu2llSjtVDm9NGiPk5eA7xPPf1iEi9kCgYAb
-+0EmVE91wJoaarLtGS7LDkpgrFacEWbPnAbfzW62UENIX2Y1OBm5pH/Vfi7J+vHWS
-+8E9e0eIRCL2vY2hgQy/oa67H151SkZnvQ/IP6Ar8Xvd1bDSK8HQ6tMQqKm63Y9g0
-+KDjHCP4znOsSMnk8h/bZ3HcAtvbeWwftBR/LBnYNQQKBgA1leIXLLHRoX0VtS/7e
-+y7Xmn7gepj+gDbSuCs5wGtgw0RB/1z/S3QoS2TCbZzKPBo20+ivoRP7gcuFhduFR
-+hT8V87esr/QzLVpjLedQDW8Xb7GiO3BsU/gVC9VcngenbL7JObl3NgvdreIYo6+n
-+yrLyf+8hjm6H6zkjqiOkHAl+
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDeTCCAmGgAwIBAgIUTMQXiTcI/rpzqO91NyFWpjLE3KkwDQYJKoZIhvcNAQEL
-+MIIDdzCCAl+gAwIBAgIUdWyHziJTdWjooy8SanPMwLxNsPEwDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
--NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMyMIIBIjANBgkqhkiG9w0B
--AQEFAAOCAQ8AMIIBCgKCAQEA5KDIuLKo9pjfI0mhQIm1xH3mGK8wRyHQpv7ml1or
--fNX1zkhVcNa23gKacc+2znEhDedJaXT9lF9/2xWBQ93sR1473IfTTzYEGjZAqkzU
--7mGti/cK6ZbV56J+7R91v82Xxfv6qVErtX+q5BssY1V8S8IyGsAl9K2y3HRQlVcv
--hMr0JL0sV42n6wzM7IVszw27Y1L90h+mr6qz5+DV9H79wXQcE3wywMP5vJzfvQfT
--INFe1DTNSCWP1aOaS4b/jKxH/EpwEvtVreN609z2PYjGTDFlLMHYJj2NMgjfeYIM
--Da0jBletMrxA8SDVriaEfLNJcmw3RWvgAeb+E4aiqbKRTQIDAQABo2AwXjAMBgNV
--HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUSJ0v3SKahe6eKssR
--rBvYLBprFTgwHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
--hvcNAQELBQADggEBAKoyszyZ3DfCOIVzeJrnScXuMvRkVqO5aGmgZxtY9r6gPk8v
--gXaEFXDKqRbGqEnuwEjpew+SVZO8nrVpdIP7fydpufy7Cu91Ev4YL1ui5Vc66+IK
--7dXV7eZYcH/dDJBPZddHx9vGhcr0w8B1W9nldM3aQE/RQjOmMRDc7/Hnk0f0RzJp
--LA0adW3ry27z2s4qeCwkV9DNSh1KoGfcLwydBiXmJ1XINMFH/scD4pk9UeJpUL+5
--zvTaDzUmzLsI1gH3j/rlzJuNJ7EMfggKlfQdit9Qn6+6Gjk6T5jkZfzcq3LszuEA
--EFtkxWyBmmEgh4EmvZGAyrUvne1hIIksKe3iJ+E=
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MDkyNVoXDTMyMDMz
-+MTE0MDkyNVowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMjCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBANxgLi1LZS+fVnaIOC1+QkDm0CqBs3pfjIrTZG1UfnF6
-+RX37r55O3/1L6IUDMCfCpH9QHVHrsROuxapXy73EuDl8cjAiSa73/o/fVRT1yCE7
-+snWVyuEe+igdoWlxd6k9ZBpym4GrZW9wpEOUN9WZ0znPp5Ld1Jk9M4ww//GTieFk
-+HyZzDbuqJxw+J5LQ9n0RkHrdPWCbBorVF3lT3g+XT7OkOqFWK5eYF+IgNaOPPQHM
-+ecdLPlGDhLehcXU1yiOGm0hbIjSvt2Cfknc3ELiSAp2PPKzGjqJZ3ScuDPuHSNR2
-+Pv0Q6Kzh+D0bh/QQVbJB/uIPEZoD3dj148Em/mIVlVkCAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFPRqunJgwdcM9Uvsy/MT
-+6XHvUvuyMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBz02v4hd+EjW5NaMubkqPbgUTDRKdRq1RZM+C6m1MTMKy+8zTD
-+QSKRCFf0UmSPMsdTArry9x15fmHIJW21F3bw4ISeVXRyzBhOnrGKXUt2Lg9c2MLa
-+9C394ex0vw4ZGSNkrIARbM3084Chegs4PLMWLFam1H5J6wpvH8iXXYvhESW98luv
-+i3HVQzqLXw7/9XHxf8RnrRcy/WhAA+KegAQMGHTo5KPLliXtypYdCxBHNcmOwJlR
-+pSOp6fxhiRKN5DzcBPHOE/brZc4aNGgBHZgGg1g1Wb2lAylopgJrbyNkhEEwHVNM
-+1uLCnXKV1nX+EiMKkhSV761ozdhMGljYb+GE
- -----END CERTIFICATE-----
-diff -up openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 openssl-3.0.5/test/smime-certs/smrsa3.pem
---- openssl-3.0.5/test/smime-certs/smrsa3.pem.0061 2022-09-02 14:17:15.327436627 +0200
-+++ openssl-3.0.5/test/smime-certs/smrsa3.pem 2022-09-02 14:17:15.346436795 +0200
-@@ -1,49 +1,49 @@
- -----BEGIN PRIVATE KEY-----
--MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167
--toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB
--GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi
--ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK
--2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M
--jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq
--DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb
--Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ
--0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh
--/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG
--A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI
--vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I
--pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi
--YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS
--wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+
--BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto
--NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o
--c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K
--7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt
--oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L
--3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk
--YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr
--Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs
--Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz
--TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X
--fNcb5iDYqZRzD8ixBbLxUw==
-+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyK+BTAOJKJjji
-+OhY60NeZjzGGZxEBfCm62n0mwkzusW/V/e63uwj6uOVCFoVBz5doMf3M6QIS2jL3
-+Aw6Qs5+vcuLA0gHrqIwjYQz1UZ5ETLKLKbQw6YOIVfsFSTxytUVpfcByrubWiLKX
-+63theG1/IVokDK/9/k52Kyt+wcCjuRb7AJQFj2OLDRuWm/gavozkK103gQ+dUq4H
-+XamZMtTq1EhQOfc0IUeCOEL6xz4jzlHHfzLdkvb7Enhav2sXDfOmZp/DYf9IqS7l
-+vFkkINPVbYFBTexaPZlFwmpGRjkmoyH/w+Jlcpzs+w6p1diWRpaSn62bbkRN49j6
-+L2dVb+DfAgMBAAECggEAciwDl6zdVT6g/PbT/+SMA+7qgYHSN+1koEQaJpgjzGEP
-+lUUfj8TewCtzXaIoyj9IepBuXryBg6snNXpT/w3bqgYon/7zFBvxkUpDj4A5tvKf
-+BuY2fZFlpBvUu1Ju1eKrFCptBBBoA9mc+BUB/ze4ktrAdJFcxZoMlVScjqGB3GdR
-+OHw2x9BdWGCJBhiu9VHhAAb/LVWi6xgDumYSWZwN2yovg+7J91t5bsENeBRHycK+
-+i5dNFh1umIK9N0SH6bpHPnLHrCRchrQ6ZRRxL4ZBKA9jFRDeI7OOsJuCvhGyJ1se
-+snsLjr/Ahg00aiHCcC1SPQ6pmXAVBCG7hf4AX82V4QKBgQDaFDE+Fcpv84mFo4s9
-+wn4CZ8ymoNIaf5zPl/gpH7MGots4NT5+Ns+6zzJQ6TEpDjTPx+vDaabP7QGXwVZn
-+8NAHYvCQK37b+u9HrOt256YYRDOmnJFSbsJdmqzMEzpTNmQ8GuI37cZCS9CmSMv+
-+ab/plcwuv0cJRSC83NN2AFyu1QKBgQDRJzKIBQlpprF9rA0D5ZjLVW4OH18A0Mmm
-+oanw7qVutBaM4taFN4M851WnNIROyYIlkk2fNgW57Y4M8LER4zLrjU5HY4lB0BMX
-+LQWDbyz4Y7L4lVnnEKfQxWFt9avNZwiCxCxEKy/n/icmVCzc91j9uwKcupdzrN6E
-+yzPd1s5y4wKBgQCkJvzmAdsOp9/Fg1RFWcgmIWHvrzBXl+U+ceLveZf1j9K5nYJ7
-+2OBGer4iH1XM1I+2M4No5XcWHg3L4FEdDixY0wXHT6Y/CcThS+015Kqmq3fBmyrc
-+RNjzQoF9X5/QkSmkAIx1kvpgXtcgw70htRIrToGSUpKzDKDW6NYXhbA+PQKBgDJK
-+KH5IJ8E9kYPUMLT1Kc4KVpISvPcnPLVSPdhuqVx69MkfadFSTb4BKbkwiXegQCjk
-+isFzbeEM25EE9q6EYKP+sAm+RyyJ6W0zKBY4TynSXyAiWSGUAaXTL+AOqCaVVZiL
-+rtEdSUGQ/LzclIT0/HLV2oTw4KWxtTdc3LXEhpNdAoGBAM3LckiHENqtoeK2gVNw
-+IPeEuruEqoN4n+XltbEEv6Ymhxrs6T6HSKsEsLhqsUiIvIzH43KMm45SNYTn5eZh
-+yzYMXLmervN7c1jJe2Y2MYv6hE+Ypj1xGW4w7s8WNKmVzLv97beisD9AZrS7sXfF
-+RvOAi5wVkYylDxV4238MAZIq
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
--MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL
-+MIIDdzCCAl+gAwIBAgIUAKvI4FWjFLx8iBGifOW3mG/xkT0wDQYJKoZIhvcNAQEL
- BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV
--BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw
--NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91
--cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B
--AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC
--XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+
--qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK
--wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI
--U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N
--f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV
--HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi
--V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI
--hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq
--112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd
--CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2
--iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW
--ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE
--BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg=
-+BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MB4XDTIyMDUyMzE0MTEwNloXDTMyMDMz
-+MTE0MTEwNlowRTELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAx
-+HjAcBgNVBAMMFVRlc3QgUy9NSU1FIEVFIFJTQSAjMzCCASIwDQYJKoZIhvcNAQEB
-+BQADggEPADCCAQoCggEBALIr4FMA4komOOI6FjrQ15mPMYZnEQF8KbrafSbCTO6x
-+b9X97re7CPq45UIWhUHPl2gx/czpAhLaMvcDDpCzn69y4sDSAeuojCNhDPVRnkRM
-+sosptDDpg4hV+wVJPHK1RWl9wHKu5taIspfre2F4bX8hWiQMr/3+TnYrK37BwKO5
-+FvsAlAWPY4sNG5ab+Bq+jOQrXTeBD51SrgddqZky1OrUSFA59zQhR4I4QvrHPiPO
-+Ucd/Mt2S9vsSeFq/axcN86Zmn8Nh/0ipLuW8WSQg09VtgUFN7Fo9mUXCakZGOSaj
-+If/D4mVynOz7DqnV2JZGlpKfrZtuRE3j2PovZ1Vv4N8CAwEAAaNgMF4wDAYDVR0T
-+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFDoKRbmxroesGxa+4868
-+yPIvkCewMB8GA1UdIwQYMBaAFMmRUwpjexZbi71E8HaIqSTm5bZsMA0GCSqGSIb3
-+DQEBCwUAA4IBAQBfCCzWyZzIvq/ci6E74ovJ8mMel5Z9MU9EcvY0k7pJSUbpCg3c
-+P48CiAzt8r8Em4AymADfK1pYvvpTNVpU/USbdKR1hyxZjqWrYdsY7tlVuvZ92oFs
-+s3komuKHCx2SQAe5b+LWjC1Bf8JUFx+XTjYb/BBg7nQRwi3TkYVVmW7hXLYvf4Jn
-+Uyu0x02pDzUu+62jeYbNIVJnYwSU0gLHEo81QmNs06RLjnAhbneUZ6P6YuJOdDo7
-+xMw/ywijZM0FxsWxRSsCBwavhabg1Kb1lO//pbgcSa9T0D7ax1XoMni3RJnHj6gu
-+r0Mi3QjgZaxghR3TPh83dQLilECYDuD0uTzf
- -----END CERTIFICATE-----
diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch
index d2e9b0a..f1ad59d 100644
--- a/0062-fips-Expose-a-FIPS-indicator.patch
+++ b/0062-fips-Expose-a-FIPS-indicator.patch
@@ -248,8 +248,8 @@ index de391ce067..1cfd71c5cf 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -23,6 +23,7 @@
- #include "prov/seeding.h"
#include "self_test.h"
+ #include "crypto/context.h"
#include "internal/core.h"
+#include "indicator.h"
diff --git a/0071-AES-GCM-performance-optimization.patch b/0071-AES-GCM-performance-optimization.patch
deleted file mode 100644
index edf40ec..0000000
--- a/0071-AES-GCM-performance-optimization.patch
+++ /dev/null
@@ -1,1635 +0,0 @@
-Upstream-Status: Backport [https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c, https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd]
-diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl
-new file mode 100644
-index 0000000..6624e6c
---- /dev/null
-+++ b/crypto/modes/asm/aes-gcm-ppc.pl
-@@ -0,0 +1,1438 @@
-+#! /usr/bin/env perl
-+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
-+# Copyright 2021- IBM Inc. All rights reserved
-+#
-+# Licensed under the Apache License 2.0 (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+#
-+#===================================================================================
-+# Written by Danny Tsen <dtsen@us.ibm.com> for OpenSSL Project,
-+#
-+# GHASH is based on the Karatsuba multiplication method.
-+#
-+# Xi xor X1
-+#
-+# X1 * H^4 + X2 * H^3 + x3 * H^2 + X4 * H =
-+# (X1.h * H4.h + xX.l * H4.l + X1 * H4) +
-+# (X2.h * H3.h + X2.l * H3.l + X2 * H3) +
-+# (X3.h * H2.h + X3.l * H2.l + X3 * H2) +
-+# (X4.h * H.h + X4.l * H.l + X4 * H)
-+#
-+# Xi = v0
-+# H Poly = v2
-+# Hash keys = v3 - v14
-+# ( H.l, H, H.h)
-+# ( H^2.l, H^2, H^2.h)
-+# ( H^3.l, H^3, H^3.h)
-+# ( H^4.l, H^4, H^4.h)
-+#
-+# v30 is IV
-+# v31 - counter 1
-+#
-+# AES used,
-+# vs0 - vs14 for round keys
-+# v15, v16, v17, v18, v19, v20, v21, v22 for 8 blocks (encrypted)
-+#
-+# This implementation uses stitched AES-GCM approach to improve overall performance.
-+# AES is implemented with 8x blocks and GHASH is using 2 4x blocks.
-+#
-+# Current large block (16384 bytes) performance per second with 128 bit key --
-+#
-+# Encrypt Decrypt
-+# Power10[le] (3.5GHz) 5.32G 5.26G
-+#
-+# ===================================================================================
-+#
-+# $output is the last argument if it looks like a file (it has an extension)
-+# $flavour is the first argument if it doesn't look like a file
-+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
-+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
-+
-+if ($flavour =~ /64/) {
-+ $SIZE_T=8;
-+ $LRSAVE=2*$SIZE_T;
-+ $STU="stdu";
-+ $POP="ld";
-+ $PUSH="std";
-+ $UCMP="cmpld";
-+ $SHRI="srdi";
-+} elsif ($flavour =~ /32/) {
-+ $SIZE_T=4;
-+ $LRSAVE=$SIZE_T;
-+ $STU="stwu";
-+ $POP="lwz";
-+ $PUSH="stw";
-+ $UCMP="cmplw";
-+ $SHRI="srwi";
-+} else { die "nonsense $flavour"; }
-+
-+$sp="r1";
-+$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload
-+
-+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-+die "can't locate ppc-xlate.pl";
-+
-+open STDOUT,"| $^X $xlate $flavour \"$output\""
-+ or die "can't call $xlate: $!";
-+
-+$code=<<___;
-+.machine "any"
-+.text
-+
-+# 4x loops
-+# v15 - v18 - input states
-+# vs1 - vs9 - round keys
-+#
-+.macro Loop_aes_middle4x
-+ xxlor 19+32, 1, 1
-+ xxlor 20+32, 2, 2
-+ xxlor 21+32, 3, 3
-+ xxlor 22+32, 4, 4
-+
-+ vcipher 15, 15, 19
-+ vcipher 16, 16, 19
-+ vcipher 17, 17, 19
-+ vcipher 18, 18, 19
-+
-+ vcipher 15, 15, 20
-+ vcipher 16, 16, 20
-+ vcipher 17, 17, 20
-+ vcipher 18, 18, 20
-+
-+ vcipher 15, 15, 21
-+ vcipher 16, 16, 21
-+ vcipher 17, 17, 21
-+ vcipher 18, 18, 21
-+
-+ vcipher 15, 15, 22
-+ vcipher 16, 16, 22
-+ vcipher 17, 17, 22
-+ vcipher 18, 18, 22
-+
-+ xxlor 19+32, 5, 5
-+ xxlor 20+32, 6, 6
-+ xxlor 21+32, 7, 7
-+ xxlor 22+32, 8, 8
-+
-+ vcipher 15, 15, 19
-+ vcipher 16, 16, 19
-+ vcipher 17, 17, 19
-+ vcipher 18, 18, 19
-+
-+ vcipher 15, 15, 20
-+ vcipher 16, 16, 20
-+ vcipher 17, 17, 20
-+ vcipher 18, 18, 20
-+
-+ vcipher 15, 15, 21
-+ vcipher 16, 16, 21
-+ vcipher 17, 17, 21
-+ vcipher 18, 18, 21
-+
-+ vcipher 15, 15, 22
-+ vcipher 16, 16, 22
-+ vcipher 17, 17, 22
-+ vcipher 18, 18, 22
-+
-+ xxlor 23+32, 9, 9
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+.endm
-+
-+# 8x loops
-+# v15 - v22 - input states
-+# vs1 - vs9 - round keys
-+#
-+.macro Loop_aes_middle8x
-+ xxlor 23+32, 1, 1
-+ xxlor 24+32, 2, 2
-+ xxlor 25+32, 3, 3
-+ xxlor 26+32, 4, 4
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ vcipher 15, 15, 25
-+ vcipher 16, 16, 25
-+ vcipher 17, 17, 25
-+ vcipher 18, 18, 25
-+ vcipher 19, 19, 25
-+ vcipher 20, 20, 25
-+ vcipher 21, 21, 25
-+ vcipher 22, 22, 25
-+
-+ vcipher 15, 15, 26
-+ vcipher 16, 16, 26
-+ vcipher 17, 17, 26
-+ vcipher 18, 18, 26
-+ vcipher 19, 19, 26
-+ vcipher 20, 20, 26
-+ vcipher 21, 21, 26
-+ vcipher 22, 22, 26
-+
-+ xxlor 23+32, 5, 5
-+ xxlor 24+32, 6, 6
-+ xxlor 25+32, 7, 7
-+ xxlor 26+32, 8, 8
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ vcipher 15, 15, 25
-+ vcipher 16, 16, 25
-+ vcipher 17, 17, 25
-+ vcipher 18, 18, 25
-+ vcipher 19, 19, 25
-+ vcipher 20, 20, 25
-+ vcipher 21, 21, 25
-+ vcipher 22, 22, 25
-+
-+ vcipher 15, 15, 26
-+ vcipher 16, 16, 26
-+ vcipher 17, 17, 26
-+ vcipher 18, 18, 26
-+ vcipher 19, 19, 26
-+ vcipher 20, 20, 26
-+ vcipher 21, 21, 26
-+ vcipher 22, 22, 26
-+
-+ xxlor 23+32, 9, 9
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+.endm
-+
-+#
-+# Compute 4x hash values based on Karatsuba method.
-+#
-+ppc_aes_gcm_ghash:
-+ vxor 15, 15, 0
-+
-+ xxlxor 29, 29, 29
-+
-+ vpmsumd 23, 12, 15 # H4.L * X.L
-+ vpmsumd 24, 9, 16
-+ vpmsumd 25, 6, 17
-+ vpmsumd 26, 3, 18
-+
-+ vxor 23, 23, 24
-+ vxor 23, 23, 25
-+ vxor 23, 23, 26 # L
-+
-+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L
-+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L
-+ vpmsumd 26, 7, 17
-+ vpmsumd 27, 4, 18
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+ vxor 24, 24, 27 # M
-+
-+ # sum hash and reduction with H Poly
-+ vpmsumd 28, 23, 2 # reduction
-+
-+ xxlor 29+32, 29, 29
-+ vsldoi 26, 24, 29, 8 # mL
-+ vsldoi 29, 29, 24, 8 # mH
-+ vxor 23, 23, 26 # mL + L
-+
-+ vsldoi 23, 23, 23, 8 # swap
-+ vxor 23, 23, 28
-+
-+ vpmsumd 24, 14, 15 # H4.H * X.H
-+ vpmsumd 25, 11, 16
-+ vpmsumd 26, 8, 17
-+ vpmsumd 27, 5, 18
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+ vxor 24, 24, 27
-+
-+ vxor 24, 24, 29
-+
-+ # sum hash and reduction with H Poly
-+ vsldoi 27, 23, 23, 8 # swap
-+ vpmsumd 23, 23, 2
-+ vxor 27, 27, 24
-+ vxor 23, 23, 27
-+
-+ xxlor 32, 23+32, 23+32 # update hash
-+
-+ blr
-+
-+#
-+# Combine two 4x ghash
-+# v15 - v22 - input blocks
-+#
-+.macro ppc_aes_gcm_ghash2_4x
-+ # first 4x hash
-+ vxor 15, 15, 0 # Xi + X
-+
-+ xxlxor 29, 29, 29
-+
-+ vpmsumd 23, 12, 15 # H4.L * X.L
-+ vpmsumd 24, 9, 16
-+ vpmsumd 25, 6, 17
-+ vpmsumd 26, 3, 18
-+
-+ vxor 23, 23, 24
-+ vxor 23, 23, 25
-+ vxor 23, 23, 26 # L
-+
-+ vpmsumd 24, 13, 15 # H4.L * X.H + H4.H * X.L
-+ vpmsumd 25, 10, 16 # H3.L * X1.H + H3.H * X1.L
-+ vpmsumd 26, 7, 17
-+ vpmsumd 27, 4, 18
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+
-+ # sum hash and reduction with H Poly
-+ vpmsumd 28, 23, 2 # reduction
-+
-+ xxlor 29+32, 29, 29
-+
-+ vxor 24, 24, 27 # M
-+ vsldoi 26, 24, 29, 8 # mL
-+ vsldoi 29, 29, 24, 8 # mH
-+ vxor 23, 23, 26 # mL + L
-+
-+ vsldoi 23, 23, 23, 8 # swap
-+ vxor 23, 23, 28
-+
-+ vpmsumd 24, 14, 15 # H4.H * X.H
-+ vpmsumd 25, 11, 16
-+ vpmsumd 26, 8, 17
-+ vpmsumd 27, 5, 18
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+ vxor 24, 24, 27 # H
-+
-+ vxor 24, 24, 29 # H + mH
-+
-+ # sum hash and reduction with H Poly
-+ vsldoi 27, 23, 23, 8 # swap
-+ vpmsumd 23, 23, 2
-+ vxor 27, 27, 24
-+ vxor 27, 23, 27 # 1st Xi
-+
-+ # 2nd 4x hash
-+ vpmsumd 24, 9, 20
-+ vpmsumd 25, 6, 21
-+ vpmsumd 26, 3, 22
-+ vxor 19, 19, 27 # Xi + X
-+ vpmsumd 23, 12, 19 # H4.L * X.L
-+
-+ vxor 23, 23, 24
-+ vxor 23, 23, 25
-+ vxor 23, 23, 26 # L
-+
-+ vpmsumd 24, 13, 19 # H4.L * X.H + H4.H * X.L
-+ vpmsumd 25, 10, 20 # H3.L * X1.H + H3.H * X1.L
-+ vpmsumd 26, 7, 21
-+ vpmsumd 27, 4, 22
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+
-+ # sum hash and reduction with H Poly
-+ vpmsumd 28, 23, 2 # reduction
-+
-+ xxlor 29+32, 29, 29
-+
-+ vxor 24, 24, 27 # M
-+ vsldoi 26, 24, 29, 8 # mL
-+ vsldoi 29, 29, 24, 8 # mH
-+ vxor 23, 23, 26 # mL + L
-+
-+ vsldoi 23, 23, 23, 8 # swap
-+ vxor 23, 23, 28
-+
-+ vpmsumd 24, 14, 19 # H4.H * X.H
-+ vpmsumd 25, 11, 20
-+ vpmsumd 26, 8, 21
-+ vpmsumd 27, 5, 22
-+
-+ vxor 24, 24, 25
-+ vxor 24, 24, 26
-+ vxor 24, 24, 27 # H
-+
-+ vxor 24, 24, 29 # H + mH
-+
-+ # sum hash and reduction with H Poly
-+ vsldoi 27, 23, 23, 8 # swap
-+ vpmsumd 23, 23, 2
-+ vxor 27, 27, 24
-+ vxor 23, 23, 27
-+
-+ xxlor 32, 23+32, 23+32 # update hash
-+
-+.endm
-+
-+#
-+# Compute update single hash
-+#
-+.macro ppc_update_hash_1x
-+ vxor 28, 28, 0
-+
-+ vxor 19, 19, 19
-+
-+ vpmsumd 22, 3, 28 # L
-+ vpmsumd 23, 4, 28 # M
-+ vpmsumd 24, 5, 28 # H
-+
-+ vpmsumd 27, 22, 2 # reduction
-+
-+ vsldoi 25, 23, 19, 8 # mL
-+ vsldoi 26, 19, 23, 8 # mH
-+ vxor 22, 22, 25 # LL + LL
-+ vxor 24, 24, 26 # HH + HH
-+
-+ vsldoi 22, 22, 22, 8 # swap
-+ vxor 22, 22, 27
-+
-+ vsldoi 20, 22, 22, 8 # swap
-+ vpmsumd 22, 22, 2 # reduction
-+ vxor 20, 20, 24
-+ vxor 22, 22, 20
-+
-+ vmr 0, 22 # update hash
-+
-+.endm
-+
-+#
-+# ppc_aes_gcm_encrypt (const void *inp, void *out, size_t len,
-+# const AES_KEY *key, unsigned char iv[16],
-+# void *Xip);
-+#
-+# r3 - inp
-+# r4 - out
-+# r5 - len
-+# r6 - AES round keys
-+# r7 - iv
-+# r8 - Xi, HPoli, hash keys
-+#
-+.global ppc_aes_gcm_encrypt
-+.align 5
-+ppc_aes_gcm_encrypt:
-+_ppc_aes_gcm_encrypt:
-+
-+ stdu 1,-512(1)
-+ mflr 0
-+
-+ std 14,112(1)
-+ std 15,120(1)
-+ std 16,128(1)
-+ std 17,136(1)
-+ std 18,144(1)
-+ std 19,152(1)
-+ std 20,160(1)
-+ std 21,168(1)
-+ li 9, 256
-+ stvx 20, 9, 1
-+ addi 9, 9, 16
-+ stvx 21, 9, 1
-+ addi 9, 9, 16
-+ stvx 22, 9, 1
-+ addi 9, 9, 16
-+ stvx 23, 9, 1
-+ addi 9, 9, 16
-+ stvx 24, 9, 1
-+ addi 9, 9, 16
-+ stvx 25, 9, 1
-+ addi 9, 9, 16
-+ stvx 26, 9, 1
-+ addi 9, 9, 16
-+ stvx 27, 9, 1
-+ addi 9, 9, 16
-+ stvx 28, 9, 1
-+ addi 9, 9, 16
-+ stvx 29, 9, 1
-+ addi 9, 9, 16
-+ stvx 30, 9, 1
-+ addi 9, 9, 16
-+ stvx 31, 9, 1
-+ std 0, 528(1)
-+
-+ # Load Xi
-+ lxvb16x 32, 0, 8 # load Xi
-+
-+ # load Hash - h^4, h^3, h^2, h
-+ li 10, 32
-+ lxvd2x 2+32, 10, 8 # H Poli
-+ li 10, 48
-+ lxvd2x 3+32, 10, 8 # Hl
-+ li 10, 64
-+ lxvd2x 4+32, 10, 8 # H
-+ li 10, 80
-+ lxvd2x 5+32, 10, 8 # Hh
-+
-+ li 10, 96
-+ lxvd2x 6+32, 10, 8 # H^2l
-+ li 10, 112
-+ lxvd2x 7+32, 10, 8 # H^2
-+ li 10, 128
-+ lxvd2x 8+32, 10, 8 # H^2h
-+
-+ li 10, 144
-+ lxvd2x 9+32, 10, 8 # H^3l
-+ li 10, 160
-+ lxvd2x 10+32, 10, 8 # H^3
-+ li 10, 176
-+ lxvd2x 11+32, 10, 8 # H^3h
-+
-+ li 10, 192
-+ lxvd2x 12+32, 10, 8 # H^4l
-+ li 10, 208
-+ lxvd2x 13+32, 10, 8 # H^4
-+ li 10, 224
-+ lxvd2x 14+32, 10, 8 # H^4h
-+
-+ # initialize ICB: GHASH( IV ), IV - r7
-+ lxvb16x 30+32, 0, 7 # load IV - v30
-+
-+ mr 12, 5 # length
-+ li 11, 0 # block index
-+
-+ # counter 1
-+ vxor 31, 31, 31
-+ vspltisb 22, 1
-+ vsldoi 31, 31, 22,1 # counter 1
-+
-+ # load round key to VSR
-+ lxv 0, 0(6)
-+ lxv 1, 0x10(6)
-+ lxv 2, 0x20(6)
-+ lxv 3, 0x30(6)
-+ lxv 4, 0x40(6)
-+ lxv 5, 0x50(6)
-+ lxv 6, 0x60(6)
-+ lxv 7, 0x70(6)
-+ lxv 8, 0x80(6)
-+ lxv 9, 0x90(6)
-+ lxv 10, 0xa0(6)
-+
-+ # load rounds - 10 (128), 12 (192), 14 (256)
-+ lwz 9,240(6)
-+
-+ #
-+ # vxor state, state, w # addroundkey
-+ xxlor 32+29, 0, 0
-+ vxor 15, 30, 29 # IV + round key - add round key 0
-+
-+ cmpdi 9, 10
-+ beq Loop_aes_gcm_8x
-+
-+ # load 2 more round keys (v11, v12)
-+ lxv 11, 0xb0(6)
-+ lxv 12, 0xc0(6)
-+
-+ cmpdi 9, 12
-+ beq Loop_aes_gcm_8x
-+
-+ # load 2 more round keys (v11, v12, v13, v14)
-+ lxv 13, 0xd0(6)
-+ lxv 14, 0xe0(6)
-+ cmpdi 9, 14
-+ beq Loop_aes_gcm_8x
-+
-+ b aes_gcm_out
-+
-+.align 5
-+Loop_aes_gcm_8x:
-+ mr 14, 3
-+ mr 9, 4
-+
-+ # n blocks
-+ li 10, 128
-+ divdu 10, 5, 10 # n 128 bytes-blocks
-+ cmpdi 10, 0
-+ beq Loop_last_block
-+
-+ vaddudm 30, 30, 31 # IV + counter
-+ vxor 16, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 17, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 18, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 19, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 20, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 21, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 22, 30, 29
-+
-+ mtctr 10
-+
-+ li 15, 16
-+ li 16, 32
-+ li 17, 48
-+ li 18, 64
-+ li 19, 80
-+ li 20, 96
-+ li 21, 112
-+
-+ lwz 10, 240(6)
-+
-+Loop_8x_block:
-+
-+ lxvb16x 15, 0, 14 # load block
-+ lxvb16x 16, 15, 14 # load block
-+ lxvb16x 17, 16, 14 # load block
-+ lxvb16x 18, 17, 14 # load block
-+ lxvb16x 19, 18, 14 # load block
-+ lxvb16x 20, 19, 14 # load block
-+ lxvb16x 21, 20, 14 # load block
-+ lxvb16x 22, 21, 14 # load block
-+ addi 14, 14, 128
-+
-+ Loop_aes_middle8x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_next_ghash
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_next_ghash
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_next_ghash
-+ b aes_gcm_out
-+
-+Do_next_ghash:
-+
-+ #
-+ # last round
-+ vcipherlast 15, 15, 23
-+ vcipherlast 16, 16, 23
-+
-+ xxlxor 47, 47, 15
-+ stxvb16x 47, 0, 9 # store output
-+ xxlxor 48, 48, 16
-+ stxvb16x 48, 15, 9 # store output
-+
-+ vcipherlast 17, 17, 23
-+ vcipherlast 18, 18, 23
-+
-+ xxlxor 49, 49, 17
-+ stxvb16x 49, 16, 9 # store output
-+ xxlxor 50, 50, 18
-+ stxvb16x 50, 17, 9 # store output
-+
-+ vcipherlast 19, 19, 23
-+ vcipherlast 20, 20, 23
-+
-+ xxlxor 51, 51, 19
-+ stxvb16x 51, 18, 9 # store output
-+ xxlxor 52, 52, 20
-+ stxvb16x 52, 19, 9 # store output
-+
-+ vcipherlast 21, 21, 23
-+ vcipherlast 22, 22, 23
-+
-+ xxlxor 53, 53, 21
-+ stxvb16x 53, 20, 9 # store output
-+ xxlxor 54, 54, 22
-+ stxvb16x 54, 21, 9 # store output
-+
-+ addi 9, 9, 128
-+
-+ # ghash here
-+ ppc_aes_gcm_ghash2_4x
-+
-+ xxlor 27+32, 0, 0
-+ vaddudm 30, 30, 31 # IV + counter
-+ vmr 29, 30
-+ vxor 15, 30, 27 # add round key
-+ vaddudm 30, 30, 31
-+ vxor 16, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 17, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 18, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 19, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 20, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 21, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 22, 30, 27
-+
-+ addi 12, 12, -128
-+ addi 11, 11, 128
-+
-+ bdnz Loop_8x_block
-+
-+ vmr 30, 29
-+
-+Loop_last_block:
-+ cmpdi 12, 0
-+ beq aes_gcm_out
-+
-+ # loop last few blocks
-+ li 10, 16
-+ divdu 10, 12, 10
-+
-+ mtctr 10
-+
-+ lwz 10, 240(6)
-+
-+ cmpdi 12, 16
-+ blt Final_block
-+
-+.macro Loop_aes_middle_1x
-+ xxlor 19+32, 1, 1
-+ xxlor 20+32, 2, 2
-+ xxlor 21+32, 3, 3
-+ xxlor 22+32, 4, 4
-+
-+ vcipher 15, 15, 19
-+ vcipher 15, 15, 20
-+ vcipher 15, 15, 21
-+ vcipher 15, 15, 22
-+
-+ xxlor 19+32, 5, 5
-+ xxlor 20+32, 6, 6
-+ xxlor 21+32, 7, 7
-+ xxlor 22+32, 8, 8
-+
-+ vcipher 15, 15, 19
-+ vcipher 15, 15, 20
-+ vcipher 15, 15, 21
-+ vcipher 15, 15, 22
-+
-+ xxlor 19+32, 9, 9
-+ vcipher 15, 15, 19
-+.endm
-+
-+Next_rem_block:
-+ lxvb16x 15, 0, 14 # load block
-+
-+ Loop_aes_middle_1x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_next_1x
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_next_1x
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_next_1x
-+
-+Do_next_1x:
-+ vcipherlast 15, 15, 23
-+
-+ xxlxor 47, 47, 15
-+ stxvb16x 47, 0, 9 # store output
-+ addi 14, 14, 16
-+ addi 9, 9, 16
-+
-+ vmr 28, 15
-+ ppc_update_hash_1x
-+
-+ addi 12, 12, -16
-+ addi 11, 11, 16
-+ xxlor 19+32, 0, 0
-+ vaddudm 30, 30, 31 # IV + counter
-+ vxor 15, 30, 19 # add round key
-+
-+ bdnz Next_rem_block
-+
-+ cmpdi 12, 0
-+ beq aes_gcm_out
-+
-+Final_block:
-+ Loop_aes_middle_1x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_final_1x
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_final_1x
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_final_1x
-+
-+Do_final_1x:
-+ vcipherlast 15, 15, 23
-+
-+ lxvb16x 15, 0, 14 # load last block
-+ xxlxor 47, 47, 15
-+
-+ # create partial block mask
-+ li 15, 16
-+ sub 15, 15, 12 # index to the mask
-+
-+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff
-+ vspltisb 17, 0 # second 16 bytes - 0x0000...00
-+ li 10, 192
-+ stvx 16, 10, 1
-+ addi 10, 10, 16
-+ stvx 17, 10, 1
-+
-+ addi 10, 1, 192
-+ lxvb16x 16, 15, 10 # load partial block mask
-+ xxland 47, 47, 16
-+
-+ vmr 28, 15
-+ ppc_update_hash_1x
-+
-+ # * should store only the remaining bytes.
-+ bl Write_partial_block
-+
-+ b aes_gcm_out
-+
-+#
-+# Write partial block
-+# r9 - output
-+# r12 - remaining bytes
-+# v15 - partial input data
-+#
-+Write_partial_block:
-+ li 10, 192
-+ stxvb16x 15+32, 10, 1 # last block
-+
-+ #add 10, 9, 11 # Output
-+ addi 10, 9, -1
-+ addi 16, 1, 191
-+
-+ mtctr 12 # remaining bytes
-+ li 15, 0
-+
-+Write_last_byte:
-+ lbzu 14, 1(16)
-+ stbu 14, 1(10)
-+ bdnz Write_last_byte
-+ blr
-+
-+aes_gcm_out:
-+ # out = state
-+ stxvb16x 32, 0, 8 # write out Xi
-+ add 3, 11, 12 # return count
-+
-+ li 9, 256
-+ lvx 20, 9, 1
-+ addi 9, 9, 16
-+ lvx 21, 9, 1
-+ addi 9, 9, 16
-+ lvx 22, 9, 1
-+ addi 9, 9, 16
-+ lvx 23, 9, 1
-+ addi 9, 9, 16
-+ lvx 24, 9, 1
-+ addi 9, 9, 16
-+ lvx 25, 9, 1
-+ addi 9, 9, 16
-+ lvx 26, 9, 1
-+ addi 9, 9, 16
-+ lvx 27, 9, 1
-+ addi 9, 9, 16
-+ lvx 28, 9, 1
-+ addi 9, 9, 16
-+ lvx 29, 9, 1
-+ addi 9, 9, 16
-+ lvx 30, 9, 1
-+ addi 9, 9, 16
-+ lvx 31, 9, 1
-+
-+ ld 0, 528(1)
-+ ld 14,112(1)
-+ ld 15,120(1)
-+ ld 16,128(1)
-+ ld 17,136(1)
-+ ld 18,144(1)
-+ ld 19,152(1)
-+ ld 20,160(1)
-+ ld 21,168(1)
-+
-+ mtlr 0
-+ addi 1, 1, 512
-+ blr
-+
-+#
-+# 8x Decrypt
-+#
-+.global ppc_aes_gcm_decrypt
-+.align 5
-+ppc_aes_gcm_decrypt:
-+_ppc_aes_gcm_decrypt:
-+
-+ stdu 1,-512(1)
-+ mflr 0
-+
-+ std 14,112(1)
-+ std 15,120(1)
-+ std 16,128(1)
-+ std 17,136(1)
-+ std 18,144(1)
-+ std 19,152(1)
-+ std 20,160(1)
-+ std 21,168(1)
-+ li 9, 256
-+ stvx 20, 9, 1
-+ addi 9, 9, 16
-+ stvx 21, 9, 1
-+ addi 9, 9, 16
-+ stvx 22, 9, 1
-+ addi 9, 9, 16
-+ stvx 23, 9, 1
-+ addi 9, 9, 16
-+ stvx 24, 9, 1
-+ addi 9, 9, 16
-+ stvx 25, 9, 1
-+ addi 9, 9, 16
-+ stvx 26, 9, 1
-+ addi 9, 9, 16
-+ stvx 27, 9, 1
-+ addi 9, 9, 16
-+ stvx 28, 9, 1
-+ addi 9, 9, 16
-+ stvx 29, 9, 1
-+ addi 9, 9, 16
-+ stvx 30, 9, 1
-+ addi 9, 9, 16
-+ stvx 31, 9, 1
-+ std 0, 528(1)
-+
-+ # Load Xi
-+ lxvb16x 32, 0, 8 # load Xi
-+
-+ # load Hash - h^4, h^3, h^2, h
-+ li 10, 32
-+ lxvd2x 2+32, 10, 8 # H Poli
-+ li 10, 48
-+ lxvd2x 3+32, 10, 8 # Hl
-+ li 10, 64
-+ lxvd2x 4+32, 10, 8 # H
-+ li 10, 80
-+ lxvd2x 5+32, 10, 8 # Hh
-+
-+ li 10, 96
-+ lxvd2x 6+32, 10, 8 # H^2l
-+ li 10, 112
-+ lxvd2x 7+32, 10, 8 # H^2
-+ li 10, 128
-+ lxvd2x 8+32, 10, 8 # H^2h
-+
-+ li 10, 144
-+ lxvd2x 9+32, 10, 8 # H^3l
-+ li 10, 160
-+ lxvd2x 10+32, 10, 8 # H^3
-+ li 10, 176
-+ lxvd2x 11+32, 10, 8 # H^3h
-+
-+ li 10, 192
-+ lxvd2x 12+32, 10, 8 # H^4l
-+ li 10, 208
-+ lxvd2x 13+32, 10, 8 # H^4
-+ li 10, 224
-+ lxvd2x 14+32, 10, 8 # H^4h
-+
-+ # initialize ICB: GHASH( IV ), IV - r7
-+ lxvb16x 30+32, 0, 7 # load IV - v30
-+
-+ mr 12, 5 # length
-+ li 11, 0 # block index
-+
-+ # counter 1
-+ vxor 31, 31, 31
-+ vspltisb 22, 1
-+ vsldoi 31, 31, 22,1 # counter 1
-+
-+ # load round key to VSR
-+ lxv 0, 0(6)
-+ lxv 1, 0x10(6)
-+ lxv 2, 0x20(6)
-+ lxv 3, 0x30(6)
-+ lxv 4, 0x40(6)
-+ lxv 5, 0x50(6)
-+ lxv 6, 0x60(6)
-+ lxv 7, 0x70(6)
-+ lxv 8, 0x80(6)
-+ lxv 9, 0x90(6)
-+ lxv 10, 0xa0(6)
-+
-+ # load rounds - 10 (128), 12 (192), 14 (256)
-+ lwz 9,240(6)
-+
-+ #
-+ # vxor state, state, w # addroundkey
-+ xxlor 32+29, 0, 0
-+ vxor 15, 30, 29 # IV + round key - add round key 0
-+
-+ cmpdi 9, 10
-+ beq Loop_aes_gcm_8x_dec
-+
-+ # load 2 more round keys (v11, v12)
-+ lxv 11, 0xb0(6)
-+ lxv 12, 0xc0(6)
-+
-+ cmpdi 9, 12
-+ beq Loop_aes_gcm_8x_dec
-+
-+ # load 2 more round keys (v11, v12, v13, v14)
-+ lxv 13, 0xd0(6)
-+ lxv 14, 0xe0(6)
-+ cmpdi 9, 14
-+ beq Loop_aes_gcm_8x_dec
-+
-+ b aes_gcm_out
-+
-+.align 5
-+Loop_aes_gcm_8x_dec:
-+ mr 14, 3
-+ mr 9, 4
-+
-+ # n blocks
-+ li 10, 128
-+ divdu 10, 5, 10 # n 128 bytes-blocks
-+ cmpdi 10, 0
-+ beq Loop_last_block_dec
-+
-+ vaddudm 30, 30, 31 # IV + counter
-+ vxor 16, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 17, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 18, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 19, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 20, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 21, 30, 29
-+ vaddudm 30, 30, 31
-+ vxor 22, 30, 29
-+
-+ mtctr 10
-+
-+ li 15, 16
-+ li 16, 32
-+ li 17, 48
-+ li 18, 64
-+ li 19, 80
-+ li 20, 96
-+ li 21, 112
-+
-+ lwz 10, 240(6)
-+
-+Loop_8x_block_dec:
-+
-+ lxvb16x 15, 0, 14 # load block
-+ lxvb16x 16, 15, 14 # load block
-+ lxvb16x 17, 16, 14 # load block
-+ lxvb16x 18, 17, 14 # load block
-+ lxvb16x 19, 18, 14 # load block
-+ lxvb16x 20, 19, 14 # load block
-+ lxvb16x 21, 20, 14 # load block
-+ lxvb16x 22, 21, 14 # load block
-+ addi 14, 14, 128
-+
-+ Loop_aes_middle8x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_last_aes_dec
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_last_aes_dec
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 16, 16, 23
-+ vcipher 17, 17, 23
-+ vcipher 18, 18, 23
-+ vcipher 19, 19, 23
-+ vcipher 20, 20, 23
-+ vcipher 21, 21, 23
-+ vcipher 22, 22, 23
-+
-+ vcipher 15, 15, 24
-+ vcipher 16, 16, 24
-+ vcipher 17, 17, 24
-+ vcipher 18, 18, 24
-+ vcipher 19, 19, 24
-+ vcipher 20, 20, 24
-+ vcipher 21, 21, 24
-+ vcipher 22, 22, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_last_aes_dec
-+ b aes_gcm_out
-+
-+Do_last_aes_dec:
-+
-+ #
-+ # last round
-+ vcipherlast 15, 15, 23
-+ vcipherlast 16, 16, 23
-+
-+ xxlxor 47, 47, 15
-+ stxvb16x 47, 0, 9 # store output
-+ xxlxor 48, 48, 16
-+ stxvb16x 48, 15, 9 # store output
-+
-+ vcipherlast 17, 17, 23
-+ vcipherlast 18, 18, 23
-+
-+ xxlxor 49, 49, 17
-+ stxvb16x 49, 16, 9 # store output
-+ xxlxor 50, 50, 18
-+ stxvb16x 50, 17, 9 # store output
-+
-+ vcipherlast 19, 19, 23
-+ vcipherlast 20, 20, 23
-+
-+ xxlxor 51, 51, 19
-+ stxvb16x 51, 18, 9 # store output
-+ xxlxor 52, 52, 20
-+ stxvb16x 52, 19, 9 # store output
-+
-+ vcipherlast 21, 21, 23
-+ vcipherlast 22, 22, 23
-+
-+ xxlxor 53, 53, 21
-+ stxvb16x 53, 20, 9 # store output
-+ xxlxor 54, 54, 22
-+ stxvb16x 54, 21, 9 # store output
-+
-+ addi 9, 9, 128
-+
-+ xxlor 15+32, 15, 15
-+ xxlor 16+32, 16, 16
-+ xxlor 17+32, 17, 17
-+ xxlor 18+32, 18, 18
-+ xxlor 19+32, 19, 19
-+ xxlor 20+32, 20, 20
-+ xxlor 21+32, 21, 21
-+ xxlor 22+32, 22, 22
-+
-+ # ghash here
-+ ppc_aes_gcm_ghash2_4x
-+
-+ xxlor 27+32, 0, 0
-+ vaddudm 30, 30, 31 # IV + counter
-+ vmr 29, 30
-+ vxor 15, 30, 27 # add round key
-+ vaddudm 30, 30, 31
-+ vxor 16, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 17, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 18, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 19, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 20, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 21, 30, 27
-+ vaddudm 30, 30, 31
-+ vxor 22, 30, 27
-+ addi 12, 12, -128
-+ addi 11, 11, 128
-+
-+ bdnz Loop_8x_block_dec
-+
-+ vmr 30, 29
-+
-+Loop_last_block_dec:
-+ cmpdi 12, 0
-+ beq aes_gcm_out
-+
-+ # loop last few blocks
-+ li 10, 16
-+ divdu 10, 12, 10
-+
-+ mtctr 10
-+
-+ lwz 10,240(6)
-+
-+ cmpdi 12, 16
-+ blt Final_block_dec
-+
-+Next_rem_block_dec:
-+ lxvb16x 15, 0, 14 # load block
-+
-+ Loop_aes_middle_1x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_next_1x_dec
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_next_1x_dec
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_next_1x_dec
-+
-+Do_next_1x_dec:
-+ vcipherlast 15, 15, 23
-+
-+ xxlxor 47, 47, 15
-+ stxvb16x 47, 0, 9 # store output
-+ addi 14, 14, 16
-+ addi 9, 9, 16
-+
-+ xxlor 28+32, 15, 15
-+ ppc_update_hash_1x
-+
-+ addi 12, 12, -16
-+ addi 11, 11, 16
-+ xxlor 19+32, 0, 0
-+ vaddudm 30, 30, 31 # IV + counter
-+ vxor 15, 30, 19 # add round key
-+
-+ bdnz Next_rem_block_dec
-+
-+ cmpdi 12, 0
-+ beq aes_gcm_out
-+
-+Final_block_dec:
-+ Loop_aes_middle_1x
-+
-+ xxlor 23+32, 10, 10
-+
-+ cmpdi 10, 10
-+ beq Do_final_1x_dec
-+
-+ # 192 bits
-+ xxlor 24+32, 11, 11
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 12, 12
-+
-+ cmpdi 10, 12
-+ beq Do_final_1x_dec
-+
-+ # 256 bits
-+ xxlor 24+32, 13, 13
-+
-+ vcipher 15, 15, 23
-+ vcipher 15, 15, 24
-+
-+ xxlor 23+32, 14, 14
-+
-+ cmpdi 10, 14
-+ beq Do_final_1x_dec
-+
-+Do_final_1x_dec:
-+ vcipherlast 15, 15, 23
-+
-+ lxvb16x 15, 0, 14 # load block
-+ xxlxor 47, 47, 15
-+
-+ # create partial block mask
-+ li 15, 16
-+ sub 15, 15, 12 # index to the mask
-+
-+ vspltisb 16, -1 # first 16 bytes - 0xffff...ff
-+ vspltisb 17, 0 # second 16 bytes - 0x0000...00
-+ li 10, 192
-+ stvx 16, 10, 1
-+ addi 10, 10, 16
-+ stvx 17, 10, 1
-+
-+ addi 10, 1, 192
-+ lxvb16x 16, 15, 10 # load block mask
-+ xxland 47, 47, 16
-+
-+ xxlor 28+32, 15, 15
-+ ppc_update_hash_1x
-+
-+ # * should store only the remaining bytes.
-+ bl Write_partial_block
-+
-+ b aes_gcm_out
-+
-+
-+___
-+
-+foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/geo;
-+
-+ if ($flavour =~ /le$/o) { # little-endian
-+ s/le\?//o or
-+ s/be\?/#be#/o;
-+ } else {
-+ s/le\?/#le#/o or
-+ s/be\?//o;
-+ }
-+ print $_,"\n";
-+}
-+
-+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
-diff --git a/crypto/modes/build.info b/crypto/modes/build.info
-index 687e872..0ea122e 100644
---- a/crypto/modes/build.info
-+++ b/crypto/modes/build.info
-@@ -32,7 +32,7 @@ IF[{- !$disabled{asm} -}]
- $MODESASM_parisc20_64=$MODESASM_parisc11
- $MODESDEF_parisc20_64=$MODESDEF_parisc11
-
-- $MODESASM_ppc32=ghashp8-ppc.s
-+ $MODESASM_ppc32=ghashp8-ppc.s aes-gcm-ppc.s
- $MODESDEF_ppc32=
- $MODESASM_ppc64=$MODESASM_ppc32
- $MODESDEF_ppc64=$MODESDEF_ppc32
-@@ -71,6 +71,7 @@ INCLUDE[ghash-sparcv9.o]=..
- GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl
- GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl
- GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl
-+GENERATE[aes-gcm-ppc.s]=asm/aes-gcm-ppc.pl
- GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl
- INCLUDE[ghash-armv4.o]=..
- GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl
-diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
-index e95ad5a..0c281a3 100644
---- a/include/crypto/aes_platform.h
-+++ b/include/crypto/aes_platform.h
-@@ -74,6 +74,26 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
- # define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
- # define HWAES_xts_encrypt aes_p8_xts_encrypt
- # define HWAES_xts_decrypt aes_p8_xts_decrypt
-+# define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
-+# define AES_GCM_ENC_BYTES 128
-+# define AES_GCM_DEC_BYTES 128
-+size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
-+ size_t len, const void *key, unsigned char ivec[16],
-+ u64 *Xi);
-+size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
-+ size_t len, const void *key, unsigned char ivec[16],
-+ u64 *Xi);
-+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
-+ size_t len, const void *key,
-+ unsigned char ivec[16], u64 *Xi);
-+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
-+ size_t len, const void *key,
-+ unsigned char ivec[16], u64 *Xi);
-+# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
-+# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
-+# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
-+ (gctx)->gcm.ghash==gcm_ghash_p8)
-+void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
- # endif /* PPC */
-
- # if (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw.c b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-index 44fa9d4..789ec12 100644
---- a/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw.c
-@@ -141,6 +141,8 @@ static const PROV_GCM_HW aes_gcm = {
- # include "cipher_aes_gcm_hw_t4.inc"
- #elif defined(AES_PMULL_CAPABLE) && defined(AES_GCM_ASM)
- # include "cipher_aes_gcm_hw_armv8.inc"
-+#elif defined(PPC_AES_GCM_CAPABLE)
-+# include "cipher_aes_gcm_hw_ppc.inc"
- #else
- const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
- {
-diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
-new file mode 100644
-index 0000000..4eed0f4
---- /dev/null
-+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
-@@ -0,0 +1,119 @@
-+/*
-+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*-
-+ * PPC support for AES GCM.
-+ * This file is included by cipher_aes_gcm_hw.c
-+ */
-+
-+static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
-+ size_t keylen)
-+{
-+ PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
-+ AES_KEY *ks = &actx->ks.ks;
-+
-+ GCM_HW_SET_KEY_CTR_FN(ks, aes_p8_set_encrypt_key, aes_p8_encrypt,
-+ aes_p8_ctr32_encrypt_blocks);
-+ return 1;
-+}
-+
-+
-+extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
-+ const void *key, unsigned char ivec[16], u64 *Xi);
-+extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
-+ const void *key, unsigned char ivec[16], u64 *Xi);
-+
-+static inline u32 UTO32(unsigned char *buf)
-+{
-+ return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
-+}
-+
-+static inline u32 add32TOU(unsigned char buf[4], u32 n)
-+{
-+ u32 r;
-+
-+ r = UTO32(buf);
-+ r += n;
-+ buf[0] = (unsigned char) (r >> 24) & 0xFF;
-+ buf[1] = (unsigned char) (r >> 16) & 0xFF;
-+ buf[2] = (unsigned char) (r >> 8) & 0xFF;
-+ buf[3] = (unsigned char) r & 0xFF;
-+ return r;
-+}
-+
-+static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
-+ const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
-+{
-+ int s = 0;
-+ int ndone = 0;
-+ int ctr_reset = 0;
-+ u64 blocks_unused;
-+ u64 nb = len / 16;
-+ u64 next_ctr = 0;
-+ unsigned char ctr_saved[12];
-+
-+ memcpy(ctr_saved, ivec, 12);
-+
-+ while (nb) {
-+ blocks_unused = (u64) 0xffffffffU + 1 - (u64) UTO32 (ivec + 12);
-+ if (nb > blocks_unused) {
-+ len = blocks_unused * 16;
-+ nb -= blocks_unused;
-+ next_ctr = blocks_unused;
-+ ctr_reset = 1;
-+ } else {
-+ len = nb * 16;
-+ next_ctr = nb;
-+ nb = 0;
-+ }
-+
-+ s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec, Xi)
-+ : ppc_aes_gcm_decrypt(in, out, len, key, ivec, Xi);
-+
-+ /* add counter to ivec */
-+ add32TOU(ivec + 12, (u32) next_ctr);
-+ if (ctr_reset) {
-+ ctr_reset = 0;
-+ in += len;
-+ out += len;
-+ }
-+ memcpy(ivec, ctr_saved, 12);
-+ ndone += s;
-+ }
-+
-+ return ndone;
-+}
-+
-+size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
-+ const void *key, unsigned char ivec[16], u64 *Xi)
-+{
-+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
-+}
-+
-+size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
-+ const void *key, unsigned char ivec[16], u64 *Xi)
-+{
-+ return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
-+}
-+
-+
-+static const PROV_GCM_HW aes_ppc_gcm = {
-+ aes_ppc_gcm_initkey,
-+ ossl_gcm_setiv,
-+ ossl_gcm_aad_update,
-+ generic_aes_gcm_cipher_update,
-+ ossl_gcm_cipher_final,
-+ ossl_gcm_one_shot
-+};
-+
-+const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
-+{
-+ return PPC_AES_GCM_CAPABLE ? &aes_ppc_gcm : &aes_gcm;
-+}
-+
diff --git a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch b/0072-ChaCha20-performance-optimizations-for-ppc64le.patch
deleted file mode 100644
index e5e7f9b..0000000
--- a/0072-ChaCha20-performance-optimizations-for-ppc64le.patch
+++ /dev/null
@@ -1,1493 +0,0 @@
-Upstream-Status: Backport [
- https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149,
- https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa,
- hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447
-]
-diff --git a/crypto/chacha/asm/chachap10-ppc.pl b/crypto/chacha/asm/chachap10-ppc.pl
-new file mode 100755
-index 0000000..36e9a8d
---- /dev/null
-+++ b/crypto/chacha/asm/chachap10-ppc.pl
-@@ -0,0 +1,1288 @@
-+#! /usr/bin/env perl
-+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
-+#
-+# Licensed under the Apache License 2.0 (the "License"). You may not use
-+# this file except in compliance with the License. You can obtain a copy
-+# in the file LICENSE in the source distribution or at
-+# https://www.openssl.org/source/license.html
-+
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+#
-+# October 2015
-+#
-+# ChaCha20 for PowerPC/AltiVec.
-+#
-+# June 2018
-+#
-+# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for
-+# processors that can't issue more than one vector instruction per
-+# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x
-+# interleave would perform better. Incidentally PowerISA 2.07 (first
-+# implemented by POWER8) defined new usable instructions, hence 4xVSX
-+# code path...
-+#
-+# Performance in cycles per byte out of large buffer.
-+#
-+# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX
-+#
-+# Freescale e300 13.6/+115% - -
-+# PPC74x0/G4e 6.81/+310% 3.81 -
-+# PPC970/G5 9.29/+160% ? -
-+# POWER7 8.62/+61% 3.35 -
-+# POWER8 8.70/+51% 2.91 2.09
-+# POWER9 8.80/+29% 4.44(*) 2.45(**)
-+#
-+# (*) this is trade-off result, it's possible to improve it, but
-+# then it would negatively affect all others;
-+# (**) POWER9 seems to be "allergic" to mixing vector and integer
-+# instructions, which is why switch to vector-only code pays
-+# off that much;
-+
-+# $output is the last argument if it looks like a file (it has an extension)
-+# $flavour is the first argument if it doesn't look like a file
-+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
-+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
-+
-+if ($flavour =~ /64/) {
-+ $SIZE_T =8;
-+ $LRSAVE =2*$SIZE_T;
-+ $STU ="stdu";
-+ $POP ="ld";
-+ $PUSH ="std";
-+ $UCMP ="cmpld";
-+} elsif ($flavour =~ /32/) {
-+ $SIZE_T =4;
-+ $LRSAVE =$SIZE_T;
-+ $STU ="stwu";
-+ $POP ="lwz";
-+ $PUSH ="stw";
-+ $UCMP ="cmplw";
-+} else { die "nonsense $flavour"; }
-+
-+$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0;
-+
-+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-+die "can't locate ppc-xlate.pl";
-+
-+open STDOUT,"| $^X $xlate $flavour \"$output\""
-+ or die "can't call $xlate: $!";
-+
-+$LOCALS=6*$SIZE_T;
-+$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables
-+
-+sub AUTOLOAD() # thunk [simplified] x86-style perlasm
-+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
-+ $code .= "\t$opcode\t".join(',',@_)."\n";
-+}
-+
-+my $sp = "r1";
-+
-+my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7));
-+
-+
-+{{{
-+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
-+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15));
-+my @K = map("v$_",(16..19));
-+my $CTR = "v26";
-+my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30));
-+my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3);
-+my $beperm = "v31";
-+
-+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10)));
-+
-+my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload
-+
-+
-+sub VSX_lane_ROUND_4x {
-+my ($a0,$b0,$c0,$d0)=@_;
-+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
-+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
-+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
-+my @x=map("\"v$_\"",(0..15));
-+
-+ (
-+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1
-+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2
-+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3
-+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4
-+ "&vxor (@x[$d0],@x[$d0],@x[$a0])",
-+ "&vxor (@x[$d1],@x[$d1],@x[$a1])",
-+ "&vxor (@x[$d2],@x[$d2],@x[$a2])",
-+ "&vxor (@x[$d3],@x[$d3],@x[$a3])",
-+ "&vrlw (@x[$d0],@x[$d0],'$sixteen')",
-+ "&vrlw (@x[$d1],@x[$d1],'$sixteen')",
-+ "&vrlw (@x[$d2],@x[$d2],'$sixteen')",
-+ "&vrlw (@x[$d3],@x[$d3],'$sixteen')",
-+
-+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])",
-+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])",
-+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])",
-+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])",
-+ "&vxor (@x[$b0],@x[$b0],@x[$c0])",
-+ "&vxor (@x[$b1],@x[$b1],@x[$c1])",
-+ "&vxor (@x[$b2],@x[$b2],@x[$c2])",
-+ "&vxor (@x[$b3],@x[$b3],@x[$c3])",
-+ "&vrlw (@x[$b0],@x[$b0],'$twelve')",
-+ "&vrlw (@x[$b1],@x[$b1],'$twelve')",
-+ "&vrlw (@x[$b2],@x[$b2],'$twelve')",
-+ "&vrlw (@x[$b3],@x[$b3],'$twelve')",
-+
-+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])",
-+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])",
-+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])",
-+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])",
-+ "&vxor (@x[$d0],@x[$d0],@x[$a0])",
-+ "&vxor (@x[$d1],@x[$d1],@x[$a1])",
-+ "&vxor (@x[$d2],@x[$d2],@x[$a2])",
-+ "&vxor (@x[$d3],@x[$d3],@x[$a3])",
-+ "&vrlw (@x[$d0],@x[$d0],'$eight')",
-+ "&vrlw (@x[$d1],@x[$d1],'$eight')",
-+ "&vrlw (@x[$d2],@x[$d2],'$eight')",
-+ "&vrlw (@x[$d3],@x[$d3],'$eight')",
-+
-+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])",
-+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])",
-+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])",
-+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])",
-+ "&vxor (@x[$b0],@x[$b0],@x[$c0])",
-+ "&vxor (@x[$b1],@x[$b1],@x[$c1])",
-+ "&vxor (@x[$b2],@x[$b2],@x[$c2])",
-+ "&vxor (@x[$b3],@x[$b3],@x[$c3])",
-+ "&vrlw (@x[$b0],@x[$b0],'$seven')",
-+ "&vrlw (@x[$b1],@x[$b1],'$seven')",
-+ "&vrlw (@x[$b2],@x[$b2],'$seven')",
-+ "&vrlw (@x[$b3],@x[$b3],'$seven')"
-+ );
-+}
-+
-+$code.=<<___;
-+
-+.globl .ChaCha20_ctr32_vsx_p10
-+.align 5
-+.ChaCha20_ctr32_vsx_p10:
-+ ${UCMP}i $len,255
-+ bgt ChaCha20_ctr32_vsx_8x
-+ $STU $sp,-$FRAME($sp)
-+ mflr r0
-+ li r10,`15+$LOCALS+64`
-+ li r11,`31+$LOCALS+64`
-+ mfspr r12,256
-+ stvx v26,r10,$sp
-+ addi r10,r10,32
-+ stvx v27,r11,$sp
-+ addi r11,r11,32
-+ stvx v28,r10,$sp
-+ addi r10,r10,32
-+ stvx v29,r11,$sp
-+ addi r11,r11,32
-+ stvx v30,r10,$sp
-+ stvx v31,r11,$sp
-+ stw r12,`$FRAME-4`($sp) # save vrsave
-+ li r12,-4096+63
-+ $PUSH r0, `$FRAME+$LRSAVE`($sp)
-+ mtspr 256,r12 # preserve 29 AltiVec registers
-+
-+ bl Lconsts # returns pointer Lsigma in r12
-+ lvx_4w @K[0],0,r12 # load sigma
-+ addi r12,r12,0x70
-+ li $x10,16
-+ li $x20,32
-+ li $x30,48
-+ li r11,64
-+
-+ lvx_4w @K[1],0,$key # load key
-+ lvx_4w @K[2],$x10,$key
-+ lvx_4w @K[3],0,$ctr # load counter
-+
-+ vxor $xt0,$xt0,$xt0
-+ lvx_4w $xt1,r11,r12
-+ vspltw $CTR,@K[3],0
-+ vsldoi @K[3],@K[3],$xt0,4
-+ vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0]
-+ vadduwm $CTR,$CTR,$xt1
-+
-+ be?lvsl $beperm,0,$x10 # 0x00..0f
-+ be?vspltisb $xt0,3 # 0x03..03
-+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words
-+
-+ li r0,10 # inner loop counter
-+ mtctr r0
-+ b Loop_outer_vsx
-+
-+.align 5
-+Loop_outer_vsx:
-+ lvx $xa0,$x00,r12 # load [smashed] sigma
-+ lvx $xa1,$x10,r12
-+ lvx $xa2,$x20,r12
-+ lvx $xa3,$x30,r12
-+
-+ vspltw $xb0,@K[1],0 # smash the key
-+ vspltw $xb1,@K[1],1
-+ vspltw $xb2,@K[1],2
-+ vspltw $xb3,@K[1],3
-+
-+ vspltw $xc0,@K[2],0
-+ vspltw $xc1,@K[2],1
-+ vspltw $xc2,@K[2],2
-+ vspltw $xc3,@K[2],3
-+
-+ vmr $xd0,$CTR # smash the counter
-+ vspltw $xd1,@K[3],1
-+ vspltw $xd2,@K[3],2
-+ vspltw $xd3,@K[3],3
-+
-+ vspltisw $sixteen,-16 # synthesize constants
-+ vspltisw $twelve,12
-+ vspltisw $eight,8
-+ vspltisw $seven,7
-+
-+Loop_vsx_4x:
-+___
-+ foreach (&VSX_lane_ROUND_4x(0, 4, 8,12)) { eval; }
-+ foreach (&VSX_lane_ROUND_4x(0, 5,10,15)) { eval; }
-+$code.=<<___;
-+
-+ bdnz Loop_vsx_4x
-+
-+ vadduwm $xd0,$xd0,$CTR
-+
-+ vmrgew $xt0,$xa0,$xa1 # transpose data
-+ vmrgew $xt1,$xa2,$xa3
-+ vmrgow $xa0,$xa0,$xa1
-+ vmrgow $xa2,$xa2,$xa3
-+ vmrgew $xt2,$xb0,$xb1
-+ vmrgew $xt3,$xb2,$xb3
-+ vpermdi $xa1,$xa0,$xa2,0b00
-+ vpermdi $xa3,$xa0,$xa2,0b11
-+ vpermdi $xa0,$xt0,$xt1,0b00
-+ vpermdi $xa2,$xt0,$xt1,0b11
-+
-+ vmrgow $xb0,$xb0,$xb1
-+ vmrgow $xb2,$xb2,$xb3
-+ vmrgew $xt0,$xc0,$xc1
-+ vmrgew $xt1,$xc2,$xc3
-+ vpermdi $xb1,$xb0,$xb2,0b00
-+ vpermdi $xb3,$xb0,$xb2,0b11
-+ vpermdi $xb0,$xt2,$xt3,0b00
-+ vpermdi $xb2,$xt2,$xt3,0b11
-+
-+ vmrgow $xc0,$xc0,$xc1
-+ vmrgow $xc2,$xc2,$xc3
-+ vmrgew $xt2,$xd0,$xd1
-+ vmrgew $xt3,$xd2,$xd3
-+ vpermdi $xc1,$xc0,$xc2,0b00
-+ vpermdi $xc3,$xc0,$xc2,0b11
-+ vpermdi $xc0,$xt0,$xt1,0b00
-+ vpermdi $xc2,$xt0,$xt1,0b11
-+
-+ vmrgow $xd0,$xd0,$xd1
-+ vmrgow $xd2,$xd2,$xd3
-+ vspltisw $xt0,4
-+ vadduwm $CTR,$CTR,$xt0 # next counter value
-+ vpermdi $xd1,$xd0,$xd2,0b00
-+ vpermdi $xd3,$xd0,$xd2,0b11
-+ vpermdi $xd0,$xt2,$xt3,0b00
-+ vpermdi $xd2,$xt2,$xt3,0b11
-+
-+ vadduwm $xa0,$xa0,@K[0]
-+ vadduwm $xb0,$xb0,@K[1]
-+ vadduwm $xc0,$xc0,@K[2]
-+ vadduwm $xd0,$xd0,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx
-+
-+ vadduwm $xa0,$xa1,@K[0]
-+ vadduwm $xb0,$xb1,@K[1]
-+ vadduwm $xc0,$xc1,@K[2]
-+ vadduwm $xd0,$xd1,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx
-+
-+ vadduwm $xa0,$xa2,@K[0]
-+ vadduwm $xb0,$xb2,@K[1]
-+ vadduwm $xc0,$xc2,@K[2]
-+ vadduwm $xd0,$xd2,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx
-+
-+ vadduwm $xa0,$xa3,@K[0]
-+ vadduwm $xb0,$xb3,@K[1]
-+ vadduwm $xc0,$xc3,@K[2]
-+ vadduwm $xd0,$xd3,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ mtctr r0
-+ bne Loop_outer_vsx
-+
-+Ldone_vsx:
-+ lwz r12,`$FRAME-4`($sp) # pull vrsave
-+ li r10,`15+$LOCALS+64`
-+ li r11,`31+$LOCALS+64`
-+ $POP r0, `$FRAME+$LRSAVE`($sp)
-+ mtspr 256,r12 # restore vrsave
-+ lvx v26,r10,$sp
-+ addi r10,r10,32
-+ lvx v27,r11,$sp
-+ addi r11,r11,32
-+ lvx v28,r10,$sp
-+ addi r10,r10,32
-+ lvx v29,r11,$sp
-+ addi r11,r11,32
-+ lvx v30,r10,$sp
-+ lvx v31,r11,$sp
-+ mtlr r0
-+ addi $sp,$sp,$FRAME
-+ blr
-+
-+.align 4
-+Ltail_vsx:
-+ addi r11,$sp,$LOCALS
-+ mtctr $len
-+ stvx_4w $xa0,$x00,r11 # offload block to stack
-+ stvx_4w $xb0,$x10,r11
-+ stvx_4w $xc0,$x20,r11
-+ stvx_4w $xd0,$x30,r11
-+ subi r12,r11,1 # prepare for *++ptr
-+ subi $inp,$inp,1
-+ subi $out,$out,1
-+
-+Loop_tail_vsx:
-+ lbzu r6,1(r12)
-+ lbzu r7,1($inp)
-+ xor r6,r6,r7
-+ stbu r6,1($out)
-+ bdnz Loop_tail_vsx
-+
-+ stvx_4w $K[0],$x00,r11 # wipe copy of the block
-+ stvx_4w $K[0],$x10,r11
-+ stvx_4w $K[0],$x20,r11
-+ stvx_4w $K[0],$x30,r11
-+
-+ b Ldone_vsx
-+ .long 0
-+ .byte 0,12,0x04,1,0x80,0,5,0
-+ .long 0
-+.size .ChaCha20_ctr32_vsx_p10,.-.ChaCha20_ctr32_vsx_p10
-+___
-+}}}
-+
-+##This is 8 block in parallel implementation. The heart of chacha round uses vector instruction that has access to
-+# vsr[32+X]. To perform the 8 parallel block we tend to use all 32 register to hold the 8 block info.
-+# WE need to store few register value on side, so we can use VSR{32+X} for few vector instructions used in round op and hold intermediate value.
-+# WE use the VSR[0]-VSR[31] for holding intermediate value and perform 8 block in parallel.
-+#
-+{{{
-+#### ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7));
-+my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3,
-+ $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3,
-+ $xa4,$xa5,$xa6,$xa7, $xb4,$xb5,$xb6,$xb7,
-+ $xc4,$xc5,$xc6,$xc7, $xd4,$xd5,$xd6,$xd7) = map("v$_",(0..31));
-+my ($xcn4,$xcn5,$xcn6,$xcn7, $xdn4,$xdn5,$xdn6,$xdn7) = map("v$_",(8..15));
-+my ($xan0,$xbn0,$xcn0,$xdn0) = map("v$_",(0..3));
-+my @K = map("v$_",27,(24..26));
-+my ($xt0,$xt1,$xt2,$xt3,$xt4) = map("v$_",23,(28..31));
-+my $xr0 = "v4";
-+my $CTR0 = "v22";
-+my $CTR1 = "v5";
-+my $beperm = "v31";
-+my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10)));
-+my ($xv0,$xv1,$xv2,$xv3,$xv4,$xv5,$xv6,$xv7) = map("v$_",(0..7));
-+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..17));
-+my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21));
-+my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26));
-+
-+my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload
-+
-+sub VSX_lane_ROUND_8x {
-+my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_;
-+my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0));
-+my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1));
-+my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
-+my ($a5,$b5,$c5,$d5)=map(($_&~3)+(($_+1)&3),($a4,$b4,$c4,$d4));
-+my ($a6,$b6,$c6,$d6)=map(($_&~3)+(($_+1)&3),($a5,$b5,$c5,$d5));
-+my ($a7,$b7,$c7,$d7)=map(($_&~3)+(($_+1)&3),($a6,$b6,$c6,$d6));
-+my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("\"v$_\"",(8..17));
-+my @x=map("\"v$_\"",(0..31));
-+
-+ (
-+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])", #copy v30 to v13
-+ "&vxxlorc (@x[$c7], $xv9,$xv9)",
-+
-+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1
-+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2
-+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3
-+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4
-+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])", # Q1
-+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])", # Q2
-+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])", # Q3
-+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])", # Q4
-+
-+ "&vxor (@x[$d0],@x[$d0],@x[$a0])",
-+ "&vxor (@x[$d1],@x[$d1],@x[$a1])",
-+ "&vxor (@x[$d2],@x[$d2],@x[$a2])",
-+ "&vxor (@x[$d3],@x[$d3],@x[$a3])",
-+ "&vxor (@x[$d4],@x[$d4],@x[$a4])",
-+ "&vxor (@x[$d5],@x[$d5],@x[$a5])",
-+ "&vxor (@x[$d6],@x[$d6],@x[$a6])",
-+ "&vxor (@x[$d7],@x[$d7],@x[$a7])",
-+
-+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])",
-+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])",
-+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])",
-+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])",
-+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])",
-+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])",
-+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])",
-+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])",
-+
-+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])",
-+ "&vxxlorc (@x[$c7], $xv15,$xv15)",
-+ "&vxxlorc (@x[$a7], $xv10,$xv10)",
-+
-+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])",
-+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])",
-+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])",
-+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])",
-+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])",
-+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])",
-+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])",
-+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])",
-+
-+ "&vxor (@x[$b0],@x[$b0],@x[$c0])",
-+ "&vxor (@x[$b1],@x[$b1],@x[$c1])",
-+ "&vxor (@x[$b2],@x[$b2],@x[$c2])",
-+ "&vxor (@x[$b3],@x[$b3],@x[$c3])",
-+ "&vxor (@x[$b4],@x[$b4],@x[$c4])",
-+ "&vxor (@x[$b5],@x[$b5],@x[$c5])",
-+ "&vxor (@x[$b6],@x[$b6],@x[$c6])",
-+ "&vxor (@x[$b7],@x[$b7],@x[$c7])",
-+
-+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])",
-+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])",
-+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])",
-+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])",
-+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])",
-+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])",
-+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])",
-+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])",
-+
-+ "&vxxlorc (@x[$a7], $xv13,$xv13)",
-+ "&vxxlor ($xv15 ,@x[$c7],@x[$c7])",
-+ "&vxxlorc (@x[$c7], $xv11,$xv11)",
-+
-+
-+ "&vadduwm (@x[$a0],@x[$a0],@x[$b0])",
-+ "&vadduwm (@x[$a1],@x[$a1],@x[$b1])",
-+ "&vadduwm (@x[$a2],@x[$a2],@x[$b2])",
-+ "&vadduwm (@x[$a3],@x[$a3],@x[$b3])",
-+ "&vadduwm (@x[$a4],@x[$a4],@x[$b4])",
-+ "&vadduwm (@x[$a5],@x[$a5],@x[$b5])",
-+ "&vadduwm (@x[$a6],@x[$a6],@x[$b6])",
-+ "&vadduwm (@x[$a7],@x[$a7],@x[$b7])",
-+
-+ "&vxor (@x[$d0],@x[$d0],@x[$a0])",
-+ "&vxor (@x[$d1],@x[$d1],@x[$a1])",
-+ "&vxor (@x[$d2],@x[$d2],@x[$a2])",
-+ "&vxor (@x[$d3],@x[$d3],@x[$a3])",
-+ "&vxor (@x[$d4],@x[$d4],@x[$a4])",
-+ "&vxor (@x[$d5],@x[$d5],@x[$a5])",
-+ "&vxor (@x[$d6],@x[$d6],@x[$a6])",
-+ "&vxor (@x[$d7],@x[$d7],@x[$a7])",
-+
-+ "&vrlw (@x[$d0],@x[$d0],@x[$c7])",
-+ "&vrlw (@x[$d1],@x[$d1],@x[$c7])",
-+ "&vrlw (@x[$d2],@x[$d2],@x[$c7])",
-+ "&vrlw (@x[$d3],@x[$d3],@x[$c7])",
-+ "&vrlw (@x[$d4],@x[$d4],@x[$c7])",
-+ "&vrlw (@x[$d5],@x[$d5],@x[$c7])",
-+ "&vrlw (@x[$d6],@x[$d6],@x[$c7])",
-+ "&vrlw (@x[$d7],@x[$d7],@x[$c7])",
-+
-+ "&vxxlorc (@x[$c7], $xv15,$xv15)",
-+ "&vxxlor ($xv13 ,@x[$a7],@x[$a7])",
-+ "&vxxlorc (@x[$a7], $xv12,$xv12)",
-+
-+ "&vadduwm (@x[$c0],@x[$c0],@x[$d0])",
-+ "&vadduwm (@x[$c1],@x[$c1],@x[$d1])",
-+ "&vadduwm (@x[$c2],@x[$c2],@x[$d2])",
-+ "&vadduwm (@x[$c3],@x[$c3],@x[$d3])",
-+ "&vadduwm (@x[$c4],@x[$c4],@x[$d4])",
-+ "&vadduwm (@x[$c5],@x[$c5],@x[$d5])",
-+ "&vadduwm (@x[$c6],@x[$c6],@x[$d6])",
-+ "&vadduwm (@x[$c7],@x[$c7],@x[$d7])",
-+ "&vxor (@x[$b0],@x[$b0],@x[$c0])",
-+ "&vxor (@x[$b1],@x[$b1],@x[$c1])",
-+ "&vxor (@x[$b2],@x[$b2],@x[$c2])",
-+ "&vxor (@x[$b3],@x[$b3],@x[$c3])",
-+ "&vxor (@x[$b4],@x[$b4],@x[$c4])",
-+ "&vxor (@x[$b5],@x[$b5],@x[$c5])",
-+ "&vxor (@x[$b6],@x[$b6],@x[$c6])",
-+ "&vxor (@x[$b7],@x[$b7],@x[$c7])",
-+ "&vrlw (@x[$b0],@x[$b0],@x[$a7])",
-+ "&vrlw (@x[$b1],@x[$b1],@x[$a7])",
-+ "&vrlw (@x[$b2],@x[$b2],@x[$a7])",
-+ "&vrlw (@x[$b3],@x[$b3],@x[$a7])",
-+ "&vrlw (@x[$b4],@x[$b4],@x[$a7])",
-+ "&vrlw (@x[$b5],@x[$b5],@x[$a7])",
-+ "&vrlw (@x[$b6],@x[$b6],@x[$a7])",
-+ "&vrlw (@x[$b7],@x[$b7],@x[$a7])",
-+
-+ "&vxxlorc (@x[$a7], $xv13,$xv13)",
-+ );
-+}
-+
-+$code.=<<___;
-+
-+.globl .ChaCha20_ctr32_vsx_8x
-+.align 5
-+.ChaCha20_ctr32_vsx_8x:
-+ $STU $sp,-$FRAME($sp)
-+ mflr r0
-+ li r10,`15+$LOCALS+64`
-+ li r11,`31+$LOCALS+64`
-+ mfspr r12,256
-+ stvx v24,r10,$sp
-+ addi r10,r10,32
-+ stvx v25,r11,$sp
-+ addi r11,r11,32
-+ stvx v26,r10,$sp
-+ addi r10,r10,32
-+ stvx v27,r11,$sp
-+ addi r11,r11,32
-+ stvx v28,r10,$sp
-+ addi r10,r10,32
-+ stvx v29,r11,$sp
-+ addi r11,r11,32
-+ stvx v30,r10,$sp
-+ stvx v31,r11,$sp
-+ stw r12,`$FRAME-4`($sp) # save vrsave
-+ li r12,-4096+63
-+ $PUSH r0, `$FRAME+$LRSAVE`($sp)
-+ mtspr 256,r12 # preserve 29 AltiVec registers
-+
-+ bl Lconsts # returns pointer Lsigma in r12
-+
-+ lvx_4w @K[0],0,r12 # load sigma
-+ addi r12,r12,0x70
-+ li $x10,16
-+ li $x20,32
-+ li $x30,48
-+ li r11,64
-+
-+ vspltisw $xa4,-16 # synthesize constants
-+ vspltisw $xb4,12 # synthesize constants
-+ vspltisw $xc4,8 # synthesize constants
-+ vspltisw $xd4,7 # synthesize constants
-+
-+ lvx $xa0,$x00,r12 # load [smashed] sigma
-+ lvx $xa1,$x10,r12
-+ lvx $xa2,$x20,r12
-+ lvx $xa3,$x30,r12
-+
-+ vxxlor $xv9 ,$xa4,$xa4 #save shift val in vr9-12
-+ vxxlor $xv10 ,$xb4,$xb4
-+ vxxlor $xv11 ,$xc4,$xc4
-+ vxxlor $xv12 ,$xd4,$xd4
-+ vxxlor $xv22 ,$xa0,$xa0 #save sigma in vr22-25
-+ vxxlor $xv23 ,$xa1,$xa1
-+ vxxlor $xv24 ,$xa2,$xa2
-+ vxxlor $xv25 ,$xa3,$xa3
-+
-+ lvx_4w @K[1],0,$key # load key
-+ lvx_4w @K[2],$x10,$key
-+ lvx_4w @K[3],0,$ctr # load counter
-+ vspltisw $xt3,4
-+
-+
-+ vxor $xt2,$xt2,$xt2
-+ lvx_4w $xt1,r11,r12
-+ vspltw $xa2,@K[3],0 #save the original count after spltw
-+ vsldoi @K[3],@K[3],$xt2,4
-+ vsldoi @K[3],$xt2,@K[3],12 # clear @K[3].word[0]
-+ vadduwm $xt1,$xa2,$xt1
-+ vadduwm $xt3,$xt1,$xt3 # next counter value
-+ vspltw $xa0,@K[2],2 # save the K[2] spltw 2 and save v8.
-+
-+ be?lvsl $beperm,0,$x10 # 0x00..0f
-+ be?vspltisb $xt0,3 # 0x03..03
-+ be?vxor $beperm,$beperm,$xt0 # swap bytes within words
-+ be?vxxlor $xv26 ,$beperm,$beperm
-+
-+ vxxlor $xv0 ,@K[0],@K[0] # K0,k1,k2 to vr0,1,2
-+ vxxlor $xv1 ,@K[1],@K[1]
-+ vxxlor $xv2 ,@K[2],@K[2]
-+ vxxlor $xv3 ,@K[3],@K[3]
-+ vxxlor $xv4 ,$xt1,$xt1 #CTR ->4, CTR+4-> 5
-+ vxxlor $xv5 ,$xt3,$xt3
-+ vxxlor $xv8 ,$xa0,$xa0
-+
-+ li r0,10 # inner loop counter
-+ mtctr r0
-+ b Loop_outer_vsx_8x
-+
-+.align 5
-+Loop_outer_vsx_8x:
-+ vxxlorc $xa0,$xv22,$xv22 # load [smashed] sigma
-+ vxxlorc $xa1,$xv23,$xv23
-+ vxxlorc $xa2,$xv24,$xv24
-+ vxxlorc $xa3,$xv25,$xv25
-+ vxxlorc $xa4,$xv22,$xv22
-+ vxxlorc $xa5,$xv23,$xv23
-+ vxxlorc $xa6,$xv24,$xv24
-+ vxxlorc $xa7,$xv25,$xv25
-+
-+ vspltw $xb0,@K[1],0 # smash the key
-+ vspltw $xb1,@K[1],1
-+ vspltw $xb2,@K[1],2
-+ vspltw $xb3,@K[1],3
-+ vspltw $xb4,@K[1],0 # smash the key
-+ vspltw $xb5,@K[1],1
-+ vspltw $xb6,@K[1],2
-+ vspltw $xb7,@K[1],3
-+
-+ vspltw $xc0,@K[2],0
-+ vspltw $xc1,@K[2],1
-+ vspltw $xc2,@K[2],2
-+ vspltw $xc3,@K[2],3
-+ vspltw $xc4,@K[2],0
-+ vspltw $xc7,@K[2],3
-+ vspltw $xc5,@K[2],1
-+
-+ vxxlorc $xd0,$xv4,$xv4 # smash the counter
-+ vspltw $xd1,@K[3],1
-+ vspltw $xd2,@K[3],2
-+ vspltw $xd3,@K[3],3
-+ vxxlorc $xd4,$xv5,$xv5 # smash the counter
-+ vspltw $xd5,@K[3],1
-+ vspltw $xd6,@K[3],2
-+ vspltw $xd7,@K[3],3
-+ vxxlorc $xc6,$xv8,$xv8 #copy of vlspt k[2],2 is in v8.v26 ->k[3] so need to wait until k3 is done
-+
-+Loop_vsx_8x:
-+___
-+ foreach (&VSX_lane_ROUND_8x(0,4, 8,12,16,20,24,28)) { eval; }
-+ foreach (&VSX_lane_ROUND_8x(0,5,10,15,16,21,26,31)) { eval; }
-+$code.=<<___;
-+
-+ bdnz Loop_vsx_8x
-+ vxxlor $xv13 ,$xd4,$xd4 # save the register vr24-31
-+ vxxlor $xv14 ,$xd5,$xd5 #
-+ vxxlor $xv15 ,$xd6,$xd6 #
-+ vxxlor $xv16 ,$xd7,$xd7 #
-+
-+ vxxlor $xv18 ,$xc4,$xc4 #
-+ vxxlor $xv19 ,$xc5,$xc5 #
-+ vxxlor $xv20 ,$xc6,$xc6 #
-+ vxxlor $xv21 ,$xc7,$xc7 #
-+
-+ vxxlor $xv6 ,$xb6,$xb6 # save vr23, so we get 8 regs
-+ vxxlor $xv7 ,$xb7,$xb7 # save vr23, so we get 8 regs
-+ be?vxxlorc $beperm,$xv26,$xv26 # copy back the the beperm.
-+
-+ vxxlorc @K[0],$xv0,$xv0 #27
-+ vxxlorc @K[1],$xv1,$xv1 #24
-+ vxxlorc @K[2],$xv2,$xv2 #25
-+ vxxlorc @K[3],$xv3,$xv3 #26
-+ vxxlorc $CTR0,$xv4,$xv4
-+###changing to vertical
-+
-+ vmrgew $xt0,$xa0,$xa1 # transpose data
-+ vmrgew $xt1,$xa2,$xa3
-+ vmrgow $xa0,$xa0,$xa1
-+ vmrgow $xa2,$xa2,$xa3
-+
-+ vmrgew $xt2,$xb0,$xb1
-+ vmrgew $xt3,$xb2,$xb3
-+ vmrgow $xb0,$xb0,$xb1
-+ vmrgow $xb2,$xb2,$xb3
-+
-+ vadduwm $xd0,$xd0,$CTR0
-+
-+ vpermdi $xa1,$xa0,$xa2,0b00
-+ vpermdi $xa3,$xa0,$xa2,0b11
-+ vpermdi $xa0,$xt0,$xt1,0b00
-+ vpermdi $xa2,$xt0,$xt1,0b11
-+ vpermdi $xb1,$xb0,$xb2,0b00
-+ vpermdi $xb3,$xb0,$xb2,0b11
-+ vpermdi $xb0,$xt2,$xt3,0b00
-+ vpermdi $xb2,$xt2,$xt3,0b11
-+
-+ vmrgew $xt0,$xc0,$xc1
-+ vmrgew $xt1,$xc2,$xc3
-+ vmrgow $xc0,$xc0,$xc1
-+ vmrgow $xc2,$xc2,$xc3
-+ vmrgew $xt2,$xd0,$xd1
-+ vmrgew $xt3,$xd2,$xd3
-+ vmrgow $xd0,$xd0,$xd1
-+ vmrgow $xd2,$xd2,$xd3
-+
-+ vpermdi $xc1,$xc0,$xc2,0b00
-+ vpermdi $xc3,$xc0,$xc2,0b11
-+ vpermdi $xc0,$xt0,$xt1,0b00
-+ vpermdi $xc2,$xt0,$xt1,0b11
-+ vpermdi $xd1,$xd0,$xd2,0b00
-+ vpermdi $xd3,$xd0,$xd2,0b11
-+ vpermdi $xd0,$xt2,$xt3,0b00
-+ vpermdi $xd2,$xt2,$xt3,0b11
-+
-+ vspltisw $xt0,8
-+ vadduwm $CTR0,$CTR0,$xt0 # next counter value
-+ vxxlor $xv4 ,$CTR0,$CTR0 #CTR+4-> 5
-+
-+ vadduwm $xa0,$xa0,@K[0]
-+ vadduwm $xb0,$xb0,@K[1]
-+ vadduwm $xc0,$xc0,@K[2]
-+ vadduwm $xd0,$xd0,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xa0,$xa1,@K[0]
-+ vadduwm $xb0,$xb1,@K[1]
-+ vadduwm $xc0,$xc1,@K[2]
-+ vadduwm $xd0,$xd1,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xa0,$xa2,@K[0]
-+ vadduwm $xb0,$xb2,@K[1]
-+ vadduwm $xc0,$xc2,@K[2]
-+ vadduwm $xd0,$xd2,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xa0,$xa3,@K[0]
-+ vadduwm $xb0,$xb3,@K[1]
-+ vadduwm $xc0,$xc3,@K[2]
-+ vadduwm $xd0,$xd3,@K[3]
-+
-+ be?vperm $xa0,$xa0,$xa0,$beperm
-+ be?vperm $xb0,$xb0,$xb0,$beperm
-+ be?vperm $xc0,$xc0,$xc0,$beperm
-+ be?vperm $xd0,$xd0,$xd0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x
-+
-+ lvx_4w $xt0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xt0,$xt0,$xa0
-+ vxor $xt1,$xt1,$xb0
-+ vxor $xt2,$xt2,$xc0
-+ vxor $xt3,$xt3,$xd0
-+
-+ stvx_4w $xt0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+#blk4-7: 24:31 remain the same as we can use the same logic above . Reg a4-b7 remain same.Load c4,d7--> position 8-15.we can reuse vr24-31.
-+#VR0-3 : are used to load temp value, vr4 --> as xr0 instead of xt0.
-+
-+ vxxlorc $CTR1 ,$xv5,$xv5
-+
-+ vxxlorc $xcn4 ,$xv18,$xv18
-+ vxxlorc $xcn5 ,$xv19,$xv19
-+ vxxlorc $xcn6 ,$xv20,$xv20
-+ vxxlorc $xcn7 ,$xv21,$xv21
-+
-+ vxxlorc $xdn4 ,$xv13,$xv13
-+ vxxlorc $xdn5 ,$xv14,$xv14
-+ vxxlorc $xdn6 ,$xv15,$xv15
-+ vxxlorc $xdn7 ,$xv16,$xv16
-+ vadduwm $xdn4,$xdn4,$CTR1
-+
-+ vxxlorc $xb6 ,$xv6,$xv6
-+ vxxlorc $xb7 ,$xv7,$xv7
-+#use xa1->xr0, as xt0...in the block 4-7
-+
-+ vmrgew $xr0,$xa4,$xa5 # transpose data
-+ vmrgew $xt1,$xa6,$xa7
-+ vmrgow $xa4,$xa4,$xa5
-+ vmrgow $xa6,$xa6,$xa7
-+ vmrgew $xt2,$xb4,$xb5
-+ vmrgew $xt3,$xb6,$xb7
-+ vmrgow $xb4,$xb4,$xb5
-+ vmrgow $xb6,$xb6,$xb7
-+
-+ vpermdi $xa5,$xa4,$xa6,0b00
-+ vpermdi $xa7,$xa4,$xa6,0b11
-+ vpermdi $xa4,$xr0,$xt1,0b00
-+ vpermdi $xa6,$xr0,$xt1,0b11
-+ vpermdi $xb5,$xb4,$xb6,0b00
-+ vpermdi $xb7,$xb4,$xb6,0b11
-+ vpermdi $xb4,$xt2,$xt3,0b00
-+ vpermdi $xb6,$xt2,$xt3,0b11
-+
-+ vmrgew $xr0,$xcn4,$xcn5
-+ vmrgew $xt1,$xcn6,$xcn7
-+ vmrgow $xcn4,$xcn4,$xcn5
-+ vmrgow $xcn6,$xcn6,$xcn7
-+ vmrgew $xt2,$xdn4,$xdn5
-+ vmrgew $xt3,$xdn6,$xdn7
-+ vmrgow $xdn4,$xdn4,$xdn5
-+ vmrgow $xdn6,$xdn6,$xdn7
-+
-+ vpermdi $xcn5,$xcn4,$xcn6,0b00
-+ vpermdi $xcn7,$xcn4,$xcn6,0b11
-+ vpermdi $xcn4,$xr0,$xt1,0b00
-+ vpermdi $xcn6,$xr0,$xt1,0b11
-+ vpermdi $xdn5,$xdn4,$xdn6,0b00
-+ vpermdi $xdn7,$xdn4,$xdn6,0b11
-+ vpermdi $xdn4,$xt2,$xt3,0b00
-+ vpermdi $xdn6,$xt2,$xt3,0b11
-+
-+ vspltisw $xr0,8
-+ vadduwm $CTR1,$CTR1,$xr0 # next counter value
-+ vxxlor $xv5 ,$CTR1,$CTR1 #CTR+4-> 5
-+
-+ vadduwm $xan0,$xa4,@K[0]
-+ vadduwm $xbn0,$xb4,@K[1]
-+ vadduwm $xcn0,$xcn4,@K[2]
-+ vadduwm $xdn0,$xdn4,@K[3]
-+
-+ be?vperm $xan0,$xa4,$xa4,$beperm
-+ be?vperm $xbn0,$xb4,$xb4,$beperm
-+ be?vperm $xcn0,$xcn4,$xcn4,$beperm
-+ be?vperm $xdn0,$xdn4,$xdn4,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x_1
-+
-+ lvx_4w $xr0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xr0,$xr0,$xan0
-+ vxor $xt1,$xt1,$xbn0
-+ vxor $xt2,$xt2,$xcn0
-+ vxor $xt3,$xt3,$xdn0
-+
-+ stvx_4w $xr0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xan0,$xa5,@K[0]
-+ vadduwm $xbn0,$xb5,@K[1]
-+ vadduwm $xcn0,$xcn5,@K[2]
-+ vadduwm $xdn0,$xdn5,@K[3]
-+
-+ be?vperm $xan0,$xan0,$xan0,$beperm
-+ be?vperm $xbn0,$xbn0,$xbn0,$beperm
-+ be?vperm $xcn0,$xcn0,$xcn0,$beperm
-+ be?vperm $xdn0,$xdn0,$xdn0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x_1
-+
-+ lvx_4w $xr0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xr0,$xr0,$xan0
-+ vxor $xt1,$xt1,$xbn0
-+ vxor $xt2,$xt2,$xcn0
-+ vxor $xt3,$xt3,$xdn0
-+
-+ stvx_4w $xr0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xan0,$xa6,@K[0]
-+ vadduwm $xbn0,$xb6,@K[1]
-+ vadduwm $xcn0,$xcn6,@K[2]
-+ vadduwm $xdn0,$xdn6,@K[3]
-+
-+ be?vperm $xan0,$xan0,$xan0,$beperm
-+ be?vperm $xbn0,$xbn0,$xbn0,$beperm
-+ be?vperm $xcn0,$xcn0,$xcn0,$beperm
-+ be?vperm $xdn0,$xdn0,$xdn0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x_1
-+
-+ lvx_4w $xr0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xr0,$xr0,$xan0
-+ vxor $xt1,$xt1,$xbn0
-+ vxor $xt2,$xt2,$xcn0
-+ vxor $xt3,$xt3,$xdn0
-+
-+ stvx_4w $xr0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ vadduwm $xan0,$xa7,@K[0]
-+ vadduwm $xbn0,$xb7,@K[1]
-+ vadduwm $xcn0,$xcn7,@K[2]
-+ vadduwm $xdn0,$xdn7,@K[3]
-+
-+ be?vperm $xan0,$xan0,$xan0,$beperm
-+ be?vperm $xbn0,$xbn0,$xbn0,$beperm
-+ be?vperm $xcn0,$xcn0,$xcn0,$beperm
-+ be?vperm $xdn0,$xdn0,$xdn0,$beperm
-+
-+ ${UCMP}i $len,0x40
-+ blt Ltail_vsx_8x_1
-+
-+ lvx_4w $xr0,$x00,$inp
-+ lvx_4w $xt1,$x10,$inp
-+ lvx_4w $xt2,$x20,$inp
-+ lvx_4w $xt3,$x30,$inp
-+
-+ vxor $xr0,$xr0,$xan0
-+ vxor $xt1,$xt1,$xbn0
-+ vxor $xt2,$xt2,$xcn0
-+ vxor $xt3,$xt3,$xdn0
-+
-+ stvx_4w $xr0,$x00,$out
-+ stvx_4w $xt1,$x10,$out
-+ addi $inp,$inp,0x40
-+ stvx_4w $xt2,$x20,$out
-+ subi $len,$len,0x40
-+ stvx_4w $xt3,$x30,$out
-+ addi $out,$out,0x40
-+ beq Ldone_vsx_8x
-+
-+ mtctr r0
-+ bne Loop_outer_vsx_8x
-+
-+Ldone_vsx_8x:
-+ lwz r12,`$FRAME-4`($sp) # pull vrsave
-+ li r10,`15+$LOCALS+64`
-+ li r11,`31+$LOCALS+64`
-+ $POP r0, `$FRAME+$LRSAVE`($sp)
-+ mtspr 256,r12 # restore vrsave
-+ lvx v24,r10,$sp
-+ addi r10,r10,32
-+ lvx v25,r11,$sp
-+ addi r11,r11,32
-+ lvx v26,r10,$sp
-+ addi r10,r10,32
-+ lvx v27,r11,$sp
-+ addi r11,r11,32
-+ lvx v28,r10,$sp
-+ addi r10,r10,32
-+ lvx v29,r11,$sp
-+ addi r11,r11,32
-+ lvx v30,r10,$sp
-+ lvx v31,r11,$sp
-+ mtlr r0
-+ addi $sp,$sp,$FRAME
-+ blr
-+
-+.align 4
-+Ltail_vsx_8x:
-+ addi r11,$sp,$LOCALS
-+ mtctr $len
-+ stvx_4w $xa0,$x00,r11 # offload block to stack
-+ stvx_4w $xb0,$x10,r11
-+ stvx_4w $xc0,$x20,r11
-+ stvx_4w $xd0,$x30,r11
-+ subi r12,r11,1 # prepare for *++ptr
-+ subi $inp,$inp,1
-+ subi $out,$out,1
-+ bl Loop_tail_vsx_8x
-+Ltail_vsx_8x_1:
-+ addi r11,$sp,$LOCALS
-+ mtctr $len
-+ stvx_4w $xan0,$x00,r11 # offload block to stack
-+ stvx_4w $xbn0,$x10,r11
-+ stvx_4w $xcn0,$x20,r11
-+ stvx_4w $xdn0,$x30,r11
-+ subi r12,r11,1 # prepare for *++ptr
-+ subi $inp,$inp,1
-+ subi $out,$out,1
-+ bl Loop_tail_vsx_8x
-+
-+Loop_tail_vsx_8x:
-+ lbzu r6,1(r12)
-+ lbzu r7,1($inp)
-+ xor r6,r6,r7
-+ stbu r6,1($out)
-+ bdnz Loop_tail_vsx_8x
-+
-+ stvx_4w $K[0],$x00,r11 # wipe copy of the block
-+ stvx_4w $K[0],$x10,r11
-+ stvx_4w $K[0],$x20,r11
-+ stvx_4w $K[0],$x30,r11
-+
-+ b Ldone_vsx_8x
-+ .long 0
-+ .byte 0,12,0x04,1,0x80,0,5,0
-+ .long 0
-+.size .ChaCha20_ctr32_vsx_8x,.-.ChaCha20_ctr32_vsx_8x
-+___
-+}}}
-+
-+
-+$code.=<<___;
-+.align 5
-+Lconsts:
-+ mflr r0
-+ bcl 20,31,\$+4
-+ mflr r12 #vvvvv "distance between . and Lsigma
-+ addi r12,r12,`64-8`
-+ mtlr r0
-+ blr
-+ .long 0
-+ .byte 0,12,0x14,0,0,0,0,0
-+ .space `64-9*4`
-+Lsigma:
-+ .long 0x61707865,0x3320646e,0x79622d32,0x6b206574
-+ .long 1,0,0,0
-+ .long 2,0,0,0
-+ .long 3,0,0,0
-+ .long 4,0,0,0
-+___
-+$code.=<<___ if ($LITTLE_ENDIAN);
-+ .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001
-+ .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300
-+___
-+$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words
-+ .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d
-+ .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c
-+___
-+$code.=<<___;
-+ .long 0x61707865,0x61707865,0x61707865,0x61707865
-+ .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e
-+ .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32
-+ .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574
-+ .long 0,1,2,3
-+ .long 0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c
-+.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by <appro\@openssl.org>"
-+.align 2
-+___
-+
-+foreach (split("\n",$code)) {
-+ s/\`([^\`]*)\`/eval $1/ge;
-+
-+ # instructions prefixed with '?' are endian-specific and need
-+ # to be adjusted accordingly...
-+ if ($flavour !~ /le$/) { # big-endian
-+ s/be\?// or
-+ s/le\?/#le#/ or
-+ s/\?lvsr/lvsl/ or
-+ s/\?lvsl/lvsr/ or
-+ s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or
-+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/;
-+ } else { # little-endian
-+ s/le\?// or
-+ s/be\?/#be#/ or
-+ s/\?([a-z]+)/$1/ or
-+ s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/;
-+ }
-+
-+ print $_,"\n";
-+}
-+
-+close STDOUT or die "error closing STDOUT: $!";
-diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info
-index c12cb9c..2a819b2 100644
---- a/crypto/chacha/build.info
-+++ b/crypto/chacha/build.info
-@@ -12,7 +12,7 @@ IF[{- !$disabled{asm} -}]
- $CHACHAASM_armv4=chacha-armv4.S
- $CHACHAASM_aarch64=chacha-armv8.S
-
-- $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s
-+ $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s chachap10-ppc.s
- $CHACHAASM_ppc64=$CHACHAASM_ppc32
-
- $CHACHAASM_c64xplus=chacha-c64xplus.s
-@@ -29,6 +29,7 @@ SOURCE[../../libcrypto]=$CHACHAASM
- GENERATE[chacha-x86.S]=asm/chacha-x86.pl
- GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl
- GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl
-+GENERATE[chachap10-ppc.s]=asm/chachap10-ppc.pl
- GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl
- INCLUDE[chacha-armv4.o]=..
- GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl
-diff --git a/crypto/chacha/chacha_ppc.c b/crypto/chacha/chacha_ppc.c
-index 5319040..f99cca8 100644
---- a/crypto/chacha/chacha_ppc.c
-+++ b/crypto/chacha/chacha_ppc.c
-@@ -23,13 +23,18 @@ void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp,
- void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp,
- size_t len, const unsigned int key[8],
- const unsigned int counter[4]);
-+void ChaCha20_ctr32_vsx_p10(unsigned char *out, const unsigned char *inp,
-+ size_t len, const unsigned int key[8],
-+ const unsigned int counter[4]);
- void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
- size_t len, const unsigned int key[8],
- const unsigned int counter[4])
- {
-- OPENSSL_ppccap_P & PPC_CRYPTO207
-- ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
-- : OPENSSL_ppccap_P & PPC_ALTIVEC
-- ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
-- : ChaCha20_ctr32_int(out, inp, len, key, counter);
-+ OPENSSL_ppccap_P & PPC_BRD31
-+ ? ChaCha20_ctr32_vsx_p10(out, inp, len, key, counter)
-+ :OPENSSL_ppccap_P & PPC_CRYPTO207
-+ ? ChaCha20_ctr32_vsx(out, inp, len, key, counter)
-+ : OPENSSL_ppccap_P & PPC_ALTIVEC
-+ ? ChaCha20_ctr32_vmx(out, inp, len, key, counter)
-+ : ChaCha20_ctr32_int(out, inp, len, key, counter);
- }
-diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index 2ee4440..4590340 100755
---- a/crypto/perlasm/ppc-xlate.pl
-+++ b/crypto/perlasm/ppc-xlate.pl
-@@ -293,6 +293,14 @@ my $vpermdi = sub { # xxpermdi
- $dm = oct($dm) if ($dm =~ /^0/);
- " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7;
- };
-+my $vxxlor = sub { # xxlor
-+ my ($f, $vrt, $vra, $vrb) = @_;
-+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|6;
-+};
-+my $vxxlorc = sub { # xxlor
-+ my ($f, $vrt, $vra, $vrb) = @_;
-+ " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|(146<<3)|1;
-+};
-
- # PowerISA 2.07 stuff
- sub vcrypto_op {
-@@ -377,6 +385,15 @@ my $addex = sub {
- };
- my $vmsumudm = sub { vfour_vsr(@_, 35); };
-
-+# PowerISA 3.1 stuff
-+my $brd = sub {
-+ my ($f, $ra, $rs) = @_;
-+ " .long ".sprintf "0x%X",(31<<26)|($rs<<21)|($ra<<16)|(187<<1);
-+};
-+my $vsrq = sub { vcrypto_op(@_, 517); };
-+
-+
-+
- while($line=<>) {
-
- $line =~ s|[#!;].*$||; # get rid of asm-style comments...
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index 8bcfed2..664627c 100644
---- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -45,6 +45,7 @@ void OPENSSL_ppc64_probe(void);
- void OPENSSL_altivec_probe(void);
- void OPENSSL_crypto207_probe(void);
- void OPENSSL_madd300_probe(void);
-+void OPENSSL_brd31_probe(void);
-
- long OPENSSL_rdtsc_mftb(void);
- long OPENSSL_rdtsc_mfspr268(void);
-@@ -117,16 +118,21 @@ static unsigned long getauxval(unsigned long key)
- #endif
-
- /* I wish <sys/auxv.h> was universally available */
--#define HWCAP 16 /* AT_HWCAP */
-+#ifndef AT_HWCAP
-+# define AT_HWCAP 16 /* AT_HWCAP */
-+#endif
- #define HWCAP_PPC64 (1U << 30)
- #define HWCAP_ALTIVEC (1U << 28)
- #define HWCAP_FPU (1U << 27)
- #define HWCAP_POWER6_EXT (1U << 9)
- #define HWCAP_VSX (1U << 7)
-
--#define HWCAP2 26 /* AT_HWCAP2 */
-+#ifndef AT_HWCAP2
-+# define AT_HWCAP2 26 /* AT_HWCAP2 */
-+#endif
- #define HWCAP_VEC_CRYPTO (1U << 25)
- #define HWCAP_ARCH_3_00 (1U << 23)
-+#define HWCAP_ARCH_3_1 (1U << 18)
-
- # if defined(__GNUC__) && __GNUC__>=2
- __attribute__ ((constructor))
-@@ -187,6 +193,9 @@ void OPENSSL_cpuid_setup(void)
- if (__power_set(0xffffffffU<<17)) /* POWER9 and later */
- OPENSSL_ppccap_P |= PPC_MADD300;
-
-+ if (__power_set(0xffffffffU<<18)) /* POWER10 and later */
-+ OPENSSL_ppccap_P |= PPC_BRD31;
-+
- return;
- # endif
- #endif
-@@ -215,8 +224,8 @@ void OPENSSL_cpuid_setup(void)
-
- #ifdef OSSL_IMPLEMENT_GETAUXVAL
- {
-- unsigned long hwcap = getauxval(HWCAP);
-- unsigned long hwcap2 = getauxval(HWCAP2);
-+ unsigned long hwcap = getauxval(AT_HWCAP);
-+ unsigned long hwcap2 = getauxval(AT_HWCAP2);
-
- if (hwcap & HWCAP_FPU) {
- OPENSSL_ppccap_P |= PPC_FPU;
-@@ -242,6 +251,10 @@ void OPENSSL_cpuid_setup(void)
- if (hwcap2 & HWCAP_ARCH_3_00) {
- OPENSSL_ppccap_P |= PPC_MADD300;
- }
-+
-+ if (hwcap2 & HWCAP_ARCH_3_1) {
-+ OPENSSL_ppccap_P |= PPC_BRD31;
-+ }
- }
- #endif
-
-@@ -263,7 +276,7 @@ void OPENSSL_cpuid_setup(void)
- sigaction(SIGILL, &ill_act, &ill_oact);
-
- #ifndef OSSL_IMPLEMENT_GETAUXVAL
-- if (sigsetjmp(ill_jmp,1) == 0) {
-+ if (sigsetjmp(ill_jmp, 1) == 0) {
- OPENSSL_fpu_probe();
- OPENSSL_ppccap_P |= PPC_FPU;
-
-diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
-index c6555df..706164a 100755
---- a/crypto/ppccpuid.pl
-+++ b/crypto/ppccpuid.pl
-@@ -81,6 +81,17 @@ $code=<<___;
- .long 0
- .byte 0,12,0x14,0,0,0,0,0
-
-+.globl .OPENSSL_brd31_probe
-+.align 4
-+.OPENSSL_brd31_probe:
-+ xor r0,r0,r0
-+ brd r3,r0
-+ blr
-+ .long 0
-+ .byte 0,12,0x14,0,0,0,0,0
-+.size .OPENSSL_brd31_probe,.-.OPENSSL_brd31_probe
-+
-+
- .globl .OPENSSL_wipe_cpu
- .align 4
- .OPENSSL_wipe_cpu:
-diff --git a/include/crypto/ppc_arch.h b/include/crypto/ppc_arch.h
-index 3b3ce4b..fcc846c 100644
---- a/include/crypto/ppc_arch.h
-+++ b/include/crypto/ppc_arch.h
-@@ -24,5 +24,6 @@ extern unsigned int OPENSSL_ppccap_P;
- # define PPC_MADD300 (1<<4)
- # define PPC_MFTB (1<<5)
- # define PPC_MFSPR268 (1<<6)
-+# define PPC_BRD31 (1<<7)
-
- #endif
diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
index eeafbfa..85338b9 100644
--- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
+++ b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
@@ -295,7 +295,7 @@ index 00cf65fcd6..83be3d8ede 100644
static void *rsa_newctx(void *provctx)
@@ -190,12 +196,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
- return 0;
+ }
}
ret =
- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
index 0b6a9fb..30d5465 100644
--- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
+++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test-eln.patch
@@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
-@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
@@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644
EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
BN_CTX *bnctx = NULL;
- BIGNUM *K = NULL;
+ const char *msg = "Hello World!";
+ unsigned char sig[256];
size_t siglen = sizeof(sig);
diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
index 807b3c4..30d5465 100644
--- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+++ b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
@@ -90,7 +90,7 @@ index db1a1d7bc3..c94c3c53bd 100644
&& !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
&& !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
@@ -334,6 +344,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- }
+ goto err;
}
}
+#endif /* !defined(FIPS_MODULE) */
@@ -231,7 +231,7 @@ diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index b6d5e8e134..77eec075e6 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
-@@ -444,11 +444,14 @@ static int self_test_sign(const ST_KAT_SIGN *t,
+@@ -444,10 +444,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
int ret = 0;
OSSL_PARAM *params = NULL, *params_sig = NULL;
OSSL_PARAM_BLD *bld = NULL;
@@ -241,7 +241,6 @@ index b6d5e8e134..77eec075e6 100644
EVP_PKEY *pkey = NULL;
- unsigned char sig[256];
BN_CTX *bnctx = NULL;
- BIGNUM *K = NULL;
+ const char *msg = "Hello World!";
+ unsigned char sig[256];
size_t siglen = sizeof(sig);
diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch
index 0d91598..6577995 100644
--- a/0076-FIPS-140-3-DRBG.patch
+++ b/0076-FIPS-140-3-DRBG.patch
@@ -9,7 +9,7 @@ diff -up openssl-3.0.1/providers/implementations/rands/seeding/rand_unix.c.fipsr
+# include <openssl/evp.h>
static uint64_t get_time_stamp(void);
- static uint64_t get_timer_bits(void);
+
@@ -342,66 +342,8 @@ static ssize_t syscall_random(void *buf,
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
diff --git a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch b/0079-Fix-AES-GCM-on-Power-8-CPUs.patch
deleted file mode 100644
index 05c642e..0000000
--- a/0079-Fix-AES-GCM-on-Power-8-CPUs.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-From 5dee3e41a5b3f8934277de17a2ae192f43601948 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 9 Sep 2022 14:46:24 +0200
-Subject: [PATCH] Fix AES-GCM on Power 8 CPUs
-
-Properly fallback to the default implementation on CPUs
-missing necessary instructions.
-
-Fixes #19163
-
-(cherry picked from commit 24344d387178d45b37a1fbc51519c390e9a4effe)
----
- include/crypto/aes_platform.h | 12 +---
- .../ciphers/cipher_aes_gcm_hw_ppc.inc | 72 ++++++++++++++-----
- 2 files changed, 56 insertions(+), 28 deletions(-)
-
-diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
-index 0c281a366a..6830bad0e9 100644
---- a/include/crypto/aes_platform.h
-+++ b/include/crypto/aes_platform.h
-@@ -83,16 +83,8 @@ size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
- size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
- size_t len, const void *key, unsigned char ivec[16],
- u64 *Xi);
--size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out,
-- size_t len, const void *key,
-- unsigned char ivec[16], u64 *Xi);
--size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out,
-- size_t len, const void *key,
-- unsigned char ivec[16], u64 *Xi);
--# define AES_gcm_encrypt ppc_aes_gcm_encrypt_wrap
--# define AES_gcm_decrypt ppc_aes_gcm_decrypt_wrap
--# define AES_GCM_ASM(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
-- (gctx)->gcm.ghash==gcm_ghash_p8)
-+# define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr==aes_p8_ctr32_encrypt_blocks && \
-+ (gctx)->gcm.ghash==gcm_ghash_p8)
- void gcm_ghash_p8(u64 Xi[2],const u128 Htable[16],const u8 *inp, size_t len);
- # endif /* PPC */
-
-diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
-index 4eed0f4ab0..03e3eddc41 100644
---- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
-+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
-@@ -23,12 +23,6 @@ static int aes_ppc_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
- return 1;
- }
-
--
--extern size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
-- const void *key, unsigned char ivec[16], u64 *Xi);
--extern size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
-- const void *key, unsigned char ivec[16], u64 *Xi);
--
- static inline u32 UTO32(unsigned char *buf)
- {
- return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | ((u32) buf[2] << 8) | ((u32) buf[3]);
-@@ -47,7 +41,7 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n)
- return r;
- }
-
--static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
-+static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
- const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
- {
- int s = 0;
-@@ -90,24 +84,66 @@ static size_t aes_p10_gcm_crypt(const unsigned char *in, unsigned char *out, siz
- return ndone;
- }
-
--size_t ppc_aes_gcm_encrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
-- const void *key, unsigned char ivec[16], u64 *Xi)
--{
-- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 1);
--}
--
--size_t ppc_aes_gcm_decrypt_wrap(const unsigned char *in, unsigned char *out, size_t len,
-- const void *key, unsigned char ivec[16], u64 *Xi)
-+static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
-+ size_t len, unsigned char *out)
- {
-- return aes_p10_gcm_crypt(in, out, len, key, ivec, Xi, 0);
-+ if (ctx->enc) {
-+ if (ctx->ctr != NULL) {
-+ size_t bulk = 0;
-+
-+ if (len >= AES_GCM_ENC_BYTES && AES_GCM_ASM_PPC(ctx)) {
-+ size_t res = (16 - ctx->gcm.mres) % 16;
-+
-+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
-+ return 0;
-+
-+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
-+ ctx->gcm.key,
-+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 1);
-+
-+ ctx->gcm.len.u[1] += bulk;
-+ bulk += res;
-+ }
-+ if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
-+ len - bulk, ctx->ctr))
-+ return 0;
-+ } else {
-+ if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
-+ return 0;
-+ }
-+ } else {
-+ if (ctx->ctr != NULL) {
-+ size_t bulk = 0;
-+
-+ if (len >= AES_GCM_DEC_BYTES && AES_GCM_ASM_PPC(ctx)) {
-+ size_t res = (16 - ctx->gcm.mres) % 16;
-+
-+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
-+ return -1;
-+
-+ bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
-+ ctx->gcm.key,
-+ ctx->gcm.Yi.c, ctx->gcm.Xi.u, 0);
-+
-+ ctx->gcm.len.u[1] += bulk;
-+ bulk += res;
-+ }
-+ if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
-+ len - bulk, ctx->ctr))
-+ return 0;
-+ } else {
-+ if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
-+ return 0;
-+ }
-+ }
-+ return 1;
- }
-
--
- static const PROV_GCM_HW aes_ppc_gcm = {
- aes_ppc_gcm_initkey,
- ossl_gcm_setiv,
- ossl_gcm_aad_update,
-- generic_aes_gcm_cipher_update,
-+ ppc_aes_gcm_cipher_update,
- ossl_gcm_cipher_final,
- ossl_gcm_one_shot
- };
---
-2.37.3
-
diff --git a/0100-RSA-PKCS15-implicit-rejection.patch b/0100-RSA-PKCS15-implicit-rejection.patch
index 40b8078..6821325 100644
--- a/0100-RSA-PKCS15-implicit-rejection.patch
+++ b/0100-RSA-PKCS15-implicit-rejection.patch
@@ -183,11 +183,11 @@ index 54e2a1c61ca..094a6632b66 100644
+ }
+ }
+
- if (blinding) {
- /*
- * ossl_bn_rsa_do_unblind() combines blinding inversion and
+ if (blinding)
+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
@@ -471,9 +545,12 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
- }
+ goto err;
switch (padding) {
- case RSA_PKCS1_PADDING:
@@ -739,9 +739,9 @@ index e6c4758a33e..6e4a4f8539d 100644
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
+#define OSSL_PKEY_PARAM_IMPLICIT_REJECTION "implicit-rejection"
- #define OSSL_PKEY_PARAM_REDHAT_SIGN_KAT_K "rh_sign_kat_k"
/* Diffie-Hellman/DSA Parameters */
+ #define OSSL_PKEY_PARAM_FFC_P "p"
@@ -482,6 +483,7 @@ extern "C" {
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
diff --git a/openssl.spec b/openssl.spec
index 9828c2f..d6cc90f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 3.0.8
-Release: 4%{?dist}
+Version: 3.1.1
+Release: 1%{?dist}
Epoch: 1
Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate
@@ -95,8 +95,6 @@ Patch49: 0049-Selectively-disallow-SHA1-signatures.patch
# Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
%endif
-# Backport of patch for RHEL for Edge rhbz #2027261
-Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
%if 0%{?rhel}
# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@@ -108,7 +106,7 @@ Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
# no USDT probe instrumentation required
%else
# Instrument with USDT probes related to SHA-1 deprecation
-Patch53: 0053-Add-SHA1-probes.patch
+#Patch53: 0053-Add-SHA1-probes.patch
%endif
# https://github.com/openssl/openssl/pull/18103
# The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
@@ -118,19 +116,9 @@ Patch56: 0056-strcasecmp.patch
# Patch57: 0057-strcasecmp-fix.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2069235
-Patch60: 0060-FIPS-KAT-signature-tests.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
-# https://github.com/openssl/openssl/commit/44a563dde1584cd9284e80b6e45ee5019be8d36c
-# https://github.com/openssl/openssl/commit/345c99b6654b8313c792d54f829943068911ddbd
-# Regression on Power8, see rhbz2124845, https://github.com/openssl/openssl/issues/19163; fix in 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
-Patch71: 0071-AES-GCM-performance-optimization.patch
-# https://github.com/openssl/openssl/commit/f596bbe4da779b56eea34d96168b557d78e1149
-# https://github.com/openssl/openssl/commit/7e1f3ffcc5bc15fb9a12b9e3bb202f544c6ed5aa
-# hunks in crypto/ppccap.c from https://github.com/openssl/openssl/commit/f5485b97b6c9977c0d39c7669b9f97a879312447
-Patch72: 0072-ChaCha20-performance-optimizations-for-ppc64le.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
@@ -148,8 +136,6 @@ Patch76: 0076-FIPS-140-3-DRBG.patch
Patch77: 0077-FIPS-140-3-zeroization.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2124845, https://github.com/openssl/openssl/pull/19182
-Patch79: 0079-Fix-AES-GCM-on-Power-8-CPUs.patch
# https://github.com/openssl/openssl/pull/13817
Patch100: 0100-RSA-PKCS15-implicit-rejection.patch
@@ -330,7 +316,7 @@ export OPENSSL_ENABLE_SHA1_SIGNATURES
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
#embed HMAC into fips provider for test run
-LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
+OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
mv providers/fips.so.mac providers/fips.so
#run tests itself
@@ -343,7 +329,7 @@ make test HARNESS_JOBS=8
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
- LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
+ OPENSSL_CONF=/dev/null LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
@@ -483,6 +469,14 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
+* Thu Jul 27 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.1-1
+- Rebase to upstream version 3.1.1
+ Resolves: CVE-2023-0464
+ Resolves: CVE-2023-0465
+ Resolves: CVE-2023-0466
+ Resolves: CVE-2023-1255
+ Resolves: CVE-2023-2650
+
* Thu Jul 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-4
- Forbid custom EC more completely
Resolves: rhbz#2223953
diff --git a/sources b/sources
index 1c23723..b60869c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.0.8.tar.gz) = 6c5651e1ed66a567238948b306aa9140c407a153da9c6afe14268c830748df252c955819fac4eb0759dae4dcbc9ec98f5cc2a4a90bb575747b1b040e104c7ffd
+SHA512 (openssl-3.1.1.tar.gz) = 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:45 [rpms/openssl] rebase_40beta: Rebase to upstream release 3.1.1 Sahana Prasad
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox