New upstream version 3.0.0
Sebastian Andrzej Siewior
2 years ago
3 | 3 | Please see our [Thanks!][] page for the current acknowledgements. |
4 | 4 | |
5 | 5 | [Thanks!]: https://www.openssl.org/community/thanks.html |
6 |
27 | 27 | |
28 | 28 | [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod |
29 | 29 | |
30 | ### Changes between 1.1.1 and 3.0 beta 2 [29 Jul 2021] | |
30 | ### Changes between 1.1.1 and 3.0.0 [7 sep 2021] | |
31 | ||
32 | * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now | |
33 | deprecated. | |
34 | ||
35 | *Matt Caswell* | |
36 | ||
37 | * The `OPENSSL_s390xcap` environment variable can be used to set bits in the | |
38 | S390X capability vector to zero. This simplifies testing of different code | |
39 | paths on S390X architecture. | |
40 | ||
41 | *Patrick Steuer* | |
42 | ||
43 | * Encrypting more than 2^64 TLS records with AES-GCM is disallowed | |
44 | as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from | |
45 | SP 800-38D". The communication will fail at this point. | |
46 | ||
47 | *Paul Dale* | |
48 | ||
49 | * The EC_GROUP_clear_free() function is deprecated as there is nothing | |
50 | confidential in EC_GROUP data. | |
51 | ||
52 | *Nicola Tuveri* | |
53 | ||
54 | * The byte order mark (BOM) character is ignored if encountered at the | |
55 | beginning of a PEM-formatted file. | |
56 | ||
57 | *Dmitry Belyavskiy* | |
58 | ||
59 | * Added CMS support for the Russian GOST algorithms. | |
60 | ||
61 | *Dmitry Belyavskiy* | |
62 | ||
63 | * Due to move of the implementation of cryptographic operations | |
64 | to the providers, validation of various operation parameters can | |
65 | be postponed until the actual operation is executed where previously | |
66 | it happened immediately when an operation parameter was set. | |
67 | ||
68 | For example when setting an unsupported curve with | |
69 | EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not | |
70 | fail but later keygen operations with the EVP_PKEY_CTX will fail. | |
71 | ||
72 | *OpenSSL team members and many third party contributors* | |
73 | ||
74 | * The EVP_get_cipherbyname() function will return NULL for algorithms such as | |
75 | "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were | |
76 | previously only accessible via low level interfaces. Use EVP_CIPHER_fetch() | |
77 | instead to retrieve these algorithms from a provider. | |
78 | ||
79 | *Shane Lontis* | |
80 | ||
81 | * On build targets where the multilib postfix is set in the build | |
82 | configuration the libdir directory was changing based on whether | |
83 | the lib directory with the multilib postfix exists on the system | |
84 | or not. This unpredictable behavior was removed and eventual | |
85 | multilib postfix is now always added to the default libdir. Use | |
86 | `--libdir=lib` to override the libdir if adding the postfix is | |
87 | undesirable. | |
88 | ||
89 | *Jan Lána* | |
90 | ||
91 | * The triple DES key wrap functionality now conforms to RFC 3217 but is | |
92 | no longer interoperable with OpenSSL 1.1.1. | |
93 | ||
94 | *Paul Dale* | |
31 | 95 | |
32 | 96 | * The ERR_GET_FUNC() function was removed. With the loss of meaningful |
33 | 97 | function codes, this function can only cause problems for calling |
479 | 543 | |
480 | 544 | *Richard Levitte* |
481 | 545 | |
546 | * Added various `_ex` functions to the OpenSSL API that support using | |
547 | a non-default `OSSL_LIB_CTX`. | |
548 | ||
549 | *OpenSSL team* | |
550 | ||
482 | 551 | * Handshake now fails if Extended Master Secret extension is dropped |
483 | 552 | on renegotiation. |
484 | 553 | |
771 | 840 | |
772 | 841 | *Rich Salz* |
773 | 842 | |
774 | * Introduced a new method type and API, OSSL_ENCODER, to | |
775 | represent generic encoders. | |
843 | * Introduced a new method type and API, OSSL_ENCODER, to represent | |
844 | generic encoders. These do the same sort of job that PEM writers | |
845 | and d2i functions do, but with support for methods supplied by | |
846 | providers, and the possibility for providers to support other | |
847 | formats as well. | |
848 | ||
849 | *Richard Levitte* | |
850 | ||
851 | * Introduced a new method type and API, OSSL_DECODER, to represent | |
852 | generic decoders. These do the same sort of job that PEM readers | |
853 | and i2d functions do, but with support for methods supplied by | |
854 | providers, and the possibility for providers to support other | |
855 | formats as well. | |
776 | 856 | |
777 | 857 | *Richard Levitte* |
778 | 858 | |
1181 | 1261 | |
1182 | 1262 | *Richard Levitte* |
1183 | 1263 | |
1184 | * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF. | |
1264 | * Added KB KDF (EVP_KDF_KB) to EVP_KDF. | |
1265 | ||
1266 | *Robbie Harwood* | |
1267 | ||
1268 | * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF. | |
1269 | ||
1270 | *Simo Sorce* | |
1271 | ||
1272 | * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF. | |
1185 | 1273 | |
1186 | 1274 | *Shane Lontis* |
1187 | 1275 | |
1188 | * Add KMAC to EVP_MAC. | |
1276 | * Added KMAC to EVP_MAC. | |
1189 | 1277 | |
1190 | 1278 | *Shane Lontis* |
1191 | 1279 | |
1344 | 1432 | |
1345 | 1433 | *Raja Ashok* |
1346 | 1434 | |
1435 | * Added a new concept for OpenSSL plugability: providers. This | |
1436 | functionality is designed to replace the ENGINE API and ENGINE | |
1437 | implementations, and to be much more dynamic, allowing provider | |
1438 | authors to introduce new algorithms among other things, as long as | |
1439 | there's an API that supports the algorithm type. | |
1440 | ||
1441 | With this concept comes a new core API for interaction between | |
1442 | libcrypto and provider implementations. Public libcrypto functions | |
1443 | that want to use providers do so through this core API. | |
1444 | ||
1445 | The main documentation for this core API is found in | |
1446 | doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn | |
1447 | refer to other manuals describing the API specific for supported | |
1448 | algorithm types (also called operations). | |
1449 | ||
1450 | *The OpenSSL team* | |
1451 | ||
1347 | 1452 | OpenSSL 1.1.1 |
1348 | 1453 | ------------- |
1349 | 1454 | |
1350 | ### Changes between 1.1.1j and 1.1.1k [xx XXX xxxx] | |
1455 | ### Changes between 1.1.1k and 1.1.1l [24 Aug 2021] | |
1456 | ||
1457 | * Fixed an SM2 Decryption Buffer Overflow. | |
1458 | ||
1459 | In order to decrypt SM2 encrypted data an application is expected to | |
1460 | call the API function EVP_PKEY_decrypt(). Typically an application will | |
1461 | call this function twice. The first time, on entry, the "out" parameter | |
1462 | can be NULL and, on exit, the "outlen" parameter is populated with the | |
1463 | buffer size required to hold the decrypted plaintext. The application | |
1464 | can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() | |
1465 | again, but this time passing a non-NULL value for the "out" parameter. | |
1466 | ||
1467 | A bug in the implementation of the SM2 decryption code means that the | |
1468 | calculation of the buffer size required to hold the plaintext returned | |
1469 | by the first call to EVP_PKEY_decrypt() can be smaller than the actual | |
1470 | size required by the second call. This can lead to a buffer overflow | |
1471 | when EVP_PKEY_decrypt() is called by the application a second time with | |
1472 | a buffer that is too small. | |
1473 | ||
1474 | A malicious attacker who is able present SM2 content for decryption to | |
1475 | an application could cause attacker chosen data to overflow the buffer | |
1476 | by up to a maximum of 62 bytes altering the contents of other data held | |
1477 | after the buffer, possibly changing application behaviour or causing | |
1478 | the application to crash. The location of the buffer is application | |
1479 | dependent but is typically heap allocated. | |
1480 | ([CVE-2021-3711]) | |
1481 | ||
1482 | *Matt Caswell* | |
1483 | ||
1484 | * Fixed various read buffer overruns processing ASN.1 strings | |
1485 | ||
1486 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING | |
1487 | structure which contains a buffer holding the string data and a field | |
1488 | holding the buffer length. This contrasts with normal C strings which | |
1489 | are repesented as a buffer for the string data which is terminated | |
1490 | with a NUL (0) byte. | |
1491 | ||
1492 | Although not a strict requirement, ASN.1 strings that are parsed using | |
1493 | OpenSSL's own "d2i" functions (and other similar parsing functions) as | |
1494 | well as any string whose value has been set with the ASN1_STRING_set() | |
1495 | function will additionally NUL terminate the byte array in the | |
1496 | ASN1_STRING structure. | |
1497 | ||
1498 | However, it is possible for applications to directly construct valid | |
1499 | ASN1_STRING structures which do not NUL terminate the byte array by | |
1500 | directly setting the "data" and "length" fields in the ASN1_STRING | |
1501 | array. This can also happen by using the ASN1_STRING_set0() function. | |
1502 | ||
1503 | Numerous OpenSSL functions that print ASN.1 data have been found to | |
1504 | assume that the ASN1_STRING byte array will be NUL terminated, even | |
1505 | though this is not guaranteed for strings that have been directly | |
1506 | constructed. Where an application requests an ASN.1 structure to be | |
1507 | printed, and where that ASN.1 structure contains ASN1_STRINGs that have | |
1508 | been directly constructed by the application without NUL terminating | |
1509 | the "data" field, then a read buffer overrun can occur. | |
1510 | ||
1511 | The same thing can also occur during name constraints processing | |
1512 | of certificates (for example if a certificate has been directly | |
1513 | constructed by the application instead of loading it via the OpenSSL | |
1514 | parsing functions, and the certificate contains non NUL terminated | |
1515 | ASN1_STRING structures). It can also occur in the X509_get1_email(), | |
1516 | X509_REQ_get1_email() and X509_get1_ocsp() functions. | |
1517 | ||
1518 | If a malicious actor can cause an application to directly construct an | |
1519 | ASN1_STRING and then process it through one of the affected OpenSSL | |
1520 | functions then this issue could be hit. This might result in a crash | |
1521 | (causing a Denial of Service attack). It could also result in the | |
1522 | disclosure of private memory contents (such as private keys, or | |
1523 | sensitive plaintext). | |
1524 | ([CVE-2021-3712]) | |
1525 | ||
1526 | *Matt Caswell* | |
1527 | ||
1528 | ### Changes between 1.1.1j and 1.1.1k [25 Mar 2021] | |
1351 | 1529 | |
1352 | 1530 | * Fixed a problem with verifying a certificate chain when using the |
1353 | 1531 | X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of |
1564 | 1742 | The presence of this system service is determined at run-time. |
1565 | 1743 | |
1566 | 1744 | *Richard Levitte* |
1567 | ||
1568 | * Added newline escaping functionality to a filename when using openssl dgst. | |
1569 | This output format is to replicate the output format found in the `*sum` | |
1570 | checksum programs. This aims to preserve backward compatibility. | |
1571 | ||
1572 | *Matt Eaton, Richard Levitte, and Paul Dale* | |
1573 | 1745 | |
1574 | 1746 | * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just |
1575 | 1747 | the first value. |
202 | 202 | 'nonstop-ilp32', |
203 | 203 | 'nonstop-efloat-x86_64', |
204 | 204 | 'nonstop-model-put' ], |
205 | multilib => '-put', | |
205 | 206 | }, |
206 | 207 | 'nonstop-nsx_64' => { |
207 | 208 | inherit_from => [ 'nonstop-common', |
208 | 209 | 'nonstop-archenv-x86_64-oss', |
209 | 210 | 'nonstop-lp64-x86_64', |
210 | 211 | 'nonstop-efloat-x86_64' ], |
212 | multilib => '64', | |
211 | 213 | disable => ['threads'], |
212 | 214 | }, |
213 | 215 | 'nonstop-nsx_64_put' => { |
216 | 218 | 'nonstop-lp64-x86_64', |
217 | 219 | 'nonstop-efloat-x86_64', |
218 | 220 | 'nonstop-model-put' ], |
221 | multilib => '64-put', | |
219 | 222 | }, |
220 | 223 | 'nonstop-nsx_spt' => { |
221 | 224 | inherit_from => [ 'nonstop-common', |
222 | 'nonstop-archenv-x86_64-oss', | |
225 | 'nonstop-archenv-x86_64-oss', | |
223 | 226 | 'nonstop-ilp32', |
224 | 227 | 'nonstop-efloat-x86_64', |
225 | 228 | 'nonstop-model-spt' ], |
229 | multilib => '-spt', | |
226 | 230 | }, |
227 | 231 | 'nonstop-nsx_spt_floss' => { |
228 | 232 | inherit_from => [ 'nonstop-common', |
231 | 235 | 'nonstop-efloat-x86_64', |
232 | 236 | 'nonstop-model-floss', |
233 | 237 | 'nonstop-model-spt'], |
238 | multilib => '-spt', | |
234 | 239 | }, |
235 | 240 | 'nonstop-nsx_g' => { |
236 | 241 | inherit_from => [ 'nonstop-common', |
260 | 265 | 'nonstop-ilp32', |
261 | 266 | 'nonstop-efloat-itanium', |
262 | 267 | 'nonstop-model-put' ], |
268 | multilib => '-put', | |
263 | 269 | }, |
264 | 270 | 'nonstop-nse_64' => { |
265 | 271 | inherit_from => [ 'nonstop-common', |
266 | 272 | 'nonstop-archenv-itanium-oss', |
267 | 273 | 'nonstop-lp64-itanium', |
268 | 274 | 'nonstop-efloat-itanium' ], |
275 | multilib => '64', | |
269 | 276 | disable => ['threads'], |
270 | 277 | }, |
271 | 278 | 'nonstop-nse_64_put' => { |
274 | 281 | 'nonstop-lp64-itanium', |
275 | 282 | 'nonstop-efloat-itanium', |
276 | 283 | 'nonstop-model-put' ], |
284 | multilib => '64-put', | |
277 | 285 | }, |
278 | 286 | 'nonstop-nse_spt' => { |
279 | 287 | inherit_from => [ 'nonstop-common', |
281 | 289 | 'nonstop-ilp32', |
282 | 290 | 'nonstop-efloat-itanium', |
283 | 291 | 'nonstop-model-spt' ], |
292 | multilib => '-spt', | |
284 | 293 | }, |
285 | 294 | 'nonstop-nse_spt_floss' => { |
286 | 295 | inherit_from => [ 'nonstop-common', |
288 | 297 | 'nonstop-ilp32', |
289 | 298 | 'nonstop-efloat-itanium', |
290 | 299 | 'nonstop-model-floss', 'nonstop-model-spt' ], |
300 | multilib => '-spt', | |
291 | 301 | }, |
292 | 302 | 'nonstop-nse_g' => { |
293 | 303 | inherit_from => [ 'nonstop-common', |
0 | ## -*- mode: perl; -*- | |
1 | ||
2 | # OpenVMS for x86_64 is currently out on a field test. A native C compiler | |
3 | # is currently not available, but there are cross-compilation tools for | |
4 | # OpenVMS for Itanium. This configuration file holds the necessary target(s) | |
5 | # to make that useful. | |
6 | # | |
7 | # The assumption is that *building* is done on Itanium, and then the source | |
8 | # tree and build tree are transferred to x86_64, where tests can be performed, | |
9 | # and installation can be done. | |
10 | ||
11 | ( | |
12 | 'vms-x86_64' => { | |
13 | inherit_from => [ 'vms-generic' ], | |
14 | CC => 'XCC', | |
15 | bn_ops => 'SIXTY_FOUR_BIT', | |
16 | pointer_size => '', | |
17 | setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ], | |
18 | } | |
19 | ); |
390 | 390 | # .FIRST and .LAST are special targets with MMS and MMK. |
391 | 391 | NODEBUG=@ |
392 | 392 | .FIRST : |
393 | {- join( "\n \$(NODEBUG) ", @{ $target{setup_commands} // [] }, | |
394 | '!' ) -} | |
393 | 395 | $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" |
394 | 396 | $(NODEBUG) DEFINE ossl_sourceroot 'sourcetop' |
395 | 397 | $(NODEBUG) ! |
499 | 501 | @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" |
500 | 502 | @ ! {- output_on() if !$disabled{tests}; "" -} |
501 | 503 | |
502 | install : install_sw install_ssldirs install_docs install_msg | |
504 | install : install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} install_msg | |
503 | 505 | |
504 | 506 | install_msg : |
505 | 507 | @ WRITE SYS$OUTPUT "" |
515 | 517 | check_install : |
516 | 518 | spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com |
517 | 519 | |
518 | uninstall : uninstall_docs uninstall_sw | |
520 | uninstall : uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} | |
519 | 521 | |
520 | 522 | # Because VMS wants the generation number (or *) to delete files, we can't |
521 | 523 | # use $(LIBS), $(PROGRAMS), $(GENERATED) and $(MODULES) directly. |
564 | 566 | uninstall_docs : uninstall_html_docs |
565 | 567 | |
566 | 568 | {- output_off() if $disabled{fips}; "" -} |
567 | install_fips : install_sw $(INSTALL_FIPSMODULECONF) | |
569 | install_fips : build_sw $(INSTALL_FIPSMODULECONF) | |
568 | 570 | @ WRITE SYS$OUTPUT "*** Installing FIPS module" |
569 | 571 | COPY/PROT=W:RE $(INSTALL_FIPSMODULES) - |
570 | 572 | ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME) |
571 | 573 | @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration" |
572 | COPY/PROT=W:RE $(INSTALL_FIPSMODULESCONF) OSSL_DATAROOT:[000000] | |
573 | ||
574 | uninstall_fips : uninstall_sw | |
574 | COPY/PROT=W:RE $(INSTALL_FIPSMODULECONF) OSSL_DATAROOT:[000000] | |
575 | ||
576 | uninstall_fips : | |
575 | 577 | @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration" |
576 | 578 | DELETE OSSL_DATAROOT:[000000]fipsmodule.cnf;* |
577 | 579 | @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module" |
885 | 887 | my $title = basename($args{src}, ".html"); |
886 | 888 | my $pod = $gen0; |
887 | 889 | my $mkpod2html = sourcefile('util', 'mkpod2html.pl'); |
890 | my $srcdoc = sourcedir('doc'); | |
888 | 891 | return <<"EOF"; |
889 | 892 | $args{src} : $pod |
890 | \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" | |
893 | \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "$srcdoc" | |
891 | 894 | EOF |
892 | 895 | } elsif ($args{src} =~ /\.(\d)$/) { |
893 | 896 | # |
0 | 0 | #! /usr/bin/env perl |
1 | 1 | # -*- mode: perl; -*- |
2 | # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | # |
4 | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | # this file except in compliance with the License. You can obtain a copy |
42 | 42 | 'darwin-shared' => { |
43 | 43 | module_ldflags => '-bundle', |
44 | 44 | shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)', |
45 | shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/', | |
45 | shared_sonameflag => '-install_name $(libdir)/', | |
46 | 46 | }, |
47 | 47 | 'cygwin-shared' => { |
48 | 48 | shared_ldflag => '-shared -Wl,--enable-auto-image-base', |
451 | 451 | @$(ECHO) "Tests are not supported with your chosen Configure options" |
452 | 452 | @{- output_on() if !$disabled{tests}; "\@rem" -} |
453 | 453 | |
454 | install: install_sw install_ssldirs install_docs | |
455 | ||
456 | uninstall: uninstall_docs uninstall_sw | |
454 | install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} | |
455 | ||
456 | uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} | |
457 | 457 | |
458 | 458 | libclean: |
459 | 459 | "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS) |
495 | 495 | uninstall_docs: uninstall_html_docs |
496 | 496 | |
497 | 497 | {- output_off() if $disabled{fips}; "" -} |
498 | install_fips: build_sw providers\fipsmodule.cnf | |
498 | install_fips: build_sw $(INSTALL_FIPSMODULECONF) | |
499 | 499 | # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) |
500 | 500 | @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR) |
501 | 501 | @$(ECHO) "*** Installing FIPS module" |
502 | 502 | @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)" |
503 | @copy "$(INSTALL_FIPSMODULE)" $(MODULESDIR)\$(FIPSMODULENAME).new | |
504 | @move /Y $(MODULESDIR)\$(FIPSMODULENAME).new \ | |
505 | $(MODULESDIR)\$(FIPSMODULENAME) | |
503 | @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)" | |
506 | 504 | @$(ECHO) "*** Installing FIPS module configuration" |
507 | 505 | @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(OPENSSLDIR)\fipsmodule.cnf" |
508 | @copy $(INSTALL_FIPSMODULECONF) "$(OPENSSLDIR)\fipsmodule.cnf" | |
506 | @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULECONF)" "$(OPENSSLDIR)" | |
509 | 507 | |
510 | 508 | uninstall_fips: |
511 | 509 | @$(ECHO) "*** Uninstalling FIPS module configuration" |
61 | 61 | # This becomes the value of OPENSSLDIR in Makefile and in C. |
62 | 62 | # (Default: PREFIX/ssl) |
63 | 63 | # --banner=".." Output specified text instead of default completion banner |
64 | # | |
65 | # -w Don't wait after showing a Configure warning | |
64 | 66 | # |
65 | 67 | # --cross-compile-prefix Add specified prefix to binutils components. |
66 | 68 | # |
897 | 899 | { |
898 | 900 | $guess_opts{verbose} = 1; |
899 | 901 | } |
900 | elsif (/^-w$/) # From older 'config' | |
902 | elsif (/^-w$/) | |
901 | 903 | { |
902 | 904 | $guess_opts{nowait} = 1; |
903 | 905 | } |
295 | 295 | Build the OpenSSL libraries to support the API for the specified version. |
296 | 296 | If [no-deprecated](#no-deprecated) is also given, don't build with support |
297 | 297 | for deprecated APIs in or below the specified version number. For example, |
298 | addding | |
298 | adding | |
299 | 299 | |
300 | 300 | --api=1.1.0 no-deprecated |
301 | 301 | |
349 | 349 | |
350 | 350 | The name of the directory under the top of the installation directory tree |
351 | 351 | (see the `--prefix` option) where libraries will be installed. By default |
352 | this is `lib/`. Note that on Windows only static libraries (`*.lib`) will | |
352 | this is `lib`. Note that on Windows only static libraries (`*.lib`) will | |
353 | 353 | be stored in this location. Shared libraries (`*.dll`) will always be |
354 | installed to the `bin/` directory. | |
354 | installed to the `bin` directory. | |
355 | ||
356 | Some build targets have a multilib postfix set in the build configuration. | |
357 | For these targets the default libdir is `lib<multilib-postfix>`. Please use | |
358 | `--libdir=lib` to override the libdir if adding the postfix is undesirable. | |
355 | 359 | |
356 | 360 | ### openssldir |
357 | 361 | |
581 | 585 | |
582 | 586 | Use the specified text instead of the default banner at the end of |
583 | 587 | configuration. |
588 | ||
589 | ### --w | |
590 | ||
591 | On platforms where the choice of 32-bit or 64-bit architecture | |
592 | is not explicitly specified, `Configure` will print a warning | |
593 | message and wait for a few seconds to let you interrupt the | |
594 | configuration. Using this flag skips the wait. | |
584 | 595 | |
585 | 596 | ### no-bulk |
586 | 597 | |
1137 | 1148 | |
1138 | 1149 | ### Automatic Configuration |
1139 | 1150 | |
1140 | On some platform a `config` script is available which attempts to guess | |
1141 | your operating system (and compiler, if necessary) and calls the `Configure` | |
1142 | Perl script with appropriate target based on its guess. Further options can | |
1143 | be supplied to the `config` script, which will be passed on to the `Configure` | |
1144 | script. | |
1151 | In previous version, the `config` script determined the platform type and | |
1152 | compiler and then called `Configure`. Starting with this release, they are | |
1153 | the same. | |
1145 | 1154 | |
1146 | 1155 | #### Unix / Linux / macOS |
1147 | 1156 | |
1405 | 1414 | This environment variable has the same meaning as for the |
1406 | 1415 | "--cross-compile-prefix" Configure flag described above. If both |
1407 | 1416 | are set then the Configure flag takes precedence. |
1417 | ||
1418 | HASHBANGPERL | |
1419 | The command string for the Perl executable to insert in the | |
1420 | #! line of perl scripts that will be publicly installed. | |
1421 | Default: /usr/bin/env perl | |
1422 | Note: the value of this variable is added to the same scripts | |
1423 | on all platforms, but it's only relevant on Unix-like platforms. | |
1424 | ||
1425 | KERNEL_BITS | |
1426 | This can be the value `32` or `64` to specify the architecture | |
1427 | when it is not "obvious" to the configuration. It should generally | |
1428 | not be necessary to specify this environment variable. | |
1408 | 1429 | |
1409 | 1430 | NM |
1410 | 1431 | The name of the nm executable to use. |
1430 | 1451 | Only needed if builing should use a different Perl executable |
1431 | 1452 | than what is used to run the Configure script. |
1432 | 1453 | |
1433 | HASHBANGPERL | |
1434 | The command string for the Perl executable to insert in the | |
1435 | #! line of perl scripts that will be publicly installed. | |
1436 | Default: /usr/bin/env perl | |
1437 | Note: the value of this variable is added to the same scripts | |
1438 | on all platforms, but it's only relevant on Unix-like platforms. | |
1454 | RANLIB | |
1455 | The name of the ranlib executable to use. | |
1439 | 1456 | |
1440 | 1457 | RC |
1441 | 1458 | The name of the rc executable to use. The default will be as |
1443 | 1460 | defined then "windres" will be used. The WINDRES environment |
1444 | 1461 | variable is synonymous to this. If both are defined then RC |
1445 | 1462 | takes precedence. |
1446 | ||
1447 | RANLIB | |
1448 | The name of the ranlib executable to use. | |
1449 | 1463 | |
1450 | 1464 | WINDRES |
1451 | 1465 | See RC. |
17 | 17 | OpenSSL 3.0 |
18 | 18 | ----------- |
19 | 19 | |
20 | ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 beta 2 [in pre-release] | |
21 | ||
22 | * Added migration guide to man7 | |
23 | * Implemented support for fully "pluggable" TLSv1.3 groups | |
24 | * Added suport for Kernel TLS (KTLS) | |
20 | ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021] | |
21 | ||
22 | * Enhanced 'openssl list' with many new options. | |
23 | * Added migration guide to man7. | |
24 | * Implemented support for fully "pluggable" TLSv1.3 groups. | |
25 | * Added suport for Kernel TLS (KTLS). | |
25 | 26 | * Changed the license to the Apache License v2.0. |
26 | 27 | * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2, |
27 | 28 | RC4, RC5, and DES to the legacy provider. |
37 | 38 | * Remove the `RAND_DRBG` API. |
38 | 39 | * Deprecated the `ENGINE` API. |
39 | 40 | * Added `OSSL_LIB_CTX`, a libcrypto library context. |
41 | * Added various `_ex` functions to the OpenSSL API that support using | |
42 | a non-default `OSSL_LIB_CTX`. | |
40 | 43 | * Interactive mode is removed from the 'openssl' program. |
41 | 44 | * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are |
42 | 45 | included in the FIPS provider. |
56 | 59 | BIOs (allowing implicit connections), and timeout checks. |
57 | 60 | * Added util/check-format.pl for checking adherence to the coding guidelines. |
58 | 61 | * Added OSSL_ENCODER, a generic encoder API. |
62 | * Added OSSL_DECODER, a generic decoder API. | |
59 | 63 | * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM. |
60 | 64 | * Added error raising macros, ERR_raise() and ERR_raise_data(). |
61 | 65 | * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(), |
84 | 88 | * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions |
85 | 89 | have been deprecated. |
86 | 90 | * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. |
91 | * Added providers, a new pluggability concept that will replace the | |
92 | ENGINE API and ENGINE implementations. | |
87 | 93 | |
88 | 94 | OpenSSL 1.1.1 |
89 | 95 | ------------- |
90 | 96 | |
91 | ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development] | |
97 | ### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] | |
98 | ||
99 | * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) | |
100 | * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712]) | |
101 | ||
102 | ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] | |
92 | 103 | |
93 | 104 | * Fixed a problem with verifying a certificate chain when using the |
94 | 105 | X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450]) |
55 | 55 | |
56 | 56 | * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl` |
57 | 57 | * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl` |
58 | ||
59 | As of 3.0, the NonStop configurations use the multilib attribute to distinguish | |
60 | between different models: | |
61 | ||
58 | 62 | * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl` |
59 | * For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl` | |
63 | ||
64 | The PUT model is placed in `${prefix}/lib-put` for 32-bit models and | |
65 | `${prefix}/lib64-put` for 64-bit models. | |
60 | 66 | |
61 | 67 | Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate |
62 | 68 | directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the |
48 | 48 | OpenSSL's configuration scripts recognise all these options and pass |
49 | 49 | them to the Makefile that they build. (In fact, all arguments starting |
50 | 50 | with `-Wl,` are recognised as linker options.) |
51 | Please note that 'l' in '-Wl' is lowercase L and not 1. | |
51 | 52 | |
52 | 53 | Please do not use verbatim directories in your runtime shared library |
53 | 54 | search path! Some OpenSSL config targets add an extra directory level |
0 | 0 | MAJOR=3 |
1 | 1 | MINOR=0 |
2 | 2 | PATCH=0 |
3 | PRE_RELEASE_TAG=beta2 | |
3 | PRE_RELEASE_TAG= | |
4 | 4 | BUILD_METADATA= |
5 | RELEASE_DATE="29 Jul 2021" | |
5 | RELEASE_DATE="7 sep 2021" | |
6 | 6 | SHLIB_VERSION=3 |
182 | 182 | if (convert != NULL) { |
183 | 183 | BIO_printf(bio_out, "OpenSSL cipher name: %s\n", |
184 | 184 | OPENSSL_cipher_name(convert)); |
185 | ret = 0; | |
185 | 186 | goto end; |
186 | 187 | } |
187 | 188 |
870 | 870 | if (X509_STORE_set1_param(ts, vpm /* may be NULL */) |
871 | 871 | && (for_new_cert || truststore_set_host_etc(ts, NULL))) |
872 | 872 | return ts; |
873 | BIO_printf(bio_err, "error setting verification parameters\n"); | |
873 | BIO_printf(bio_err, "error setting verification parameters for %s\n", desc); | |
874 | 874 | OSSL_CMP_CTX_print_errors(cmp_ctx); |
875 | 875 | X509_STORE_free(ts); |
876 | 876 | return NULL; |
1192 | 1192 | return NULL; |
1193 | 1193 | |
1194 | 1194 | if (opt_tls_trusted != NULL) { |
1195 | trust_store = load_certstore(opt_tls_trusted, opt_otherpass, | |
1196 | "trusted TLS certificates", vpm); | |
1195 | trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs"); | |
1197 | 1196 | if (trust_store == NULL) |
1198 | 1197 | goto err; |
1199 | 1198 | SSL_CTX_set_cert_store(ssl_ctx, trust_store); |
1200 | /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */ | |
1201 | X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb); | |
1202 | 1199 | } |
1203 | 1200 | |
1204 | 1201 | if (opt_tls_cert != NULL && opt_tls_key != NULL) { |
269 | 269 | err: |
270 | 270 | CMS_ContentInfo_free(ret); |
271 | 271 | return NULL; |
272 | } | |
273 | ||
274 | static void warn_binary(const char *file) | |
275 | { | |
276 | BIO *bio; | |
277 | unsigned char linebuf[1024], *cur, *end; | |
278 | int len; | |
279 | ||
280 | if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL) | |
281 | return; /* cannot give a proper warning since there is an error */ | |
282 | while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) { | |
283 | end = linebuf + len; | |
284 | for (cur = linebuf; cur < end; cur++) { | |
285 | if (*cur == '\0' || *cur >= 0x80) { | |
286 | BIO_printf(bio_err, "Warning: input file '%s' contains %s" | |
287 | " character; better use -binary option\n", | |
288 | file, *cur == '\0' ? "NUL" : "8-bit"); | |
289 | goto end; | |
290 | } | |
291 | } | |
292 | } | |
293 | end: | |
294 | BIO_free(bio); | |
295 | 272 | } |
296 | 273 | |
297 | 274 | int cms_main(int argc, char **argv) |
481 | 458 | rr_allorfirst = 1; |
482 | 459 | break; |
483 | 460 | case OPT_RCTFORM: |
484 | if (rctformat == FORMAT_ASN1) { | |
485 | if (!opt_format(opt_arg(), | |
486 | OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) | |
487 | goto opthelp; | |
488 | } else { | |
489 | rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); | |
490 | } | |
461 | if (!opt_format(opt_arg(), | |
462 | OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) | |
463 | goto opthelp; | |
491 | 464 | break; |
492 | 465 | case OPT_CERTFILE: |
493 | 466 | certfile = opt_arg(); |
706 | 679 | goto end; |
707 | 680 | break; |
708 | 681 | case OPT_WRAP: |
709 | wrapname = opt_unknown(); | |
682 | wrapname = opt_arg(); | |
710 | 683 | break; |
711 | 684 | case OPT_AES128_WRAP: |
712 | 685 | case OPT_AES192_WRAP: |
912 | 885 | goto end; |
913 | 886 | } |
914 | 887 | |
915 | if ((flags & CMS_BINARY) == 0) | |
916 | warn_binary(infile); | |
917 | 888 | in = bio_open_default(infile, 'r', |
918 | 889 | binary_files ? FORMAT_BINARY : informat); |
919 | 890 | if (in == NULL) |
925 | 896 | goto end; |
926 | 897 | if (contfile != NULL) { |
927 | 898 | BIO_free(indata); |
928 | if ((flags & CMS_BINARY) == 0) | |
929 | warn_binary(contfile); | |
930 | 899 | if ((indata = BIO_new_file(contfile, "rb")) == NULL) { |
931 | 900 | BIO_printf(bio_err, "Can't read content file %s\n", contfile); |
932 | 901 | goto end; |
953 | 922 | goto end; |
954 | 923 | } |
955 | 924 | |
956 | rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient"); | |
925 | rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt"); | |
957 | 926 | if (rcms == NULL) |
958 | 927 | goto end; |
959 | 928 | } |
36 | 36 | #endif |
37 | 37 | {"paramfile", OPT_PARAMFILE, '<', "Parameters file"}, |
38 | 38 | {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"}, |
39 | {"quiet", OPT_QUIET, 's', "Do not output status while generating keys"}, | |
39 | {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"}, | |
40 | 40 | {"pkeyopt", OPT_PKEYOPT, 's', |
41 | 41 | "Set the public key algorithm option as opt:value"}, |
42 | 42 | OPT_CONFIG_OPTION, |
93 | 93 | int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); |
94 | 94 | |
95 | 95 | int chopup_args(ARGS *arg, char *buf); |
96 | int dump_cert_text(BIO *out, X509 *x); | |
96 | void dump_cert_text(BIO *out, X509 *x); | |
97 | 97 | void print_name(BIO *out, const char *title, const X509_NAME *nm); |
98 | 98 | void print_bignum_var(BIO *, const BIGNUM *, const char*, |
99 | 99 | int, unsigned char *); |
199 | 199 | return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; |
200 | 200 | } |
201 | 201 | |
202 | int dump_cert_text(BIO *out, X509 *x) | |
202 | void dump_cert_text(BIO *out, X509 *x) | |
203 | 203 | { |
204 | 204 | print_name(out, "subject=", X509_get_subject_name(x)); |
205 | BIO_puts(out, "\n"); | |
206 | 205 | print_name(out, "issuer=", X509_get_issuer_name(x)); |
207 | BIO_puts(out, "\n"); | |
208 | ||
209 | return 0; | |
210 | 206 | } |
211 | 207 | |
212 | 208 | int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) |
1288 | 1284 | int indent = 0; |
1289 | 1285 | unsigned long lflags = get_nameopt(); |
1290 | 1286 | |
1287 | if (out == NULL) | |
1288 | return; | |
1291 | 1289 | if (title != NULL) |
1292 | 1290 | BIO_puts(out, title); |
1293 | 1291 | if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { |
822 | 822 | size_t temp = 0; |
823 | 823 | int res = generate_stateless_cookie_callback(ssl, cookie, &temp); |
824 | 824 | |
825 | *cookie_len = (unsigned int)temp; | |
825 | if (res != 0) | |
826 | *cookie_len = (unsigned int)temp; | |
826 | 827 | return res; |
827 | 828 | } |
828 | 829 |
26 | 26 | #endif |
27 | 27 | |
28 | 28 | #ifdef _WIN32 |
29 | /* | |
30 | * With MSVC, certain POSIX functions have been renamed to have an underscore | |
31 | * prefix. | |
32 | */ | |
33 | 29 | # include <process.h> |
34 | # define getpid _getpid | |
30 | ||
31 | /* MSVC renamed some POSIX functions to have an underscore prefix. */ | |
32 | # ifdef _MSC_VER | |
33 | # define getpid _getpid | |
34 | # endif | |
35 | 35 | #endif |
36 | 36 | |
37 | 37 | #ifndef OPENSSL_NO_SOCK |
15 | 15 | # Use this in order to automatically load providers. |
16 | 16 | openssl_conf = openssl_init |
17 | 17 | |
18 | # Comment this out if you deliberately want to ignore | |
19 | # configuration errors | |
18 | # Comment out the next line to ignore configuration errors | |
20 | 19 | config_diagnostics = 1 |
21 | 20 | |
22 | 21 | # Extra OBJECT IDENTIFIER info: |
60 | 59 | # included fipsmodule.cnf. |
61 | 60 | # fips = fips_sect |
62 | 61 | |
62 | # If no providers are activated explicitly, the default one is activated implicitly. | |
63 | # See man 7 OSSL_PROVIDER-default for more details. | |
64 | # | |
65 | # If you add a section explicitly activating any other provider(s), you most | |
66 | # probably need to explicitly activate the default provider, otherwise it | |
67 | # becomes unavailable in openssl. As a consequence applications depending on | |
68 | # OpenSSL may not work correctly which could lead to significant system | |
69 | # problems including inability to remotely access the system. | |
63 | 70 | [default_sect] |
64 | 71 | # activate = 1 |
65 | 72 |
15 | 15 | # Use this in order to automatically load providers. |
16 | 16 | openssl_conf = openssl_init |
17 | 17 | |
18 | # Comment this out if you deliberately want to ignore | |
19 | # configuration errors | |
18 | # Comment out the next line to ignore configuration errors | |
20 | 19 | config_diagnostics = 1 |
21 | 20 | |
22 | 21 | # Extra OBJECT IDENTIFIER info: |
60 | 59 | # included fipsmodule.cnf. |
61 | 60 | # fips = fips_sect |
62 | 61 | |
62 | # If no providers are activated explicitly, the default one is activated implicitly. | |
63 | # See man 7 OSSL_PROVIDER-default for more details. | |
64 | # | |
65 | # If you add a section explicitly activating any other provider(s), you most | |
66 | # probably need to explicitly activate the default provider, otherwise it | |
67 | # becomes unavailable in openssl. As a consequence applications depending on | |
68 | # OpenSSL may not work correctly which could lead to significant system | |
69 | # problems including inability to remotely access the system. | |
63 | 70 | [default_sect] |
64 | 71 | # activate = 1 |
65 | 72 |
1141 | 1141 | break; |
1142 | 1142 | |
1143 | 1143 | case V_ASN1_UTF8STRING: |
1144 | BIO_printf(out, "%s\n", av->value.utf8string->data); | |
1144 | BIO_printf(out, "%.*s\n", av->value.utf8string->length, | |
1145 | av->value.utf8string->data); | |
1145 | 1146 | break; |
1146 | 1147 | |
1147 | 1148 | case V_ASN1_OCTET_STRING: |
306 | 306 | mctx, digestname, libctx, app_get0_propq()); |
307 | 307 | if (ctx == NULL) { |
308 | 308 | BIO_printf(bio_err, "%s: Error initializing context\n", prog); |
309 | ERR_print_errors(bio_err); | |
310 | 309 | goto end; |
311 | 310 | } |
312 | 311 | if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) { |
313 | 312 | BIO_printf(bio_err, "%s: Error setting up peer key\n", prog); |
314 | ERR_print_errors(bio_err); | |
315 | 313 | goto end; |
316 | 314 | } |
317 | 315 | if (pkeyopts != NULL) { |
324 | 322 | if (pkey_ctrl_string(ctx, opt) <= 0) { |
325 | 323 | BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", |
326 | 324 | prog, opt); |
327 | ERR_print_errors(bio_err); | |
328 | 325 | goto end; |
329 | 326 | } |
330 | 327 | } |
491 | 488 | } else { |
492 | 489 | BIO_puts(bio_err, "Key derivation failed\n"); |
493 | 490 | } |
494 | ERR_print_errors(bio_err); | |
495 | 491 | goto end; |
496 | 492 | } |
497 | 493 | ret = 0; |
498 | 494 | |
499 | 495 | if (asn1parse) { |
500 | 496 | if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) |
501 | ERR_print_errors(bio_err); | |
497 | ERR_print_errors(bio_err); /* but still return success */ | |
502 | 498 | } else if (hexdump) { |
503 | 499 | BIO_dump(out, (char *)buf_out, buf_outlen); |
504 | 500 | } else { |
506 | 502 | } |
507 | 503 | |
508 | 504 | end: |
505 | if (ret != 0) | |
506 | ERR_print_errors(bio_err); | |
509 | 507 | EVP_MD_CTX_free(mctx); |
510 | 508 | EVP_PKEY_CTX_free(ctx); |
511 | 509 | EVP_MD_free(md); |
670 | 668 | peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key"); |
671 | 669 | if (peer == NULL) { |
672 | 670 | BIO_printf(bio_err, "Error reading peer key %s\n", file); |
673 | ERR_print_errors(bio_err); | |
674 | 671 | return 0; |
675 | 672 | } |
676 | 673 | |
677 | ret = EVP_PKEY_derive_set_peer(ctx, peer); | |
674 | ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0; | |
678 | 675 | |
679 | 676 | EVP_PKEY_free(peer); |
680 | if (ret <= 0) | |
681 | ERR_print_errors(bio_err); | |
682 | 677 | return ret; |
683 | 678 | } |
684 | 679 |
115 | 115 | {"reqopt", OPT_REQOPT, 's', "Various request text options"}, |
116 | 116 | {"text", OPT_TEXT, '-', "Text form of request"}, |
117 | 117 | {"x509", OPT_X509, '-', |
118 | "Output an x509 structure instead of a cert request"}, | |
119 | {"CA", OPT_CA, '<', "Issuer certificate to use with -x509"}, | |
118 | "Output an X.509 certificate structure instead of a cert request"}, | |
119 | {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"}, | |
120 | 120 | {"CAkey", OPT_CAKEY, 's', |
121 | "Issuer private key to use with -x509; default is -CA arg"}, | |
121 | "Issuer private key to use with -CA; default is -CA arg"}, | |
122 | 122 | {OPT_MORE_STR, 1, 1, "(Required by some CA's)"}, |
123 | 123 | {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"}, |
124 | 124 | {"subject", OPT_SUBJECT, '-', |
138 | 138 | {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"}, |
139 | 139 | |
140 | 140 | OPT_SECTION("Keys and Signing"), |
141 | {"key", OPT_KEY, 's', "Private key to use"}, | |
141 | {"key", OPT_KEY, 's', "Key to include and to use for self-signature"}, | |
142 | 142 | {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, |
143 | 143 | {"pubkey", OPT_PUBKEY, '-', "Output public key"}, |
144 | 144 | {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, |
405 | 405 | break; |
406 | 406 | case OPT_CA: |
407 | 407 | CAfile = opt_arg(); |
408 | gen_x509 = 1; | |
408 | 409 | break; |
409 | 410 | case OPT_CAKEY: |
410 | 411 | CAkeyfile = opt_arg(); |
629 | 630 | goto end; |
630 | 631 | app_RAND_load_conf(req_conf, section); |
631 | 632 | } |
632 | ||
633 | 633 | if (newreq && pkey == NULL) { |
634 | 634 | app_RAND_load_conf(req_conf, section); |
635 | 635 | |
685 | 685 | EVP_PKEY_CTX_free(genctx); |
686 | 686 | genctx = NULL; |
687 | 687 | } |
688 | if (keyout == NULL) { | |
688 | if (keyout == NULL && keyfile == NULL) { | |
689 | 689 | keyout = NCONF_get_string(req_conf, section, KEYFILE); |
690 | 690 | if (keyout == NULL) |
691 | 691 | ERR_clear_error(); |
754 | 754 | "Ignoring -CAkey option since no -CA option is given\n"); |
755 | 755 | } else { |
756 | 756 | if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF, |
757 | 0, passin, e, "issuer private key")) == NULL) | |
757 | 0, passin, e, | |
758 | CAkeyfile != CAfile | |
759 | ? "issuer private key from -CAkey arg" | |
760 | : "issuer private key from -CA arg")) == NULL) | |
758 | 761 | goto end; |
759 | 762 | } |
760 | 763 | } |
761 | 764 | if (CAfile != NULL) { |
762 | if (!gen_x509) { | |
765 | if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, | |
766 | "issuer cert from -CA arg")) == NULL) | |
767 | goto end; | |
768 | if (!X509_check_private_key(CAcert, CAkey)) { | |
763 | 769 | BIO_printf(bio_err, |
764 | "Warning: Ignoring -CA option without -x509\n"); | |
765 | } else { | |
766 | if (CAkeyfile == NULL) { | |
767 | BIO_printf(bio_err, | |
768 | "Need to give the -CAkey option if using -CA\n"); | |
769 | goto end; | |
770 | } | |
771 | if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, | |
772 | "issuer certificate")) == NULL) | |
773 | goto end; | |
774 | if (!X509_check_private_key(CAcert, CAkey)) { | |
775 | BIO_printf(bio_err, | |
776 | "Issuer certificate and key do not match\n"); | |
777 | goto end; | |
778 | } | |
770 | "Issuer CA certificate and key do not match\n"); | |
771 | goto end; | |
779 | 772 | } |
780 | 773 | } |
781 | 774 | if (newreq || gen_x509) { |
797 | 790 | } |
798 | 791 | if (gen_x509) { |
799 | 792 | EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req); |
793 | EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey; | |
800 | 794 | X509V3_CTX ext_ctx; |
801 | 795 | X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : |
802 | 796 | X509_REQ_get_subject_name(req); |
827 | 821 | if (!pub_key || !X509_set_pubkey(new_x509, pub_key)) |
828 | 822 | goto end; |
829 | 823 | if (ext_copy == EXT_COPY_UNSET) { |
830 | BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); | |
824 | if (infile != NULL) | |
825 | BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); | |
831 | 826 | } else if (!copy_extensions(new_x509, req, ext_copy)) { |
832 | 827 | BIO_printf(bio_err, "Error copying extensions from request\n"); |
833 | 828 | goto end; |
836 | 831 | /* Set up V3 context struct */ |
837 | 832 | X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509, |
838 | 833 | new_x509, NULL, NULL, X509V3_CTX_REPLACE); |
839 | if (CAcert == NULL) { /* self-issued, possibly self-signed */ | |
840 | if (!X509V3_set_issuer_pkey(&ext_ctx, pkey)) /* prepare right AKID */ | |
834 | /* prepare fallback for AKID, but only if issuer cert == new_x509 */ | |
835 | if (CAcert == NULL) { | |
836 | if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key)) | |
841 | 837 | goto end; |
842 | 838 | ERR_set_mark(); |
843 | if (!X509_check_private_key(new_x509, pkey)) | |
839 | if (!X509_check_private_key(new_x509, issuer_key)) | |
844 | 840 | BIO_printf(bio_err, |
845 | 841 | "Warning: Signature key and public key of cert do not match\n"); |
846 | 842 | ERR_pop_to_mark(); |
871 | 867 | } |
872 | 868 | } |
873 | 869 | |
874 | i = do_X509_sign(new_x509, CAcert != NULL ? CAkey : pkey, | |
875 | digest, sigopts, &ext_ctx); | |
870 | i = do_X509_sign(new_x509, issuer_key, digest, sigopts, &ext_ctx); | |
876 | 871 | if (!i) |
877 | 872 | goto end; |
878 | 873 | } else { |
995 | 990 | if (EVP_PKEY_is_a(tpubkey, "RSA")) { |
996 | 991 | BIGNUM *n = NULL; |
997 | 992 | |
998 | /* Every RSA key has an 'n' */ | |
999 | EVP_PKEY_get_bn_param(pkey, "n", &n); | |
993 | if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n)) | |
994 | goto end; | |
1000 | 995 | BN_print(out, n); |
1001 | 996 | BN_free(n); |
1002 | 997 | } else { |
5 | 5 | * in the file LICENSE in the source distribution or at |
6 | 6 | * https://www.openssl.org/source/license.html |
7 | 7 | */ |
8 | ||
9 | /* Necessary for legacy RSA public key export */ | |
10 | #define OPENSSL_SUPPRESS_DEPRECATED | |
8 | 11 | |
9 | 12 | #include <openssl/opensslconf.h> |
10 | 13 | |
84 | 87 | OPT_PROV_OPTIONS, |
85 | 88 | {NULL} |
86 | 89 | }; |
90 | ||
91 | static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout, | |
92 | BIO *out) | |
93 | { | |
94 | int ret = 0; | |
95 | #ifndef OPENSSL_NO_DEPRECATED_3_0 | |
96 | const RSA *rsa = EVP_PKEY_get0_RSA(pkey); | |
97 | ||
98 | if (rsa == NULL) | |
99 | return 0; | |
100 | ||
101 | if (outformat == FORMAT_ASN1) { | |
102 | if (pubout == 2) | |
103 | ret = i2d_RSAPublicKey_bio(out, rsa) > 0; | |
104 | else | |
105 | ret = i2d_RSA_PUBKEY_bio(out, rsa) > 0; | |
106 | } else if (outformat == FORMAT_PEM) { | |
107 | if (pubout == 2) | |
108 | ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0; | |
109 | else | |
110 | ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0; | |
111 | # ifndef OPENSSL_NO_DSA | |
112 | } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { | |
113 | ret = i2b_PublicKey_bio(out, pkey) > 0; | |
114 | # endif | |
115 | } | |
116 | #endif | |
117 | ||
118 | return ret; | |
119 | } | |
87 | 120 | |
88 | 121 | int rsa_main(int argc, char **argv) |
89 | 122 | { |
330 | 363 | output_type, output_structure, |
331 | 364 | NULL); |
332 | 365 | if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { |
333 | BIO_printf(bio_err, "%s format not supported\n", output_type); | |
366 | if ((!pubout && !pubin) | |
367 | || !try_legacy_encoding(pkey, outformat, pubout, out)) | |
368 | BIO_printf(bio_err, "%s format not supported\n", output_type); | |
369 | else | |
370 | ret = 0; | |
334 | 371 | goto end; |
335 | 372 | } |
336 | 373 |
189 | 189 | sn); |
190 | 190 | } |
191 | 191 | |
192 | static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest, | |
193 | STACK_OF(OPENSSL_STRING) *sigopts, | |
194 | int ext_copy, const char *names) | |
192 | static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names) | |
195 | 193 | { |
196 | 194 | const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert); |
197 | 195 | int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */); |
227 | 225 | goto err; |
228 | 226 | } |
229 | 227 | } |
230 | if (!do_X509_REQ_sign(req, pkey, digest, sigopts)) | |
231 | goto err; | |
232 | 228 | sk_X509_EXTENSION_free(exts); |
233 | 229 | return req; |
234 | 230 | |
803 | 799 | } |
804 | 800 | |
805 | 801 | X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE); |
806 | if (extconf != NULL) { | |
802 | if (extconf != NULL && !x509toreq) { | |
807 | 803 | X509V3_set_nconf(&ext_ctx, extconf); |
808 | 804 | if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) { |
809 | 805 | BIO_printf(bio_err, |
829 | 825 | BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n"); |
830 | 826 | goto end; |
831 | 827 | } |
832 | if ((rq = x509_to_req(x, privkey, digest, sigopts, | |
833 | ext_copy, ext_names)) == NULL) | |
828 | if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL) | |
829 | goto end; | |
830 | if (extconf != NULL) { | |
831 | X509V3_set_nconf(&ext_ctx, extconf); | |
832 | if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) { | |
833 | BIO_printf(bio_err, | |
834 | "Error adding request extensions from section %s\n", extsect); | |
835 | goto end; | |
836 | } | |
837 | } | |
838 | if (!do_X509_REQ_sign(rq, privkey, digest, sigopts)) | |
834 | 839 | goto end; |
835 | 840 | if (!noout) { |
836 | 841 | if (outformat == FORMAT_ASN1) { |
0 | 0 | /* |
1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
17 | 17 | int ia5 = 0; |
18 | 18 | int t61 = 0; |
19 | 19 | |
20 | if (len <= 0) | |
21 | len = -1; | |
22 | 20 | if (s == NULL) |
23 | 21 | return V_ASN1_PRINTABLESTRING; |
24 | 22 | |
25 | while ((*s) && (len-- != 0)) { | |
23 | if (len < 0) | |
24 | len = strlen((const char *)s); | |
25 | ||
26 | while (len-- > 0) { | |
26 | 27 | c = *(s++); |
27 | 28 | if (!ossl_isasn1print(c)) |
28 | 29 | ia5 = 1; |
300 | 300 | } |
301 | 301 | if ((size_t)str->length <= len || str->data == NULL) { |
302 | 302 | c = str->data; |
303 | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
304 | /* No NUL terminator in fuzzing builds */ | |
305 | str->data = OPENSSL_realloc(c, len != 0 ? len : 1); | |
306 | #else | |
303 | 307 | str->data = OPENSSL_realloc(c, len + 1); |
308 | #endif | |
304 | 309 | if (str->data == NULL) { |
305 | 310 | ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); |
306 | 311 | str->data = c; |
310 | 315 | str->length = len; |
311 | 316 | if (data != NULL) { |
312 | 317 | memcpy(str->data, data, len); |
313 | /* an allowance for strings :-) */ | |
318 | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
319 | /* Set the unused byte to something non NUL and printable. */ | |
320 | if (len == 0) | |
321 | str->data[len] = '~'; | |
322 | #else | |
323 | /* | |
324 | * Add a NUL terminator. This should not be necessary - but we add it as | |
325 | * a safety precaution | |
326 | */ | |
314 | 327 | str->data[len] = '\0'; |
328 | #endif | |
315 | 329 | } |
316 | 330 | return 1; |
317 | 331 | } |
373 | 387 | |
374 | 388 | i = (a->length - b->length); |
375 | 389 | if (i == 0) { |
376 | i = memcmp(a->data, b->data, a->length); | |
390 | if (a->length != 0) | |
391 | i = memcmp(a->data, b->data, a->length); | |
377 | 392 | if (i == 0) |
378 | 393 | return a->type - b->type; |
379 | 394 | else |
26 | 26 | return 1; |
27 | 27 | } |
28 | 28 | |
29 | /* int max_len: for returned value */ | |
29 | /* int max_len: for returned value | |
30 | * if passing NULL in data, nothing is copied but the necessary length | |
31 | * for it is returned. | |
32 | */ | |
30 | 33 | int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) |
31 | 34 | { |
32 | 35 | int ret, num; |
42 | 45 | num = ret; |
43 | 46 | else |
44 | 47 | num = max_len; |
45 | memcpy(data, p, num); | |
48 | if (num > 0 && data != NULL) | |
49 | memcpy(data, p, num); | |
46 | 50 | return ret; |
47 | 51 | } |
48 | 52 |
0 | 0 | /* |
1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
37 | 37 | } |
38 | 38 | chal = spki->spkac->challenge; |
39 | 39 | if (chal->length) |
40 | BIO_printf(out, " Challenge String: %s\n", chal->data); | |
40 | BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); | |
41 | 41 | i = OBJ_obj2nid(spki->sig_algor.algorithm); |
42 | 42 | BIO_printf(out, " Signature Algorithm: %s", |
43 | 43 | (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); |
5 | 5 | * in the file LICENSE in the source distribution or at |
6 | 6 | * https://www.openssl.org/source/license.html |
7 | 7 | */ |
8 | ||
9 | #ifndef _GNU_SOURCE | |
10 | # define _GNU_SOURCE | |
11 | #endif | |
8 | 12 | |
9 | 13 | #include <stdio.h> |
10 | 14 | #include <errno.h> |
180 | 180 | return 0; |
181 | 181 | |
182 | 182 | return |
183 | ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data); | |
183 | ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, | |
184 | text->length); | |
184 | 185 | } |
185 | 186 | |
186 | 187 | int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, |
743 | 743 | int only_self_issued); |
744 | 744 | STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); |
745 | 745 | int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, |
746 | const char *text); | |
746 | const char *text, int len); | |
747 | 747 | int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, |
748 | 748 | const ASN1_OCTET_STRING *src); |
749 | 749 | int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, |
757 | 757 | goto err; |
758 | 758 | msg->body->value.error->errorDetails = ft; |
759 | 759 | if (lib != NULL && *lib != '\0' |
760 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib)) | |
760 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1)) | |
761 | 761 | goto err; |
762 | 762 | if (reason != NULL && *reason != '\0' |
763 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason)) | |
763 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1)) | |
764 | 764 | goto err; |
765 | 765 | if (details != NULL |
766 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details)) | |
766 | && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1)) | |
767 | 767 | goto err; |
768 | 768 | } |
769 | 769 |
0 | 0 | /* |
1 | * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright Nokia 2007-2019 |
3 | 3 | * Copyright Siemens AG 2015-2019 |
4 | 4 | * |
219 | 219 | ADVANCE_BUFFER; |
220 | 220 | for (i = 0; i < n_status_strings; i++) { |
221 | 221 | text = sk_ASN1_UTF8STRING_value(status_strings, i); |
222 | printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%s\"%s", | |
222 | printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s", | |
223 | ASN1_STRING_length(text), | |
223 | 224 | ASN1_STRING_get0_data(text), |
224 | 225 | i < n_status_strings - 1 ? ", " : ""); |
225 | 226 | ADVANCE_BUFFER; |
220 | 220 | } |
221 | 221 | |
222 | 222 | int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, |
223 | const char *text) | |
223 | const char *text, int len) | |
224 | 224 | { |
225 | 225 | ASN1_UTF8STRING *utf8string; |
226 | 226 | |
228 | 228 | return 0; |
229 | 229 | if ((utf8string = ASN1_UTF8STRING_new()) == NULL) |
230 | 230 | return 0; |
231 | if (!ASN1_STRING_set(utf8string, text, -1)) | |
231 | if (!ASN1_STRING_set(utf8string, text, len)) | |
232 | 232 | goto err; |
233 | 233 | if (!sk_ASN1_UTF8STRING_push(sk, utf8string)) |
234 | 234 | goto err; |
950 | 950 | } |
951 | 951 | ukeylen += outlen; |
952 | 952 | |
953 | OPENSSL_clear_free(ec->key, ec->keylen); | |
953 | 954 | ec->key = ukey; |
954 | 955 | ec->keylen = ukeylen; |
955 | 956 |
484 | 484 | ECPARAMETERS_free(ret->value.parameters); |
485 | 485 | } |
486 | 486 | |
487 | if (EC_GROUP_get_asn1_flag(group)) { | |
487 | if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { | |
488 | 488 | /* |
489 | 489 | * use the asn1 OID to describe the elliptic curve parameters |
490 | 490 | */ |
698 | 698 | |
699 | 699 | if (params->order == NULL |
700 | 700 | || params->base == NULL |
701 | || params->base->data == NULL) { | |
701 | || params->base->data == NULL | |
702 | || params->base->length == 0) { | |
702 | 703 | ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); |
703 | 704 | goto err; |
704 | 705 | } |
3222 | 3222 | goto err; |
3223 | 3223 | } |
3224 | 3224 | } |
3225 | ||
3226 | #ifndef FIPS_MODULE | |
3227 | if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { | |
3228 | /* | |
3229 | * Some curves don't have an associated OID: for those we should not | |
3230 | * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and | |
3231 | * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. | |
3232 | * | |
3233 | * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on | |
3234 | * `EC_GROUP_new()`, when we don't have enough elements to determine if | |
3235 | * an OID for the curve name actually exists. | |
3236 | * We could implement this check on `EC_GROUP_set_curve_name()` but | |
3237 | * overloading the simple setter with this lookup could have a negative | |
3238 | * performance impact and unexpected consequences. | |
3239 | */ | |
3240 | ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); | |
3241 | ||
3242 | if (asn1obj == NULL) { | |
3243 | ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); | |
3244 | goto err; | |
3245 | } | |
3246 | if (OBJ_length(asn1obj) == 0) | |
3247 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); | |
3248 | ||
3249 | ASN1_OBJECT_free(asn1obj); | |
3250 | } | |
3251 | #else | |
3252 | /* | |
3253 | * Inside the FIPS module we do not support explicit curves anyway | |
3254 | * so the above check is not necessary. | |
3255 | * | |
3256 | * Skipping it is also necessary because `OBJ_length()` and | |
3257 | * `ASN1_OBJECT_free()` are not available within the FIPS module | |
3258 | * boundaries. | |
3259 | */ | |
3260 | #endif | |
3261 | ||
3225 | 3262 | ok = 1; |
3226 | 3263 | err: |
3227 | 3264 | if (!ok) { |
37 | 37 | */ |
38 | 38 | unsigned int flag_next_level_called : 1; |
39 | 39 | unsigned int flag_construct_called : 1; |
40 | unsigned int flag_input_structure_checked : 1; | |
40 | 41 | }; |
41 | 42 | |
42 | 43 | static int decoder_process(const OSSL_PARAM params[], void *arg); |
904 | 905 | } |
905 | 906 | |
906 | 907 | /* |
908 | * If the decoder we're currently considering specifies a structure, | |
909 | * and this check hasn't already been done earlier in this chain of | |
910 | * decoder_process() calls, check that it matches the user provided | |
911 | * input structure, if one is given. | |
912 | */ | |
913 | if (!data->flag_input_structure_checked | |
914 | && ctx->input_structure != NULL | |
915 | && new_input_structure != NULL) { | |
916 | data->flag_input_structure_checked = 1; | |
917 | if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { | |
918 | OSSL_TRACE_BEGIN(DECODER) { | |
919 | BIO_printf(trc_out, | |
920 | "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", | |
921 | (void *)new_data.ctx, LEVEL, (unsigned int)i); | |
922 | } OSSL_TRACE_END(DECODER); | |
923 | continue; | |
924 | } | |
925 | } | |
926 | ||
927 | /* | |
907 | 928 | * Checking the return value of BIO_reset() or BIO_seek() is unsafe. |
908 | 929 | * Furthermore, BIO_reset() is unsafe to use if the source BIO happens |
909 | 930 | * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero |
932 | 953 | ERR_set_mark(); |
933 | 954 | |
934 | 955 | new_data.current_decoder_inst_index = i; |
956 | new_data.flag_input_structure_checked | |
957 | = data->flag_input_structure_checked; | |
935 | 958 | ok = new_decoder->decode(new_decoderctx, cbio, |
936 | 959 | new_data.ctx->selection, |
937 | 960 | decoder_process, &new_data, |
214 | 214 | } |
215 | 215 | } |
216 | 216 | |
217 | /* | |
218 | * The input structure check is only done on the initial decoder | |
219 | * implementations. | |
220 | */ | |
221 | static int decoder_check_input_structure(OSSL_DECODER_CTX *ctx, | |
222 | OSSL_DECODER_INSTANCE *di) | |
223 | { | |
224 | int di_is_was_set = 0; | |
225 | const char *di_is = | |
226 | OSSL_DECODER_INSTANCE_get_input_structure(di, &di_is_was_set); | |
227 | ||
228 | /* | |
229 | * If caller didn't give an input structure name, the decoder is accepted | |
230 | * unconditionally with regards to the input structure. | |
231 | */ | |
232 | if (ctx->input_structure == NULL) | |
233 | return 1; | |
234 | /* | |
235 | * If the caller did give an input structure name, the decoder must have | |
236 | * a matching input structure to be accepted. | |
237 | */ | |
238 | if (di_is != NULL && strcasecmp(ctx->input_structure, di_is) == 0) | |
239 | return 1; | |
240 | return 0; | |
241 | } | |
242 | ||
243 | 217 | struct collect_decoder_data_st { |
244 | 218 | STACK_OF(OPENSSL_CSTRING) *names; |
245 | 219 | OSSL_DECODER_CTX *ctx; |
309 | 283 | OSSL_DECODER_get0_properties(decoder)); |
310 | 284 | } OSSL_TRACE_END(DECODER); |
311 | 285 | |
312 | if (!decoder_check_input_structure(data->ctx, di)) { | |
313 | OSSL_TRACE_BEGIN(DECODER) { | |
314 | BIO_printf(trc_out, | |
315 | " REJECTED: not the desired input structure\n"); | |
316 | } OSSL_TRACE_END(DECODER); | |
317 | ossl_decoder_instance_free(di); | |
318 | /* Not a fatal error. Just return */ | |
319 | return; | |
320 | } | |
321 | 286 | if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { |
322 | 287 | ossl_decoder_instance_free(di); |
323 | 288 | data->error_occurred = 1; |
991 | 991 | PROV_R_INVALID_DIGEST:122:invalid digest |
992 | 992 | PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length |
993 | 993 | PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size |
994 | PROV_R_INVALID_INPUT_LENGTH:230:invalid input length | |
994 | 995 | PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count |
995 | 996 | PROV_R_INVALID_IV_LENGTH:109:invalid iv length |
996 | 997 | PROV_R_INVALID_KEY:158:invalid key |
653 | 653 | } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) |
654 | 654 | && ctx->action_type == GET) { |
655 | 655 | /* For the POST state, only getting needs some work to be done */ |
656 | ||
656 | unsigned int param_data_type = translation->param_data_type; | |
657 | size_t size = (size_t)ctx->p1; | |
658 | ||
659 | if (state == PKEY) | |
660 | size = ctx->sz; | |
661 | if (param_data_type == 0) { | |
662 | /* we must have a fixup_args function to work */ | |
663 | if (!ossl_assert(translation->fixup_args != NULL)) { | |
664 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); | |
665 | return 0; | |
666 | } | |
667 | param_data_type = ctx->params->data_type; | |
668 | } | |
657 | 669 | /* When getting, we populate |*params| from |p1| and |p2| */ |
658 | switch (translation->param_data_type) { | |
670 | switch (param_data_type) { | |
659 | 671 | case OSSL_PARAM_INTEGER: |
660 | 672 | return OSSL_PARAM_set_int(ctx->params, ctx->p1); |
661 | 673 | case OSSL_PARAM_UNSIGNED_INTEGER: |
672 | 684 | return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); |
673 | 685 | case OSSL_PARAM_OCTET_STRING: |
674 | 686 | return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, |
675 | (size_t)ctx->p1); | |
687 | size); | |
676 | 688 | case OSSL_PARAM_OCTET_PTR: |
677 | 689 | return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2, |
678 | (size_t)ctx->p1); | |
690 | size); | |
679 | 691 | default: |
680 | 692 | ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, |
681 | 693 | "[action:%d, state:%d] " |
1551 | 1563 | ctx->p2 = NULL; |
1552 | 1564 | switch (EVP_PKEY_get_base_id(pkey)) { |
1553 | 1565 | #ifndef OPENSSL_NO_DH |
1566 | case EVP_PKEY_DHX: | |
1554 | 1567 | case EVP_PKEY_DH: |
1555 | 1568 | switch (ctx->params->data_type) { |
1556 | 1569 | case OSSL_PARAM_OCTET_STRING: |
2220 | 2233 | EVP_PKEY_CTRL_CIPHER, NULL, NULL, |
2221 | 2234 | OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, |
2222 | 2235 | { SET, -1, -1, EVP_PKEY_OP_KEYGEN, |
2223 | EVP_PKEY_CTRL_SET_MAC_KEY, NULL, NULL, | |
2236 | EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", | |
2224 | 2237 | OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, |
2225 | 2238 | |
2226 | 2239 | { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, |
2248 | 2261 | get_payload_private_key }, |
2249 | 2262 | { GET, -1, -1, -1, 0, NULL, NULL, |
2250 | 2263 | OSSL_PKEY_PARAM_PUB_KEY, |
2251 | 0 /* no data type, let get_payload_pub_key() handle that */, | |
2264 | 0 /* no data type, let get_payload_public_key() handle that */, | |
2252 | 2265 | get_payload_public_key }, |
2253 | 2266 | |
2254 | 2267 | /* DH and DSA */ |
1009 | 1009 | const unsigned char *in, size_t len) |
1010 | 1010 | { |
1011 | 1011 | S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); |
1012 | const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); | |
1013 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1012 | 1014 | int n = cctx->res; |
1013 | 1015 | int rem; |
1014 | 1016 | |
1017 | memcpy(cctx->kmo.param.cv, iv, ivlen); | |
1015 | 1018 | while (n && len) { |
1016 | 1019 | *out = *in ^ cctx->kmo.param.cv[n]; |
1017 | 1020 | n = (n + 1) & 0xf; |
1040 | 1043 | } |
1041 | 1044 | } |
1042 | 1045 | |
1046 | memcpy(iv, cctx->kmo.param.cv, ivlen); | |
1043 | 1047 | cctx->res = n; |
1044 | 1048 | return 1; |
1045 | 1049 | } |
1070 | 1074 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1071 | 1075 | const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); |
1072 | 1076 | const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); |
1077 | const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); | |
1078 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1073 | 1079 | int n = cctx->res; |
1074 | 1080 | int rem; |
1075 | 1081 | unsigned char tmp; |
1076 | 1082 | |
1083 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1077 | 1084 | while (n && len) { |
1078 | 1085 | tmp = *in; |
1079 | 1086 | *out = cctx->kmf.param.cv[n] ^ tmp; |
1106 | 1113 | } |
1107 | 1114 | } |
1108 | 1115 | |
1116 | memcpy(iv, cctx->kmf.param.cv, ivlen); | |
1109 | 1117 | cctx->res = n; |
1110 | 1118 | return 1; |
1111 | 1119 | } |
1133 | 1141 | const unsigned char *in, size_t len) |
1134 | 1142 | { |
1135 | 1143 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1136 | ||
1144 | const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); | |
1145 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1146 | ||
1147 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1137 | 1148 | s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); |
1149 | memcpy(iv, cctx->kmf.param.cv, ivlen); | |
1138 | 1150 | return 1; |
1139 | 1151 | } |
1140 | 1152 |
985 | 985 | |
986 | 986 | /* Check the cipher actually understands this parameter */ |
987 | 987 | if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), |
988 | OSSL_CIPHER_PARAM_KEYLEN) == NULL) | |
989 | return 0; | |
988 | OSSL_CIPHER_PARAM_KEYLEN) == NULL) { | |
989 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); | |
990 | return 0; | |
991 | } | |
990 | 992 | |
991 | 993 | params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); |
992 | 994 | ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params); |
399 | 399 | size_t *siglen) |
400 | 400 | { |
401 | 401 | int sctx = 0, r = 0; |
402 | EVP_PKEY_CTX *pctx = ctx->pctx; | |
402 | EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; | |
403 | 403 | |
404 | 404 | if (pctx == NULL |
405 | 405 | || pctx->operation != EVP_PKEY_OP_SIGNCTX |
407 | 407 | || pctx->op.sig.signature == NULL) |
408 | 408 | goto legacy; |
409 | 409 | |
410 | return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, | |
411 | sigret, siglen, SIZE_MAX); | |
410 | if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) | |
411 | return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, | |
412 | sigret, siglen, | |
413 | SIZE_MAX); | |
414 | dctx = EVP_PKEY_CTX_dup(pctx); | |
415 | if (dctx == NULL) | |
416 | return 0; | |
417 | ||
418 | r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, | |
419 | sigret, siglen, | |
420 | SIZE_MAX); | |
421 | EVP_PKEY_CTX_free(dctx); | |
422 | return r; | |
412 | 423 | |
413 | 424 | legacy: |
414 | 425 | if (pctx == NULL || pctx->pmeth == NULL) { |
428 | 439 | if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) |
429 | 440 | r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); |
430 | 441 | else { |
431 | EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx); | |
432 | ||
442 | dctx = EVP_PKEY_CTX_dup(pctx); | |
433 | 443 | if (dctx == NULL) |
434 | 444 | return 0; |
435 | 445 | r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); |
515 | 525 | int r = 0; |
516 | 526 | unsigned int mdlen = 0; |
517 | 527 | int vctx = 0; |
518 | EVP_PKEY_CTX *pctx = ctx->pctx; | |
528 | EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; | |
519 | 529 | |
520 | 530 | if (pctx == NULL |
521 | 531 | || pctx->operation != EVP_PKEY_OP_VERIFYCTX |
523 | 533 | || pctx->op.sig.signature == NULL) |
524 | 534 | goto legacy; |
525 | 535 | |
526 | return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, | |
527 | sig, siglen); | |
536 | if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) | |
537 | return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, | |
538 | sig, siglen); | |
539 | dctx = EVP_PKEY_CTX_dup(pctx); | |
540 | if (dctx == NULL) | |
541 | return 0; | |
542 | ||
543 | r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, | |
544 | sig, siglen); | |
545 | EVP_PKEY_CTX_free(dctx); | |
546 | return r; | |
528 | 547 | |
529 | 548 | legacy: |
530 | 549 | if (pctx == NULL || pctx->pmeth == NULL) { |
2144 | 2144 | |
2145 | 2145 | int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, |
2146 | 2146 | unsigned char *buf, size_t max_buf_sz, |
2147 | size_t *out_sz) | |
2147 | size_t *out_len) | |
2148 | 2148 | { |
2149 | 2149 | OSSL_PARAM params[2]; |
2150 | 2150 | int ret1 = 0, ret2 = 0; |
2156 | 2156 | params[1] = OSSL_PARAM_construct_end(); |
2157 | 2157 | if ((ret1 = EVP_PKEY_get_params(pkey, params))) |
2158 | 2158 | ret2 = OSSL_PARAM_modified(params); |
2159 | if (ret2 && out_sz != NULL) | |
2160 | *out_sz = params[0].return_size; | |
2159 | if (ret2 && out_len != NULL) | |
2160 | *out_len = params[0].return_size; | |
2161 | 2161 | return ret1 && ret2; |
2162 | 2162 | } |
2163 | 2163 | |
2164 | 2164 | int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, |
2165 | 2165 | char *str, size_t max_buf_sz, |
2166 | size_t *out_sz) | |
2166 | size_t *out_len) | |
2167 | 2167 | { |
2168 | 2168 | OSSL_PARAM params[2]; |
2169 | 2169 | int ret1 = 0, ret2 = 0; |
2175 | 2175 | params[1] = OSSL_PARAM_construct_end(); |
2176 | 2176 | if ((ret1 = EVP_PKEY_get_params(pkey, params))) |
2177 | 2177 | ret2 = OSSL_PARAM_modified(params); |
2178 | if (ret2 && out_sz != NULL) | |
2179 | *out_sz = params[0].return_size; | |
2178 | if (ret2 && out_len != NULL) | |
2179 | *out_len = params[0].return_size; | |
2180 | ||
2181 | if (ret2 && params[0].return_size == max_buf_sz) | |
2182 | /* There was no space for a NUL byte */ | |
2183 | return 0; | |
2184 | /* Add a terminating NUL byte for good measure */ | |
2185 | if (ret2 && str != NULL) | |
2186 | str[params[0].return_size] = '\0'; | |
2187 | ||
2180 | 2188 | return ret1 && ret2; |
2181 | 2189 | } |
2182 | 2190 |
499 | 499 | = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); |
500 | 500 | if (rctx->op.kex.algctx == NULL) { |
501 | 501 | EVP_KEYEXCH_free(rctx->op.kex.exchange); |
502 | rctx->op.kex.exchange = NULL; | |
502 | 503 | goto err; |
503 | 504 | } |
504 | 505 | return rctx; |
516 | 517 | = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); |
517 | 518 | if (rctx->op.sig.algctx == NULL) { |
518 | 519 | EVP_SIGNATURE_free(rctx->op.sig.signature); |
520 | rctx->op.sig.signature = NULL; | |
519 | 521 | goto err; |
520 | 522 | } |
521 | 523 | return rctx; |
533 | 535 | = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); |
534 | 536 | if (rctx->op.ciph.algctx == NULL) { |
535 | 537 | EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); |
538 | rctx->op.ciph.cipher = NULL; | |
536 | 539 | goto err; |
537 | 540 | } |
538 | 541 | return rctx; |
550 | 553 | = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); |
551 | 554 | if (rctx->op.encap.algctx == NULL) { |
552 | 555 | EVP_KEM_free(rctx->op.encap.kem); |
556 | rctx->op.encap.kem = NULL; | |
553 | 557 | goto err; |
554 | 558 | } |
555 | 559 | return rctx; |
1046 | 1046 | int type, size_t L, size_t N, |
1047 | 1047 | int *res, BN_GENCB *cb) |
1048 | 1048 | { |
1049 | return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, | |
1050 | FFC_PARAM_MODE_GENERATE, | |
1051 | type, L, N, res, cb); | |
1052 | } | |
1049 | if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, | |
1050 | FFC_PARAM_MODE_GENERATE, | |
1051 | type, L, N, res, cb)) | |
1052 | return 0; | |
1053 | ||
1054 | ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); | |
1055 | return 1; | |
1056 | } |
43 | 43 | |
44 | 44 | static OPENSSL_INIT_STOP *stop_handlers = NULL; |
45 | 45 | static CRYPTO_RWLOCK *init_lock = NULL; |
46 | static CRYPTO_THREAD_LOCAL in_init_config_local; | |
46 | 47 | |
47 | 48 | static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; |
48 | 49 | static int base_inited = 0; |
60 | 61 | OPENSSL_cpuid_setup(); |
61 | 62 | |
62 | 63 | if (!ossl_init_thread()) |
63 | return 0; | |
64 | goto err; | |
65 | ||
66 | if (!CRYPTO_THREAD_init_local(&in_init_config_local, NULL)) | |
67 | goto err; | |
64 | 68 | |
65 | 69 | base_inited = 1; |
66 | 70 | return 1; |
364 | 368 | |
365 | 369 | CRYPTO_THREAD_lock_free(init_lock); |
366 | 370 | init_lock = NULL; |
371 | ||
372 | CRYPTO_THREAD_cleanup_local(&in_init_config_local); | |
367 | 373 | |
368 | 374 | /* |
369 | 375 | * We assume we are single-threaded for this function, i.e. no race |
565 | 571 | return 0; |
566 | 572 | |
567 | 573 | if (opts & OPENSSL_INIT_LOAD_CONFIG) { |
568 | int ret; | |
569 | ||
570 | if (settings == NULL) { | |
571 | ret = RUN_ONCE(&config, ossl_init_config); | |
572 | } else { | |
573 | if (!CRYPTO_THREAD_write_lock(init_lock)) | |
574 | int loading = CRYPTO_THREAD_get_local(&in_init_config_local) != NULL; | |
575 | ||
576 | /* If called recursively from OBJ_ calls, just skip it. */ | |
577 | if (!loading) { | |
578 | int ret; | |
579 | ||
580 | if (!CRYPTO_THREAD_set_local(&in_init_config_local, (void *)-1)) | |
574 | 581 | return 0; |
575 | conf_settings = settings; | |
576 | ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, | |
577 | ossl_init_config); | |
578 | conf_settings = NULL; | |
579 | CRYPTO_THREAD_unlock(init_lock); | |
582 | if (settings == NULL) { | |
583 | ret = RUN_ONCE(&config, ossl_init_config); | |
584 | } else { | |
585 | if (!CRYPTO_THREAD_write_lock(init_lock)) | |
586 | return 0; | |
587 | conf_settings = settings; | |
588 | ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, | |
589 | ossl_init_config); | |
590 | conf_settings = NULL; | |
591 | CRYPTO_THREAD_unlock(init_lock); | |
592 | } | |
593 | ||
594 | if (ret <= 0) | |
595 | return 0; | |
580 | 596 | } |
581 | ||
582 | if (ret <= 0) | |
583 | return 0; | |
584 | 597 | } |
585 | 598 | |
586 | 599 | if ((opts & OPENSSL_INIT_ASYNC) |
11 | 11 | #include <openssl/err.h> |
12 | 12 | #include <openssl/conf.h> |
13 | 13 | #include <openssl/safestack.h> |
14 | #include <openssl/provider.h> | |
14 | 15 | #include "internal/provider.h" |
15 | 16 | #include "internal/cryptlib.h" |
16 | 17 | #include "provider_local.h" |
20 | 21 | /* PROVIDER config module */ |
21 | 22 | |
22 | 23 | typedef struct { |
24 | CRYPTO_RWLOCK *lock; | |
23 | 25 | STACK_OF(OSSL_PROVIDER) *activated_providers; |
24 | 26 | } PROVIDER_CONF_GLOBAL; |
25 | 27 | |
30 | 32 | if (pcgbl == NULL) |
31 | 33 | return NULL; |
32 | 34 | |
35 | pcgbl->lock = CRYPTO_THREAD_lock_new(); | |
36 | if (pcgbl->lock == NULL) { | |
37 | OPENSSL_free(pcgbl); | |
38 | return NULL; | |
39 | } | |
40 | ||
33 | 41 | return pcgbl; |
34 | 42 | } |
35 | 43 | |
41 | 49 | ossl_provider_free); |
42 | 50 | |
43 | 51 | OSSL_TRACE(CONF, "Cleaned up providers\n"); |
52 | CRYPTO_THREAD_lock_free(pcgbl->lock); | |
44 | 53 | OPENSSL_free(pcgbl); |
45 | 54 | } |
46 | 55 | |
104 | 113 | } |
105 | 114 | |
106 | 115 | return ok; |
116 | } | |
117 | ||
118 | static int prov_already_activated(const char *name, | |
119 | STACK_OF(OSSL_PROVIDER) *activated) | |
120 | { | |
121 | int i, max; | |
122 | ||
123 | if (activated == NULL) | |
124 | return 0; | |
125 | ||
126 | max = sk_OSSL_PROVIDER_num(activated); | |
127 | for (i = 0; i < max; i++) { | |
128 | OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i); | |
129 | ||
130 | if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) { | |
131 | return 1; | |
132 | } | |
133 | } | |
134 | ||
135 | return 0; | |
107 | 136 | } |
108 | 137 | |
109 | 138 | static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, |
155 | 184 | } |
156 | 185 | |
157 | 186 | if (activate) { |
158 | /* | |
159 | * There is an attempt to activate a provider, so we should disable | |
160 | * loading of fallbacks. Otherwise a misconfiguration could mean the | |
161 | * intended provider does not get loaded. Subsequent fetches could then | |
162 | * fallback to the default provider - which may be the wrong thing. | |
163 | */ | |
164 | if (!ossl_provider_disable_fallback_loading(libctx)) { | |
187 | if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) { | |
165 | 188 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
166 | 189 | return 0; |
167 | 190 | } |
168 | prov = ossl_provider_find(libctx, name, 1); | |
169 | if (prov == NULL) | |
170 | prov = ossl_provider_new(libctx, name, NULL, 1); | |
171 | if (prov == NULL) { | |
172 | if (soft) | |
173 | ERR_clear_error(); | |
174 | return 0; | |
175 | } | |
176 | ||
177 | if (path != NULL) | |
178 | ossl_provider_set_module_path(prov, path); | |
179 | ||
180 | ok = provider_conf_params(prov, NULL, NULL, value, cnf); | |
181 | ||
182 | if (ok) { | |
183 | if (!ossl_provider_activate(prov, 1, 0)) { | |
184 | ok = 0; | |
185 | } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { | |
186 | ossl_provider_deactivate(prov); | |
187 | ok = 0; | |
188 | } else { | |
189 | if (pcgbl->activated_providers == NULL) | |
190 | pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); | |
191 | sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); | |
192 | ok = 1; | |
193 | } | |
194 | } | |
195 | ||
196 | if (!ok) | |
197 | ossl_provider_free(prov); | |
191 | if (!prov_already_activated(name, pcgbl->activated_providers)) { | |
192 | /* | |
193 | * There is an attempt to activate a provider, so we should disable | |
194 | * loading of fallbacks. Otherwise a misconfiguration could mean the | |
195 | * intended provider does not get loaded. Subsequent fetches could | |
196 | * then fallback to the default provider - which may be the wrong | |
197 | * thing. | |
198 | */ | |
199 | if (!ossl_provider_disable_fallback_loading(libctx)) { | |
200 | CRYPTO_THREAD_unlock(pcgbl->lock); | |
201 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); | |
202 | return 0; | |
203 | } | |
204 | prov = ossl_provider_find(libctx, name, 1); | |
205 | if (prov == NULL) | |
206 | prov = ossl_provider_new(libctx, name, NULL, 1); | |
207 | if (prov == NULL) { | |
208 | CRYPTO_THREAD_unlock(pcgbl->lock); | |
209 | if (soft) | |
210 | ERR_clear_error(); | |
211 | return 0; | |
212 | } | |
213 | ||
214 | if (path != NULL) | |
215 | ossl_provider_set_module_path(prov, path); | |
216 | ||
217 | ok = provider_conf_params(prov, NULL, NULL, value, cnf); | |
218 | ||
219 | if (ok) { | |
220 | if (!ossl_provider_activate(prov, 1, 0)) { | |
221 | ok = 0; | |
222 | } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { | |
223 | ossl_provider_deactivate(prov); | |
224 | ok = 0; | |
225 | } else { | |
226 | if (pcgbl->activated_providers == NULL) | |
227 | pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); | |
228 | sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); | |
229 | ok = 1; | |
230 | } | |
231 | } | |
232 | if (!ok) | |
233 | ossl_provider_free(prov); | |
234 | } | |
235 | CRYPTO_THREAD_unlock(pcgbl->lock); | |
198 | 236 | } else { |
199 | 237 | OSSL_PROVIDER_INFO entry; |
200 | 238 |
27 | 27 | # include <openssl/self_test.h> |
28 | 28 | #endif |
29 | 29 | |
30 | /* | |
31 | * This file defines and uses a number of different structures: | |
32 | * | |
33 | * OSSL_PROVIDER (provider_st): Used to represent all information related to a | |
34 | * single instance of a provider. | |
35 | * | |
36 | * provider_store_st: Holds information about the collection of providers that | |
37 | * are available within the current library context (OSSL_LIB_CTX). It also | |
38 | * holds configuration information about providers that could be loaded at some | |
39 | * future point. | |
40 | * | |
41 | * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks | |
42 | * that have been registered for a child library context and the associated | |
43 | * provider that registered those callbacks. | |
44 | * | |
45 | * Where a child library context exists then it has its own instance of the | |
46 | * provider store. Each provider that exists in the parent provider store, has | |
47 | * an associated child provider in the child library context's provider store. | |
48 | * As providers get activated or deactivated this needs to be mirrored in the | |
49 | * associated child providers. | |
50 | * | |
51 | * LOCKING | |
52 | * ======= | |
53 | * | |
54 | * There are a number of different locks used in this file and it is important | |
55 | * to understand how they should be used in order to avoid deadlocks. | |
56 | * | |
57 | * Fields within a structure can often be "write once" on creation, and then | |
58 | * "read many". Creation of a structure is done by a single thread, and | |
59 | * therefore no lock is required for the "write once/read many" fields. It is | |
60 | * safe for multiple threads to read these fields without a lock, because they | |
61 | * will never be changed. | |
62 | * | |
63 | * However some fields may be changed after a structure has been created and | |
64 | * shared between multiple threads. Where this is the case a lock is required. | |
65 | * | |
66 | * The locks available are: | |
67 | * | |
68 | * The provider flag_lock: Used to control updates to the various provider | |
69 | * "flags" (flag_initialized, flag_activated, flag_fallback) and associated | |
70 | * "counts" (activatecnt). | |
71 | * | |
72 | * The provider refcnt_lock: Only ever used to control updates to the provider | |
73 | * refcnt value. | |
74 | * | |
75 | * The provider optbits_lock: Used to control access to the provider's | |
76 | * operation_bits and operation_bits_sz fields. | |
77 | * | |
78 | * The store default_path_lock: Used to control access to the provider store's | |
79 | * default search path value (default_path) | |
80 | * | |
81 | * The store lock: Used to control the stack of provider's held within the | |
82 | * provider store, as well as the stack of registered child provider callbacks. | |
83 | * | |
84 | * As a general rule-of-thumb it is best to: | |
85 | * - keep the scope of the code that is protected by a lock to the absolute | |
86 | * minimum possible; | |
87 | * - try to keep the scope of the lock to within a single function (i.e. avoid | |
88 | * making calls to other functions while holding a lock); | |
89 | * - try to only ever hold one lock at a time. | |
90 | * | |
91 | * Unfortunately, it is not always possible to stick to the above guidelines. | |
92 | * Where they are not adhered to there is always a danger of inadvertently | |
93 | * introducing the possibility of deadlock. The following rules MUST be adhered | |
94 | * to in order to avoid that: | |
95 | * - Holding multiple locks at the same time is only allowed for the | |
96 | * provider store lock, the provider flag_lock and the provider refcnt_lock. | |
97 | * - When holding multiple locks they must be acquired in the following order of | |
98 | * precedence: | |
99 | * 1) provider store lock | |
100 | * 2) provider flag_lock | |
101 | * 3) provider refcnt_lock | |
102 | * - When releasing locks they must be released in the reverse order to which | |
103 | * they were acquired | |
104 | * - No locks may be held when making an upcall. NOTE: Some common functions | |
105 | * can make upcalls as part of their normal operation. If you need to call | |
106 | * some other function while holding a lock make sure you know whether it | |
107 | * will make any upcalls or not. For example ossl_provider_up_ref() can call | |
108 | * ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall. | |
109 | * - It is permissible to hold the store lock when calling child provider | |
110 | * callbacks. No other locks may be held during such callbacks. | |
111 | */ | |
112 | ||
30 | 113 | static OSSL_PROVIDER *provider_new(const char *name, |
31 | 114 | OSSL_provider_init_fn *init_function, |
32 | 115 | STACK_OF(INFOPAIR) *parameters); |
342 | 425 | tmpl.name = (char *)name; |
343 | 426 | if (!CRYPTO_THREAD_read_lock(store->lock)) |
344 | 427 | return NULL; |
345 | if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1 | |
346 | || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL | |
347 | || !ossl_provider_up_ref(prov)) | |
428 | if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1) | |
429 | prov = sk_OSSL_PROVIDER_value(store->providers, i); | |
430 | CRYPTO_THREAD_unlock(store->lock); | |
431 | if (prov != NULL && !ossl_provider_up_ref(prov)) | |
348 | 432 | prov = NULL; |
349 | CRYPTO_THREAD_unlock(store->lock); | |
350 | 433 | } |
351 | 434 | |
352 | 435 | return prov; |
531 | 614 | else |
532 | 615 | actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx); |
533 | 616 | |
534 | if (actualprov != NULL) { | |
535 | if (!ossl_provider_up_ref(actualtmp)) { | |
536 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); | |
537 | actualtmp = NULL; | |
538 | goto err; | |
539 | } | |
540 | *actualprov = actualtmp; | |
541 | } | |
542 | ||
543 | 617 | if (idx == -1) { |
544 | 618 | if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) |
545 | 619 | goto err; |
554 | 628 | |
555 | 629 | CRYPTO_THREAD_unlock(store->lock); |
556 | 630 | |
557 | if (actualtmp != prov) { | |
631 | if (actualprov != NULL) { | |
632 | if (!ossl_provider_up_ref(actualtmp)) { | |
633 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); | |
634 | actualtmp = NULL; | |
635 | goto err; | |
636 | } | |
637 | *actualprov = actualtmp; | |
638 | } | |
639 | ||
640 | if (idx >= 0) { | |
558 | 641 | /* |
559 | 642 | * The provider is already in the store. Probably two threads |
560 | 643 | * independently initialised their own provider objects with the same |
922 | 1005 | * Deactivate a provider. |
923 | 1006 | * Return -1 on failure and the activation count on success |
924 | 1007 | */ |
925 | static int provider_deactivate(OSSL_PROVIDER *prov) | |
1008 | static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls) | |
926 | 1009 | { |
927 | 1010 | int count; |
928 | 1011 | struct provider_store_st *store; |
1012 | #ifndef FIPS_MODULE | |
1013 | int freeparent = 0, removechildren = 0; | |
1014 | #endif | |
929 | 1015 | |
930 | 1016 | if (!ossl_assert(prov != NULL)) |
931 | 1017 | return -1; |
942 | 1028 | } |
943 | 1029 | |
944 | 1030 | #ifndef FIPS_MODULE |
945 | if (prov->activatecnt == 2 && prov->ischild) { | |
1031 | if (prov->activatecnt >= 2 && prov->ischild && upcalls) { | |
946 | 1032 | /* |
947 | 1033 | * We have had a direct activation in this child libctx so we need to |
948 | * now down the ref count in the parent provider. | |
1034 | * now down the ref count in the parent provider. We do the actual down | |
1035 | * ref outside of the flag_lock, since it could involve getting other | |
1036 | * locks. | |
949 | 1037 | */ |
950 | ossl_provider_free_parent(prov, 1); | |
1038 | freeparent = 1; | |
951 | 1039 | } |
952 | 1040 | #endif |
953 | 1041 | |
954 | 1042 | if ((count = --prov->activatecnt) < 1) { |
955 | 1043 | prov->flag_activated = 0; |
956 | 1044 | #ifndef FIPS_MODULE |
957 | { | |
958 | int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); | |
959 | OSSL_PROVIDER_CHILD_CB *child_cb; | |
960 | ||
961 | for (i = 0; i < max; i++) { | |
962 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); | |
963 | child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); | |
964 | } | |
965 | } | |
1045 | removechildren = 1; | |
966 | 1046 | #endif |
967 | 1047 | } |
968 | 1048 | |
969 | 1049 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1050 | ||
1051 | #ifndef FIPS_MODULE | |
1052 | if (removechildren) { | |
1053 | int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); | |
1054 | OSSL_PROVIDER_CHILD_CB *child_cb; | |
1055 | ||
1056 | for (i = 0; i < max; i++) { | |
1057 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); | |
1058 | child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); | |
1059 | } | |
1060 | } | |
1061 | #endif | |
970 | 1062 | CRYPTO_THREAD_unlock(store->lock); |
1063 | #ifndef FIPS_MODULE | |
1064 | if (freeparent) | |
1065 | ossl_provider_free_parent(prov, 1); | |
1066 | #endif | |
971 | 1067 | |
972 | 1068 | /* We don't deinit here, that's done in ossl_provider_free() */ |
973 | 1069 | return count; |
981 | 1077 | { |
982 | 1078 | int count = -1; |
983 | 1079 | struct provider_store_st *store; |
984 | int ret = 1; | |
1080 | int ret = 1, createchildren = 0; | |
985 | 1081 | |
986 | 1082 | store = prov->store; |
987 | 1083 | /* |
994 | 1090 | return -1; |
995 | 1091 | } |
996 | 1092 | |
997 | if (lock && !CRYPTO_THREAD_read_lock(store->lock)) | |
1093 | #ifndef FIPS_MODULE | |
1094 | if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1)) | |
998 | 1095 | return -1; |
1096 | #endif | |
1097 | ||
1098 | if (lock && !CRYPTO_THREAD_read_lock(store->lock)) { | |
1099 | #ifndef FIPS_MODULE | |
1100 | if (prov->ischild && upcalls) | |
1101 | ossl_provider_free_parent(prov, 1); | |
1102 | #endif | |
1103 | return -1; | |
1104 | } | |
999 | 1105 | |
1000 | 1106 | if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { |
1001 | 1107 | CRYPTO_THREAD_unlock(store->lock); |
1108 | #ifndef FIPS_MODULE | |
1109 | if (prov->ischild && upcalls) | |
1110 | ossl_provider_free_parent(prov, 1); | |
1111 | #endif | |
1002 | 1112 | return -1; |
1003 | 1113 | } |
1004 | 1114 | |
1005 | #ifndef FIPS_MODULE | |
1006 | if (prov->ischild && upcalls) | |
1007 | ret = ossl_provider_up_ref_parent(prov, 1); | |
1008 | #endif | |
1009 | ||
1010 | if (ret) { | |
1011 | count = ++prov->activatecnt; | |
1012 | prov->flag_activated = 1; | |
1013 | ||
1014 | if (prov->activatecnt == 1 && store != NULL) | |
1015 | ret = create_provider_children(prov); | |
1016 | } | |
1017 | ||
1018 | if (lock) { | |
1115 | count = ++prov->activatecnt; | |
1116 | prov->flag_activated = 1; | |
1117 | ||
1118 | if (prov->activatecnt == 1 && store != NULL) | |
1119 | createchildren = 1; | |
1120 | ||
1121 | if (lock) | |
1019 | 1122 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1123 | if (createchildren) | |
1124 | ret = create_provider_children(prov); | |
1125 | if (lock) | |
1020 | 1126 | CRYPTO_THREAD_unlock(store->lock); |
1021 | } | |
1127 | ||
1022 | 1128 | if (!ret) |
1023 | 1129 | return -1; |
1024 | 1130 | |
1067 | 1173 | { |
1068 | 1174 | int count; |
1069 | 1175 | |
1070 | if (prov == NULL || (count = provider_deactivate(prov)) < 0) | |
1176 | if (prov == NULL || (count = provider_deactivate(prov, 1)) < 0) | |
1071 | 1177 | return 0; |
1072 | 1178 | return count == 0 ? provider_flush_store_cache(prov) : 1; |
1073 | 1179 | } |
1154 | 1260 | void *cbdata), |
1155 | 1261 | void *cbdata) |
1156 | 1262 | { |
1157 | int ret = 0, curr, max; | |
1263 | int ret = 0, curr, max, ref = 0; | |
1158 | 1264 | struct provider_store_st *store = get_provider_store(ctx); |
1159 | 1265 | STACK_OF(OSSL_PROVIDER) *provs = NULL; |
1160 | 1266 | |
1194 | 1300 | if (!CRYPTO_THREAD_write_lock(prov->flag_lock)) |
1195 | 1301 | goto err_unlock; |
1196 | 1302 | if (prov->flag_activated) { |
1197 | if (!ossl_provider_up_ref(prov)){ | |
1303 | /* | |
1304 | * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref | |
1305 | * to avoid upping the ref count on the parent provider, which we | |
1306 | * must not do while holding locks. | |
1307 | */ | |
1308 | if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) { | |
1198 | 1309 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1199 | 1310 | goto err_unlock; |
1200 | 1311 | } |
1201 | 1312 | /* |
1202 | 1313 | * It's already activated, but we up the activated count to ensure |
1203 | 1314 | * it remains activated until after we've called the user callback. |
1315 | * We do this with no locking (because we already hold the locks) | |
1316 | * and no upcalls (which must not be called when locks are held). In | |
1317 | * theory this could mean the parent provider goes inactive, whilst | |
1318 | * still activated in the child for a short period. That's ok. | |
1204 | 1319 | */ |
1205 | if (provider_activate(prov, 0, 1) < 0) { | |
1206 | ossl_provider_free(prov); | |
1320 | if (provider_activate(prov, 0, 0) < 0) { | |
1321 | CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); | |
1207 | 1322 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1208 | 1323 | goto err_unlock; |
1209 | 1324 | } |
1240 | 1355 | for (curr++; curr < max; curr++) { |
1241 | 1356 | OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); |
1242 | 1357 | |
1243 | provider_deactivate(prov); | |
1244 | ossl_provider_free(prov); | |
1358 | provider_deactivate(prov, 0); | |
1359 | /* | |
1360 | * As above where we did the up-ref, we don't call ossl_provider_free | |
1361 | * to avoid making upcalls. There should always be at least one ref | |
1362 | * to the provider in the store, so this should never drop to 0. | |
1363 | */ | |
1364 | CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); | |
1365 | /* | |
1366 | * Not much we can do if this assert ever fails. So we don't use | |
1367 | * ossl_assert here. | |
1368 | */ | |
1369 | assert(ref > 0); | |
1245 | 1370 | } |
1246 | 1371 | sk_OSSL_PROVIDER_free(provs); |
1247 | 1372 | return ret; |
1561 | 1686 | } |
1562 | 1687 | max = sk_OSSL_PROVIDER_num(store->providers); |
1563 | 1688 | for (i = 0; i < max; i++) { |
1689 | int activated; | |
1690 | ||
1564 | 1691 | prov = sk_OSSL_PROVIDER_value(store->providers, i); |
1565 | 1692 | |
1566 | 1693 | if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) |
1567 | 1694 | break; |
1695 | activated = prov->flag_activated; | |
1696 | CRYPTO_THREAD_unlock(prov->flag_lock); | |
1568 | 1697 | /* |
1569 | * We hold the lock while calling the user callback. This means that the | |
1570 | * user callback must be short and simple and not do anything likely to | |
1571 | * cause a deadlock. | |
1698 | * We hold the store lock while calling the user callback. This means | |
1699 | * that the user callback must be short and simple and not do anything | |
1700 | * likely to cause a deadlock. We don't hold the flag_lock during this | |
1701 | * call. In theory this means that another thread could deactivate it | |
1702 | * while we are calling create. This is ok because the other thread | |
1703 | * will also call remove_cb, but won't be able to do so until we release | |
1704 | * the store lock. | |
1572 | 1705 | */ |
1573 | if (prov->flag_activated | |
1574 | && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) | |
1706 | if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) | |
1575 | 1707 | break; |
1576 | CRYPTO_THREAD_unlock(prov->flag_lock); | |
1577 | 1708 | } |
1578 | 1709 | if (i == max) { |
1579 | 1710 | /* Success */ |
217 | 217 | return ret; |
218 | 218 | } |
219 | 219 | |
220 | #ifndef FIPS_MODULE | |
221 | static int bn_is_three(const BIGNUM *bn) | |
222 | { | |
223 | BIGNUM *num = BN_dup(bn); | |
224 | int ret = (num != NULL && BN_sub_word(num, 3) && BN_is_zero(num)); | |
225 | ||
226 | BN_free(num); | |
227 | return ret; | |
228 | } | |
229 | #endif /* FIPS_MODULE */ | |
230 | ||
231 | /* Check exponent is odd, and has a bitlen ranging from [17..256] */ | |
220 | /* | |
221 | * Check exponent is odd. | |
222 | * For FIPS also check the bit length is in the range [17..256] | |
223 | */ | |
232 | 224 | int ossl_rsa_check_public_exponent(const BIGNUM *e) |
233 | 225 | { |
226 | #ifdef FIPS_MODULE | |
234 | 227 | int bitlen; |
235 | ||
236 | /* For legacy purposes RSA_3 is allowed in non fips mode */ | |
237 | #ifndef FIPS_MODULE | |
238 | if (bn_is_three(e)) | |
239 | return 1; | |
240 | #endif /* FIPS_MODULE */ | |
241 | 228 | |
242 | 229 | bitlen = BN_num_bits(e); |
243 | 230 | return (BN_is_odd(e) && bitlen > 16 && bitlen < 257); |
231 | #else | |
232 | /* Allow small exponents larger than 1 for legacy purposes */ | |
233 | return BN_is_odd(e) && BN_cmp(e, BN_value_one()) > 0; | |
234 | #endif /* FIPS_MODULE */ | |
244 | 235 | } |
245 | 236 | |
246 | 237 | /* |
66 | 66 | return field_size; |
67 | 67 | } |
68 | 68 | |
69 | int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, | |
70 | size_t msg_len, size_t *pt_size) | |
69 | int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, | |
70 | size_t *pt_size) | |
71 | 71 | { |
72 | const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); | |
73 | const int md_size = EVP_MD_get_size(digest); | |
74 | size_t overhead; | |
75 | ||
76 | if (md_size < 0) { | |
77 | ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_DIGEST); | |
78 | return 0; | |
79 | } | |
80 | if (field_size == 0) { | |
81 | ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_FIELD); | |
82 | return 0; | |
83 | } | |
84 | ||
85 | overhead = 10 + 2 * field_size + (size_t)md_size; | |
86 | if (msg_len <= overhead) { | |
72 | struct SM2_Ciphertext_st *sm2_ctext = NULL; | |
73 | ||
74 | sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); | |
75 | ||
76 | if (sm2_ctext == NULL) { | |
87 | 77 | ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); |
88 | 78 | return 0; |
89 | 79 | } |
90 | 80 | |
91 | *pt_size = msg_len - overhead; | |
81 | *pt_size = sm2_ctext->C2->length; | |
82 | SM2_Ciphertext_free(sm2_ctext); | |
83 | ||
92 | 84 | return 1; |
93 | 85 | } |
94 | 86 | |
319 | 311 | C2 = sm2_ctext->C2->data; |
320 | 312 | C3 = sm2_ctext->C3->data; |
321 | 313 | msg_len = sm2_ctext->C2->length; |
314 | if (*ptext_len < (size_t)msg_len) { | |
315 | ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL); | |
316 | goto done; | |
317 | } | |
322 | 318 | |
323 | 319 | ctx = BN_CTX_new_ex(libctx); |
324 | 320 | if (ctx == NULL) { |
69 | 69 | unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, |
70 | 70 | unsigned char *hexstr, long len) |
71 | 71 | { |
72 | OPENSSL_free(ctx->imprint); | |
72 | 73 | ctx->imprint = hexstr; |
73 | 74 | ctx->imprint_len = len; |
74 | 75 | return ctx->imprint; |
16 | 16 | return 0; |
17 | 17 | } |
18 | 18 | |
19 | #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) | |
19 | #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) | |
20 | 20 | |
21 | 21 | # include <unistd.h> |
22 | 22 |
39 | 39 | STACK_OF(CONF_VALUE) |
40 | 40 | *extlist) |
41 | 41 | { |
42 | char *tmp; | |
42 | char *tmp = NULL; | |
43 | STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; | |
44 | ||
43 | 45 | if (akeyid->keyid) { |
44 | 46 | tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); |
45 | 47 | if (tmp == NULL) { |
46 | 48 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
47 | 49 | return NULL; |
48 | 50 | } |
49 | X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, | |
50 | tmp, &extlist); | |
51 | if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, | |
52 | tmp, &extlist)) { | |
53 | OPENSSL_free(tmp); | |
54 | ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); | |
55 | goto err; | |
56 | } | |
51 | 57 | OPENSSL_free(tmp); |
52 | 58 | } |
53 | if (akeyid->issuer) | |
54 | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | |
59 | if (akeyid->issuer) { | |
60 | tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | |
61 | if (tmpextlist == NULL) { | |
62 | ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); | |
63 | goto err; | |
64 | } | |
65 | extlist = tmpextlist; | |
66 | } | |
55 | 67 | if (akeyid->serial) { |
56 | 68 | tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); |
57 | 69 | if (tmp == NULL) { |
58 | 70 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
59 | return NULL; | |
60 | } | |
61 | X509V3_add_value("serial", tmp, &extlist); | |
71 | goto err; | |
72 | } | |
73 | if (!X509V3_add_value("serial", tmp, &extlist)) { | |
74 | OPENSSL_free(tmp); | |
75 | goto err; | |
76 | } | |
62 | 77 | OPENSSL_free(tmp); |
63 | 78 | } |
64 | 79 | return extlist; |
80 | err: | |
81 | if (origextlist == NULL) | |
82 | sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); | |
83 | return NULL; | |
65 | 84 | } |
66 | 85 | |
67 | 86 | /*- |
486 | 486 | return NULL; |
487 | 487 | CONF_set_nconf(ctmp, conf); |
488 | 488 | ret = X509V3_EXT_nconf(ctmp, ctx, name, value); |
489 | CONF_set_nconf(ctmp, NULL); | |
489 | 490 | NCONF_free(ctmp); |
490 | 491 | return ret; |
491 | 492 | } |
500 | 501 | return NULL; |
501 | 502 | CONF_set_nconf(ctmp, conf); |
502 | 503 | ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value); |
504 | CONF_set_nconf(ctmp, NULL); | |
503 | 505 | NCONF_free(ctmp); |
504 | 506 | return ret; |
505 | 507 | } |
541 | 543 | return 0; |
542 | 544 | CONF_set_nconf(ctmp, conf); |
543 | 545 | ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert); |
546 | CONF_set_nconf(ctmp, NULL); | |
544 | 547 | NCONF_free(ctmp); |
545 | 548 | return ret; |
546 | 549 | } |
557 | 560 | return 0; |
558 | 561 | CONF_set_nconf(ctmp, conf); |
559 | 562 | ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl); |
563 | CONF_set_nconf(ctmp, NULL); | |
560 | 564 | NCONF_free(ctmp); |
561 | 565 | return ret; |
562 | 566 | } |
573 | 577 | return 0; |
574 | 578 | CONF_set_nconf(ctmp, conf); |
575 | 579 | ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req); |
580 | CONF_set_nconf(ctmp, NULL); | |
576 | 581 | NCONF_free(ctmp); |
577 | 582 | return ret; |
578 | 583 | } |
425 | 425 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
426 | 426 | switch (OBJ_obj2nid(qualinfo->pqualid)) { |
427 | 427 | case NID_id_qt_cps: |
428 | BIO_printf(out, "%*sCPS: %s", indent, "", | |
428 | BIO_printf(out, "%*sCPS: %.*s", indent, "", | |
429 | qualinfo->d.cpsuri->length, | |
429 | 430 | qualinfo->d.cpsuri->data); |
430 | 431 | break; |
431 | 432 | |
449 | 450 | if (notice->noticeref) { |
450 | 451 | NOTICEREF *ref; |
451 | 452 | ref = notice->noticeref; |
452 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | |
453 | BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", | |
454 | ref->organization->length, | |
453 | 455 | ref->organization->data); |
454 | 456 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
455 | 457 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
473 | 475 | BIO_puts(out, "\n"); |
474 | 476 | } |
475 | 477 | if (notice->exptext) |
476 | BIO_printf(out, "%*sExplicit Text: %s", indent, "", | |
478 | BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", | |
479 | notice->exptext->length, | |
477 | 480 | notice->exptext->data); |
478 | 481 | } |
479 | 482 |
65 | 65 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) |
66 | 66 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) |
67 | 67 | |
68 | ||
69 | #define IA5_OFFSET_LEN(ia5base, offset) \ | |
70 | ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) | |
71 | ||
72 | /* Like memchr but for ASN1_IA5STRING. Additionally you can specify the | |
73 | * starting point to search from | |
74 | */ | |
75 | # define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) | |
76 | ||
77 | /* Like memrrchr but for ASN1_IA5STRING */ | |
78 | static char *ia5memrchr(ASN1_IA5STRING *str, int c) | |
79 | { | |
80 | int i; | |
81 | ||
82 | for (i = str->length; i > 0 && str->data[i - 1] != c; i--); | |
83 | ||
84 | if (i == 0) | |
85 | return NULL; | |
86 | ||
87 | return (char *)&str->data[i - 1]; | |
88 | } | |
89 | ||
68 | 90 | /* |
69 | * We cannot use strncasecmp here because that applies locale specific rules. | |
91 | * We cannot use strncasecmp here because that applies locale specific rules. It | |
92 | * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. | |
70 | 93 | * For example in Turkish 'I' is not the uppercase character for 'i'. We need to |
71 | 94 | * do a simple ASCII case comparison ignoring the locale (that is why we use |
72 | 95 | * numeric constants below). |
91 | 114 | |
92 | 115 | /* c1 > c2 */ |
93 | 116 | return 1; |
94 | } else if (*s1 == 0) { | |
95 | /* If we get here we know that *s2 == 0 too */ | |
96 | return 0; | |
97 | 117 | } |
98 | 118 | } |
99 | 119 | |
100 | 120 | return 0; |
101 | } | |
102 | ||
103 | static int ia5casecmp(const char *s1, const char *s2) | |
104 | { | |
105 | return ia5ncasecmp(s1, s2, SIZE_MAX); | |
106 | 121 | } |
107 | 122 | |
108 | 123 | static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, |
333 | 348 | --utf8_length; |
334 | 349 | |
335 | 350 | /* Reject *embedded* NULs */ |
336 | if ((size_t)utf8_length != strlen((char *)utf8_value)) { | |
351 | if (memchr(utf8_value, 0, utf8_length) != NULL) { | |
337 | 352 | OPENSSL_free(utf8_value); |
338 | 353 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
339 | 354 | } |
570 | 585 | char *dnsptr = (char *)dns->data; |
571 | 586 | |
572 | 587 | /* Empty matches everything */ |
573 | if (*baseptr == '\0') | |
588 | if (base->length == 0) | |
574 | 589 | return X509_V_OK; |
590 | ||
591 | if (dns->length < base->length) | |
592 | return X509_V_ERR_PERMITTED_VIOLATION; | |
593 | ||
575 | 594 | /* |
576 | 595 | * Otherwise can add zero or more components on the left so compare RHS |
577 | 596 | * and if dns is longer and expect '.' as preceding character. |
582 | 601 | return X509_V_ERR_PERMITTED_VIOLATION; |
583 | 602 | } |
584 | 603 | |
585 | if (ia5casecmp(baseptr, dnsptr)) | |
604 | if (ia5ncasecmp(baseptr, dnsptr, base->length)) | |
586 | 605 | return X509_V_ERR_PERMITTED_VIOLATION; |
587 | 606 | |
588 | 607 | return X509_V_OK; |
599 | 618 | static int nc_email_eai(ASN1_TYPE *emltype, ASN1_IA5STRING *base) |
600 | 619 | { |
601 | 620 | ASN1_UTF8STRING *eml; |
602 | const char *baseptr = (char *)base->data; | |
621 | char *baseptr = NULL; | |
603 | 622 | const char *emlptr; |
604 | 623 | const char *emlat; |
605 | 624 | char ulabel[256]; |
606 | 625 | size_t size = sizeof(ulabel) - 1; |
607 | ||
608 | if (emltype->type != V_ASN1_UTF8STRING) | |
626 | int ret = X509_V_OK; | |
627 | size_t emlhostlen; | |
628 | ||
629 | /* We do not accept embedded NUL characters */ | |
630 | if (base->length > 0 && memchr(base->data, 0, base->length) != NULL) | |
609 | 631 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
632 | ||
633 | /* 'base' may not be NUL terminated. Create a copy that is */ | |
634 | baseptr = OPENSSL_strndup((char *)base->data, base->length); | |
635 | if (baseptr == NULL) | |
636 | return X509_V_ERR_OUT_OF_MEM; | |
637 | ||
638 | if (emltype->type != V_ASN1_UTF8STRING) { | |
639 | ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; | |
640 | goto end; | |
641 | } | |
610 | 642 | |
611 | 643 | eml = emltype->value.utf8string; |
612 | 644 | emlptr = (char *)eml->data; |
613 | emlat = strrchr(emlptr, '@'); | |
614 | ||
615 | if (emlat == NULL) | |
616 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; | |
645 | emlat = ia5memrchr(eml, '@'); | |
646 | ||
647 | if (emlat == NULL) { | |
648 | ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; | |
649 | goto end; | |
650 | } | |
617 | 651 | |
618 | 652 | memset(ulabel, 0, sizeof(ulabel)); |
619 | 653 | /* Special case: initial '.' is RHS match */ |
620 | 654 | if (*baseptr == '.') { |
621 | 655 | ulabel[0] = '.'; |
622 | 656 | size -= 1; |
623 | if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0) | |
624 | return X509_V_ERR_UNSPECIFIED; | |
625 | ||
626 | if ((size_t)eml->length > size + 1) { | |
627 | emlptr += eml->length - (size + 1); | |
628 | if (ia5casecmp(ulabel, emlptr) == 0) | |
629 | return X509_V_OK; | |
657 | if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0) { | |
658 | ret = X509_V_ERR_UNSPECIFIED; | |
659 | goto end; | |
630 | 660 | } |
631 | return X509_V_ERR_PERMITTED_VIOLATION; | |
632 | } | |
633 | ||
661 | ||
662 | if ((size_t)eml->length > strlen(ulabel)) { | |
663 | emlptr += eml->length - (strlen(ulabel)); | |
664 | /* X509_V_OK */ | |
665 | if (ia5ncasecmp(ulabel, emlptr, strlen(ulabel)) == 0) | |
666 | goto end; | |
667 | } | |
668 | ret = X509_V_ERR_PERMITTED_VIOLATION; | |
669 | goto end; | |
670 | } | |
671 | ||
672 | if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0) { | |
673 | ret = X509_V_ERR_UNSPECIFIED; | |
674 | goto end; | |
675 | } | |
676 | /* Just have hostname left to match: case insensitive */ | |
634 | 677 | emlptr = emlat + 1; |
635 | if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0) | |
636 | return X509_V_ERR_UNSPECIFIED; | |
637 | /* Just have hostname left to match: case insensitive */ | |
638 | if (ia5casecmp(ulabel, emlptr)) | |
639 | return X509_V_ERR_PERMITTED_VIOLATION; | |
640 | ||
641 | return X509_V_OK; | |
642 | ||
678 | emlhostlen = IA5_OFFSET_LEN(eml, emlptr); | |
679 | if (emlhostlen != strlen(ulabel) | |
680 | || ia5ncasecmp(ulabel, emlptr, emlhostlen) != 0) { | |
681 | ret = X509_V_ERR_PERMITTED_VIOLATION; | |
682 | goto end; | |
683 | } | |
684 | ||
685 | end: | |
686 | OPENSSL_free(baseptr); | |
687 | return ret; | |
643 | 688 | } |
644 | 689 | |
645 | 690 | static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) |
646 | 691 | { |
647 | 692 | const char *baseptr = (char *)base->data; |
648 | 693 | const char *emlptr = (char *)eml->data; |
649 | ||
650 | const char *baseat = strrchr(baseptr, '@'); | |
651 | const char *emlat = strrchr(emlptr, '@'); | |
694 | const char *baseat = ia5memrchr(base, '@'); | |
695 | const char *emlat = ia5memrchr(eml, '@'); | |
696 | size_t basehostlen, emlhostlen; | |
697 | ||
652 | 698 | if (!emlat) |
653 | 699 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
654 | 700 | /* Special case: initial '.' is RHS match */ |
655 | if (!baseat && (*baseptr == '.')) { | |
701 | if (!baseat && base->length > 0 && (*baseptr == '.')) { | |
656 | 702 | if (eml->length > base->length) { |
657 | 703 | emlptr += eml->length - base->length; |
658 | if (ia5casecmp(baseptr, emlptr) == 0) | |
704 | if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) | |
659 | 705 | return X509_V_OK; |
660 | 706 | } |
661 | 707 | return X509_V_ERR_PERMITTED_VIOLATION; |
675 | 721 | baseptr = baseat + 1; |
676 | 722 | } |
677 | 723 | emlptr = emlat + 1; |
724 | basehostlen = IA5_OFFSET_LEN(base, baseptr); | |
725 | emlhostlen = IA5_OFFSET_LEN(eml, emlptr); | |
678 | 726 | /* Just have hostname left to match: case insensitive */ |
679 | if (ia5casecmp(baseptr, emlptr)) | |
727 | if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) | |
680 | 728 | return X509_V_ERR_PERMITTED_VIOLATION; |
681 | 729 | |
682 | 730 | return X509_V_OK; |
687 | 735 | { |
688 | 736 | const char *baseptr = (char *)base->data; |
689 | 737 | const char *hostptr = (char *)uri->data; |
690 | const char *p = strchr(hostptr, ':'); | |
738 | const char *p = ia5memchr(uri, (char *)uri->data, ':'); | |
691 | 739 | int hostlen; |
692 | 740 | |
693 | 741 | /* Check for foo:// and skip past it */ |
694 | if (p == NULL || p[1] != '/' || p[2] != '/') | |
742 | if (p == NULL | |
743 | || IA5_OFFSET_LEN(uri, p) < 3 | |
744 | || p[1] != '/' | |
745 | || p[2] != '/') | |
695 | 746 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
696 | 747 | hostptr = p + 3; |
697 | 748 | |
699 | 750 | |
700 | 751 | /* Look for a port indicator as end of hostname first */ |
701 | 752 | |
702 | p = strchr(hostptr, ':'); | |
753 | p = ia5memchr(uri, hostptr, ':'); | |
703 | 754 | /* Otherwise look for trailing slash */ |
704 | 755 | if (p == NULL) |
705 | p = strchr(hostptr, '/'); | |
756 | p = ia5memchr(uri, hostptr, '/'); | |
706 | 757 | |
707 | 758 | if (p == NULL) |
708 | hostlen = strlen(hostptr); | |
759 | hostlen = IA5_OFFSET_LEN(uri, hostptr); | |
709 | 760 | else |
710 | 761 | hostlen = p - hostptr; |
711 | 762 | |
713 | 764 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
714 | 765 | |
715 | 766 | /* Special case: initial '.' is RHS match */ |
716 | if (*baseptr == '.') { | |
767 | if (base->length > 0 && *baseptr == '.') { | |
717 | 768 | if (hostlen > base->length) { |
718 | 769 | p = hostptr + hostlen - base->length; |
719 | 770 | if (ia5ncasecmp(p, baseptr, base->length) == 0) |
75 | 75 | BIO_printf(out, "%*sPolicy Language: ", indent, ""); |
76 | 76 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); |
77 | 77 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) |
78 | BIO_printf(out, "\n%*sPolicy Text: %s", indent, "", | |
78 | BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "", | |
79 | pci->proxyPolicy->policy->length, | |
79 | 80 | pci->proxyPolicy->policy->data); |
80 | 81 | return 1; |
81 | 82 | } |
8 | 8 | |
9 | 9 | #include <stdio.h> |
10 | 10 | #include "internal/cryptlib.h" |
11 | #include "crypto/x509.h" | |
11 | 12 | #include <openssl/conf.h> |
12 | 13 | #include <openssl/x509v3.h> |
13 | 14 | #include <openssl/bio.h> |
86 | 87 | switch (OBJ_obj2nid(gen->d.otherName->type_id)) { |
87 | 88 | case NID_id_on_SmtpUTF8Mailbox: |
88 | 89 | if (gen->d.otherName->value->type != V_ASN1_UTF8STRING |
89 | || !X509V3_add_value_uchar("othername: SmtpUTF8Mailbox:", | |
90 | || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:", | |
90 | 91 | gen->d.otherName->value->value.utf8string->data, |
92 | gen->d.otherName->value->value.utf8string->length, | |
91 | 93 | &ret)) |
92 | 94 | return NULL; |
93 | 95 | break; |
94 | 96 | case NID_XmppAddr: |
95 | 97 | if (gen->d.otherName->value->type != V_ASN1_UTF8STRING |
96 | || !X509V3_add_value_uchar("othername: XmppAddr:", | |
98 | || !x509v3_add_len_value_uchar("othername: XmppAddr:", | |
97 | 99 | gen->d.otherName->value->value.utf8string->data, |
100 | gen->d.otherName->value->value.utf8string->length, | |
98 | 101 | &ret)) |
99 | 102 | return NULL; |
100 | 103 | break; |
101 | 104 | case NID_SRVName: |
102 | 105 | if (gen->d.otherName->value->type != V_ASN1_IA5STRING |
103 | || !X509V3_add_value_uchar("othername: SRVName:", | |
106 | || !x509v3_add_len_value_uchar("othername: SRVName:", | |
104 | 107 | gen->d.otherName->value->value.ia5string->data, |
108 | gen->d.otherName->value->value.ia5string->length, | |
105 | 109 | &ret)) |
106 | 110 | return NULL; |
107 | 111 | break; |
108 | 112 | case NID_ms_upn: |
109 | 113 | if (gen->d.otherName->value->type != V_ASN1_UTF8STRING |
110 | || !X509V3_add_value_uchar("othername: UPN:", | |
114 | || !x509v3_add_len_value_uchar("othername: UPN:", | |
111 | 115 | gen->d.otherName->value->value.utf8string->data, |
116 | gen->d.otherName->value->value.utf8string->length, | |
112 | 117 | &ret)) |
113 | 118 | return NULL; |
114 | 119 | break; |
115 | 120 | case NID_NAIRealm: |
116 | 121 | if (gen->d.otherName->value->type != V_ASN1_UTF8STRING |
117 | || !X509V3_add_value_uchar("othername: NAIRealm:", | |
122 | || !x509v3_add_len_value_uchar("othername: NAIRealm:", | |
118 | 123 | gen->d.otherName->value->value.utf8string->data, |
124 | gen->d.otherName->value->value.utf8string->length, | |
119 | 125 | &ret)) |
120 | 126 | return NULL; |
121 | 127 | break; |
128 | 134 | |
129 | 135 | /* check if the value is something printable */ |
130 | 136 | if (gen->d.otherName->value->type == V_ASN1_IA5STRING) { |
131 | if (X509V3_add_value_uchar(othername, | |
137 | if (x509v3_add_len_value_uchar(othername, | |
132 | 138 | gen->d.otherName->value->value.ia5string->data, |
139 | gen->d.otherName->value->value.ia5string->length, | |
133 | 140 | &ret)) |
134 | 141 | return ret; |
135 | 142 | } |
136 | 143 | if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { |
137 | if (X509V3_add_value_uchar(othername, | |
144 | if (x509v3_add_len_value_uchar(othername, | |
138 | 145 | gen->d.otherName->value->value.utf8string->data, |
146 | gen->d.otherName->value->value.utf8string->length, | |
139 | 147 | &ret)) |
140 | 148 | return ret; |
141 | 149 | } |
156 | 164 | break; |
157 | 165 | |
158 | 166 | case GEN_EMAIL: |
159 | if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) | |
167 | if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, | |
168 | gen->d.ia5->length, &ret)) | |
160 | 169 | return NULL; |
161 | 170 | break; |
162 | 171 | |
163 | 172 | case GEN_DNS: |
164 | if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) | |
173 | if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, | |
174 | gen->d.ia5->length, &ret)) | |
165 | 175 | return NULL; |
166 | 176 | break; |
167 | 177 | |
168 | 178 | case GEN_URI: |
169 | if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) | |
179 | if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, | |
180 | gen->d.ia5->length, &ret)) | |
170 | 181 | return NULL; |
171 | 182 | break; |
172 | 183 | |
211 | 222 | |
212 | 223 | switch (nid) { |
213 | 224 | case NID_id_on_SmtpUTF8Mailbox: |
214 | BIO_printf(out, "othername:SmtpUTF8Mailbox:%s", | |
225 | BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", | |
226 | gen->d.otherName->value->value.utf8string->length, | |
215 | 227 | gen->d.otherName->value->value.utf8string->data); |
216 | 228 | break; |
217 | 229 | case NID_XmppAddr: |
218 | BIO_printf(out, "othername:XmppAddr:%s", | |
230 | BIO_printf(out, "othername:XmppAddr:%.*s", | |
231 | gen->d.otherName->value->value.utf8string->length, | |
219 | 232 | gen->d.otherName->value->value.utf8string->data); |
220 | 233 | break; |
221 | 234 | case NID_SRVName: |
222 | BIO_printf(out, "othername:SRVName:%s", | |
235 | BIO_printf(out, "othername:SRVName:%.*s", | |
236 | gen->d.otherName->value->value.ia5string->length, | |
223 | 237 | gen->d.otherName->value->value.ia5string->data); |
224 | 238 | break; |
225 | 239 | case NID_ms_upn: |
226 | BIO_printf(out, "othername:UPN:%s", | |
240 | BIO_printf(out, "othername:UPN:%.*s", | |
241 | gen->d.otherName->value->value.utf8string->length, | |
227 | 242 | gen->d.otherName->value->value.utf8string->data); |
228 | 243 | break; |
229 | 244 | case NID_NAIRealm: |
230 | BIO_printf(out, "othername:NAIRealm:%s", | |
245 | BIO_printf(out, "othername:NAIRealm:%.*s", | |
246 | gen->d.otherName->value->value.utf8string->length, | |
231 | 247 | gen->d.otherName->value->value.utf8string->data); |
232 | 248 | break; |
233 | 249 | default: |
11 | 11 | #include "e_os.h" |
12 | 12 | #include "internal/cryptlib.h" |
13 | 13 | #include <stdio.h> |
14 | #include <string.h> | |
14 | 15 | #include "crypto/ctype.h" |
15 | 16 | #include <openssl/conf.h> |
16 | 17 | #include <openssl/crypto.h> |
35 | 36 | |
36 | 37 | /* Add a CONF_VALUE name value pair to stack */ |
37 | 38 | |
38 | int X509V3_add_value(const char *name, const char *value, | |
39 | STACK_OF(CONF_VALUE) **extlist) | |
39 | static int x509v3_add_len_value(const char *name, const char *value, | |
40 | size_t vallen, STACK_OF(CONF_VALUE) **extlist) | |
40 | 41 | { |
41 | 42 | CONF_VALUE *vtmp = NULL; |
42 | 43 | char *tname = NULL, *tvalue = NULL; |
43 | 44 | int sk_allocated = (*extlist == NULL); |
44 | 45 | |
45 | if (name && (tname = OPENSSL_strdup(name)) == NULL) | |
46 | if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) | |
46 | 47 | goto err; |
47 | if (value && (tvalue = OPENSSL_strdup(value)) == NULL) | |
48 | goto err; | |
48 | if (value != NULL) { | |
49 | /* We don't allow embeded NUL characters */ | |
50 | if (memchr(value, 0, vallen) != NULL) | |
51 | goto err; | |
52 | tvalue = OPENSSL_strndup(value, vallen); | |
53 | if (tvalue == NULL) | |
54 | goto err; | |
55 | } | |
49 | 56 | if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) |
50 | 57 | goto err; |
51 | 58 | if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) |
68 | 75 | return 0; |
69 | 76 | } |
70 | 77 | |
78 | int X509V3_add_value(const char *name, const char *value, | |
79 | STACK_OF(CONF_VALUE) **extlist) | |
80 | { | |
81 | return x509v3_add_len_value(name, value, | |
82 | value != NULL ? strlen((const char *)value) : 0, | |
83 | extlist); | |
84 | } | |
85 | ||
71 | 86 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, |
72 | 87 | STACK_OF(CONF_VALUE) **extlist) |
73 | 88 | { |
74 | return X509V3_add_value(name, (const char *)value, extlist); | |
89 | return x509v3_add_len_value(name, (const char *)value, | |
90 | value != NULL ? strlen((const char *)value) : 0, | |
91 | extlist); | |
92 | } | |
93 | ||
94 | int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, | |
95 | size_t vallen, STACK_OF(CONF_VALUE) **extlist) | |
96 | { | |
97 | return x509v3_add_len_value(name, (const char *)value, vallen, extlist); | |
75 | 98 | } |
76 | 99 | |
77 | 100 | /* Free function for STACK_OF(CONF_VALUE) */ |
505 | 528 | /* First some sanity checks */ |
506 | 529 | if (email->type != V_ASN1_IA5STRING) |
507 | 530 | return 1; |
508 | if (!email->data || !email->length) | |
531 | if (email->data == NULL || email->length == 0) | |
532 | return 1; | |
533 | if (memchr(email->data, 0, email->length) != NULL) | |
509 | 534 | return 1; |
510 | 535 | if (*sk == NULL) |
511 | 536 | *sk = sk_OPENSSL_STRING_new(sk_strcmp); |
512 | 537 | if (*sk == NULL) |
513 | 538 | return 0; |
539 | ||
540 | emtmp = OPENSSL_strndup((char *)email->data, email->length); | |
541 | if (emtmp == NULL) | |
542 | return 0; | |
543 | ||
514 | 544 | /* Don't add duplicates */ |
515 | if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) | |
545 | if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { | |
546 | OPENSSL_free(emtmp); | |
516 | 547 | return 1; |
517 | emtmp = OPENSSL_strdup((char *)email->data); | |
518 | if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { | |
548 | } | |
549 | if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { | |
519 | 550 | OPENSSL_free(emtmp); /* free on push failure */ |
520 | 551 | X509_email_free(*sk); |
521 | 552 | *sk = NULL; |
869 | 900 | if (OBJ_obj2nid(gen->d.otherName->type_id) == |
870 | 901 | NID_id_on_SmtpUTF8Mailbox) { |
871 | 902 | san_present = 1; |
872 | cstr = gen->d.otherName->value->value.utf8string; | |
873 | ||
874 | /* Positive on success, negative on error! */ | |
875 | if ((rv = do_check_string(cstr, 0, equal, flags, | |
876 | chk, chklen, peername)) != 0) | |
877 | break; | |
903 | ||
904 | /* | |
905 | * If it is not a UTF8String then that is unexpected and we | |
906 | * treat it as no match | |
907 | */ | |
908 | if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { | |
909 | cstr = gen->d.otherName->value->value.utf8string; | |
910 | ||
911 | /* Positive on success, negative on error! */ | |
912 | if ((rv = do_check_string(cstr, 0, equal, flags, | |
913 | chk, chklen, peername)) != 0) | |
914 | break; | |
915 | } | |
878 | 916 | } else |
879 | 917 | continue; |
880 | 918 | } else { |
1095 | 1133 | |
1096 | 1134 | static int ipv4_from_asc(unsigned char *v4, const char *in) |
1097 | 1135 | { |
1098 | int a0, a1, a2, a3; | |
1099 | ||
1100 | if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) | |
1136 | const char *p; | |
1137 | int a0, a1, a2, a3, n; | |
1138 | ||
1139 | if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4) | |
1101 | 1140 | return 0; |
1102 | 1141 | if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) |
1103 | 1142 | || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) |
1143 | return 0; | |
1144 | p = in + n; | |
1145 | if (!(*p == '\0' || ossl_isspace(*p))) | |
1104 | 1146 | return 0; |
1105 | 1147 | v4[0] = a0; |
1106 | 1148 | v4[1] = a1; |
22 | 22 | pbkdf2.c Demonstration of PBKDF2 password based key derivation |
23 | 23 | scrypt.c Demonstration of SCRYPT password based key derivation |
24 | 24 | |
25 | mac: | |
26 | gmac.c Demonstration of GMAC message authentication | |
27 | ||
25 | 28 | pkey: |
26 | 29 | EVP_PKEY_EC_keygen.c Generate an EC key. |
27 | 30 |
0 | 0 | # Example configuration file |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
4 | ||
1 | 5 | # Port to listen on |
2 | 6 | Port = 4433 |
7 | ||
3 | 8 | # Disable TLS v1.2 for test. |
4 | 9 | # Protocol = ALL, -TLSv1.2 |
5 | 10 | # Only support 3 curves |
6 | 11 | Curves = P-521:P-384:P-256 |
12 | ||
7 | 13 | # Restricted signature algorithms |
8 | 14 | SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 |
9 | 15 | Certificate=server.pem |
2 | 2 | # Name supplied by application to CONF_modules_load_file |
3 | 3 | # and section containing configuration |
4 | 4 | testapp = test_sect |
5 | ||
6 | # Comment out the next line to ignore configuration errors | |
7 | config_diagnostics = 1 | |
5 | 8 | |
6 | 9 | [test_sect] |
7 | 10 | # list of configuration modules |
0 | 0 | # Example configuration file |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
4 | ||
1 | 5 | # Connects to the default port of s_server |
2 | 6 | Connect = localhost:4433 |
7 | ||
3 | 8 | # Disable TLS v1.2 for test. |
4 | 9 | # Protocol = ALL, -TLSv1.2 |
5 | 10 | # Only support 3 curves |
6 | 11 | Curves = P-521:P-384:P-256 |
12 | ||
7 | 13 | # Restricted signature algorithms |
8 | 14 | SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 |
5 | 5 | # is undefined. |
6 | 6 | HOME = . |
7 | 7 | CN = "Not Defined" |
8 | ||
9 | # Comment out the next line to ignore configuration errors | |
10 | config_diagnostics = 1 | |
11 | ||
8 | 12 | |
9 | 13 | #################################################################### |
10 | 14 | [ req ] |
6 | 6 | HOME = . |
7 | 7 | CN = "Not Defined" |
8 | 8 | default_ca = ca |
9 | ||
10 | # Comment out the next line to ignore configuration errors | |
11 | config_diagnostics = 1 | |
9 | 12 | |
10 | 13 | #################################################################### |
11 | 14 | [ req ] |
0 | /* | |
1 | * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | #include <stdio.h> | |
10 | #include <stdlib.h> | |
11 | #include <openssl/core_names.h> | |
12 | #include <openssl/evp.h> | |
13 | #include <openssl/params.h> | |
14 | #include <openssl/err.h> | |
15 | ||
16 | /* | |
17 | * Taken from NIST's GCM Test Vectors | |
18 | * http://csrc.nist.gov/groups/STM/cavp/ | |
19 | */ | |
20 | ||
21 | /* | |
22 | * Hard coding the key into an application is very bad. | |
23 | * It is done here solely for educational purposes. | |
24 | */ | |
25 | static unsigned char key[] = { | |
26 | 0x77, 0xbe, 0x63, 0x70, 0x89, 0x71, 0xc4, 0xe2, | |
27 | 0x40, 0xd1, 0xcb, 0x79, 0xe8, 0xd7, 0x7f, 0xeb | |
28 | }; | |
29 | ||
30 | /* | |
31 | * The initialisation vector (IV) is better not being hard coded too. | |
32 | * Repeating password/IV pairs compromises the integrity of GMAC. | |
33 | * The IV is not considered secret information and is safe to store with | |
34 | * an encrypted password. | |
35 | */ | |
36 | static unsigned char iv[] = { | |
37 | 0xe0, 0xe0, 0x0f, 0x19, 0xfe, 0xd7, 0xba, | |
38 | 0x01, 0x36, 0xa7, 0x97, 0xf3 | |
39 | }; | |
40 | ||
41 | static unsigned char data[] = { | |
42 | 0x7a, 0x43, 0xec, 0x1d, 0x9c, 0x0a, 0x5a, 0x78, | |
43 | 0xa0, 0xb1, 0x65, 0x33, 0xa6, 0x21, 0x3c, 0xab | |
44 | }; | |
45 | ||
46 | static const unsigned char expected_output[] = { | |
47 | 0x20, 0x9f, 0xcc, 0x8d, 0x36, 0x75, 0xed, 0x93, | |
48 | 0x8e, 0x9c, 0x71, 0x66, 0x70, 0x9d, 0xd9, 0x46 | |
49 | }; | |
50 | ||
51 | /* | |
52 | * A property query used for selecting the GMAC implementation and the | |
53 | * underlying GCM mode cipher. | |
54 | */ | |
55 | static char *propq = NULL; | |
56 | ||
57 | int main(int argc, char **argv) | |
58 | { | |
59 | int rv = EXIT_FAILURE; | |
60 | EVP_MAC *mac = NULL; | |
61 | EVP_MAC_CTX *mctx = NULL; | |
62 | unsigned char out[16]; | |
63 | OSSL_PARAM params[4], *p = params; | |
64 | OSSL_LIB_CTX *library_context = NULL; | |
65 | size_t out_len = 0; | |
66 | ||
67 | library_context = OSSL_LIB_CTX_new(); | |
68 | if (library_context == NULL) { | |
69 | fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); | |
70 | goto end; | |
71 | } | |
72 | ||
73 | /* Fetch the GMAC implementation */ | |
74 | mac = EVP_MAC_fetch(library_context, "GMAC", propq); | |
75 | if (mac == NULL) { | |
76 | fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); | |
77 | goto end; | |
78 | } | |
79 | ||
80 | /* Create a context for the GMAC operation */ | |
81 | mctx = EVP_MAC_CTX_new(mac); | |
82 | if (mctx == NULL) { | |
83 | fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); | |
84 | goto end; | |
85 | } | |
86 | ||
87 | /* GMAC requries a GCM mode cipher to be specified */ | |
88 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, | |
89 | "AES-128-GCM", 0); | |
90 | ||
91 | /* | |
92 | * If a non-default property query is required when fetching the GCM mode | |
93 | * cipher, it needs to be specified too. | |
94 | */ | |
95 | if (propq != NULL) | |
96 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, | |
97 | propq, 0); | |
98 | ||
99 | /* Set the initialisation vector (IV) */ | |
100 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, | |
101 | iv, sizeof(iv)); | |
102 | *p = OSSL_PARAM_construct_end(); | |
103 | ||
104 | /* Initialise the GMAC operation */ | |
105 | if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { | |
106 | fprintf(stderr, "EVP_MAC_init() failed\n"); | |
107 | goto end; | |
108 | } | |
109 | ||
110 | /* Make one or more calls to process the data to be authenticated */ | |
111 | if (!EVP_MAC_update(mctx, data, sizeof(data))) { | |
112 | fprintf(stderr, "EVP_MAC_update() failed\n"); | |
113 | goto end; | |
114 | } | |
115 | ||
116 | /* Make one call to the final to get the MAC */ | |
117 | if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { | |
118 | fprintf(stderr, "EVP_MAC_final() failed\n"); | |
119 | goto end; | |
120 | } | |
121 | ||
122 | printf("Generated MAC:\n"); | |
123 | BIO_dump_indent_fp(stdout, out, out_len, 2); | |
124 | putchar('\n'); | |
125 | ||
126 | if (out_len != sizeof(expected_output)) { | |
127 | fprintf(stderr, "Generated MAC has an unexpected length\n"); | |
128 | goto end; | |
129 | } | |
130 | ||
131 | if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { | |
132 | fprintf(stderr, "Generated MAC does not match expected value\n"); | |
133 | goto end; | |
134 | } | |
135 | ||
136 | rv = EXIT_SUCCESS; | |
137 | end: | |
138 | EVP_MAC_CTX_free(mctx); | |
139 | EVP_MAC_free(mac); | |
140 | OSSL_LIB_CTX_free(library_context); | |
141 | if (rv != EXIT_SUCCESS) | |
142 | ERR_print_errors_fp(stderr); | |
143 | return rv; | |
144 | } |
4130 | 4130 | GENERATE[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod |
4131 | 4131 | DEPEND[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod |
4132 | 4132 | GENERATE[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod |
4133 | DEPEND[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod | |
4134 | GENERATE[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod | |
4135 | DEPEND[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod | |
4136 | GENERATE[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod | |
4133 | 4137 | DEPEND[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod |
4134 | 4138 | GENERATE[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod |
4135 | 4139 | DEPEND[man/man7/EVP_KDF-TLS1_PRF.7]=man7/EVP_KDF-TLS1_PRF.pod |
4557 | 4561 | html/man7/EVP_KDF-SCRYPT.html \ |
4558 | 4562 | html/man7/EVP_KDF-SS.html \ |
4559 | 4563 | html/man7/EVP_KDF-SSHKDF.html \ |
4564 | html/man7/EVP_KDF-TLS13_KDF.html \ | |
4560 | 4565 | html/man7/EVP_KDF-TLS1_PRF.html \ |
4561 | 4566 | html/man7/EVP_KDF-X942-ASN1.html \ |
4562 | 4567 | html/man7/EVP_KDF-X942-CONCAT.html \ |
4679 | 4684 | man/man7/EVP_KDF-SCRYPT.7 \ |
4680 | 4685 | man/man7/EVP_KDF-SS.7 \ |
4681 | 4686 | man/man7/EVP_KDF-SSHKDF.7 \ |
4687 | man/man7/EVP_KDF-TLS13_KDF.7 \ | |
4682 | 4688 | man/man7/EVP_KDF-TLS1_PRF.7 \ |
4683 | 4689 | man/man7/EVP_KDF-X942-ASN1.7 \ |
4684 | 4690 | man/man7/EVP_KDF-X942-CONCAT.7 \ |
9 | 9 | #include "internal/core.h" |
10 | 10 | |
11 | 11 | struct ossl_method_construct_method_st { |
12 | /* Create store */ | |
13 | void *(*alloc_tmp_store)(OSSL_LIB_CTX *ctx); | |
14 | /* Remove a store */ | |
15 | void (*dealloc_tmp_store)(void *store); | |
12 | /* Get a temporary store */ | |
13 | void *(*get_tmp_store)(void *data); | |
16 | 14 | /* Get an already existing method from a store */ |
17 | void *(*get)(OSSL_LIB_CTX *libctx, void *store, void *data); | |
15 | void *(*get)(void *store, void *data); | |
18 | 16 | /* Store a method in a store */ |
19 | int (*put)(OSSL_LIB_CTX *libctx, void *store, void *method, | |
20 | const OSSL_PROVIDER *prov, int operation_id, const char *name, | |
17 | int (*put)(void *store, void *method, | |
18 | const OSSL_PROVIDER *prov, const char *name, | |
21 | 19 | const char *propdef, void *data); |
22 | 20 | /* Construct a new method */ |
23 | 21 | void *(*construct)(const char *name, const OSSL_DISPATCH *fns, |
148 | 146 | |
149 | 147 | =head1 COPYRIGHT |
150 | 148 | |
151 | Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. | |
149 | Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
152 | 150 | |
153 | 151 | Licensed under the Apache License 2.0 (the "License"). You may not use this |
154 | 152 | file except in compliance with the License. You can obtain a copy in the file |
20 | 20 | explicitly removes the symbol from public view. |
21 | 21 | |
22 | 22 | OpenSSL configuration supports deprecation as well as simulating removal of |
23 | symbols from public view (with the configuration option `no-deprecated`, or | |
23 | symbols from public view (with the configuration option C<no-deprecated>, or | |
24 | 24 | if the user chooses to do so, with L<OPENSSL_NO_DEPRECATED(7)>), and also |
25 | 25 | supports doing this in terms of a specified OpenSSL version (with the |
26 | configuration option `--api`, or if the user chooses to do so, with | |
26 | configuration option C<--api>, or if the user chooses to do so, with | |
27 | 27 | L<OPENSSL_API_COMPAT(7)>). |
28 | 28 | |
29 | 29 | Deprecation is done using attribute macros named |
129 | 129 | |
130 | 130 | =head1 COPYRIGHT |
131 | 131 | |
132 | Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
132 | Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
133 | 133 | |
134 | 134 | Licensed under the Apache License 2.0 (the "License"). You may not use |
135 | 135 | this file except in compliance with the License. You can obtain a copy |
370 | 370 | |
371 | 371 | Port to listen for OCSP requests on. The port may also be specified |
372 | 372 | using the B<url> option. |
373 | A `0` argument indicates that any available port shall be chosen automatically. | |
373 | A C<0> argument indicates that any available port shall be chosen automatically. | |
374 | 374 | |
375 | 375 | =item B<-ignore_err> |
376 | 376 |
261 | 261 | For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not |
262 | 262 | explicitly set in PSS mode then the signing digest is used. |
263 | 263 | |
264 | =item B<rsa_oaep_md:>I<digest> | |
265 | ||
266 | Sets the digest used for the OAEP hash function. If not explicitly set then | |
267 | SHA1 is used. | |
268 | ||
264 | 269 | =back |
265 | 270 | |
266 | 271 | =head1 RSA-PSS ALGORITHM |
389 | 394 | |
390 | 395 | openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \ |
391 | 396 | -rawin -digest sm3 -pkeyopt distid:someid |
397 | ||
398 | Decrypt some data using a private key with OAEP padding using SHA256: | |
399 | ||
400 | openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \ | |
401 | -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 | |
392 | 402 | |
393 | 403 | =head1 SEE ALSO |
394 | 404 |
102 | 102 | |
103 | 103 | =item B<-passin> I<arg> |
104 | 104 | |
105 | The password source for the request input file and the certificate input. | |
105 | The password source for private key and certificate input. | |
106 | 106 | For more information about the format of B<arg> |
107 | 107 | see L<openssl-passphrase-options(1)>. |
108 | 108 | |
123 | 123 | =item B<-subject> |
124 | 124 | |
125 | 125 | Prints out the certificate request subject |
126 | (or certificate subject if B<-x509> is specified). | |
126 | (or certificate subject if B<-x509> is in use). | |
127 | 127 | |
128 | 128 | =item B<-pubkey> |
129 | 129 | |
192 | 192 | |
193 | 193 | =item B<-key> I<filename>|I<uri> |
194 | 194 | |
195 | This specifies the private key to use for request self-signature | |
196 | and signing certificates produced using the B<-x509> option. | |
195 | This specifies the key to include and to use for request self-signature | |
196 | and for self-signing certificates produced with the B<-x509> option. | |
197 | 197 | It also accepts PKCS#8 format private keys for PEM format files. |
198 | 198 | |
199 | 199 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
204 | 204 | =item B<-keyout> I<filename> |
205 | 205 | |
206 | 206 | This gives the filename to write any private key to that has been newly created |
207 | or read from B<-key>. | |
208 | If the B<-keyout> option is not given the filename specified in the | |
209 | configuration file with the B<default_keyfile> option is used, if present. | |
210 | If a new key is generated and no filename is specified | |
211 | the key is written to standard output. | |
207 | or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option | |
208 | are given then the filename specified in the configuration file with the | |
209 | B<default_keyfile> option is used, if present. Thus, if you want to write the | |
210 | private key and the B<-key> option is provided, you should provide the | |
211 | B<-keyout> option explicitly. If a new key is generated and no filename is | |
212 | specified the key is written to standard output. | |
212 | 213 | |
213 | 214 | =item B<-noenc> |
214 | 215 | |
264 | 265 | |
265 | 266 | This option outputs a certificate instead of a certificate request. |
266 | 267 | This is typically used to generate test certificates. |
268 | It is implied by the B<-CA> option. | |
267 | 269 | |
268 | 270 | If an existing request is specified with the B<-in> option, it is converted |
269 | 271 | to the a certificate; otherwise a request is created from scratch. |
279 | 281 | |
280 | 282 | =item B<-CA> I<filename>|I<uri> |
281 | 283 | |
282 | Specifies the "CA" certificate to be used for signing with the B<-x509> option. | |
284 | Specifies the "CA" certificate to be used for signing a new certificate | |
285 | and implies use of B<-x509>. | |
283 | 286 | When present, this behaves like a "micro CA" as follows: |
284 | 287 | The subject name of the "CA" certificate is placed as issuer name in the new |
285 | 288 | certificate, which is then signed using the "CA" key given as specified below. |
292 | 295 | |
293 | 296 | =item B<-days> I<n> |
294 | 297 | |
295 | When the B<-x509> option is being used this specifies the number of | |
298 | When B<-x509> is in use this specifies the number of | |
296 | 299 | days to certify the certificate for, otherwise it is ignored. I<n> should |
297 | 300 | be a positive integer. The default is 30 days. |
298 | 301 | |
305 | 308 | =item B<-copy_extensions> I<arg> |
306 | 309 | |
307 | 310 | Determines how X.509 extensions in certificate requests should be handled |
308 | when B<-x509> is given. | |
311 | when B<-x509> is in use. | |
309 | 312 | If I<arg> is B<none> or this option is not present then extensions are ignored. |
310 | 313 | If I<arg> is B<copy> or B<copyall> then |
311 | 314 | all extensions in the request are copied to the certificate. |
315 | 318 | |
316 | 319 | =item B<-addext> I<ext> |
317 | 320 | |
318 | Add a specific extension to the certificate (if the B<-x509> option is | |
319 | present) or certificate request. The argument must have the form of | |
321 | Add a specific extension to the certificate (if B<-x509> is in use) | |
322 | or certificate request. The argument must have the form of | |
320 | 323 | a key=value pair as it would appear in a config file. |
321 | 324 | |
322 | 325 | This option can be given multiple times. |
326 | 329 | =item B<-reqexts> I<section> |
327 | 330 | |
328 | 331 | These options specify alternative sections to include certificate |
329 | extensions (if the B<-x509> option is present) or certificate | |
330 | request extensions. This allows several different sections to | |
332 | extensions (if B<-x509> is in use) or certificate request extensions. | |
333 | This allows several different sections to | |
331 | 334 | be used in the same configuration file to specify requests for |
332 | 335 | a variety of purposes. |
333 | 336 | |
397 | 400 | |
398 | 401 | =over 4 |
399 | 402 | |
400 | =item B<input_password output_password> | |
403 | =item B<input_password>, B<output_password> | |
401 | 404 | |
402 | 405 | The passwords for the input private key file (if present) and |
403 | 406 | the output private key file (if one will be created). The |
477 | 480 | =item B<x509_extensions> |
478 | 481 | |
479 | 482 | This specifies the configuration file section containing a list of |
480 | extensions to add to certificate generated when the B<-x509> switch | |
481 | is used. It can be overridden by the B<-extensions> command line switch. | |
483 | extensions to add to certificate generated when B<-x509> is in use. | |
484 | It can be overridden by the B<-extensions> command line switch. | |
482 | 485 | |
483 | 486 | =item B<prompt> |
484 | 487 |
20 | 20 | and depending on numerous options. |
21 | 21 | The most important of them are detailed in the following sections. |
22 | 22 | |
23 | In a nutshell, a valid chain of certifciates needs to be built up and verified | |
23 | In a nutshell, a valid chain of certificates needs to be built up and verified | |
24 | 24 | starting from the I<target certificate> that is to be verified |
25 | 25 | and ending in a certificate that due to some policy is trusted. |
26 | 26 | Verification is done relative to the given I<purpose>, which is the intended use |
129 | 129 | number, and issuer field of the candidate issuer certificate, |
130 | 130 | as far as the respective fields are present in both certificates. |
131 | 131 | |
132 | item * | |
132 | =item * | |
133 | 133 | |
134 | 134 | The certificate signature algorithm used to sign the subject certificate |
135 | 135 | is supported and |
273 | 273 | |
274 | 274 | =over 4 |
275 | 275 | |
276 | =item - | |
276 | =item * | |
277 | 277 | |
278 | 278 | The basicConstraints of CA certificates must be marked critical. |
279 | 279 | |
280 | =item - | |
280 | =item * | |
281 | 281 | |
282 | 282 | CA certificates must explicitly include the keyUsage extension. |
283 | 283 | |
284 | =item - | |
284 | =item * | |
285 | 285 | |
286 | 286 | If a pathlenConstraint is given the key usage keyCertSign must be allowed. |
287 | 287 | |
288 | =item - | |
288 | =item * | |
289 | 289 | |
290 | 290 | The pathlenConstraint must not be given for non-CA certificates. |
291 | 291 | |
292 | =item - | |
292 | =item * | |
293 | 293 | |
294 | 294 | The issuer name of any certificate must not be empty. |
295 | 295 | |
296 | =item - | |
296 | =item * | |
297 | 297 | |
298 | 298 | The subject name of CA certs, certs with keyUsage crlSign, and certs |
299 | 299 | without subjectAlternativeName must not be empty. |
300 | 300 | |
301 | =item - | |
301 | =item * | |
302 | 302 | |
303 | 303 | If a subjectAlternativeName extension is given it must not be empty. |
304 | 304 | |
305 | =item - | |
305 | =item * | |
306 | 306 | |
307 | 307 | The signatureAlgorithm field and the cert signature must be consistent. |
308 | 308 | |
309 | =item - | |
309 | =item * | |
310 | 310 | |
311 | 311 | Any given authorityKeyIdentifier and any given subjectKeyIdentifier |
312 | 312 | must not be marked critical. |
313 | 313 | |
314 | =item - | |
314 | =item * | |
315 | 315 | |
316 | 316 | The authorityKeyIdentifier must be given for X.509v3 certs unless they |
317 | 317 | are self-signed. |
318 | 318 | |
319 | =item - | |
319 | =item * | |
320 | 320 | |
321 | 321 | The subjectKeyIdentifier must be given for all X.509v3 CA certs. |
322 | 322 |
1 | 1 | |
2 | 2 | =head1 NAME |
3 | 3 | |
4 | BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions | |
4 | BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions | |
5 | 5 | |
6 | 6 | =head1 SYNOPSIS |
7 | 7 | |
8 | 8 | #include <openssl/bn.h> |
9 | 9 | |
10 | int BN_cmp(BIGNUM *a, BIGNUM *b); | |
11 | int BN_ucmp(BIGNUM *a, BIGNUM *b); | |
10 | int BN_cmp(const BIGNUM *a, const BIGNUM *b); | |
11 | int BN_ucmp(const BIGNUM *a, const BIGNUM *b); | |
12 | 12 | |
13 | int BN_is_zero(BIGNUM *a); | |
14 | int BN_is_one(BIGNUM *a); | |
15 | int BN_is_word(BIGNUM *a, BN_ULONG w); | |
16 | int BN_is_odd(BIGNUM *a); | |
13 | int BN_is_zero(const BIGNUM *a); | |
14 | int BN_is_one(const BIGNUM *a); | |
15 | int BN_is_word(const BIGNUM *a, const BN_ULONG w); | |
16 | int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); | |
17 | int BN_is_odd(const BIGNUM *a); | |
17 | 18 | |
18 | 19 | =head1 DESCRIPTION |
19 | 20 | |
20 | BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their | |
21 | BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their | |
21 | 22 | absolute values. |
22 | 23 | |
23 | BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1, | |
24 | or B<w> respectively. BN_is_odd() tests if a is odd. | |
25 | ||
26 | BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. | |
24 | BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if | |
25 | I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively. | |
26 | BN_is_odd() tests if I<a> is odd. | |
27 | 27 | |
28 | 28 | =head1 RETURN VALUES |
29 | 29 | |
30 | BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if | |
31 | B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values | |
32 | of B<a> and B<b>. | |
30 | BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if | |
31 | I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values | |
32 | of I<a> and I<b>. | |
33 | 33 | |
34 | BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if | |
35 | the condition is true, 0 otherwise. | |
34 | BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and | |
35 | BN_is_odd() return 1 if the condition is true, 0 otherwise. | |
36 | ||
37 | =head1 HISTORY | |
38 | ||
39 | Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), | |
40 | BN_abs_is_word() and BN_is_odd() were macros. | |
36 | 41 | |
37 | 42 | =head1 COPYRIGHT |
38 | 43 | |
39 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. | |
44 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. | |
40 | 45 | |
41 | 46 | Licensed under the Apache License 2.0 (the "License"). You may not use |
42 | 47 | this file except in compliance with the License. You can obtain a copy |
17 | 17 | =head1 DESCRIPTION |
18 | 18 | |
19 | 19 | The error code returned by ERR_get_error() consists of a library |
20 | number, function code and reason code. ERR_GET_LIB() | |
20 | number and reason code. ERR_GET_LIB() | |
21 | 21 | and ERR_GET_REASON() can be used to extract these. |
22 | 22 | |
23 | 23 | ERR_FATAL_ERROR() indicates whether a given error code is a fatal error. |
24 | 24 | |
25 | The library number and function code describe where the error | |
25 | The library number describes where the error | |
26 | 26 | occurred, the reason code is the information about what went wrong. |
27 | 27 | |
28 | Each sub-library of OpenSSL has a unique library number; function and | |
29 | reason codes are unique within each sub-library. Note that different | |
30 | libraries may use the same value to signal different functions and | |
31 | reasons. | |
28 | Each sub-library of OpenSSL has a unique library number; the | |
29 | reason code is unique within each sub-library. Note that different | |
30 | libraries may use the same value to signal different reasons. | |
32 | 31 | |
33 | 32 | B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally |
34 | 33 | unique. However, when checking for sub-library specific reason codes, |
38 | 37 | |
39 | 38 | =head1 RETURN VALUES |
40 | 39 | |
41 | The library number, function code, reason code, and whether the error | |
40 | The library number, reason code, and whether the error | |
42 | 41 | is fatal, respectively. |
43 | 42 | Starting with OpenSSL 3.0.0, the function code is always set to zero. |
44 | 43 |
446 | 446 | Return an EVP_CIPHER structure when passed a cipher name, a NID or an |
447 | 447 | ASN1_OBJECT structure. |
448 | 448 | |
449 | EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV", | |
450 | "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only | |
451 | accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve | |
452 | these algorithms from a provider. | |
453 | ||
449 | 454 | =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() |
450 | 455 | |
451 | 456 | Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> |
737 | 742 | =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string> |
738 | 743 | |
739 | 744 | Gets or sets the cipher text stealing mode. For all modes the output size is the |
740 | same as the input size. | |
745 | same as the input size. The input length must be greater than or equal to the | |
746 | block size. (The block size for AES and CAMELLIA is 16 bytes). | |
741 | 747 | |
742 | 748 | Valid values for the mode are: |
743 | 749 | |
746 | 752 | =item "CS1" |
747 | 753 | |
748 | 754 | The NIST variant of cipher text stealing. |
749 | For message lengths that are multiples of the block size it is equivalent to | |
750 | using a "AES-CBC" cipher otherwise the second last cipher text block is a | |
751 | partial block. | |
755 | For input lengths that are multiples of the block size it is equivalent to | |
756 | using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last | |
757 | cipher text block is a partial block. | |
752 | 758 | |
753 | 759 | =item "CS2" |
754 | 760 | |
755 | For message lengths that are multiples of the block size it is equivalent to | |
756 | using a "AES-CBC" cipher, otherwise it is the same as "CS3". | |
761 | For input lengths that are multiples of the block size it is equivalent to | |
762 | using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as | |
763 | "CS3" mode. | |
757 | 764 | |
758 | 765 | =item "CS3" |
759 | 766 | |
760 | 767 | The Kerberos5 variant of cipher text stealing which always swaps the last |
761 | 768 | cipher text block with the previous block (which may be a partial or full block |
762 | depending on the input length). | |
769 | depending on the input length). If the input length is exactly one full block | |
770 | then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher. | |
763 | 771 | |
764 | 772 | =back |
765 | 773 | |
766 | 774 | The default is "CS1". |
767 | This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". | |
775 | This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", | |
776 | "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". | |
768 | 777 | |
769 | 778 | =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer> |
770 | 779 |
160 | 160 | 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47 |
161 | 161 | }; |
162 | 162 | const OSSL_PARAM params[] = { |
163 | OSSL_PARAM_utf8_string("group", "prime256v1"), | |
163 | OSSL_PARAM_utf8_string("group", "prime256v1", 10), | |
164 | 164 | OSSL_PARAM_BN("priv", priv, sizeof(priv)), |
165 | 165 | OSSL_PARAM_BN("pub", pub, sizeof(pub)), |
166 | 166 | OSSL_PARAM_END |
14 | 14 | |
15 | 15 | EVP_PKEY_get_group_name() fills in the group name of the I<pkey> into |
16 | 16 | I<gname>, up to at most I<gname_sz> bytes including the ending NUL byte |
17 | and assigns I<*gname_len> the actual size of the name, if I<pkey>'s key type | |
18 | supports it. | |
17 | and assigns I<*gname_len> the actual length of the name not including | |
18 | the NUL byte, if I<pkey>'s key type supports it. | |
19 | 19 | I<gname> as well as I<gname_len> may individually be NULL, and won't be |
20 | 20 | filled in or assigned in that case. |
21 | 21 |
21 | 21 | BIGNUM **bn); |
22 | 22 | int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, |
23 | 23 | char *str, size_t max_buf_sz, |
24 | size_t *out_sz); | |
24 | size_t *out_len); | |
25 | 25 | int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, |
26 | 26 | unsigned char *buf, size_t max_buf_sz, |
27 | size_t *out_sz); | |
27 | size_t *out_len); | |
28 | 28 | |
29 | 29 | =head1 DESCRIPTION |
30 | 30 | |
46 | 46 | associated with a name of I<key_name>. If I<*bn> is NULL then the BIGNUM |
47 | 47 | is allocated by the method. |
48 | 48 | |
49 | EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value int a buffer | |
50 | I<str> of maximum size I<max_buf_sz> associated with a name of I<key_name>. | |
51 | I<*out_sz> is the returned size of the string if it is not NULL. | |
49 | EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a | |
50 | buffer I<str> of maximum size I<max_buf_sz> associated with a name of | |
51 | I<key_name>. The maximum size must be large enough to accomodate the string | |
52 | value including a terminating NUL byte, or this function will fail. | |
53 | If I<out_len> is not NULL, I<*out_len> is set to the length of the string | |
54 | not including the terminating NUL byte. | |
52 | 55 | |
53 | EVP_PKEY_get_octet_string_param() copy a I<pkey>'s octet string value into a buffer | |
54 | I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>. | |
55 | I<*out_sz> is the returned size of the buffer if it is not NULL. | |
56 | EVP_PKEY_get_octet_string_param() get a key I<pkey>'s octet string value into a | |
57 | buffer I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>. | |
58 | If I<out_len> is not NULL, I<*out_len> is set to the length of the contents. | |
56 | 59 | |
57 | 60 | =head1 NOTES |
58 | 61 | |
66 | 69 | successfully returned, or 0 if there was an error. |
67 | 70 | An error may be returned by methods EVP_PKEY_get_utf8_string_param() and |
68 | 71 | EVP_PKEY_get_octet_string_param() if I<max_buf_sz> is not big enough to hold the |
69 | value. If I<out_sz> is not NULL, I<*out_sz> will be assigned the required | |
72 | value. If I<out_len> is not NULL, I<*out_len> will be assigned the required | |
70 | 73 | buffer size to hold the value. |
71 | 74 | |
72 | 75 | =head1 EXAMPLES |
305 | 305 | #include <openssl/core.h> |
306 | 306 | |
307 | 307 | const char *foo = "some string"; |
308 | size_t foo_l = strlen(foo) + 1; | |
308 | size_t foo_l = strlen(foo); | |
309 | 309 | const char bar[] = "some other string"; |
310 | 310 | OSSL_PARAM set[] = { |
311 | 311 | { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 }, |
312 | { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 }, | |
312 | { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar) - 1, 0 }, | |
313 | 313 | { NULL, 0, NULL, 0, 0 } |
314 | 314 | }; |
315 | 315 | |
337 | 337 | for (i = 0; params[i].key != NULL; i++) { |
338 | 338 | if (strcmp(params[i].key, "foo") == 0) { |
339 | 339 | *(char **)params[i].data = "foo value"; |
340 | params[i].return_size = 10; /* size of "foo value" */ | |
340 | params[i].return_size = 9; /* length of "foo value" string */ | |
341 | 341 | } else if (strcmp(params[i].key, "bar") == 0) { |
342 | 342 | memcpy(params[i].data, "bar value", 10); |
343 | params[i].return_size = 10; /* size of "bar value" */ | |
343 | params[i].return_size = 9; /* length of "bar value" string */ | |
344 | 344 | } |
345 | 345 | /* Ignore stuff we don't know */ |
346 | 346 | } |
90 | 90 | |
91 | 91 | OSSL_PARAM_BLD_push_utf8_string() is a function that will create an OSSL_PARAM |
92 | 92 | object that references the UTF8 string specified by I<buf>. |
93 | If the length of the string, I<bsize>, is zero then it will be calculated. | |
93 | The length of the string I<bsize> should not include the terminating NUL byte. | |
94 | If it is zero then it will be calculated. | |
94 | 95 | The string that I<buf> points to is stored by reference and must remain in |
95 | 96 | scope until after OSSL_PARAM_BLD_to_param() has been called. |
96 | 97 | |
101 | 102 | |
102 | 103 | OSSL_PARAM_BLD_push_utf8_ptr() is a function that will create an OSSL_PARAM |
103 | 104 | object that references the UTF8 string specified by I<buf>. |
104 | If the length of the string, I<bsize>, is zero then it will be calculated. | |
105 | The length of the string I<bsize> should not include the terminating NUL byte. | |
106 | If it is zero then it will be calculated. | |
105 | 107 | The string I<buf> points to is stored by reference and must remain in |
106 | 108 | scope until the OSSL_PARAM array is freed. |
107 | 109 |
199 | 199 | string B<OSSL_PARAM> structure. |
200 | 200 | A parameter with name I<key>, storage I<buf> and size I<bsize> is created. |
201 | 201 | |
202 | OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF string | |
202 | OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF8 string | |
203 | 203 | pointer B<OSSL_PARAM> structure. |
204 | 204 | A parameter with name I<key>, storage pointer I<*buf> and size I<bsize> |
205 | 205 | is created. |
242 | 242 | The string is stored into I<*val> with a size limit of I<max_len>, |
243 | 243 | which must be large enough to accomodate a terminating NUL byte, |
244 | 244 | otherwise this function will fail. |
245 | If I<*val> is NULL, memory is allocated for the string and I<max_len> | |
246 | is ignored. | |
245 | If I<*val> is NULL, memory is allocated for the string (including the | |
246 | terminating NUL byte) and I<max_len> is ignored. | |
247 | 247 | If memory is allocated by this function, it must be freed by the caller. |
248 | 248 | |
249 | 249 | OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to |
250 | 250 | by I<p> to the value referenced by I<val>. |
251 | If the parameter's I<data> field isn't NULL, its I<data_size> must indicate | |
252 | that the buffer is large enough to accomodate the string that I<val> points at, | |
253 | not including the terminating NUL byte, or this function will fail. | |
254 | A terminating NUL byte is added only if the parameter's I<data_size> indicates | |
255 | the buffer is longer than the string length, otherwise the string will not be | |
256 | NUL terminated. | |
251 | 257 | If the parameter's I<data> field is NULL, then only its I<return_size> field |
252 | 258 | will be assigned the minimum size the parameter's I<data> buffer should have |
253 | to accomodate the string, including a terminating NUL byte. | |
259 | to accomodate the string, not including a terminating NUL byte. | |
254 | 260 | |
255 | 261 | OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter |
256 | 262 | pointed to by I<p>. |
107 | 107 | create a B<OSSL_STORE_INFO> object to hold the given input object. |
108 | 108 | On success the input object is consumed. |
109 | 109 | |
110 | Additionally, for B<OSSL_STORE_INFO_NAME>` objects, | |
110 | Additionally, for B<OSSL_STORE_INFO_NAME> objects, | |
111 | 111 | OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra |
112 | 112 | description. |
113 | 113 | This description is meant to be human readable and should be used for |
44 | 44 | int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, |
45 | 45 | const char *scheme); |
46 | 46 | void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, |
47 | void (*fn)(OSSL_STORE_LOADER *loader, | |
47 | void (*user_fn)(OSSL_STORE_LOADER *loader, | |
48 | 48 | void *arg), |
49 | void *arg); | |
49 | void *user_arg); | |
50 | 50 | int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, |
51 | 51 | void (*fn)(const char *name, void *data), |
52 | 52 | void *data); |
141 | 141 | |
142 | 142 | OSSL_STORE_LOADER_do_all_provided() traverses all store implementations |
143 | 143 | by all activated providers in the library context I<libctx>, and for each |
144 | of the implementations, calls I<fn> with the implementation method and | |
145 | I<data> as arguments. | |
144 | of the implementations, calls I<user_fn> with the implementation method and | |
145 | I<user_arg> as arguments. | |
146 | 146 | |
147 | 147 | OSSL_STORE_LOADER_names_do_all() traverses all names for the given |
148 | 148 | I<loader>, and calls I<fn> with each name and I<data>. |
61 | 61 | |
62 | 62 | =over 4 |
63 | 63 | |
64 | =item SSL_OP_SAFARI_ECDHE_ECDSA_BUG | |
65 | ||
66 | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. | |
67 | OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | |
68 | ||
69 | =item SSL_OP_DISABLE_TLSEXT_CA_NAMES | |
70 | ||
71 | Disable TLS Extension CA Names. You may want to disable it for security reasons | |
72 | or for compatibility with some Windows TLS implementations crashing when this | |
73 | extension is larger than 1024 bytes. | |
64 | =item SSL_OP_CRYPTOPRO_TLSEXT_BUG | |
65 | ||
66 | Add server-hello extension from the early version of cryptopro draft | |
67 | when GOST ciphersuite is negotiated. Required for interoperability with CryptoPro | |
68 | CSP 3.x. | |
74 | 69 | |
75 | 70 | =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
76 | 71 | |
79 | 74 | broken SSL implementations. This option has no effect for connections |
80 | 75 | using other ciphers. |
81 | 76 | |
77 | =item SSL_OP_SAFARI_ECDHE_ECDSA_BUG | |
78 | ||
79 | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. | |
80 | OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | |
81 | ||
82 | 82 | =item SSL_OP_TLSEXT_PADDING |
83 | 83 | |
84 | 84 | Adds a padding extension to ensure the ClientHello size is never between |
99 | 99 | |
100 | 100 | =over 4 |
101 | 101 | |
102 | =item SSL_OP_TLS_ROLLBACK_BUG | |
103 | ||
104 | Disable version rollback attack detection. | |
105 | ||
106 | During the client key exchange, the client must send the same information | |
107 | about acceptable SSL/TLS protocol levels as during the first hello. Some | |
108 | clients violate this rule by adapting to the server's answer. (Example: | |
109 | the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server | |
110 | only understands up to SSLv3. In this case the client must still use the | |
111 | same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect | |
112 | to the server's answer and violate the version rollback protection.) | |
102 | =item SSL_OP_ALLOW_CLIENT_RENEGOTIATION | |
103 | ||
104 | Client-initiated renegotiation is disabled by default. Use | |
105 | this option to enable it. | |
106 | ||
107 | =item SSL_OP_ALLOW_NO_DHE_KEX | |
108 | ||
109 | In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means | |
110 | that there will be no forward secrecy for the resumed session. | |
111 | ||
112 | =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | |
113 | ||
114 | Allow legacy insecure renegotiation between OpenSSL and unpatched clients or | |
115 | servers. See the B<SECURE RENEGOTIATION> section for more details. | |
113 | 116 | |
114 | 117 | =item SSL_OP_CIPHER_SERVER_PREFERENCE |
115 | 118 | |
117 | 120 | preferences. When not set, the SSL server will always follow the clients |
118 | 121 | preferences. When set, the SSL/TLS server will choose following its |
119 | 122 | own preferences. |
123 | ||
124 | =item SSL_OP_CISCO_ANYCONNECT | |
125 | ||
126 | Use Cisco's version identifier of DTLS_BAD_VER when establishing a DTLSv1 | |
127 | connection. Only available when using the deprecated DTLSv1_client_method() API. | |
128 | ||
129 | =item SSL_OP_CLEANSE_PLAINTEXT | |
130 | ||
131 | By default TLS connections keep a copy of received plaintext | |
132 | application data in a static buffer until it is overwritten by the | |
133 | next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT | |
134 | deciphered application data is cleansed by calling OPENSSL_cleanse(3) | |
135 | after passing data to the application. Data is also cleansed when | |
136 | releasing the connection (e.g. L<SSL_free(3)>). | |
137 | ||
138 | Since OpenSSL only cleanses internal buffers, the application is still | |
139 | responsible for cleansing all other buffers. Most notably, this | |
140 | applies to buffers passed to functions like L<SSL_read(3)>, | |
141 | L<SSL_peek(3)> but also like L<SSL_write(3)>. | |
142 | ||
143 | =item SSL_OP_COOKIE_EXCHANGE | |
144 | ||
145 | Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects | |
146 | DTLS connections. | |
147 | ||
148 | =item SSL_OP_DISABLE_TLSEXT_CA_NAMES | |
149 | ||
150 | Disable TLS Extension CA Names. You may want to disable it for security reasons | |
151 | or for compatibility with some Windows TLS implementations crashing when this | |
152 | extension is larger than 1024 bytes. | |
153 | ||
154 | =item SSL_OP_ENABLE_KTLS | |
155 | ||
156 | Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must | |
157 | have been compiled with support for it, and it must be supported by the | |
158 | negotiated ciphersuites and extensions. The specific ciphersuites and extensions | |
159 | that are supported may vary by platform and kernel version. | |
160 | ||
161 | The kernel TLS data-path implements the record layer, and the encryption | |
162 | algorithm. The kernel will utilize the best hardware | |
163 | available for encryption. Using the kernel data-path should reduce the memory | |
164 | footprint of OpenSSL because no buffering is required. Also, the throughput | |
165 | should improve because data copy is avoided when user data is encrypted into | |
166 | kernel memory instead of the usual encrypt then copy to kernel. | |
167 | ||
168 | Kernel TLS might not support all the features of OpenSSL. For instance, | |
169 | renegotiation, and setting the maximum fragment size is not possible as of | |
170 | Linux 4.20. | |
171 | ||
172 | Note that with kernel TLS enabled some cryptographic operations are performed | |
173 | by the kernel directly and not via any available OpenSSL Providers. This might | |
174 | be undesirable if, for example, the application requires all cryptographic | |
175 | operations to be performed by the FIPS provider. | |
176 | ||
177 | =item SSL_OP_ENABLE_MIDDLEBOX_COMPAT | |
178 | ||
179 | If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This | |
180 | has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that | |
181 | do not understand TLSv1.3 will not drop the connection. Regardless of whether | |
182 | this option is set or not CCS messages received from the peer will always be | |
183 | ignored in TLSv1.3. This option is set by default. To switch it off use | |
184 | SSL_clear_options(). A future version of OpenSSL may not set this by default. | |
185 | ||
186 | =item SSL_OP_IGNORE_UNEXPECTED_EOF | |
187 | ||
188 | Some TLS implementations do not send the mandatory close_notify alert on | |
189 | shutdown. If the application tries to wait for the close_notify alert but the | |
190 | peer closes the connection without sending it, an error is generated. When this | |
191 | option is enabled the peer does not need to send the close_notify alert and a | |
192 | closed connection will be treated as if the close_notify alert was received. | |
193 | ||
194 | You should only enable this option if the protocol running over TLS | |
195 | can detect a truncation attack itself, and that the application is checking for | |
196 | that truncation attack. | |
197 | ||
198 | For more information on shutting down a connection, see L<SSL_shutdown(3)>. | |
199 | ||
200 | =item SSL_OP_LEGACY_SERVER_CONNECT | |
201 | ||
202 | Allow legacy insecure renegotiation between OpenSSL and unpatched servers | |
203 | B<only>. See the B<SECURE RENEGOTIATION> section for more details. | |
204 | ||
205 | =item SSL_OP_NO_ANTI_REPLAY | |
206 | ||
207 | By default, when a server is configured for early data (i.e., max_early_data > 0), | |
208 | OpenSSL will switch on replay protection. See L<SSL_read_early_data(3)> for a | |
209 | description of the replay protection feature. Anti-replay measures are required | |
210 | to comply with the TLSv1.3 specification. Some applications may be able to | |
211 | mitigate the replay risks in other ways and in such cases the built in OpenSSL | |
212 | functionality is not required. Those applications can turn this feature off by | |
213 | setting this option. This is a server-side opton only. It is ignored by | |
214 | clients. | |
215 | ||
216 | =item SSL_OP_NO_COMPRESSION | |
217 | ||
218 | Do not use compression even if it is supported. This option is set by default. | |
219 | To switch it off use SSL_clear_options(). | |
220 | ||
221 | =item SSL_OP_NO_ENCRYPT_THEN_MAC | |
222 | ||
223 | Normally clients and servers will transparently attempt to negotiate the | |
224 | RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. | |
225 | ||
226 | If this option is set, Encrypt-then-MAC is disabled. Clients will not | |
227 | propose, and servers will not accept the extension. | |
228 | ||
229 | =item SSL_OP_NO_EXTENDED_MASTER_SECRET | |
230 | ||
231 | Normally clients and servers will transparently attempt to negotiate the | |
232 | RFC7627 Extended Master Secret option on TLS and DTLS connection. | |
233 | ||
234 | If this option is set, Extended Master Secret is disabled. Clients will | |
235 | not propose, and servers will not accept the extension. | |
236 | ||
237 | =item SSL_OP_NO_QUERY_MTU | |
238 | ||
239 | Do not query the MTU. Only affects DTLS connections. | |
240 | ||
241 | =item SSL_OP_NO_RENEGOTIATION | |
242 | ||
243 | Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest | |
244 | messages, and ignore renegotiation requests via ClientHello. | |
245 | ||
246 | =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | |
247 | ||
248 | When performing renegotiation as a server, always start a new session | |
249 | (i.e., session resumption requests are only accepted in the initial | |
250 | handshake). This option is not needed for clients. | |
120 | 251 | |
121 | 252 | =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, |
122 | 253 | SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 |
127 | 258 | As of OpenSSL 1.1.0, these options are deprecated, use |
128 | 259 | L<SSL_CTX_set_min_proto_version(3)> and |
129 | 260 | L<SSL_CTX_set_max_proto_version(3)> instead. |
130 | ||
131 | =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | |
132 | ||
133 | When performing renegotiation as a server, always start a new session | |
134 | (i.e., session resumption requests are only accepted in the initial | |
135 | handshake). This option is not needed for clients. | |
136 | ||
137 | =item SSL_OP_NO_COMPRESSION | |
138 | ||
139 | Do not use compression even if it is supported. | |
140 | ||
141 | =item SSL_OP_NO_QUERY_MTU | |
142 | ||
143 | Do not query the MTU. Only affects DTLS connections. | |
144 | ||
145 | =item SSL_OP_COOKIE_EXCHANGE | |
146 | ||
147 | Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects | |
148 | DTLS connections. | |
149 | 261 | |
150 | 262 | =item SSL_OP_NO_TICKET |
151 | 263 | |
183 | 295 | being sent by calling L<SSL_CTX_set_num_tickets(3)> or |
184 | 296 | L<SSL_set_num_tickets(3)>. |
185 | 297 | |
186 | =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | |
187 | ||
188 | Allow legacy insecure renegotiation between OpenSSL and unpatched clients or | |
189 | servers. See the B<SECURE RENEGOTIATION> section for more details. | |
190 | ||
191 | =item SSL_OP_LEGACY_SERVER_CONNECT | |
192 | ||
193 | Allow legacy insecure renegotiation between OpenSSL and unpatched servers | |
194 | B<only>. See the B<SECURE RENEGOTIATION> section for more details. | |
195 | ||
196 | =item SSL_OP_NO_ENCRYPT_THEN_MAC | |
197 | ||
198 | Normally clients and servers will transparently attempt to negotiate the | |
199 | RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. | |
200 | ||
201 | If this option is set, Encrypt-then-MAC is disabled. Clients will not | |
202 | propose, and servers will not accept the extension. | |
203 | ||
204 | =item SSL_OP_NO_EXTENDED_MASTER_SECRET | |
205 | ||
206 | Normally clients and servers will transparently attempt to negotiate the | |
207 | RFC7627 Extended Master Secret option on TLS and DTLS connection. | |
208 | ||
209 | If this option is set, Extended Master Secret is disabled. Clients will | |
210 | not propose, and servers will not accept the extension. | |
211 | ||
212 | =item SSL_OP_NO_RENEGOTIATION | |
213 | ||
214 | Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest | |
215 | messages, and ignore renegotiation requests via ClientHello. | |
216 | ||
217 | =item SSL_OP_IGNORE_UNEXPECTED_EOF | |
218 | ||
219 | Some TLS implementations do not send the mandatory close_notify alert on | |
220 | shutdown. If the application tries to wait for the close_notify alert but the | |
221 | peer closes the connection without sending it, an error is generated. When this | |
222 | option is enabled the peer does not need to send the close_notify alert and a | |
223 | closed connection will be treated as if the close_notify alert was received. | |
224 | ||
225 | You should only enable this option if the protocol running over TLS | |
226 | can detect a truncation attack itself, and that the application is checking for | |
227 | that truncation attack. | |
228 | ||
229 | For more information on shutting down a connection, see L<SSL_shutdown(3)>. | |
230 | ||
231 | =item SSL_OP_ALLOW_NO_DHE_KEX | |
232 | ||
233 | In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means | |
234 | that there will be no forward secrecy for the resumed session. | |
235 | ||
236 | 298 | =item SSL_OP_PRIORITIZE_CHACHA |
237 | 299 | |
238 | 300 | When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize |
242 | 304 | in the server cipher list; but still allows other clients to use AES and other |
243 | 305 | ciphers. Requires B<SSL_OP_CIPHER_SERVER_PREFERENCE>. |
244 | 306 | |
245 | =item SSL_OP_ENABLE_MIDDLEBOX_COMPAT | |
246 | ||
247 | If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This | |
248 | has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that | |
249 | do not understand TLSv1.3 will not drop the connection. Regardless of whether | |
250 | this option is set or not CCS messages received from the peer will always be | |
251 | ignored in TLSv1.3. This option is set by default. To switch it off use | |
252 | SSL_clear_options(). A future version of OpenSSL may not set this by default. | |
253 | ||
254 | =item SSL_OP_NO_ANTI_REPLAY | |
255 | ||
256 | By default, when a server is configured for early data (i.e., max_early_data > 0), | |
257 | OpenSSL will switch on replay protection. See L<SSL_read_early_data(3)> for a | |
258 | description of the replay protection feature. Anti-replay measures are required | |
259 | to comply with the TLSv1.3 specification. Some applications may be able to | |
260 | mitigate the replay risks in other ways and in such cases the built in OpenSSL | |
261 | functionality is not required. Those applications can turn this feature off by | |
262 | setting this option. This is a server-side opton only. It is ignored by | |
263 | clients. | |
264 | ||
265 | =item SSL_OP_CLEANSE_PLAINTEXT | |
266 | ||
267 | By default TLS connections keep a copy of received plaintext | |
268 | application data in a static buffer until it is overwritten by the | |
269 | next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT | |
270 | deciphered application data is cleansed by calling OPENSSL_cleanse(3) | |
271 | after passing data to the application. Data is also cleansed when | |
272 | releasing the connection (e.g. L<SSL_free(3)>). | |
273 | ||
274 | Since OpenSSL only cleanses internal buffers, the application is still | |
275 | responsible for cleansing all other buffers. Most notably, this | |
276 | applies to buffers passed to functions like L<SSL_read(3)>, | |
277 | L<SSL_peek(3)> but also like L<SSL_write(3)>. | |
278 | ||
279 | =item SSL_OP_ENABLE_KTLS | |
280 | ||
281 | Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must | |
282 | have been compiled with support for it, and it must be supported by the | |
283 | negotiated ciphersuites and extensions. The specific ciphersuites and extensions | |
284 | that are supported may vary by platform and kernel version. | |
285 | ||
286 | The kernel TLS data-path implements the record layer, and the encryption | |
287 | algorithm. The kernel will utilize the best hardware | |
288 | available for encryption. Using the kernel data-path should reduce the memory | |
289 | footprint of OpenSSL because no buffering is required. Also, the throughput | |
290 | should improve because data copy is avoided when user data is encrypted into | |
291 | kernel memory instead of the usual encrypt then copy to kernel. | |
292 | ||
293 | Kernel TLS might not support all the features of OpenSSL. For instance, | |
294 | renegotiation, and setting the maximum fragment size is not possible as of | |
295 | Linux 4.20. | |
296 | ||
297 | Note that with kernel TLS enabled some cryptographic operations are performed | |
298 | by the kernel directly and not via any available OpenSSL Providers. This might | |
299 | be undesirable if, for example, the application requires all cryptographic | |
300 | operations to be performed by the FIPS provider. | |
307 | =item SSL_OP_TLS_ROLLBACK_BUG | |
308 | ||
309 | Disable version rollback attack detection. | |
310 | ||
311 | During the client key exchange, the client must send the same information | |
312 | about acceptable SSL/TLS protocol levels as during the first hello. Some | |
313 | clients violate this rule by adapting to the server's answer. (Example: | |
314 | the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server | |
315 | only understands up to SSLv3. In this case the client must still use the | |
316 | same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect | |
317 | to the server's answer and violate the version rollback protection.) | |
301 | 318 | |
302 | 319 | =back |
303 | 320 |
12 | 12 | |
13 | 13 | =head1 DESCRIPTION |
14 | 14 | |
15 | SSL_state_string() returns a 6 letter string indicating the current state | |
16 | of the SSL object B<ssl>. | |
15 | SSL_state_string() returns an abbreviated string indicating the current state | |
16 | of the SSL object B<ssl>. The returned NUL-terminated string contains 6 or fewer characters. | |
17 | 17 | |
18 | SSL_state_string_long() returns a string indicating the current state of | |
18 | SSL_state_string_long() returns a descriptive string indicating the current state of | |
19 | 19 | the SSL object B<ssl>. |
20 | 20 | |
21 | 21 | =head1 NOTES |
43 | 43 | |
44 | 44 | =head1 COPYRIGHT |
45 | 45 | |
46 | Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
46 | Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
47 | 47 | |
48 | 48 | Licensed under the Apache License 2.0 (the "License"). You may not use |
49 | 49 | this file except in compliance with the License. You can obtain a copy |
3 | 3 | |
4 | 4 | TS_RESP_CTX_new_ex, TS_RESP_CTX_new, |
5 | 5 | TS_RESP_CTX_free - Timestamp response context object creation |
6 | ||
7 | 6 | |
8 | 7 | =head1 SYNOPSIS |
9 | 8 |
141 | 141 | |
142 | 142 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> |
143 | 143 | |
144 | The signature of the certificate is invalid. | |
144 | The signature of the CRL is invalid. | |
145 | 145 | |
146 | 146 | =item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> |
147 | 147 | |
249 | 249 | The current candidate issuer certificate was rejected because its subject key |
250 | 250 | identifier was present and did not match the authority key identifier current |
251 | 251 | certificate. |
252 | Not used as of OpenSSL 1.1.0. | |
253 | 252 | |
254 | 253 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: |
255 | 254 | authority and issuer serial number mismatch> |
257 | 256 | The current candidate issuer certificate was rejected because its issuer name |
258 | 257 | and serial number was present and did not match the authority key identifier of |
259 | 258 | the current certificate. |
260 | Not used as of OpenSSL 1.1.0. | |
261 | 259 | |
262 | 260 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN: |
263 | 261 | key usage does not include certificate signing> |
264 | 262 | |
265 | 263 | The current candidate issuer certificate was rejected because its C<keyUsage> |
266 | 264 | extension does not permit certificate signing. |
267 | Not used as of OpenSSL 1.1.0. | |
268 | 265 | |
269 | 266 | =item B<X509_V_ERR_INVALID_EXTENSION: |
270 | 267 | invalid or inconsistent certificate extension> |
434 | 431 | Returned by the verify callback to indicate that the certificate is not |
435 | 432 | recognized by the OCSP responder. |
436 | 433 | |
437 | =item B<509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key> | |
434 | =item B<X509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key> | |
438 | 435 | |
439 | 436 | The issuer certificate does not have a public key. |
440 | 437 | |
441 | =item B<X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algorithm mismatch> | |
438 | =item B<X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch> | |
442 | 439 | |
443 | 440 | The issuer's public key is not of the type required by the signature in |
444 | 441 | the subject's certificate. |
66 | 66 | |
67 | 67 | =head1 RETURN VALUES |
68 | 68 | |
69 | X509_digest_sig() returns an ASN1_OCTET_STRING on success, else NULL. | |
69 | X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL. | |
70 | 70 | |
71 | 71 | All other functions described here return 1 for success and 0 for failure. |
72 | 72 |
168 | 168 | OpenSSL also looks up the value of B<config_diagnostics>. |
169 | 169 | If this exists and has a nonzero numeric value, any error suppressing flags |
170 | 170 | passed to CONF_modules_load() will be ignored. |
171 | This is useful for diagnosing misconfigurations and should not be used in | |
172 | production. | |
173 | ||
174 | # This must be in the default section | |
171 | This is useful for diagnosing misconfigurations but its use in | |
172 | production requires additional consideration. With this option enabled, | |
173 | a configuration error will completely prevent access to a service. | |
174 | Without this option and in the presence of a configuration error, access | |
175 | will be allowed but the desired configuration will B<not> be used. | |
176 | ||
177 | # These must be in the default section | |
178 | config_diagnostics = 1 | |
175 | 179 | openssl_conf = openssl_init |
176 | 180 | |
177 | 181 | [openssl_init] |
267 | 271 | |
268 | 272 | All parameters in the section as well as sub-sections are made |
269 | 273 | available to the provider. |
274 | ||
275 | =head3 Default provider and its activation | |
276 | ||
277 | If no providers are activated explicitly, the default one is activated implicitly. | |
278 | See L<OSSL_PROVIDER-default(7)> for more details. | |
279 | ||
280 | If you add a section explicitly activating any other provider(s), | |
281 | you most probably need to explicitly activate the default provider, | |
282 | otherwise it becomes unavailable in openssl. It may make the system remotely unavailable. | |
270 | 283 | |
271 | 284 | =head2 EVP Configuration |
272 | 285 |
94 | 94 | install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C |
95 | 95 | install-status = INSTALL_SELF_TEST_KATS_RUN |
96 | 96 | |
97 | =head1 NOTES | |
98 | ||
99 | When using the FIPS provider, it is recommended that the | |
100 | B<config_diagnostics> option is enabled to prevent accidental use of | |
101 | non-FIPS validated algorithms via broken or mistaken configuration. | |
102 | See L<config(5)>. | |
103 | ||
97 | 104 | =head1 SEE ALSO |
98 | 105 | |
99 | 106 | L<config(5)> |
14 | 14 | =over 4 |
15 | 15 | |
16 | 16 | =item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and "CAMELLIA-256-CBC" |
17 | ||
18 | =item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS" | |
17 | 19 | |
18 | 20 | =item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB", |
19 | 21 | "CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1", |
48 | 48 | |
49 | 49 | =over 4 |
50 | 50 | |
51 | =item B<EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND> "EXTRACT_AND_EXPAND" | |
51 | =item "EXTRACT_AND_EXPAND" or B<EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND> | |
52 | 52 | |
53 | 53 | This is the default mode. Calling L<EVP_KDF_derive(3)> on an EVP_KDF_CTX set |
54 | 54 | up for HKDF will perform an extract followed by an expand operation in one go. |
58 | 58 | In this mode the digest, key, salt and info values must be set before a key is |
59 | 59 | derived otherwise an error will occur. |
60 | 60 | |
61 | =item B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY> "EXTRACT_ONLY" | |
61 | =item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY> | |
62 | 62 | |
63 | 63 | In this mode calling L<EVP_KDF_derive(3)> will just perform the extract |
64 | 64 | operation. The value returned will be the intermediate fixed-length pseudorandom |
68 | 68 | The digest, key and salt values must be set before a key is derived otherwise |
69 | 69 | an error will occur. |
70 | 70 | |
71 | =item B<EVP_KDF_HKDF_MODE_EXPAND_ONLY> "EXPAND_ONLY" | |
71 | =item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY> | |
72 | 72 | |
73 | 73 | In this mode calling L<EVP_KDF_derive(3)> will just perform the expand |
74 | 74 | operation. The input key should be set to the intermediate fixed-length |
136 | 136 | L<EVP_KDF_CTX_get_kdf_size(3)>, |
137 | 137 | L<EVP_KDF_CTX_set_params(3)>, |
138 | 138 | L<EVP_KDF_derive(3)>, |
139 | L<EVP_KDF(3)/PARAMETERS> | |
139 | L<EVP_KDF(3)/PARAMETERS>, | |
140 | L<EVP_KDF-TLS13_KDF(7)> | |
140 | 141 | |
141 | 142 | =head1 COPYRIGHT |
142 | 143 |
0 | =pod | |
1 | ||
2 | =head1 NAME | |
3 | ||
4 | EVP_KDF-TLS13_KDF - The TLS 1.3 EVP_KDF implementation | |
5 | ||
6 | =head1 DESCRIPTION | |
7 | ||
8 | Support for computing the TLS 1.3 version of the B<HKDF> KDF through | |
9 | the B<EVP_KDF> API. | |
10 | ||
11 | The EVP_KDF-TLS13_KDF algorithm implements the HKDF key derivation function | |
12 | as used by TLS 1.3. | |
13 | ||
14 | =head2 Identity | |
15 | ||
16 | "TLS13-KDF" is the name for this implementation; it | |
17 | can be used with the EVP_KDF_fetch() function. | |
18 | ||
19 | =head2 Supported parameters | |
20 | ||
21 | The supported parameters are: | |
22 | ||
23 | =over 4 | |
24 | ||
25 | =item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string> | |
26 | ||
27 | =item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string> | |
28 | ||
29 | =item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string> | |
30 | ||
31 | =item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string> | |
32 | ||
33 | These parameters work as described in L<EVP_KDF(3)/PARAMETERS>. | |
34 | ||
35 | =item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string> | |
36 | ||
37 | This parameter sets the label prefix on the specified TLS 1.3 KDF context. | |
38 | For TLS 1.3 this should be set to the ASCII string "tls13 " without a | |
39 | trailing zero byte. Refer to RFC 8446 section 7.1 "Key Schedule" for details. | |
40 | ||
41 | =item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string> | |
42 | ||
43 | This parameter sets the label on the specified TLS 1.3 KDF context. | |
44 | Refer to RFC 8446 section 7.1 "Key Schedule" for details. | |
45 | ||
46 | =item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string> | |
47 | ||
48 | This parameter sets the context data on the specified TLS 1.3 KDF context. | |
49 | Refer to RFC 8446 section 7.1 "Key Schedule" for details. | |
50 | ||
51 | =item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string> or <integer> | |
52 | ||
53 | This parameter sets the mode for the TLS 1.3 KDF operation. | |
54 | There are two modes that are currently defined: | |
55 | ||
56 | =over 4 | |
57 | ||
58 | =item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY> | |
59 | ||
60 | In this mode calling L<EVP_KDF_derive(3)> will just perform the extract | |
61 | operation. The value returned will be the intermediate fixed-length pseudorandom | |
62 | key K. The I<keylen> parameter must match the size of K, which can be looked | |
63 | up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest. | |
64 | ||
65 | The digest, key and salt values must be set before a key is derived otherwise | |
66 | an error will occur. | |
67 | ||
68 | =item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY> | |
69 | ||
70 | In this mode calling L<EVP_KDF_derive(3)> will just perform the expand | |
71 | operation. The input key should be set to the intermediate fixed-length | |
72 | pseudorandom key K returned from a previous extract operation. | |
73 | ||
74 | The digest, key and info values must be set before a key is derived otherwise | |
75 | an error will occur. | |
76 | ||
77 | =back | |
78 | ||
79 | =back | |
80 | ||
81 | =head1 NOTES | |
82 | ||
83 | This KDF is intended for use by the TLS 1.3 implementation in libssl. | |
84 | It does not support all the options and capabilities that HKDF does. | |
85 | ||
86 | The I<OSSL_PARAM> array passed to L<EVP_KDF_derive(3)> or | |
87 | L<EVP_KDF_CTX_set_params(3)> must specify all of the parameters required. | |
88 | This KDF does not support a piecemeal approach to providing these. | |
89 | ||
90 | A context for a TLS 1.3 KDF can be obtained by calling: | |
91 | ||
92 | EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13-KDF", NULL); | |
93 | EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); | |
94 | ||
95 | The output length of a TLS 1.3 KDF expand operation is specified via the | |
96 | I<keylen> parameter to the L<EVP_KDF_derive(3)> function. When using | |
97 | EVP_KDF_HKDF_MODE_EXTRACT_ONLY the I<keylen> parameter must equal the size of | |
98 | the intermediate fixed-length pseudorandom key otherwise an error will occur. | |
99 | For that mode, the fixed output size can be looked up by calling | |
100 | EVP_KDF_CTX_get_kdf_size() after setting the mode and digest on the | |
101 | B<EVP_KDF_CTX>. | |
102 | ||
103 | =head1 CONFORMING TO | |
104 | ||
105 | RFC 8446 | |
106 | ||
107 | =head1 SEE ALSO | |
108 | ||
109 | L<EVP_KDF(3)>, | |
110 | L<EVP_KDF_CTX_new(3)>, | |
111 | L<EVP_KDF_CTX_free(3)>, | |
112 | L<EVP_KDF_CTX_get_kdf_size(3)>, | |
113 | L<EVP_KDF_CTX_set_params(3)>, | |
114 | L<EVP_KDF_derive(3)>, | |
115 | L<EVP_KDF(3)/PARAMETERS>, | |
116 | L<EVP_KDF-HKDF(7)> | |
117 | ||
118 | =head1 COPYRIGHT | |
119 | ||
120 | Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
121 | ||
122 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
123 | this file except in compliance with the License. You can obtain a copy | |
124 | in the file LICENSE in the source distribution or at | |
125 | L<https://www.openssl.org/source/license.html>. | |
126 | ||
127 | =cut |
16 | 16 | |
17 | 17 | This is an alias for "X963KDF". |
18 | 18 | |
19 | See <EVP_KDF-X963(7)> for a list of supported parameters and examples. | |
19 | See L<EVP_KDF-X963(7)> for a list of supported parameters and examples. | |
20 | 20 | |
21 | 21 | =head1 HISTORY |
22 | 22 | |
24 | 24 | |
25 | 25 | =head1 COPYRIGHT |
26 | 26 | |
27 | Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
27 | Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
28 | 28 | |
29 | 29 | Licensed under the Apache License 2.0 (the "License"). You may not use |
30 | 30 | this file except in compliance with the License. You can obtain a copy |
12 | 12 | support the associated key, containing the public key I<pub> and the |
13 | 13 | private key I<priv>. |
14 | 14 | |
15 | In the FIPS provider they are non-approved algorithms and do not have the | |
16 | "fips=yes" property set. | |
17 | 15 | No additional parameters can be set during key generation. |
18 | 16 | |
19 | 17 |
85 | 85 | |
86 | 86 | =item HKDF, see L<EVP_KDF-HKDF(7)> |
87 | 87 | |
88 | =item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)> | |
89 | ||
88 | 90 | =item SSKDF, see L<EVP_KDF-SSKDF(7)> |
89 | 91 | |
90 | 92 | =item PBKDF2, see L<EVP_KDF-PBKDF2(7)> |
91 | 93 | |
92 | 94 | =item SSHKDF, see L<EVP_KDF-SSHKDF(7)> |
93 | 95 | |
94 | =item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)> | |
96 | =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)> | |
95 | 97 | |
96 | 98 | =item KBKDF, see L<EVP_KDF-KBKDF(7)> |
97 | 99 | |
113 | 115 | |
114 | 116 | =item X25519, see L<EVP_KEYEXCH-X25519(7)> |
115 | 117 | |
116 | This has the property "provider=fips,fips=no" | |
117 | ||
118 | 118 | =item X448, see L<EVP_KEYEXCH-X448(7)> |
119 | 119 | |
120 | This has the property "provider=fips,fips=no" | |
121 | ||
122 | 120 | =back |
123 | 121 | |
124 | 122 | =head2 Asymmetric Signature |
128 | 126 | =item DSA, see L<EVP_KEYEXCH-DSA(7)> |
129 | 127 | |
130 | 128 | =item RSA, see L<EVP_SIGNATURE-RSA(7)> |
129 | ||
130 | =item X25519, see L<EVP_SIGNATURE-ED25519(7)> | |
131 | ||
132 | =item X448, see L<EVP_SIGNATURE-ED448(7)> | |
131 | 133 | |
132 | 134 | =item HMAC, see L<EVP_SIGNATURE-HMAC(7)> |
133 | 135 | |
211 | 213 | |
212 | 214 | Known answer test for a signature. |
213 | 215 | |
216 | =item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>) | |
217 | ||
218 | Pairwise Consistency check for a signature. | |
219 | ||
214 | 220 | =item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>) |
215 | 221 | |
216 | 222 | Known answer test for a key derivation function. |
223 | 229 | |
224 | 230 | Known answer test for a Deterministic Random Bit Generator. |
225 | 231 | |
226 | =item "Pairwise_Consistency_Test" (B<OSSL_SELF_TEST_TYPE_PCT>) | |
232 | =item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>) | |
227 | 233 | |
228 | 234 | Conditional test that is run during the generation of key pairs. |
229 | 235 | |
297 | 303 | Key agreement tests used with the "KAT_KA" type. |
298 | 304 | |
299 | 305 | =item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>) |
306 | ||
307 | =item "TLS13_KDF_EXTRACT" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT>) | |
308 | ||
309 | =item "TLS13_KDF_EXPAND" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND>) | |
300 | 310 | |
301 | 311 | =item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>) |
302 | 312 |
80 | 80 | |
81 | 81 | =item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)> |
82 | 82 | |
83 | =item DES, see L<EVP_CIPHER-DES(7)> | |
84 | ||
85 | =item BF, see L<EVP_CIPHER-BLOWFISH(7)> | |
86 | ||
87 | =item IDEA, see L<EVP_CIPHER-IDEA(7)> | |
88 | ||
89 | =item CAST5, see L<EVP_CIPHER-CAST(7)> | |
83 | =item 3DES, see L<EVP_CIPHER-DES(7)> | |
90 | 84 | |
91 | 85 | =item SEED, see L<EVP_CIPHER-SEED(7)> |
92 | 86 | |
93 | 87 | =item SM4, see L<EVP_CIPHER-SM4(7)> |
94 | ||
95 | =item RC2, see L<EVP_CIPHER-RC2(7)> | |
96 | ||
97 | =item RC4, see L<EVP_CIPHER-RC4(7)> | |
98 | ||
99 | =item RC5, see L<EVP_CIPHER-RC5(7)> | |
100 | 88 | |
101 | 89 | =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)> |
102 | 90 |
21 | 21 | |
22 | 22 | =over 4 |
23 | 23 | |
24 | =item - | |
24 | =item * | |
25 | 25 | |
26 | 26 | Low level cryptographic APIs (use the high level APIs, such as EVP, instead) |
27 | 27 | |
28 | =item - | |
28 | =item * | |
29 | 29 | |
30 | 30 | Engines |
31 | 31 | |
32 | =item - | |
32 | =item * | |
33 | 33 | |
34 | 34 | Any functions that create or modify custom "METHODS" (for example |
35 | 35 | EVP_MD_meth_new(), EVP_CIPHER_meth_new(), EVP_PKEY_meth_new(), RSA_meth_new(), |
72 | 72 | |
73 | 73 | Edit the config file to add the following lines near the beginning: |
74 | 74 | |
75 | config_diagnostics = 1 | |
75 | 76 | openssl_conf = openssl_init |
76 | 77 | |
77 | 78 | .include /usr/local/ssl/fipsmodule.cnf |
89 | 90 | Obviously the include file location above should match the path and name of the |
90 | 91 | FIPS module config file that you installed earlier. |
91 | 92 | See L<https://github.com/openssl/openssl/blob/master/README-FIPS.md>. |
93 | ||
94 | For FIPS usage, it is recommened that the B<config_diagnostics> option is | |
95 | enabled to prevent accidental use of non-FIPS validated algorithms via broken | |
96 | or mistaken configuration. See L<config(5)>. | |
92 | 97 | |
93 | 98 | Any applications that use OpenSSL 3.0 and are started after these changes are |
94 | 99 | made will start using only the FIPS module unless those applications take |
104 | 109 | |
105 | 110 | =over 4 |
106 | 111 | |
107 | =item - | |
112 | =item * | |
108 | 113 | |
109 | 114 | You may not want all applications to use the FIPS module. |
110 | 115 | |
111 | 116 | It may be the case that some applications should and some should not use the |
112 | 117 | FIPS module. |
113 | 118 | |
114 | =item - | |
119 | =item * | |
115 | 120 | |
116 | 121 | If applications take explicit steps to not load the default config file or |
117 | 122 | set different settings. |
118 | 123 | |
119 | 124 | This method will not work for these cases. |
120 | 125 | |
121 | =item - | |
126 | =item * | |
122 | 127 | |
123 | 128 | The algorithms available in the FIPS module are a subset of the algorithms |
124 | 129 | that are available in the default OpenSSL Provider. |
126 | 131 | If any applications attempt to use any algorithms that are not present, |
127 | 132 | then they will fail. |
128 | 133 | |
129 | =item - | |
134 | =item * | |
130 | 135 | |
131 | 136 | Usage of certain deprecated APIs avoids the use of the FIPS module. |
132 | 137 | |
272 | 277 | does not load the "base" provider. All supporting algorithms that are in "base" |
273 | 278 | are also in "default", so it is unnecessary in this case: |
274 | 279 | |
280 | config_diagnostics = 1 | |
275 | 281 | openssl_conf = openssl_init |
276 | 282 | |
277 | 283 | .include /usr/local/ssl/fipsmodule.cnf |
183 | 183 | |
184 | 184 | =over 4 |
185 | 185 | |
186 | =item - | |
186 | =item * | |
187 | 187 | |
188 | 188 | KDF algorithms "SINGLE STEP" and "SSH" |
189 | 189 | |
190 | 190 | See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)> |
191 | 191 | |
192 | =item - | |
192 | =item * | |
193 | 193 | |
194 | 194 | MAC Algorithms "GMAC" and "KMAC" |
195 | 195 | |
196 | 196 | See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>. |
197 | 197 | |
198 | =item - | |
198 | =item * | |
199 | 199 | |
200 | 200 | KEM Algorithm "RSASVE" |
201 | 201 | |
202 | 202 | See L<EVP_KEM-RSA(7)>. |
203 | 203 | |
204 | =item - | |
204 | =item * | |
205 | 205 | |
206 | 206 | Cipher Algorithm "AES-SIV" |
207 | 207 | |
208 | 208 | See L<EVP_EncryptInit(3)/SIV Mode>. |
209 | 209 | |
210 | =item - | |
210 | =item * | |
211 | 211 | |
212 | 212 | AES Key Wrap inverse ciphers supported by EVP layer. |
213 | 213 | |
216 | 216 | "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and |
217 | 217 | "AES-256-WRAP-PAD-INV". |
218 | 218 | |
219 | =item AES CTS cipher added to EVP layer. | |
220 | ||
221 | The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS". | |
219 | =item * | |
220 | ||
221 | CTS ciphers added to EVP layer. | |
222 | ||
223 | The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS", | |
224 | "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS". | |
222 | 225 | CS1, CS2 and CS3 variants are supported. |
223 | 226 | |
224 | 227 | =back |
227 | 230 | |
228 | 231 | =over 4 |
229 | 232 | |
230 | =item - | |
233 | =item * | |
231 | 234 | |
232 | 235 | Added CAdES-BES signature verification support. |
233 | 236 | |
234 | =item - | |
237 | =item * | |
235 | 238 | |
236 | 239 | Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API. |
237 | 240 | |
238 | =item - | |
241 | =item * | |
239 | 242 | |
240 | 243 | Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM |
241 | 244 | |
243 | 246 | Its purpose is to support encryption and decryption of a digital envelope that |
244 | 247 | is both authenticated and encrypted using AES GCM mode. |
245 | 248 | |
246 | =item - | |
249 | =item * | |
247 | 250 | |
248 | 251 | L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public. |
249 | 252 | |
366 | 369 | Validation of SM2 keys has been separated from the validation of regular EC |
367 | 370 | keys, allowing to improve the SM2 validation process to reject loaded private |
368 | 371 | keys that are not conforming to the SM2 ISO standard. |
369 | In particular, a private scalar `k` outside the range `1 <= k < n-1` is now | |
370 | correctly rejected. | |
372 | In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is | |
373 | now correctly rejected. | |
371 | 374 | |
372 | 375 | =head4 EVP_PKEY_set_alias_type() method has been removed |
373 | 376 | |
436 | 439 | be set B<after> the cipher has been assigned to the cipher context. |
437 | 440 | See L<EVP_EncryptInit(3)/FLAGS> for more information. |
438 | 441 | |
442 | =head4 Validation of operation context parameters | |
443 | ||
444 | Due to move of the implementation of cryptographic operations to the | |
445 | providers, validation of various operation parameters can be postponed until | |
446 | the actual operation is executed where previously it happened immediately | |
447 | when an operation parameter was set. | |
448 | ||
449 | For example when setting an unsupported curve with | |
450 | EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail | |
451 | but later keygen operations with the EVP_PKEY_CTX will fail. | |
452 | ||
453 | ||
439 | 454 | =head2 Installation and Compilation |
440 | 455 | |
441 | 456 | Please refer to the INSTALL.md file in the top of the distribution for |
452 | 467 | |
453 | 468 | =over 4 |
454 | 469 | |
455 | =item 1) | |
470 | =item 1. | |
456 | 471 | |
457 | 472 | Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL. |
458 | 473 | |
459 | =item 2) | |
474 | =item 2. | |
460 | 475 | |
461 | 476 | Suppress the warnings. Refer to your compiler documentation on how to do this. |
462 | 477 | |
463 | =item 3) | |
478 | =item 3. | |
464 | 479 | |
465 | 480 | Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead |
466 | 481 | |
467 | 482 | =back |
483 | ||
484 | =head3 Error code changes | |
485 | ||
486 | As OpenSSL 3.0 provides a brand new Encoder/Decoder mechanism for working with | |
487 | widely used file formats, application code that checks for particular error | |
488 | reason codes on key loading failures might need an update. | |
489 | ||
490 | Password-protected keys may deserve special attention. If only some errors | |
491 | are treated as an indicator that the user should be asked about the password again, | |
492 | it's worth testing these scenarios and processing the newly relevant codes. | |
493 | ||
494 | There may be more cases to treat specially, depending on the calling application code. | |
468 | 495 | |
469 | 496 | =head2 Upgrading from OpenSSL 1.0.2 |
470 | 497 | |
474 | 501 | |
475 | 502 | =over 4 |
476 | 503 | |
477 | =item 1) | |
504 | =item 1. | |
478 | 505 | |
479 | 506 | The build and installation procedure has changed significantly. |
480 | 507 | |
482 | 509 | to build and install OpenSSL for your platform. Also read the various NOTES |
483 | 510 | files in the same directory, as applicable for your platform. |
484 | 511 | |
485 | =item 2) | |
512 | =item 2. | |
486 | 513 | |
487 | 514 | Many structures have been made opaque in OpenSSL 3.0. |
488 | 515 | |
500 | 527 | /* This line will now generate compiler errors */ |
501 | 528 | EVP_MD_CTX_init(&md_ctx); |
502 | 529 | |
503 | The code needs to be amended to look like this: | |
530 | The code needs to be amended to look like this: | |
531 | ||
504 | 532 | EVP_MD_CTX *md_ctx; |
505 | 533 | |
506 | 534 | md_ctx = EVP_MD_CTX_new(); |
508 | 536 | ... |
509 | 537 | EVP_MD_CTX_free(md_ctx); |
510 | 538 | |
511 | =item 3) | |
539 | =item 3. | |
512 | 540 | |
513 | 541 | Support for TLSv1.3 has been added. |
514 | 542 | |
581 | 609 | |
582 | 610 | =over 4 |
583 | 611 | |
584 | =item - | |
612 | =item * | |
585 | 613 | |
586 | 614 | L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>, |
587 | 615 | L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)> |
588 | 616 | |
589 | =item - | |
617 | =item * | |
590 | 618 | |
591 | 619 | L<BIO_new(3)> |
592 | 620 | |
593 | =item - | |
621 | =item * | |
594 | 622 | |
595 | 623 | b2i_RSA_PVK_bio() and i2b_PVK_bio() |
596 | 624 | |
597 | =item - | |
625 | =item * | |
598 | 626 | |
599 | 627 | L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)> |
600 | 628 | |
601 | =item - | |
629 | =item * | |
602 | 630 | |
603 | 631 | L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>, |
604 | 632 | L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>, |
605 | 633 | L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)> |
606 | 634 | |
607 | =item - | |
635 | =item * | |
608 | 636 | |
609 | 637 | L<CONF_modules_load_file(3)> |
610 | 638 | |
611 | =item - | |
639 | =item * | |
612 | 640 | |
613 | 641 | L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)> |
614 | 642 | |
615 | =item - | |
643 | =item * | |
616 | 644 | |
617 | 645 | L<CT_POLICY_EVAL_CTX_new(3)> |
618 | 646 | |
619 | =item - | |
647 | =item * | |
620 | 648 | |
621 | 649 | L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)> |
622 | 650 | |
623 | =item - | |
651 | =item * | |
624 | 652 | |
625 | 653 | L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)> |
626 | 654 | |
627 | 655 | Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)> |
628 | 656 | |
629 | =item - | |
657 | =item * | |
630 | 658 | |
631 | 659 | L<EC_GROUP_new(3)> |
632 | 660 | |
633 | 661 | Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>. |
634 | 662 | |
635 | =item - | |
663 | =item * | |
636 | 664 | |
637 | 665 | L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)> |
638 | 666 | |
639 | =item - | |
667 | =item * | |
640 | 668 | |
641 | 669 | L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)> |
642 | 670 | |
643 | =item - | |
671 | =item * | |
644 | 672 | |
645 | 673 | L<PKCS5_PBE_keyivgen(3)> |
646 | 674 | |
647 | =item - | |
675 | =item * | |
648 | 676 | |
649 | 677 | L<EVP_PKCS82PKEY(3)> |
650 | 678 | |
651 | =item - | |
679 | =item * | |
652 | 680 | |
653 | 681 | L<EVP_PKEY_CTX_new_id(3)> |
654 | 682 | |
655 | 683 | Use L<EVP_PKEY_CTX_new_from_name(3)> |
656 | 684 | |
657 | =item - | |
685 | =item * | |
658 | 686 | |
659 | 687 | L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)> |
660 | 688 | and L<EVP_PKEY_new_raw_public_key(3)> |
661 | 689 | |
662 | =item - | |
690 | =item * | |
663 | 691 | |
664 | 692 | L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)> |
665 | 693 | |
666 | =item - | |
694 | =item * | |
667 | 695 | |
668 | 696 | L<NCONF_new(3)> |
669 | 697 | |
670 | =item - | |
698 | =item * | |
671 | 699 | |
672 | 700 | L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)> |
673 | 701 | |
674 | =item - | |
702 | =item * | |
675 | 703 | |
676 | 704 | L<OPENSSL_thread_stop(3)> |
677 | 705 | |
678 | =item - | |
706 | =item * | |
679 | 707 | |
680 | 708 | L<OSSL_STORE_open(3)> |
681 | 709 | |
682 | =item - | |
710 | =item * | |
683 | 711 | |
684 | 712 | L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>, |
685 | 713 | L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)> |
686 | 714 | |
687 | =item - | |
715 | =item * | |
688 | 716 | |
689 | 717 | L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)> |
690 | 718 | and L<PEM_write_PUBKEY(3)> |
691 | 719 | |
692 | =item - | |
720 | =item * | |
693 | 721 | |
694 | 722 | L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)> |
695 | 723 | |
696 | =item - | |
724 | =item * | |
697 | 725 | |
698 | 726 | L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>, |
699 | 727 | L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>, |
701 | 729 | L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>, |
702 | 730 | L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)> |
703 | 731 | |
704 | =item - | |
732 | =item * | |
705 | 733 | |
706 | 734 | L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>, |
707 | 735 | L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)> |
708 | 736 | |
709 | =item - | |
737 | =item * | |
710 | 738 | |
711 | 739 | L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)> |
712 | 740 | |
713 | =item - | |
741 | =item * | |
714 | 742 | |
715 | 743 | L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)> |
716 | 744 | |
717 | =item - | |
745 | =item * | |
718 | 746 | |
719 | 747 | L<RAND_bytes(3)> and L<RAND_priv_bytes(3)> |
720 | 748 | |
721 | =item - | |
749 | =item * | |
722 | 750 | |
723 | 751 | L<SMIME_write_ASN1(3)> |
724 | 752 | |
725 | =item - | |
753 | =item * | |
726 | 754 | |
727 | 755 | L<SSL_load_client_CA_file(3)> |
728 | 756 | |
729 | =item - | |
757 | =item * | |
730 | 758 | |
731 | 759 | L<SSL_CTX_new(3)> |
732 | 760 | |
733 | =item - | |
761 | =item * | |
734 | 762 | |
735 | 763 | L<TS_RESP_CTX_new(3)> |
736 | 764 | |
737 | =item - | |
765 | =item * | |
738 | 766 | |
739 | 767 | L<X509_CRL_new(3)> |
740 | 768 | |
741 | =item - | |
769 | =item * | |
742 | 770 | |
743 | 771 | L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)> |
744 | 772 | |
745 | =item - | |
773 | =item * | |
746 | 774 | |
747 | 775 | L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)> |
748 | 776 | |
749 | =item - | |
777 | =item * | |
750 | 778 | |
751 | 779 | L<X509_NAME_hash(3)> |
752 | 780 | |
753 | =item - | |
781 | =item * | |
754 | 782 | |
755 | 783 | L<X509_new(3)> |
756 | 784 | |
757 | =item - | |
785 | =item * | |
758 | 786 | |
759 | 787 | L<X509_REQ_new(3)> and L<X509_REQ_verify(3)> |
760 | 788 | |
761 | =item - | |
789 | =item * | |
762 | 790 | |
763 | 791 | L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>, |
764 | 792 | L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)> |
772 | 800 | |
773 | 801 | =over 4 |
774 | 802 | |
775 | =item - | |
803 | =item * | |
776 | 804 | |
777 | 805 | L<BIO_new_from_core_bio(3)> |
778 | 806 | |
779 | =item - | |
807 | =item * | |
780 | 808 | |
781 | 809 | L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)> |
782 | 810 | |
783 | =item - | |
811 | =item * | |
784 | 812 | |
785 | 813 | L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)> |
786 | 814 | |
787 | =item - | |
815 | =item * | |
788 | 816 | |
789 | 817 | L<EVP_default_properties_enable_fips(3)> and |
790 | 818 | L<EVP_default_properties_is_fips_enabled(3)> |
791 | 819 | |
792 | =item - | |
820 | =item * | |
793 | 821 | |
794 | 822 | L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)> |
795 | 823 | |
796 | =item - | |
824 | =item * | |
797 | 825 | |
798 | 826 | L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)> |
799 | 827 | |
800 | =item - | |
828 | =item * | |
801 | 829 | |
802 | 830 | L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)> |
803 | 831 | |
804 | =item - | |
832 | =item * | |
805 | 833 | |
806 | 834 | L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)> |
807 | 835 | |
808 | =item - | |
836 | =item * | |
809 | 837 | |
810 | 838 | L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)> |
811 | 839 | |
812 | =item - | |
840 | =item * | |
813 | 841 | |
814 | 842 | L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)> |
815 | 843 | |
816 | =item - | |
844 | =item * | |
817 | 845 | |
818 | 846 | L<EVP_PKEY_CTX_new_from_pkey(3)> |
819 | 847 | |
820 | =item - | |
848 | =item * | |
821 | 849 | |
822 | 850 | L<EVP_PKEY_Q_keygen(3)> |
823 | 851 | |
824 | =item - | |
852 | =item * | |
825 | 853 | |
826 | 854 | L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)> |
827 | 855 | |
828 | =item - | |
856 | =item * | |
829 | 857 | |
830 | 858 | L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)> |
831 | 859 | |
832 | =item - | |
860 | =item * | |
833 | 861 | |
834 | 862 | L<EVP_set_default_properties(3)> |
835 | 863 | |
836 | =item - | |
864 | =item * | |
837 | 865 | |
838 | 866 | L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)> |
839 | 867 | |
840 | =item - | |
868 | =item * | |
841 | 869 | |
842 | 870 | L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)> |
843 | 871 | |
844 | =item - | |
872 | =item * | |
845 | 873 | |
846 | 874 | L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)> |
847 | 875 | |
848 | =item - | |
876 | =item * | |
849 | 877 | |
850 | 878 | L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)> |
851 | 879 | |
852 | =item - | |
880 | =item * | |
853 | 881 | |
854 | 882 | L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)> |
855 | 883 | |
856 | =item - | |
884 | =item * | |
857 | 885 | |
858 | 886 | L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)> |
859 | 887 | |
860 | =item - | |
888 | =item * | |
861 | 889 | |
862 | 890 | L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)> |
863 | 891 | |
864 | =item - | |
892 | =item * | |
865 | 893 | |
866 | 894 | L<OSSL_ENCODER_CTX_add_extra(3)> |
867 | 895 | |
868 | =item - | |
896 | =item * | |
869 | 897 | |
870 | 898 | L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)> |
871 | 899 | |
872 | =item - | |
900 | =item * | |
873 | 901 | |
874 | 902 | L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)> |
875 | 903 | |
876 | =item - | |
904 | =item * | |
877 | 905 | |
878 | 906 | L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>, |
879 | 907 | L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>, |
880 | 908 | L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)> |
881 | 909 | |
882 | =item - | |
910 | =item * | |
883 | 911 | |
884 | 912 | L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)> |
885 | 913 | |
886 | =item - | |
914 | =item * | |
887 | 915 | |
888 | 916 | L<OSSL_STORE_attach(3)> |
889 | 917 | |
890 | =item - | |
918 | =item * | |
891 | 919 | |
892 | 920 | L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)> |
893 | 921 | |
894 | =item - | |
922 | =item * | |
895 | 923 | |
896 | 924 | L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>, |
897 | 925 | L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)> |
1075 | 1103 | |
1076 | 1104 | =over 4 |
1077 | 1105 | |
1078 | =item - | |
1106 | =item * | |
1079 | 1107 | |
1080 | 1108 | AES_bi_ige_encrypt() and AES_ige_encrypt() |
1081 | 1109 | |
1088 | 1116 | is ever used. The security implications are believed to be minimal, but |
1089 | 1117 | this issue was never fixed for backwards compatibility reasons. |
1090 | 1118 | |
1091 | =item - | |
1119 | =item * | |
1092 | 1120 | |
1093 | 1121 | AES_encrypt(), AES_decrypt(), AES_set_encrypt_key(), AES_set_decrypt_key(), |
1094 | 1122 | AES_cbc_encrypt(), AES_cfb128_encrypt(), AES_cfb1_encrypt(), AES_cfb8_encrypt(), |
1095 | 1123 | AES_ecb_encrypt(), AES_ofb128_encrypt() |
1096 | 1124 | |
1097 | =item - | |
1125 | =item * | |
1098 | 1126 | |
1099 | 1127 | AES_unwrap_key(), AES_wrap_key() |
1100 | 1128 | |
1101 | 1129 | See L</Deprecated low-level encryption functions> |
1102 | 1130 | |
1103 | =item - | |
1131 | =item * | |
1104 | 1132 | |
1105 | 1133 | AES_options() |
1106 | 1134 | |
1107 | 1135 | There is no replacement. It returned a string indicating if the AES code was unrolled. |
1108 | 1136 | |
1109 | =item - | |
1137 | =item * | |
1110 | 1138 | |
1111 | 1139 | ASN1_digest(), ASN1_sign(), ASN1_verify() |
1112 | 1140 | |
1113 | 1141 | There are no replacements. These old functions are not used, and could be |
1114 | 1142 | disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7. |
1115 | 1143 | |
1116 | =item - | |
1144 | =item * | |
1117 | 1145 | |
1118 | 1146 | ASN1_STRING_length_set() |
1119 | 1147 | |
1121 | 1149 | This was a potentially unsafe function that could change the bounds of a |
1122 | 1150 | previously passed in pointer. |
1123 | 1151 | |
1124 | =item - | |
1152 | =item * | |
1125 | 1153 | |
1126 | 1154 | BF_encrypt(), BF_decrypt(), BF_set_key(), BF_cbc_encrypt(), BF_cfb64_encrypt(), |
1127 | 1155 | BF_ecb_encrypt(), BF_ofb64_encrypt() |
1129 | 1157 | See L</Deprecated low-level encryption functions>. |
1130 | 1158 | The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1131 | 1159 | |
1132 | =item - | |
1160 | =item * | |
1133 | 1161 | |
1134 | 1162 | BF_options() |
1135 | 1163 | |
1136 | 1164 | There is no replacement. This option returned a constant string. |
1137 | 1165 | |
1138 | =item - | |
1166 | =item * | |
1139 | 1167 | |
1140 | 1168 | BIO_get_callback(), BIO_set_callback(), BIO_debug_callback() |
1141 | 1169 | |
1142 | 1170 | Use the respective non-deprecated _ex() functions. |
1143 | 1171 | |
1144 | =item - | |
1172 | =item * | |
1145 | 1173 | |
1146 | 1174 | BN_is_prime_ex(), BN_is_prime_fasttest_ex() |
1147 | 1175 | |
1148 | 1176 | Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least |
1149 | 1177 | 64 rounds of the Miller-Rabin primality test. |
1150 | 1178 | |
1151 | =item - | |
1179 | =item * | |
1152 | 1180 | |
1153 | 1181 | BN_pseudo_rand(), BN_pseudo_rand_range() |
1154 | 1182 | |
1155 | 1183 | Use L<BN_rand(3)> and L<BN_rand_range(3)>. |
1156 | 1184 | |
1157 | =item - | |
1185 | =item * | |
1158 | 1186 | |
1159 | 1187 | BN_X931_derive_prime_ex(), BN_X931_generate_prime_ex(), BN_X931_generate_Xpq() |
1160 | 1188 | |
1162 | 1190 | by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated. |
1163 | 1191 | Use L<EVP_PKEY_keygen(3)> instead. |
1164 | 1192 | |
1165 | =item - | |
1193 | =item * | |
1166 | 1194 | |
1167 | 1195 | Camellia_encrypt(), Camellia_decrypt(), Camellia_set_key(), |
1168 | 1196 | Camellia_cbc_encrypt(), Camellia_cfb128_encrypt(), Camellia_cfb1_encrypt(), |
1171 | 1199 | |
1172 | 1200 | See L</Deprecated low-level encryption functions>. |
1173 | 1201 | |
1174 | =item - | |
1202 | =item * | |
1175 | 1203 | |
1176 | 1204 | CAST_encrypt(), CAST_decrypt(), CAST_set_key(), CAST_cbc_encrypt(), |
1177 | 1205 | CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt() |
1179 | 1207 | See L</Deprecated low-level encryption functions>. |
1180 | 1208 | The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1181 | 1209 | |
1182 | =item - | |
1210 | =item * | |
1183 | 1211 | |
1184 | 1212 | CMAC_CTX_new(), CMAC_CTX_cleanup(), CMAC_CTX_copy(), CMAC_CTX_free(), |
1185 | 1213 | CMAC_CTX_get0_cipher_ctx() |
1186 | 1214 | |
1187 | 1215 | See L</Deprecated low-level MAC functions>. |
1188 | 1216 | |
1189 | =item - | |
1217 | =item * | |
1190 | 1218 | |
1191 | 1219 | CMAC_Init(), CMAC_Update(), CMAC_Final(), CMAC_resume() |
1192 | 1220 | |
1193 | 1221 | See L</Deprecated low-level MAC functions>. |
1194 | 1222 | |
1195 | =item - | |
1223 | =item * | |
1196 | 1224 | |
1197 | 1225 | CRYPTO_mem_ctrl(), CRYPTO_mem_debug_free(), CRYPTO_mem_debug_malloc(), |
1198 | 1226 | CRYPTO_mem_debug_pop(), CRYPTO_mem_debug_push(), CRYPTO_mem_debug_realloc(), |
1202 | 1230 | Memory-leak checking has been deprecated in favor of more modern development |
1203 | 1231 | tools, such as compiler memory and leak sanitizers or Valgrind. |
1204 | 1232 | |
1205 | =item - | |
1233 | =item * | |
1234 | ||
1235 | CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(), | |
1236 | CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(), | |
1237 | CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(), | |
1238 | CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt() | |
1239 | ||
1240 | Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and | |
1241 | EVP_CipherFinal_ex() instead. | |
1242 | See the "cts_mode" parameter in | |
1243 | L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>. | |
1244 | See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example. | |
1245 | ||
1246 | =item * | |
1206 | 1247 | |
1207 | 1248 | d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(), |
1208 | 1249 | d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(), |
1216 | 1257 | |
1217 | 1258 | See L</Deprecated i2d and d2i functions for low-level key types> |
1218 | 1259 | |
1219 | =item - | |
1260 | =item * | |
1220 | 1261 | |
1221 | 1262 | DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(), |
1222 | 1263 | DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(), |
1232 | 1273 | Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB", |
1233 | 1274 | "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1234 | 1275 | |
1235 | =item - | |
1276 | =item * | |
1236 | 1277 | |
1237 | 1278 | DH_bits(), DH_security_bits(), DH_size() |
1238 | 1279 | |
1239 | 1280 | Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and |
1240 | 1281 | L<EVP_PKEY_get_size(3)>. |
1241 | 1282 | |
1242 | =item - | |
1283 | =item * | |
1243 | 1284 | |
1244 | 1285 | DH_check(), DH_check_ex(), DH_check_params(), DH_check_params_ex(), |
1245 | 1286 | DH_check_pub_key(), DH_check_pub_key_ex() |
1246 | 1287 | |
1247 | 1288 | See L</Deprecated low-level validation functions> |
1248 | 1289 | |
1249 | =item - | |
1290 | =item * | |
1250 | 1291 | |
1251 | 1292 | DH_clear_flags(), DH_test_flags(), DH_set_flags() |
1252 | 1293 | |
1255 | 1296 | Use EVP_PKEY_is_a() to determine the type of a key. |
1256 | 1297 | There is no replacement for setting these flags. |
1257 | 1298 | |
1258 | =item - | |
1299 | =item * | |
1259 | 1300 | |
1260 | 1301 | DH_compute_key() DH_compute_key_padded() |
1261 | 1302 | |
1262 | 1303 | See L</Deprecated low-level key exchange functions>. |
1263 | 1304 | |
1264 | =item - | |
1305 | =item * | |
1265 | 1306 | |
1266 | 1307 | DH_new(), DH_new_by_nid(), DH_free(), DH_up_ref() |
1267 | 1308 | |
1268 | 1309 | See L</Deprecated low-level object creation> |
1269 | 1310 | |
1270 | =item - | |
1311 | =item * | |
1271 | 1312 | |
1272 | 1313 | DH_generate_key(), DH_generate_parameters_ex() |
1273 | 1314 | |
1274 | 1315 | See L</Deprecated low-level key generation functions>. |
1275 | 1316 | |
1276 | =item - | |
1317 | =item * | |
1277 | 1318 | |
1278 | 1319 | DH_get0_pqg(), DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_key(), |
1279 | 1320 | DH_get0_priv_key(), DH_get0_pub_key(), DH_get_length(), DH_get_nid() |
1280 | 1321 | |
1281 | 1322 | See L</Deprecated low-level key parameter getters> |
1282 | 1323 | |
1283 | =item - | |
1324 | =item * | |
1284 | 1325 | |
1285 | 1326 | DH_get_1024_160(), DH_get_2048_224(), DH_get_2048_256() |
1286 | 1327 | |
1288 | 1329 | L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or |
1289 | 1330 | "dh_2048_256" when generating a DH key. |
1290 | 1331 | |
1291 | =item - | |
1332 | =item * | |
1292 | 1333 | |
1293 | 1334 | DH_KDF_X9_42() |
1294 | 1335 | |
1295 | 1336 | Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead. |
1296 | 1337 | |
1297 | =item - | |
1338 | =item * | |
1298 | 1339 | |
1299 | 1340 | DH_get_default_method(), DH_get0_engine(), DH_meth_*(), DH_new_method(), |
1300 | 1341 | DH_OpenSSL(), DH_get_ex_data(), DH_set_default_method(), DH_set_method(), |
1302 | 1343 | |
1303 | 1344 | See L</Providers are a replacement for engines and low-level method overrides> |
1304 | 1345 | |
1305 | =item - | |
1346 | =item * | |
1306 | 1347 | |
1307 | 1348 | DHparams_print(), DHparams_print_fp() |
1308 | 1349 | |
1309 | 1350 | See L</Deprecated low-level key printing functions> |
1310 | 1351 | |
1311 | =item - | |
1352 | =item * | |
1312 | 1353 | |
1313 | 1354 | DH_set0_key(), DH_set0_pqg(), DH_set_length() |
1314 | 1355 | |
1315 | 1356 | See L</Deprecated low-level key parameter setters> |
1316 | 1357 | |
1317 | =item - | |
1358 | =item * | |
1318 | 1359 | |
1319 | 1360 | DSA_bits(), DSA_security_bits(), DSA_size() |
1320 | 1361 | |
1321 | 1362 | Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and |
1322 | 1363 | L<EVP_PKEY_get_size(3)>. |
1323 | 1364 | |
1324 | =item - | |
1365 | =item * | |
1325 | 1366 | |
1326 | 1367 | DHparams_dup(), DSA_dup_DH() |
1327 | 1368 | |
1328 | 1369 | There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)> |
1329 | 1370 | and L<EVP_PKEY_dup(3)> instead. |
1330 | 1371 | |
1331 | =item - | |
1372 | =item * | |
1332 | 1373 | |
1333 | 1374 | DSA_generate_key(), DSA_generate_parameters_ex() |
1334 | 1375 | |
1335 | 1376 | See L</Deprecated low-level key generation functions>. |
1336 | 1377 | |
1337 | =item - | |
1378 | =item * | |
1338 | 1379 | |
1339 | 1380 | DSA_get0_engine(), DSA_get_default_method(), DSA_get_ex_data(), |
1340 | 1381 | DSA_get_method(), DSA_meth_*(), DSA_new_method(), DSA_OpenSSL(), |
1342 | 1383 | |
1343 | 1384 | See L</Providers are a replacement for engines and low-level method overrides>. |
1344 | 1385 | |
1345 | =item - | |
1386 | =item * | |
1346 | 1387 | |
1347 | 1388 | DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_pqg(), DSA_get0_key(), |
1348 | 1389 | DSA_get0_priv_key(), DSA_get0_pub_key() |
1349 | 1390 | |
1350 | 1391 | See L</Deprecated low-level key parameter getters>. |
1351 | 1392 | |
1352 | =item - | |
1393 | =item * | |
1353 | 1394 | |
1354 | 1395 | DSA_new(), DSA_free(), DSA_up_ref() |
1355 | 1396 | |
1356 | 1397 | See L</Deprecated low-level object creation> |
1357 | 1398 | |
1358 | =item - | |
1399 | =item * | |
1359 | 1400 | |
1360 | 1401 | DSAparams_dup() |
1361 | 1402 | |
1362 | 1403 | There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)> |
1363 | 1404 | and L<EVP_PKEY_dup(3)> instead. |
1364 | 1405 | |
1365 | =item - | |
1406 | =item * | |
1366 | 1407 | |
1367 | 1408 | DSAparams_print(), DSAparams_print_fp(), DSA_print(), DSA_print_fp() |
1368 | 1409 | |
1369 | 1410 | See L</Deprecated low-level key printing functions> |
1370 | 1411 | |
1371 | =item - | |
1412 | =item * | |
1372 | 1413 | |
1373 | 1414 | DSA_set0_key(), DSA_set0_pqg() |
1374 | 1415 | |
1375 | 1416 | See L</Deprecated low-level key parameter setters> |
1376 | 1417 | |
1377 | =item - | |
1418 | =item * | |
1378 | 1419 | |
1379 | 1420 | DSA_set_flags(), DSA_clear_flags(), DSA_test_flags() |
1380 | 1421 | |
1381 | 1422 | The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement. |
1382 | 1423 | |
1383 | =item - | |
1424 | =item * | |
1384 | 1425 | |
1385 | 1426 | DSA_sign(), DSA_do_sign(), DSA_sign_setup(), DSA_verify(), DSA_do_verify() |
1386 | 1427 | |
1387 | 1428 | See L</Deprecated low-level signing functions>. |
1388 | 1429 | |
1389 | =item - | |
1430 | =item * | |
1390 | 1431 | |
1391 | 1432 | ECDH_compute_key() |
1392 | 1433 | |
1393 | 1434 | See L</Deprecated low-level key exchange functions>. |
1394 | 1435 | |
1395 | =item - | |
1436 | =item * | |
1396 | 1437 | |
1397 | 1438 | ECDH_KDF_X9_62() |
1398 | 1439 | |
1400 | 1441 | L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an B<OSSL_PARAM> using the |
1401 | 1442 | "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES> |
1402 | 1443 | |
1403 | =item - | |
1444 | =item * | |
1404 | 1445 | |
1405 | 1446 | ECDSA_sign(), ECDSA_sign_ex(), ECDSA_sign_setup(), ECDSA_do_sign(), |
1406 | 1447 | ECDSA_do_sign_ex(), ECDSA_verify(), ECDSA_do_verify() |
1407 | 1448 | |
1408 | 1449 | See L</Deprecated low-level signing functions>. |
1409 | 1450 | |
1410 | =item - | |
1451 | =item * | |
1411 | 1452 | |
1412 | 1453 | ECDSA_size() |
1413 | 1454 | |
1414 | 1455 | Applications should use L<EVP_PKEY_get_size(3)>. |
1415 | 1456 | |
1416 | =item - | |
1457 | =item * | |
1417 | 1458 | |
1418 | 1459 | EC_GF2m_simple_method(), EC_GFp_mont_method(), EC_GFp_nist_method(), |
1419 | 1460 | EC_GFp_nistp224_method(), EC_GFp_nistp256_method(), EC_GFp_nistp521_method(), |
1423 | 1464 | library automatically assigning a suitable method internally when an EC_GROUP |
1424 | 1465 | is constructed. |
1425 | 1466 | |
1426 | =item - | |
1467 | =item * | |
1427 | 1468 | |
1428 | 1469 | EC_GROUP_clear_free() |
1429 | 1470 | |
1430 | 1471 | Use L<EC_GROUP_free(3)> instead. |
1431 | 1472 | |
1432 | =item - | |
1473 | =item * | |
1433 | 1474 | |
1434 | 1475 | EC_GROUP_get_curve_GF2m(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), |
1435 | 1476 | EC_GROUP_set_curve_GFp() |
1436 | 1477 | |
1437 | 1478 | Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>. |
1438 | 1479 | |
1439 | =item - | |
1480 | =item * | |
1440 | 1481 | |
1441 | 1482 | EC_GROUP_have_precompute_mult(), EC_GROUP_precompute_mult(), |
1442 | 1483 | EC_KEY_precompute_mult() |
1444 | 1485 | These functions are not widely used. Applications should instead switch to |
1445 | 1486 | named curves which OpenSSL has hardcoded lookup tables for. |
1446 | 1487 | |
1447 | =item - | |
1488 | =item * | |
1448 | 1489 | |
1449 | 1490 | EC_GROUP_new(), EC_GROUP_method_of(), EC_POINT_method_of() |
1450 | 1491 | |
1452 | 1493 | internally without application intervention. |
1453 | 1494 | Users of EC_GROUP_new() should switch to a different suitable constructor. |
1454 | 1495 | |
1455 | =item - | |
1496 | =item * | |
1456 | 1497 | |
1457 | 1498 | EC_KEY_can_sign() |
1458 | 1499 | |
1459 | 1500 | Applications should use L<EVP_PKEY_can_sign(3)> instead. |
1460 | 1501 | |
1461 | =item - | |
1502 | =item * | |
1462 | 1503 | |
1463 | 1504 | EC_KEY_check_key() |
1464 | 1505 | |
1465 | 1506 | See L</Deprecated low-level validation functions> |
1466 | 1507 | |
1467 | =item - | |
1508 | =item * | |
1468 | 1509 | |
1469 | 1510 | EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags() |
1470 | 1511 | |
1475 | 1516 | B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>. |
1476 | 1517 | See also L<EVP_PKEY-EC(7)/EXAMPLES> |
1477 | 1518 | |
1478 | =item - | |
1519 | =item * | |
1479 | 1520 | |
1480 | 1521 | EC_KEY_dup(), EC_KEY_copy() |
1481 | 1522 | |
1482 | 1523 | There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)> |
1483 | 1524 | and L<EVP_PKEY_dup(3)> instead. |
1484 | 1525 | |
1485 | =item - | |
1526 | =item * | |
1486 | 1527 | |
1487 | 1528 | EC_KEY_decoded_from_explicit_params() |
1488 | 1529 | |
1489 | 1530 | There is no replacement. |
1490 | 1531 | |
1491 | =item - | |
1532 | =item * | |
1492 | 1533 | |
1493 | 1534 | EC_KEY_generate_key() |
1494 | 1535 | |
1495 | 1536 | See L</Deprecated low-level key generation functions>. |
1496 | 1537 | |
1497 | =item - | |
1538 | =item * | |
1498 | 1539 | |
1499 | 1540 | EC_KEY_get0_group(), EC_KEY_get0_private_key(), EC_KEY_get0_public_key(), |
1500 | 1541 | EC_KEY_get_conv_form(), EC_KEY_get_enc_flags() |
1501 | 1542 | |
1502 | 1543 | See L</Deprecated low-level key parameter getters>. |
1503 | 1544 | |
1504 | =item - | |
1545 | =item * | |
1505 | 1546 | |
1506 | 1547 | EC_KEY_get0_engine(), EC_KEY_get_default_method(), EC_KEY_get_method(), |
1507 | 1548 | EC_KEY_new_method(), EC_KEY_get_ex_data(), EC_KEY_OpenSSL(), |
1510 | 1551 | |
1511 | 1552 | See L</Providers are a replacement for engines and low-level method overrides> |
1512 | 1553 | |
1513 | =item - | |
1554 | =item * | |
1514 | 1555 | |
1515 | 1556 | EC_METHOD_get_field_type() |
1516 | 1557 | |
1517 | 1558 | Use L<EC_GROUP_get_field_type(3)> instead. |
1518 | 1559 | See L</Providers are a replacement for engines and low-level method overrides> |
1519 | 1560 | |
1520 | =item - | |
1561 | =item * | |
1521 | 1562 | |
1522 | 1563 | EC_KEY_key2buf(), EC_KEY_oct2key(), EC_KEY_oct2priv(), EC_KEY_priv2buf(), |
1523 | 1564 | EC_KEY_priv2oct() |
1524 | 1565 | |
1525 | 1566 | There are no replacements for these. |
1526 | 1567 | |
1527 | =item - | |
1568 | =item * | |
1528 | 1569 | |
1529 | 1570 | EC_KEY_new(), EC_KEY_new_by_curve_name(), EC_KEY_free(), EC_KEY_up_ref() |
1530 | 1571 | |
1531 | 1572 | See L</Deprecated low-level object creation> |
1532 | 1573 | |
1533 | =item - | |
1574 | =item * | |
1534 | 1575 | |
1535 | 1576 | EC_KEY_print(), EC_KEY_print_fp() |
1536 | 1577 | |
1537 | 1578 | See L</Deprecated low-level key printing functions> |
1538 | 1579 | |
1539 | =item - | |
1580 | =item * | |
1540 | 1581 | |
1541 | 1582 | EC_KEY_set_asn1_flag(), EC_KEY_set_conv_form(), EC_KEY_set_enc_flags() |
1542 | 1583 | |
1543 | 1584 | See L</Deprecated low-level key parameter setters>. |
1544 | 1585 | |
1545 | =item - | |
1586 | =item * | |
1546 | 1587 | |
1547 | 1588 | EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(), |
1548 | 1589 | EC_KEY_set_public_key_affine_coordinates() |
1549 | 1590 | |
1550 | 1591 | See L</Deprecated low-level key parameter setters>. |
1551 | 1592 | |
1552 | =item - | |
1593 | =item * | |
1553 | 1594 | |
1554 | 1595 | ECParameters_print(), ECParameters_print_fp(), ECPKParameters_print(), |
1555 | 1596 | ECPKParameters_print_fp() |
1556 | 1597 | |
1557 | 1598 | See L</Deprecated low-level key printing functions> |
1558 | 1599 | |
1559 | =item - | |
1600 | =item * | |
1560 | 1601 | |
1561 | 1602 | EC_POINT_bn2point(), EC_POINT_point2bn() |
1562 | 1603 | |
1563 | 1604 | These functions were not particularly useful, since EC point serialization |
1564 | 1605 | formats are not individual big-endian integers. |
1565 | 1606 | |
1566 | =item - | |
1607 | =item * | |
1567 | 1608 | |
1568 | 1609 | EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GFp(), |
1569 | 1610 | EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp() |
1571 | 1612 | Applications should use L<EC_POINT_get_affine_coordinates(3)> and |
1572 | 1613 | L<EC_POINT_set_affine_coordinates(3)> instead. |
1573 | 1614 | |
1574 | =item - | |
1615 | =item * | |
1575 | 1616 | |
1576 | 1617 | EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_Jprojective_coordinates_GFp() |
1577 | 1618 | |
1579 | 1620 | L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)> |
1580 | 1621 | functions. |
1581 | 1622 | |
1582 | =item - | |
1623 | =item * | |
1583 | 1624 | |
1584 | 1625 | EC_POINT_make_affine(), EC_POINTs_make_affine() |
1585 | 1626 | |
1586 | 1627 | There is no replacement. These functions were not widely used, and OpenSSL |
1587 | 1628 | automatically performs this conversion when needed. |
1588 | 1629 | |
1589 | =item - | |
1630 | =item * | |
1590 | 1631 | |
1591 | 1632 | EC_POINT_set_compressed_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GFp() |
1592 | 1633 | |
1593 | 1634 | Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead. |
1594 | 1635 | |
1595 | =item - | |
1636 | =item * | |
1596 | 1637 | |
1597 | 1638 | EC_POINTs_mul() |
1598 | 1639 | |
1599 | 1640 | This function is not widely used. Applications should instead use the |
1600 | 1641 | L<EC_POINT_mul(3)> function. |
1601 | 1642 | |
1602 | =item - | |
1643 | =item * | |
1603 | 1644 | |
1604 | 1645 | B<ENGINE_*()> |
1605 | 1646 | |
1606 | 1647 | All engine functions are deprecated. An engine should be rewritten as a provider. |
1607 | 1648 | See L</Providers are a replacement for engines and low-level method overrides>. |
1608 | 1649 | |
1609 | =item - | |
1650 | =item * | |
1610 | 1651 | |
1611 | 1652 | B<ERR_load_*()>, ERR_func_error_string(), ERR_get_error_line(), |
1612 | 1653 | ERR_get_error_line_data(), ERR_get_state() |
1613 | 1654 | |
1614 | 1655 | OpenSSL now loads error strings automatically so these functions are not needed. |
1615 | 1656 | |
1616 | =item - | |
1657 | =item * | |
1617 | 1658 | |
1618 | 1659 | ERR_peek_error_line_data(), ERR_peek_last_error_line_data() |
1619 | 1660 | |
1624 | 1665 | with ERR_peek functions and finish off with getting the error code by using |
1625 | 1666 | L<ERR_get_error(3)>. |
1626 | 1667 | |
1627 | =item - | |
1668 | =item * | |
1628 | 1669 | |
1629 | 1670 | EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_iv_noconst(), EVP_CIPHER_CTX_original_iv() |
1630 | 1671 | |
1633 | 1674 | respectively. |
1634 | 1675 | See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information. |
1635 | 1676 | |
1636 | =item - | |
1677 | =item * | |
1637 | 1678 | |
1638 | 1679 | B<EVP_CIPHER_meth_*()>, EVP_MD_CTX_set_update_fn(), EVP_MD_CTX_update_fn(), |
1639 | 1680 | B<EVP_MD_meth_*()> |
1640 | 1681 | |
1641 | 1682 | See L</Providers are a replacement for engines and low-level method overrides>. |
1642 | 1683 | |
1643 | =item - | |
1684 | =item * | |
1644 | 1685 | |
1645 | 1686 | EVP_PKEY_CTRL_PKCS7_ENCRYPT(), EVP_PKEY_CTRL_PKCS7_DECRYPT(), |
1646 | 1687 | EVP_PKEY_CTRL_PKCS7_SIGN(), EVP_PKEY_CTRL_CMS_ENCRYPT(), |
1650 | 1691 | are replaced by direct checks of the key operation against the key type |
1651 | 1692 | when the operation is initialized. |
1652 | 1693 | |
1653 | =item - | |
1694 | =item * | |
1654 | 1695 | |
1655 | 1696 | EVP_PKEY_CTX_get0_dh_kdf_ukm(), EVP_PKEY_CTX_get0_ecdh_kdf_ukm() |
1656 | 1697 | |
1658 | 1699 | L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>. |
1659 | 1700 | These functions are obsolete and should not be required. |
1660 | 1701 | |
1661 | =item - | |
1702 | =item * | |
1662 | 1703 | |
1663 | 1704 | EVP_PKEY_CTX_set_rsa_keygen_pubexp() |
1664 | 1705 | |
1665 | 1706 | Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead. |
1666 | 1707 | |
1667 | =item - | |
1708 | =item * | |
1668 | 1709 | |
1669 | 1710 | EVP_PKEY_cmp(), EVP_PKEY_cmp_parameters() |
1670 | 1711 | |
1671 | 1712 | Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead. |
1672 | 1713 | See L<EVP_PKEY_copy_parameters(3)> for further details. |
1673 | 1714 | |
1674 | =item - | |
1715 | =item * | |
1675 | 1716 | |
1676 | 1717 | EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(), |
1677 | 1718 | |
1678 | 1719 | Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or |
1679 | 1720 | L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead. |
1680 | 1721 | |
1681 | =item - | |
1722 | =item * | |
1682 | 1723 | |
1683 | 1724 | EVP_PKEY_get0() |
1684 | 1725 | |
1685 | 1726 | This function returns NULL if the key comes from a provider. |
1686 | 1727 | |
1687 | =item - | |
1728 | =item * | |
1688 | 1729 | |
1689 | 1730 | EVP_PKEY_get0_DH(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_RSA(), |
1690 | 1731 | EVP_PKEY_get1_DH(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA(), |
1692 | 1733 | |
1693 | 1734 | See L</Functions that return an internal key should be treated as read only>. |
1694 | 1735 | |
1695 | =item - | |
1736 | =item * | |
1696 | 1737 | |
1697 | 1738 | B<EVP_PKEY_meth_*()> |
1698 | 1739 | |
1699 | 1740 | See L</Providers are a replacement for engines and low-level method overrides>. |
1700 | 1741 | |
1701 | =item - | |
1742 | =item * | |
1702 | 1743 | |
1703 | 1744 | EVP_PKEY_new_CMAC_key() |
1704 | 1745 | |
1705 | 1746 | See L</Deprecated low-level MAC functions>. |
1706 | 1747 | |
1707 | =item - | |
1748 | =item * | |
1708 | 1749 | |
1709 | 1750 | EVP_PKEY_assign(), EVP_PKEY_set1_DH(), EVP_PKEY_set1_DSA(), |
1710 | 1751 | EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_RSA() |
1711 | 1752 | |
1712 | 1753 | See L</Deprecated low-level key object getters and setters> |
1713 | 1754 | |
1714 | =item - | |
1755 | =item * | |
1715 | 1756 | |
1716 | 1757 | EVP_PKEY_set1_tls_encodedpoint() EVP_PKEY_get1_tls_encodedpoint() |
1717 | 1758 | |
1722 | 1763 | The old versions have been converted to deprecated macros that just call the |
1723 | 1764 | new functions. |
1724 | 1765 | |
1725 | =item - | |
1766 | =item * | |
1726 | 1767 | |
1727 | 1768 | EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine() |
1728 | 1769 | |
1729 | 1770 | See L</Providers are a replacement for engines and low-level method overrides>. |
1730 | 1771 | |
1731 | =item - | |
1772 | =item * | |
1732 | 1773 | |
1733 | 1774 | EVP_PKEY_set_alias_type() |
1734 | 1775 | |
1735 | 1776 | This function has been removed. There is no replacement. |
1736 | 1777 | See L</EVP_PKEY_set_alias_type() method has been removed> |
1737 | 1778 | |
1738 | =item - | |
1779 | =item * | |
1739 | 1780 | |
1740 | 1781 | HMAC_Init_ex(), HMAC_Update(), HMAC_Final(), HMAC_size() |
1741 | 1782 | |
1742 | 1783 | See L</Deprecated low-level MAC functions>. |
1743 | 1784 | |
1744 | =item - | |
1785 | =item * | |
1745 | 1786 | |
1746 | 1787 | HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_copy(), HMAC_CTX_reset(), |
1747 | 1788 | HMAC_CTX_set_flags(), HMAC_CTX_get_md() |
1748 | 1789 | |
1749 | 1790 | See L</Deprecated low-level MAC functions>. |
1750 | 1791 | |
1751 | =item - | |
1792 | =item * | |
1752 | 1793 | |
1753 | 1794 | i2d_DHparams(), i2d_DHxparams() |
1754 | 1795 | |
1755 | 1796 | See L</Deprecated low-level key reading and writing functions> |
1756 | 1797 | and L<d2i_RSAPrivateKey(3)/Migration> |
1757 | 1798 | |
1758 | =item - | |
1799 | =item * | |
1759 | 1800 | |
1760 | 1801 | i2d_DSAparams(), i2d_DSAPrivateKey(), i2d_DSAPrivateKey_bio(), |
1761 | 1802 | i2d_DSAPrivateKey_fp(), i2d_DSA_PUBKEY(), i2d_DSA_PUBKEY_bio(), |
1764 | 1805 | See L</Deprecated low-level key reading and writing functions> |
1765 | 1806 | and L<d2i_RSAPrivateKey(3)/Migration> |
1766 | 1807 | |
1767 | =item - | |
1808 | =item * | |
1768 | 1809 | |
1769 | 1810 | i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(), |
1770 | 1811 | i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(), |
1773 | 1814 | See L</Deprecated low-level key reading and writing functions> |
1774 | 1815 | and L<d2i_RSAPrivateKey(3)/Migration> |
1775 | 1816 | |
1776 | =item - | |
1817 | =item * | |
1777 | 1818 | |
1778 | 1819 | i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(), |
1779 | 1820 | i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(), |
1782 | 1823 | See L</Deprecated low-level key reading and writing functions> |
1783 | 1824 | and L<d2i_RSAPrivateKey(3)/Migration> |
1784 | 1825 | |
1785 | =item - | |
1826 | =item * | |
1786 | 1827 | |
1787 | 1828 | IDEA_encrypt(), IDEA_set_decrypt_key(), IDEA_set_encrypt_key(), |
1788 | 1829 | IDEA_cbc_encrypt(), IDEA_cfb64_encrypt(), IDEA_ecb_encrypt(), |
1791 | 1832 | See L</Deprecated low-level encryption functions>. |
1792 | 1833 | IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1793 | 1834 | |
1794 | =item - | |
1835 | =item * | |
1795 | 1836 | |
1796 | 1837 | IDEA_options() |
1797 | 1838 | |
1798 | 1839 | There is no replacement. This function returned a constant string. |
1799 | 1840 | |
1800 | =item - | |
1841 | =item * | |
1801 | 1842 | |
1802 | 1843 | MD2(), MD2_Init(), MD2_Update(), MD2_Final() |
1803 | 1844 | |
1804 | 1845 | See L</Deprecated low-level encryption functions>. |
1805 | 1846 | MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1806 | 1847 | |
1807 | =item - | |
1848 | =item * | |
1808 | 1849 | |
1809 | 1850 | MD2_options() |
1810 | 1851 | |
1811 | 1852 | There is no replacement. This function returned a constant string. |
1812 | 1853 | |
1813 | =item - | |
1854 | =item * | |
1814 | 1855 | |
1815 | 1856 | MD4(), MD4_Init(), MD4_Update(), MD4_Final(), MD4_Transform() |
1816 | 1857 | |
1817 | 1858 | See L</Deprecated low-level encryption functions>. |
1818 | 1859 | MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1819 | 1860 | |
1820 | =item - | |
1861 | =item * | |
1821 | 1862 | |
1822 | 1863 | MDC2(), MDC2_Init(), MDC2_Update(), MDC2_Final() |
1823 | 1864 | |
1824 | 1865 | See L</Deprecated low-level encryption functions>. |
1825 | 1866 | MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1826 | 1867 | |
1827 | =item - | |
1868 | =item * | |
1828 | 1869 | |
1829 | 1870 | MD5(), MD5_Init(), MD5_Update(), MD5_Final(), MD5_Transform() |
1830 | 1871 | |
1831 | 1872 | See L</Deprecated low-level encryption functions>. |
1832 | 1873 | |
1833 | =item - | |
1874 | =item * | |
1834 | 1875 | |
1835 | 1876 | NCONF_WIN32() |
1836 | 1877 | |
1837 | 1878 | This undocumented function has no replacement. |
1838 | 1879 | See L<config(5)/HISTORY> for more details. |
1839 | 1880 | |
1840 | =item - | |
1881 | =item * | |
1841 | 1882 | |
1842 | 1883 | OCSP_parse_url() |
1843 | 1884 | |
1844 | 1885 | Use L<OSSL_HTTP_parse_url(3)> instead. |
1845 | 1886 | |
1846 | =item - | |
1887 | =item * | |
1847 | 1888 | |
1848 | 1889 | B<OCSP_REQ_CTX> type and B<OCSP_REQ_CTX_*()> functions |
1849 | 1890 | |
1853 | 1894 | with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional |
1854 | 1895 | details. |
1855 | 1896 | |
1856 | =item - | |
1897 | =item * | |
1857 | 1898 | |
1858 | 1899 | OPENSSL_fork_child(), OPENSSL_fork_parent(), OPENSSL_fork_prepare() |
1859 | 1900 | |
1860 | 1901 | There is no replacement for these functions. These pthread fork support methods |
1861 | 1902 | were unused by OpenSSL. |
1862 | 1903 | |
1863 | =item - | |
1904 | =item * | |
1864 | 1905 | |
1865 | 1906 | OSSL_STORE_ctrl(), OSSL_STORE_do_all_loaders(), OSSL_STORE_LOADER_get0_engine(), |
1866 | 1907 | OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_new(), |
1876 | 1917 | schemes they supported. These are all deprecated and discouraged in favour of |
1877 | 1918 | provider implementations, see L<provider-storemgmt(7)>. |
1878 | 1919 | |
1879 | =item - | |
1920 | =item * | |
1880 | 1921 | |
1881 | 1922 | PEM_read_DHparams(), PEM_read_bio_DHparams(), |
1882 | 1923 | PEM_read_DSAparams(), PEM_read_bio_DSAparams(), |
1897 | 1938 | |
1898 | 1939 | See L</Deprecated low-level key reading and writing functions> |
1899 | 1940 | |
1900 | =item - | |
1941 | =item * | |
1901 | 1942 | |
1902 | 1943 | PKCS1_MGF1() |
1903 | 1944 | |
1904 | 1945 | See L</Deprecated low-level encryption functions>. |
1905 | 1946 | |
1906 | =item - | |
1947 | =item * | |
1907 | 1948 | |
1908 | 1949 | RAND_get_rand_method(), RAND_set_rand_method(), RAND_OpenSSL(), |
1909 | 1950 | RAND_set_rand_engine() |
1912 | 1953 | L<EVP_RAND(3)> and L<EVP_RAND(7)>. |
1913 | 1954 | See L<RAND_set_rand_method(3)> for more details. |
1914 | 1955 | |
1915 | =item - | |
1956 | =item * | |
1916 | 1957 | |
1917 | 1958 | RC2_encrypt(), RC2_decrypt(), RC2_set_key(), RC2_cbc_encrypt(), RC2_cfb64_encrypt(), |
1918 | 1959 | RC2_ecb_encrypt(), RC2_ofb64_encrypt(), |
1923 | 1964 | See L</Deprecated low-level encryption functions>. |
1924 | 1965 | The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1925 | 1966 | |
1926 | =item - | |
1967 | =item * | |
1927 | 1968 | |
1928 | 1969 | RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update(), RIPEMD160_Final(), |
1929 | 1970 | RIPEMD160_Transform() |
1931 | 1972 | See L</Deprecated low-level digest functions>. |
1932 | 1973 | The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
1933 | 1974 | |
1934 | =item - | |
1975 | =item * | |
1935 | 1976 | |
1936 | 1977 | RSA_bits(), RSA_security_bits(), RSA_size() |
1937 | 1978 | |
1938 | 1979 | Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and |
1939 | 1980 | L<EVP_PKEY_get_size(3)>. |
1940 | 1981 | |
1941 | =item - | |
1982 | =item * | |
1942 | 1983 | |
1943 | 1984 | RSA_check_key(), RSA_check_key_ex() |
1944 | 1985 | |
1945 | 1986 | See L</Deprecated low-level validation functions> |
1946 | 1987 | |
1947 | =item - | |
1988 | =item * | |
1948 | 1989 | |
1949 | 1990 | RSA_clear_flags(), RSA_flags(), RSA_set_flags(), RSA_test_flags(), |
1950 | 1991 | RSA_setup_blinding(), RSA_blinding_off(), RSA_blinding_on() |
1955 | 1996 | B<RSA_FLAG_EXT_PKEY>, B<RSA_FLAG_NO_BLINDING>, B<RSA_FLAG_THREAD_SAFE> |
1956 | 1997 | B<RSA_METHOD_FLAG_NO_CHECK> |
1957 | 1998 | |
1958 | =item - | |
1999 | =item * | |
1959 | 2000 | |
1960 | 2001 | RSA_generate_key_ex(), RSA_generate_multi_prime_key() |
1961 | 2002 | |
1962 | 2003 | See L</Deprecated low-level key generation functions>. |
1963 | 2004 | |
1964 | =item - | |
2005 | =item * | |
1965 | 2006 | |
1966 | 2007 | RSA_get0_engine() |
1967 | 2008 | |
1968 | 2009 | See L</Providers are a replacement for engines and low-level method overrides> |
1969 | 2010 | |
1970 | =item - | |
2011 | =item * | |
1971 | 2012 | |
1972 | 2013 | RSA_get0_crt_params(), RSA_get0_d(), RSA_get0_dmp1(), RSA_get0_dmq1(), |
1973 | 2014 | RSA_get0_e(), RSA_get0_factors(), RSA_get0_iqmp(), RSA_get0_key(), |
1977 | 2018 | |
1978 | 2019 | See L</Deprecated low-level key parameter getters> |
1979 | 2020 | |
1980 | =item - | |
2021 | =item * | |
1981 | 2022 | |
1982 | 2023 | RSA_new(), RSA_free(), RSA_up_ref() |
1983 | 2024 | |
1984 | 2025 | See L</Deprecated low-level object creation>. |
1985 | 2026 | |
1986 | =item - | |
2027 | =item * | |
1987 | 2028 | |
1988 | 2029 | RSA_get_default_method(), RSA_get_ex_data and RSA_get_method() |
1989 | 2030 | |
1990 | 2031 | See L</Providers are a replacement for engines and low-level method overrides>. |
1991 | 2032 | |
1992 | =item - | |
2033 | =item * | |
1993 | 2034 | |
1994 | 2035 | RSA_get_version() |
1995 | 2036 | |
1996 | 2037 | There is no replacement. |
1997 | 2038 | |
1998 | =item - | |
2039 | =item * | |
1999 | 2040 | |
2000 | 2041 | B<RSA_meth_*()>, RSA_new_method(), RSA_null_method and RSA_PKCS1_OpenSSL() |
2001 | 2042 | |
2002 | 2043 | See L</Providers are a replacement for engines and low-level method overrides>. |
2003 | 2044 | |
2004 | =item - | |
2045 | =item * | |
2005 | 2046 | |
2006 | 2047 | B<RSA_padding_add_*()>, B<RSA_padding_check_*()> |
2007 | 2048 | |
2008 | 2049 | See L</Deprecated low-level signing functions> and |
2009 | 2050 | L</Deprecated low-level encryption functions>. |
2010 | 2051 | |
2011 | =item - | |
2052 | =item * | |
2012 | 2053 | |
2013 | 2054 | RSA_print(), RSA_print_fp() |
2014 | 2055 | |
2015 | 2056 | See L</Deprecated low-level key printing functions> |
2016 | 2057 | |
2017 | =item - | |
2058 | =item * | |
2018 | 2059 | |
2019 | 2060 | RSA_public_encrypt(), RSA_private_decrypt() |
2020 | 2061 | |
2021 | 2062 | See L</Deprecated low-level encryption functions> |
2022 | 2063 | |
2023 | =item - | |
2064 | =item * | |
2024 | 2065 | |
2025 | 2066 | RSA_private_encrypt(), RSA_public_decrypt() |
2026 | 2067 | |
2027 | 2068 | This is equivalent to doing sign and verify recover operations (with a padding |
2028 | 2069 | mode of none). See L</Deprecated low-level signing functions>. |
2029 | 2070 | |
2030 | =item - | |
2071 | =item * | |
2031 | 2072 | |
2032 | 2073 | RSAPrivateKey_dup(), RSAPublicKey_dup() |
2033 | 2074 | |
2034 | 2075 | There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>. |
2035 | 2076 | |
2036 | =item - | |
2077 | =item * | |
2037 | 2078 | |
2038 | 2079 | RSAPublicKey_it(), RSAPrivateKey_it() |
2039 | 2080 | |
2040 | 2081 | See L</Deprecated low-level key reading and writing functions> |
2041 | 2082 | |
2042 | =item - | |
2083 | =item * | |
2043 | 2084 | |
2044 | 2085 | RSA_set0_crt_params(), RSA_set0_factors(), RSA_set0_key(), |
2045 | 2086 | RSA_set0_multi_prime_params() |
2046 | 2087 | |
2047 | 2088 | See L</Deprecated low-level key parameter setters>. |
2048 | 2089 | |
2049 | =item - | |
2090 | =item * | |
2050 | 2091 | |
2051 | 2092 | RSA_set_default_method(), RSA_set_method(), RSA_set_ex_data() |
2052 | 2093 | |
2053 | 2094 | See L</Providers are a replacement for engines and low-level method overrides> |
2054 | 2095 | |
2055 | =item - | |
2096 | =item * | |
2056 | 2097 | |
2057 | 2098 | RSA_sign(), RSA_sign_ASN1_OCTET_STRING(), RSA_verify(), |
2058 | 2099 | RSA_verify_ASN1_OCTET_STRING(), RSA_verify_PKCS1_PSS(), |
2060 | 2101 | |
2061 | 2102 | See L</Deprecated low-level signing functions>. |
2062 | 2103 | |
2063 | =item - | |
2104 | =item * | |
2064 | 2105 | |
2065 | 2106 | RSA_X931_derive_ex(), RSA_X931_generate_key_ex(), RSA_X931_hash_id() |
2066 | 2107 | |
2068 | 2109 | X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>. |
2069 | 2110 | See B<OSSL_SIGNATURE_PARAM_PAD_MODE>. |
2070 | 2111 | |
2071 | =item - | |
2112 | =item * | |
2072 | 2113 | |
2073 | 2114 | SEED_encrypt(), SEED_decrypt(), SEED_set_key(), SEED_cbc_encrypt(), |
2074 | 2115 | SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt() |
2076 | 2117 | See L</Deprecated low-level encryption functions>. |
2077 | 2118 | The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
2078 | 2119 | |
2079 | =item - | |
2120 | =item * | |
2080 | 2121 | |
2081 | 2122 | SHA1_Init(), SHA1_Update(), SHA1_Final(), SHA1_Transform(), |
2082 | 2123 | SHA224_Init(), SHA224_Update(), SHA224_Final(), |
2086 | 2127 | |
2087 | 2128 | See L</Deprecated low-level digest functions>. |
2088 | 2129 | |
2089 | =item - | |
2130 | =item * | |
2090 | 2131 | |
2091 | 2132 | SRP_Calc_A(), SRP_Calc_B(), SRP_Calc_client_key(), SRP_Calc_server_key(), |
2092 | 2133 | SRP_Calc_u(), SRP_Calc_x(), SRP_check_known_gN_param(), SRP_create_verifier(), |
2097 | 2138 | |
2098 | 2139 | There are no replacements for the SRP functions. |
2099 | 2140 | |
2100 | =item - | |
2141 | =item * | |
2101 | 2142 | |
2102 | 2143 | SSL_CTX_set_tmp_dh_callback(), SSL_set_tmp_dh_callback(), |
2103 | 2144 | SSL_CTX_set_tmp_dh(), SSL_set_tmp_dh() |
2113 | 2154 | longer supported by OpenSSL. Use of the callback functions should be replaced |
2114 | 2155 | by one of the other methods described above. |
2115 | 2156 | |
2116 | =item - | |
2157 | =item * | |
2117 | 2158 | |
2118 | 2159 | SSL_CTX_set_tlsext_ticket_key_cb() |
2119 | 2160 | |
2120 | 2161 | Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead. |
2121 | 2162 | |
2122 | =item - | |
2163 | =item * | |
2123 | 2164 | |
2124 | 2165 | WHIRLPOOL(), WHIRLPOOL_Init(), WHIRLPOOL_Update(), WHIRLPOOL_Final(), |
2125 | 2166 | WHIRLPOOL_BitUpdate() |
2127 | 2168 | See L</Deprecated low-level digest functions>. |
2128 | 2169 | The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. |
2129 | 2170 | |
2130 | =item - | |
2171 | =item * | |
2131 | 2172 | |
2132 | 2173 | X509_certificate_type() |
2133 | 2174 | |
2134 | 2175 | This was an undocumented function. Applications can use L<X509_get0_pubkey(3)> |
2135 | 2176 | and L<X509_get0_signature(3)> instead. |
2136 | 2177 | |
2137 | =item - | |
2178 | =item * | |
2138 | 2179 | |
2139 | 2180 | X509_http_nbio(), X509_CRL_http_nbio() |
2140 | 2181 | |
2213 | 2254 | |
2214 | 2255 | =over 4 |
2215 | 2256 | |
2216 | =item - | |
2257 | =item * | |
2217 | 2258 | |
2218 | 2259 | TLS 1.3 FFDHE key exchange support added |
2219 | 2260 | |
2220 | 2261 | This uses DH safe prime named groups. |
2221 | 2262 | |
2222 | =item - | |
2263 | =item * | |
2223 | 2264 | |
2224 | 2265 | Support for fully "pluggable" TLSv1.3 groups. |
2225 | 2266 | |
2227 | 2268 | either the "key exchange" or the "key encapsulation" methods) which will |
2228 | 2269 | automatically be detected and used by libssl. |
2229 | 2270 | |
2230 | =item - | |
2271 | =item * | |
2231 | 2272 | |
2232 | 2273 | SSL and SSL_CTX options are now 64 bit instead of 32 bit. |
2233 | 2274 | |
2241 | 2282 | See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>, |
2242 | 2283 | L<SSL_get_options(3)> and L<SSL_set_options(3)>. |
2243 | 2284 | |
2244 | =item - | |
2285 | =item * | |
2245 | 2286 | |
2246 | 2287 | SSL_set1_host() and SSL_add1_host() Changes |
2247 | 2288 | |
2248 | 2289 | These functions now take IP literal addresses as well as actual hostnames. |
2249 | 2290 | |
2250 | =item - | |
2291 | =item * | |
2251 | 2292 | |
2252 | 2293 | Added SSL option SSL_OP_CLEANSE_PLAINTEXT |
2253 | 2294 | |
2256 | 2297 | the application is still responsible for cleansing other copies |
2257 | 2298 | (e.g.: data received by L<SSL_read(3)>). |
2258 | 2299 | |
2259 | =item - | |
2300 | =item * | |
2260 | 2301 | |
2261 | 2302 | Client-initiated renegotiation is disabled by default. |
2262 | 2303 | |
2264 | 2305 | the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the C<ClientRenegotiation> |
2265 | 2306 | config parameter as appropriate. |
2266 | 2307 | |
2267 | =item - | |
2308 | =item * | |
2268 | 2309 | |
2269 | 2310 | Secure renegotiation is now required by default for TLS connections |
2270 | 2311 | |
2274 | 2315 | SSL_OP_LEGACY_SERVER_CONNECT. Accordingly, SSL_OP_LEGACY_SERVER_CONNECT |
2275 | 2316 | is no longer set as part of SSL_OP_ALL. |
2276 | 2317 | |
2277 | =item - | |
2318 | =item * | |
2278 | 2319 | |
2279 | 2320 | Combining the Configure options no-ec and no-dh no longer disables TLSv1.3 |
2280 | 2321 | |
2286 | 2327 | using third party provider groups may result in handshake failures. TLSv1.3 |
2287 | 2328 | can be disabled at compile time using the "no-tls1_3" Configure option. |
2288 | 2329 | |
2289 | =item - | |
2330 | =item * | |
2290 | 2331 | |
2291 | 2332 | SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes. |
2292 | 2333 | |
2293 | 2334 | The methods now ignore unknown ciphers. |
2294 | 2335 | |
2295 | =item - | |
2336 | =item * | |
2296 | 2337 | |
2297 | 2338 | Security callback change. |
2298 | 2339 | |
2305 | 2346 | of the other locations. Therefore this client side call has been changed to |
2306 | 2347 | pass an EVP_PKEY instead. |
2307 | 2348 | |
2308 | =item - | |
2349 | =item * | |
2309 | 2350 | |
2310 | 2351 | New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF |
2311 | 2352 | |
2313 | 2354 | is set, an unexpected EOF is ignored, it pretends a close notify was received |
2314 | 2355 | instead and so the returned error becomes SSL_ERROR_ZERO_RETURN. |
2315 | 2356 | |
2316 | =item - | |
2357 | =item * | |
2317 | 2358 | |
2318 | 2359 | The security strength of SHA1 and MD5 based signatures in TLS has been reduced. |
2319 | 2360 | |
2320 | 2361 | This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer |
2321 | 2362 | working at the default security level of 1 and instead requires security |
2322 | 2363 | level 0. The security level can be changed either using the cipher string |
2323 | with `C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means | |
2364 | with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means | |
2324 | 2365 | that where the signature algorithms extension is missing from a ClientHello |
2325 | 2366 | then the handshake will fail in TLS 1.2 at security level 1. This is because, |
2326 | 2367 | although this extension is optional, failing to provide one means that |
2327 | 2368 | OpenSSL will fallback to a default set of signature algorithms. This default |
2328 | 2369 | set requires the availability of SHA1. |
2329 | 2370 | |
2330 | =item - | |
2371 | =item * | |
2331 | 2372 | |
2332 | 2373 | X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. |
2333 | 2374 |
104 | 104 | This is particularly relevant for PKCS#12 objects, where human readable pass |
105 | 105 | phrases are assumed. |
106 | 106 | For other objects, it's as legitimate to use any byte sequence (such as a |
107 | sequence of bytes from `/dev/urandom` that's been saved away), which makes any | |
107 | sequence of bytes from F</dev/urandom> that's been saved away), which makes any | |
108 | 108 | character encoding discussion irrelevant; in such cases, simply use the same |
109 | 109 | byte sequence as it is. |
110 | 110 | |
169 | 169 | |
170 | 170 | =head1 COPYRIGHT |
171 | 171 | |
172 | Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. | |
172 | Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
173 | 173 | |
174 | 174 | Licensed under the Apache License 2.0 (the "License"). You may not use |
175 | 175 | this file except in compliance with the License. You can obtain a copy |
122 | 122 | All "functions" mentioned here are passed as function pointers between |
123 | 123 | F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays, in the call |
124 | 124 | of the provider initialization function. See L<provider(7)/Provider> |
125 | for a description of the initialization function. | |
125 | for a description of the initialization function. They are known as "upcalls". | |
126 | 126 | |
127 | 127 | All these "functions" have a corresponding function type definition |
128 | 128 | named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the |
327 | 327 | loading and unloading of providers in the application's library context. |
328 | 328 | I<handle> is this provider's handle and I<cbdata> is this provider's data |
329 | 329 | that will be passed back to the callbacks. It returns 1 on success or 0 |
330 | otherwise. | |
330 | otherwise. These callbacks may be called while holding locks in libcrypto. In | |
331 | order to avoid deadlocks the callback implementation must not be long running | |
332 | and must not call other OpenSSL API functions or upcalls. | |
331 | 333 | |
332 | 334 | I<create_cb> is a callback that will be called when a new provider is loaded |
333 | 335 | into the application's library context. It is also called for any providers that |
474 | 476 | |
475 | 477 | For example, let's say we have the following config example: |
476 | 478 | |
479 | config_diagnostics = 1 | |
477 | 480 | openssl_conf = openssl_init |
478 | 481 | |
479 | 482 | [openssl_init] |
238 | 238 | |
239 | 239 | Sets the scrypt work factor parameter maxmem in the associated KDF ctx. |
240 | 240 | |
241 | =item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string> | |
242 | ||
243 | Sets the prefix string using by the TLS 1.3 version of HKDF in the | |
244 | associated KDF ctx. | |
245 | ||
246 | =item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string> | |
247 | ||
248 | Sets the label string using by the TLS 1.3 version of HKDF in the | |
249 | associated KDF ctx. | |
250 | ||
251 | =item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string> | |
252 | ||
253 | Sets the context string using by the TLS 1.3 version of HKDF in the | |
254 | associated KDF ctx. | |
255 | ||
241 | 256 | =item "info" (B<OSSL_KDF_PARAM_INFO>) <octet string> |
242 | 257 | |
243 | 258 | Sets the optional shared info in the associated KDF ctx. |
91 | 91 | # define HWAES_decrypt aes_v8_decrypt |
92 | 92 | # define HWAES_cbc_encrypt aes_v8_cbc_encrypt |
93 | 93 | # define HWAES_ecb_encrypt aes_v8_ecb_encrypt |
94 | # if __ARM_MAX_ARCH__>=8 | |
94 | # if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) | |
95 | 95 | # define HWAES_xts_encrypt aes_v8_xts_encrypt |
96 | 96 | # define HWAES_xts_decrypt aes_v8_xts_decrypt |
97 | 97 | # endif |
20 | 20 | |
21 | 21 | # include <openssl/rand.h> |
22 | 22 | # include "crypto/rand_pool.h" |
23 | ||
24 | # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) | |
25 | # include <Availability.h> | |
26 | # if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \ | |
27 | (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) | |
28 | # define OPENSSL_APPLE_CRYPTO_RANDOM 1 | |
29 | # include <CommonCrypto/CommonCryptoError.h> | |
30 | # include <CommonCrypto/CommonRandom.h> | |
31 | # endif | |
32 | # endif | |
23 | 33 | |
24 | 34 | /* |
25 | 35 | * Defines related to seed sources |
66 | 66 | int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, |
67 | 67 | size_t msg_len, size_t *ct_size); |
68 | 68 | |
69 | int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, | |
70 | size_t msg_len, size_t *pt_size); | |
69 | int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, | |
70 | size_t *pt_size); | |
71 | 71 | |
72 | 72 | int ossl_sm2_encrypt(const EC_KEY *key, |
73 | 73 | const EVP_MD *digest, |
13 | 13 | # include "internal/refcount.h" |
14 | 14 | # include <openssl/asn1.h> |
15 | 15 | # include <openssl/x509.h> |
16 | # include <openssl/conf.h> | |
16 | 17 | # include "crypto/types.h" |
17 | 18 | |
18 | 19 | /* Internal X509 structures and functions: not for application use */ |
342 | 343 | int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); |
343 | 344 | DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length); |
344 | 345 | int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp); |
345 | # endif | |
346 | # endif /* OPENSSL_NO_DH */ | |
346 | 347 | # ifndef OPENSSL_NO_EC |
347 | 348 | ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, |
348 | 349 | const unsigned char **pp, long length); |
356 | 357 | ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, |
357 | 358 | const unsigned char **pp, long length); |
358 | 359 | int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); |
359 | # endif | |
360 | # endif /* OPENSSL_NO_EC */ | |
360 | 361 | EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, |
361 | 362 | long length); |
362 | #endif | |
363 | ||
364 | int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, | |
365 | size_t vallen, STACK_OF(CONF_VALUE) **extlist); | |
366 | #endif /* OSSL_CRYPTO_X509_H */ |
189 | 189 | #define OSSL_KDF_PARAM_KEY "key" /* octet string */ |
190 | 190 | #define OSSL_KDF_PARAM_SALT "salt" /* octet string */ |
191 | 191 | #define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */ |
192 | #define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */ | |
193 | #define OSSL_KDF_PARAM_LABEL "label" /* octet string */ | |
194 | #define OSSL_KDF_PARAM_DATA "data" /* octet string */ | |
192 | 195 | #define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */ |
193 | 196 | #define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */ |
194 | 197 | #define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */ |
222 | 225 | |
223 | 226 | /* Known KDF names */ |
224 | 227 | #define OSSL_KDF_NAME_HKDF "HKDF" |
228 | #define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" | |
225 | 229 | #define OSSL_KDF_NAME_PBKDF1 "PBKDF1" |
226 | 230 | #define OSSL_KDF_NAME_PBKDF2 "PBKDF2" |
227 | 231 | #define OSSL_KDF_NAME_SCRYPT "SCRYPT" |
48 | 48 | |
49 | 49 | # define DTLS1_AL_HEADER_LENGTH 2 |
50 | 50 | |
51 | /* Timeout multipliers */ | |
52 | # define DTLS1_TMO_READ_COUNT 2 | |
53 | # define DTLS1_TMO_WRITE_COUNT 2 | |
54 | ||
55 | 51 | # define DTLS1_TMO_ALERT_COUNT 12 |
56 | 52 | |
57 | 53 | #ifdef __cplusplus |
914 | 914 | # define i2d_ECPKParameters_bio(bp,x) \ |
915 | 915 | ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x) |
916 | 916 | # define d2i_ECPKParameters_fp(fp,x) \ |
917 | (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \ | |
918 | (unsigned char **)(x)) | |
917 | (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ | |
918 | (void **)(x)) | |
919 | 919 | # define i2d_ECPKParameters_fp(fp,x) \ |
920 | ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x)) | |
920 | ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) | |
921 | 921 | |
922 | 922 | # ifndef OPENSSL_NO_DEPRECATED_3_0 |
923 | 923 | OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, |
58 | 58 | # define PROV_R_INVALID_DIGEST 122 |
59 | 59 | # define PROV_R_INVALID_DIGEST_LENGTH 166 |
60 | 60 | # define PROV_R_INVALID_DIGEST_SIZE 218 |
61 | # define PROV_R_INVALID_INPUT_LENGTH 230 | |
61 | 62 | # define PROV_R_INVALID_ITERATION_COUNT 123 |
62 | 63 | # define PROV_R_INVALID_IV_LENGTH 109 |
63 | 64 | # define PROV_R_INVALID_KEY 158 |
28 | 28 | # define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" |
29 | 29 | # define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" |
30 | 30 | # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" |
31 | # define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test" | |
31 | # define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" | |
32 | 32 | # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" |
33 | 33 | # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" |
34 | 34 | # define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" |
35 | 35 | # define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" |
36 | # define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" | |
36 | 37 | # define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" |
37 | 38 | # define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" |
38 | 39 | # define OSSL_SELF_TEST_TYPE_DRBG "DRBG" |
67 | 68 | # define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF" |
68 | 69 | # define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF" |
69 | 70 | # define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF" |
71 | # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT" | |
72 | # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" | |
70 | 73 | # define OSSL_SELF_TEST_DESC_RNG "RNG" |
71 | 74 | |
72 | 75 | # ifdef __cplusplus |
79 | 79 | "invalid digest length"}, |
80 | 80 | {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE), |
81 | 81 | "invalid digest size"}, |
82 | {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH), | |
83 | "invalid input length"}, | |
82 | 84 | {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT), |
83 | 85 | "invalid iteration count"}, |
84 | 86 | {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"}, |
250 | 250 | ALG(PROV_NAMES_CAMELLIA_256_CBC, ossl_camellia256cbc_functions), |
251 | 251 | ALG(PROV_NAMES_CAMELLIA_192_CBC, ossl_camellia192cbc_functions), |
252 | 252 | ALG(PROV_NAMES_CAMELLIA_128_CBC, ossl_camellia128cbc_functions), |
253 | ALG(PROV_NAMES_CAMELLIA_128_CBC_CTS, ossl_camellia128cbc_cts_functions), | |
254 | ALG(PROV_NAMES_CAMELLIA_192_CBC_CTS, ossl_camellia192cbc_cts_functions), | |
255 | ALG(PROV_NAMES_CAMELLIA_256_CBC_CTS, ossl_camellia256cbc_cts_functions), | |
253 | 256 | ALG(PROV_NAMES_CAMELLIA_256_OFB, ossl_camellia256ofb_functions), |
254 | 257 | ALG(PROV_NAMES_CAMELLIA_192_OFB, ossl_camellia192ofb_functions), |
255 | 258 | ALG(PROV_NAMES_CAMELLIA_128_OFB, ossl_camellia128ofb_functions), |
319 | 322 | |
320 | 323 | static const OSSL_ALGORITHM deflt_kdfs[] = { |
321 | 324 | { PROV_NAMES_HKDF, "provider=default", ossl_kdf_hkdf_functions }, |
325 | { PROV_NAMES_TLS1_3_KDF, "provider=default", | |
326 | ossl_kdf_tls1_3_kdf_functions }, | |
322 | 327 | { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions }, |
323 | 328 | { PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions }, |
324 | 329 | { PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions }, |
14 | 14 | #define ENCODER_STRUCTURE_type_specific_params "type-specific" |
15 | 15 | #define ENCODER_STRUCTURE_type_specific "type-specific" |
16 | 16 | #define ENCODER_STRUCTURE_type_specific_no_pub "type-specific" |
17 | #define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo" | |
17 | 18 | #define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" |
18 | 19 | #define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" |
19 | 20 | #define ENCODER_STRUCTURE_DH "dh" |
126 | 127 | #endif |
127 | 128 | |
128 | 129 | /* |
129 | * Entries for PKCS#8 (PrivateKeyInfo) and SubjectPublicKeyInfo. | |
130 | * The "der" ones are added convenience for any user that wants to use | |
131 | * OSSL_ENCODER directly. | |
130 | * Entries for encrypted PKCS#8 (EncryptedPrivateKeyInfo), unencrypted PKCS#8 | |
131 | * (PrivateKeyInfo) and SubjectPublicKeyInfo. The "der" ones are added | |
132 | * convenience for any user that wants to use OSSL_ENCODER directly. | |
132 | 133 | * The "pem" ones also support PEM_write_bio_PrivateKey() and |
133 | 134 | * PEM_write_bio_PUBKEY(). |
134 | 135 | */ |
136 | ENCODER_w_structure("RSA", rsa, yes, der, EncryptedPrivateKeyInfo), | |
137 | ENCODER_w_structure("RSA", rsa, yes, pem, EncryptedPrivateKeyInfo), | |
135 | 138 | ENCODER_w_structure("RSA", rsa, yes, der, PrivateKeyInfo), |
136 | 139 | ENCODER_w_structure("RSA", rsa, yes, pem, PrivateKeyInfo), |
137 | 140 | ENCODER_w_structure("RSA", rsa, yes, der, SubjectPublicKeyInfo), |
138 | 141 | ENCODER_w_structure("RSA", rsa, yes, pem, SubjectPublicKeyInfo), |
139 | 142 | |
143 | ENCODER_w_structure("RSA-PSS", rsapss, yes, der, EncryptedPrivateKeyInfo), | |
144 | ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, EncryptedPrivateKeyInfo), | |
140 | 145 | ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PrivateKeyInfo), |
141 | 146 | ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PrivateKeyInfo), |
142 | 147 | ENCODER_w_structure("RSA-PSS", rsapss, yes, der, SubjectPublicKeyInfo), |
143 | 148 | ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, SubjectPublicKeyInfo), |
144 | 149 | |
145 | 150 | #ifndef OPENSSL_NO_DH |
151 | ENCODER_w_structure("DH", dh, yes, der, EncryptedPrivateKeyInfo), | |
152 | ENCODER_w_structure("DH", dh, yes, pem, EncryptedPrivateKeyInfo), | |
146 | 153 | ENCODER_w_structure("DH", dh, yes, der, PrivateKeyInfo), |
147 | 154 | ENCODER_w_structure("DH", dh, yes, pem, PrivateKeyInfo), |
148 | 155 | ENCODER_w_structure("DH", dh, yes, der, SubjectPublicKeyInfo), |
149 | 156 | ENCODER_w_structure("DH", dh, yes, pem, SubjectPublicKeyInfo), |
150 | 157 | |
158 | ENCODER_w_structure("DHX", dhx, yes, der, EncryptedPrivateKeyInfo), | |
159 | ENCODER_w_structure("DHX", dhx, yes, pem, EncryptedPrivateKeyInfo), | |
151 | 160 | ENCODER_w_structure("DHX", dhx, yes, der, PrivateKeyInfo), |
152 | 161 | ENCODER_w_structure("DHX", dhx, yes, pem, PrivateKeyInfo), |
153 | 162 | ENCODER_w_structure("DHX", dhx, yes, der, SubjectPublicKeyInfo), |
155 | 164 | #endif |
156 | 165 | |
157 | 166 | #ifndef OPENSSL_NO_DSA |
167 | ENCODER_w_structure("DSA", dsa, yes, der, EncryptedPrivateKeyInfo), | |
168 | ENCODER_w_structure("DSA", dsa, yes, pem, EncryptedPrivateKeyInfo), | |
158 | 169 | ENCODER_w_structure("DSA", dsa, yes, der, PrivateKeyInfo), |
159 | 170 | ENCODER_w_structure("DSA", dsa, yes, pem, PrivateKeyInfo), |
160 | 171 | ENCODER_w_structure("DSA", dsa, yes, der, SubjectPublicKeyInfo), |
162 | 173 | #endif |
163 | 174 | |
164 | 175 | #ifndef OPENSSL_NO_EC |
176 | ENCODER_w_structure("EC", ec, yes, der, EncryptedPrivateKeyInfo), | |
177 | ENCODER_w_structure("EC", ec, yes, pem, EncryptedPrivateKeyInfo), | |
165 | 178 | ENCODER_w_structure("EC", ec, yes, der, PrivateKeyInfo), |
166 | 179 | ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo), |
167 | 180 | ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo), |
168 | 181 | ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo), |
169 | 182 | |
183 | ENCODER_w_structure("X25519", x25519, yes, der, EncryptedPrivateKeyInfo), | |
184 | ENCODER_w_structure("X25519", x25519, yes, pem, EncryptedPrivateKeyInfo), | |
170 | 185 | ENCODER_w_structure("X25519", x25519, yes, der, PrivateKeyInfo), |
171 | 186 | ENCODER_w_structure("X25519", x25519, yes, pem, PrivateKeyInfo), |
172 | 187 | ENCODER_w_structure("X25519", x25519, yes, der, SubjectPublicKeyInfo), |
173 | 188 | ENCODER_w_structure("X25519", x25519, yes, pem, SubjectPublicKeyInfo), |
174 | 189 | |
190 | ENCODER_w_structure("X448", x448, yes, der, EncryptedPrivateKeyInfo), | |
191 | ENCODER_w_structure("X448", x448, yes, pem, EncryptedPrivateKeyInfo), | |
175 | 192 | ENCODER_w_structure("X448", x448, yes, der, PrivateKeyInfo), |
176 | 193 | ENCODER_w_structure("X448", x448, yes, pem, PrivateKeyInfo), |
177 | 194 | ENCODER_w_structure("X448", x448, yes, der, SubjectPublicKeyInfo), |
178 | 195 | ENCODER_w_structure("X448", x448, yes, pem, SubjectPublicKeyInfo), |
179 | 196 | |
197 | ENCODER_w_structure("ED25519", ed25519, yes, der, EncryptedPrivateKeyInfo), | |
198 | ENCODER_w_structure("ED25519", ed25519, yes, pem, EncryptedPrivateKeyInfo), | |
180 | 199 | ENCODER_w_structure("ED25519", ed25519, yes, der, PrivateKeyInfo), |
181 | 200 | ENCODER_w_structure("ED25519", ed25519, yes, pem, PrivateKeyInfo), |
182 | 201 | ENCODER_w_structure("ED25519", ed25519, yes, der, SubjectPublicKeyInfo), |
183 | 202 | ENCODER_w_structure("ED25519", ed25519, yes, pem, SubjectPublicKeyInfo), |
184 | 203 | |
204 | ENCODER_w_structure("ED448", ed448, yes, der, EncryptedPrivateKeyInfo), | |
205 | ENCODER_w_structure("ED448", ed448, yes, pem, EncryptedPrivateKeyInfo), | |
185 | 206 | ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo), |
186 | 207 | ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo), |
187 | 208 | ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo), |
188 | 209 | ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo), |
189 | 210 | |
190 | 211 | # ifndef OPENSSL_NO_SM2 |
212 | ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo), | |
213 | ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo), | |
191 | 214 | ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo), |
192 | 215 | ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo), |
193 | 216 | ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo), |
345 | 345 | |
346 | 346 | static const OSSL_ALGORITHM fips_kdfs[] = { |
347 | 347 | { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, |
348 | { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, | |
349 | ossl_kdf_tls1_3_kdf_functions }, | |
348 | 350 | { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, |
349 | 351 | { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, |
350 | 352 | { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, |
493 | 493 | ST_KAT_PARAM_END() |
494 | 494 | }; |
495 | 495 | |
496 | static const char tls13_kdf_digest[] = "SHA256"; | |
497 | static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; | |
498 | static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; | |
499 | static const unsigned char tls13_kdf_prefix[] = { | |
500 | 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */ | |
501 | }; | |
502 | static const unsigned char tls13_kdf_client_early_secret_label[] = { | |
503 | 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66, | |
504 | 0x66, 0x69, 0x63 /* "c e traffic"*/ | |
505 | }; | |
506 | static const unsigned char tls13_kdf_psk[] = { | |
507 | 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF, | |
508 | 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06, | |
509 | 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4, | |
510 | 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05 | |
511 | }; | |
512 | static const unsigned char tls13_kdf_client_hello_hash[] = { | |
513 | 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38, | |
514 | 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b, | |
515 | 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53, | |
516 | 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3 | |
517 | }; | |
518 | ||
519 | static const unsigned char tls13_kdf_early_secret[] = { | |
520 | 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3, | |
521 | 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93, | |
522 | 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03, | |
523 | 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16 | |
524 | }; | |
525 | static const unsigned char tls13_kdf_client_early_traffic_secret[] = { | |
526 | 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48, | |
527 | 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6, | |
528 | 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79, | |
529 | 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71 | |
530 | }; | |
531 | static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = { | |
532 | ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode), | |
533 | ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), | |
534 | ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk), | |
535 | ST_KAT_PARAM_END() | |
536 | }; | |
537 | static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = { | |
538 | ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode), | |
539 | ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest), | |
540 | ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret), | |
541 | ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash), | |
542 | ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix), | |
543 | ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL, | |
544 | tls13_kdf_client_early_secret_label), | |
545 | ST_KAT_PARAM_END() | |
546 | }; | |
547 | ||
496 | 548 | static const ST_KAT_KDF st_kat_kdf_tests[] = |
497 | 549 | { |
550 | { | |
551 | OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT, | |
552 | OSSL_KDF_NAME_TLS1_3_KDF, | |
553 | tls13_kdf_early_secret_params, | |
554 | ITM(tls13_kdf_early_secret) | |
555 | }, | |
556 | { | |
557 | OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND, | |
558 | OSSL_KDF_NAME_TLS1_3_KDF, | |
559 | tls13_kdf_client_early_secret_params, | |
560 | ITM(tls13_kdf_client_early_traffic_secret) | |
561 | }, | |
498 | 562 | { |
499 | 563 | OSSL_SELF_TEST_DESC_KDF_TLS12_PRF, |
500 | 564 | OSSL_KDF_NAME_TLS1_PRF, |
451 | 451 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, |
452 | 452 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 |
453 | 453 | }; |
454 | ||
455 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc); | |
454 | const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE; | |
455 | ||
456 | if (t->sig_expected == NULL) | |
457 | typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE; | |
458 | ||
459 | OSSL_SELF_TEST_onbegin(st, typ, t->desc); | |
456 | 460 | |
457 | 461 | bnctx = BN_CTX_new_ex(libctx); |
458 | 462 | if (bnctx == NULL) |
187 | 187 | 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c |
188 | 188 | 847e039a249a1f9af42dfc6427de2ad4925f1116f86619dd420cf8cec9d3bbfe crypto/evp/digest.c |
189 | 189 | 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c |
190 | bd8cdd250f64cc314133a1c3cdef8eba3de5a40f1a9ef1d26729c5361690a368 crypto/evp/evp_enc.c | |
190 | 37b5e0bdb30a24c925a26f818828fd3b4ab4c1725f84797260556c0f47f2b76d crypto/evp/evp_enc.c | |
191 | 191 | 363dda606a23f1cbb6eefc713903bb353b8fc8661dee0e853366c7798f050483 crypto/evp/evp_fetch.c |
192 | 192 | 6e0a2b11440a3cfd80d5539aa6a4b133dbfefc6a646736980dbbd504b3f16ac8 crypto/evp/evp_lib.c |
193 | 193 | 34574e474d3f5daf24981200cae9e24a427d165cd43d8fb738844fa9b0fc991f crypto/evp/evp_local.h |
202 | 202 | e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c |
203 | 203 | f9988dfed6253c30b08a966496f188763671cb72a2fcb25455f65f8d270027cc crypto/evp/mac_lib.c |
204 | 204 | e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c |
205 | 0b3714cb5ff9deb5e17081b8dc12922910de9b8693e644dd2ac67a53fe25c7ff crypto/evp/p_lib.c | |
205 | cd2902a111d200417d04f0422451b3760a67fc21cd1f9ca3b02200dc91b8b916 crypto/evp/p_lib.c | |
206 | 206 | 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c |
207 | 207 | bbce11755bcc5ba2ee8e9c1eb95905447136f614fdc2b0f74cf785fe81ead6a5 crypto/evp/pmeth_gn.c |
208 | 208 | fdaddf5c4b274d83292a5121d9b0541dce82fb83e59d64d48a93964840421f30 crypto/evp/pmeth_lib.c |
213 | 213 | 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c |
214 | 214 | 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c |
215 | 215 | 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c |
216 | 916d93b50c8a1e69b94ac5d0949a762f3b1580a40b72eb269a764b9905450204 crypto/ffc/ffc_params_generate.c | |
216 | 5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c | |
217 | 217 | 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c |
218 | 218 | 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c |
219 | 219 | 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h |
255 | 255 | 5d780fd1a656db32a0292d2692690f69aa1b977646282f4884f17dca861fe681 crypto/property/property_parse.c |
256 | 256 | 43259a466b118d938e4480f4e6f46aaa8eab452f971ff0788e2eb8369ff1b5ec crypto/property/property_query.c |
257 | 257 | 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c |
258 | 9f286d199826f65b2658497370a85d8c5537b8112b98b3e10f373e638865ed94 crypto/provider_core.c | |
258 | a065691f37df209ce2ab5ce721e6fc45008e2f00edfbad0ceaa5ef2a0cfee23d crypto/provider_core.c | |
259 | 259 | d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h |
260 | 260 | 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c |
261 | 261 | 5d16318d3a36b06145af74afa3523109768990a33457c81895c7ab8a830654f8 crypto/rand/rand_lib.c |
335 | 335 | 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a crypto/threads_win.c |
336 | 336 | fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl |
337 | 337 | d13560a5f8a66d7b956d54cd6bf24eade529d686992d243bfb312376a57b475e e_os.h |
338 | 6761a5e155b5eec21bcae9d3c6714a3677c747fdf9daefdd7819250e686f8129 include/crypto/aes_platform.h | |
338 | 4dab31beb4bbd9275a914839f590eaa328cc8ddec3561acd3e6fae0606758b32 include/crypto/aes_platform.h | |
339 | 339 | 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h |
340 | 340 | 8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h |
341 | 341 | 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in |
351 | 351 | bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h |
352 | 352 | 162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h |
353 | 353 | f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h |
354 | 763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22 include/crypto/rand.h | |
354 | 11734df47031edd5fd025313ab10d3cfd777920760c023f0bc7019d0653e73df include/crypto/rand.h | |
355 | 355 | 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h |
356 | 356 | bd5ce686c97a8a3a0e3d7ca1e4f16706fd51df5da9673169303a4428d62da233 include/crypto/rsa.h |
357 | 357 | 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h |
400 | 400 | 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h |
401 | 401 | 792488b5d6bb87a5138322d7a6ae011faa279918321af62e76fa018e1a991c93 include/openssl/core.h |
402 | 402 | 00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h |
403 | 3841bcf3fc61aa9a3b770a5d64185e90cd9a1778bf7c83f1e379bda2f0e480d0 include/openssl/core_names.h | |
403 | cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h | |
404 | 404 | d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49 include/openssl/crypto.h.in |
405 | 405 | 06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0 include/openssl/cryptoerr.h |
406 | 406 | bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h |
411 | 411 | 335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea include/openssl/dsaerr.h |
412 | 412 | 41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h |
413 | 413 | bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h |
414 | 8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833 include/openssl/ec.h | |
414 | 0ad64e592528898c84f2a16e2a03749774b908b3a9944a7f9aa54b1f95094dfb include/openssl/ec.h | |
415 | 415 | cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h |
416 | 416 | 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h |
417 | 417 | 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h |
433 | 433 | 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h |
434 | 434 | 30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984 include/openssl/params.h |
435 | 435 | 097615b849375e2903967521f76c570512e5be47b8159fdbcd31e433f8a4cca7 include/openssl/prov_ssl.h |
436 | 90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603 include/openssl/proverr.h | |
436 | bdadffba7b7b8294c9f7450ce2563ae31145ca0f196f5ce7b8c2f19ed7fba816 include/openssl/proverr.h | |
437 | 437 | b97e8ad49b38683817387596aefec0abd5f4d572643beef48be4f7acba26768d include/openssl/provider.h |
438 | 438 | 7c9b5f479d9b22cfc8db0976dddfc2a1ee6e757b436e01a2b4d2744bcb6d81a5 include/openssl/rand.h |
439 | 439 | 108966f56c82fedff53df76a4aa7861c82be4db1fd1ddafb59dc086ea155831c include/openssl/randerr.h |
440 | 440 | c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openssl/rsa.h |
441 | 441 | 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h |
442 | 442 | 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in |
443 | c7da25794eb70f0cbc2457f4cb87e8d04dc3512b509034ff1db7285961952963 include/openssl/self_test.h | |
443 | 2702c0c5b8df31f764aa97d44c8a2b00b4b91c3482fd8ca5e1c5c91dfc61dc58 include/openssl/self_test.h | |
444 | 444 | 2964274ab32b1ba8578a06b06663db2eda4317ae806369271d889176bb5a7d04 include/openssl/sha.h |
445 | 445 | c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h |
446 | 446 | 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h |
475 | 475 | e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/common/include/prov/providercommon.h |
476 | 476 | 73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939 providers/common/include/prov/securitycheck.h |
477 | 477 | 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c |
478 | 08eb591a084afaa48802734fa0a77a37c94b6caeee1cb5f810ed02cbd03afaff providers/common/provider_err.c | |
478 | a8b73b10ab0100942dd2bc45f2fc9c9238b70bec0e49708ba113bc7479c8b92a providers/common/provider_err.c | |
479 | 479 | 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c |
480 | 480 | eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c |
481 | 481 | ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c |
482 | 482 | 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c |
483 | 483 | abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c |
484 | 3bae030b142c90518f3b6c59924fee939b17667008e670e73733c09c3f1d54f0 providers/fips/fipsprov.c | |
484 | a4dc9bf2d77e34175737b7b8d28fbe90815ac0e2904e3ac2d9e2a271f345ef20 providers/fips/fipsprov.c | |
485 | 485 | fdbaf748044ce54f13e673b92db876e32436e4d5644f443cc43d063112a89676 providers/fips/self_test.c |
486 | 486 | f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h |
487 | 26b6bf82ee3865d0c6c612d98957dee7e2b7a82b68b643eb25771735fd6cec59 providers/fips/self_test_data.inc | |
488 | f2775b7effa96b7c925ed71bd8c90e74b6256e7ed28346f59de46dffecb3e5a0 providers/fips/self_test_kats.c | |
487 | 7a23cc81ca7542325634891d1982c70e68a27914b088a51ca60249d54031bfc2 providers/fips/self_test_data.inc | |
488 | 85c068c86363777941e226a37b3cba23c78f963eda2bd848f66af4a7eedc0e21 providers/fips/self_test_kats.c | |
489 | 489 | f054b24ea53ad5db41dd7f37f20f42166ed68b832121a94858cb0173b1aaeb1d providers/implementations/asymciphers/rsa_enc.c |
490 | 490 | 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c |
491 | 491 | f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h |
497 | 497 | 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h |
498 | 498 | 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7 providers/implementations/ciphers/cipher_aes_ccm_hw.c |
499 | 499 | 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc |
500 | 7a61f7e0684b6053aeb64edb1de2eb1a47df1e70d041eb5e2e96a528a4c5512f providers/implementations/ciphers/cipher_aes_cts.c | |
501 | 2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf providers/implementations/ciphers/cipher_aes_cts.h | |
502 | 2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b providers/implementations/ciphers/cipher_aes_cts.inc | |
500 | a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc | |
503 | 501 | 710ee60704dd9dffa2a11e2e96596af1f7f84f915cedcedeec7292e0d978317a providers/implementations/ciphers/cipher_aes_gcm.c |
504 | 502 | 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h |
505 | 503 | ab298c5f89f3165fa11093fad8063b7bcbff0924b43fb3107148ae66d54adcb5 providers/implementations/ciphers/cipher_aes_gcm_hw.c |
509 | 507 | 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573 providers/implementations/ciphers/cipher_aes_ocb.c |
510 | 508 | 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h |
511 | 509 | 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70 providers/implementations/ciphers/cipher_aes_ocb_hw.c |
512 | d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2 providers/implementations/ciphers/cipher_aes_wrp.c | |
510 | a872195161ac6c3a2cb59c3d15b212e34bb7596a41712258f5d0b5e771e25239 providers/implementations/ciphers/cipher_aes_wrp.c | |
513 | 511 | 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931 providers/implementations/ciphers/cipher_aes_xts.c |
514 | 512 | c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h |
515 | 513 | 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c |
516 | 514 | f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c |
515 | f2e7404005e0602c4cc90b49b7af7453aa5b8644720ca1028d93e78bc28a7c09 providers/implementations/ciphers/cipher_cts.c | |
516 | 74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h | |
517 | 517 | 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5 providers/implementations/ciphers/cipher_tdes.c |
518 | 518 | 77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h |
519 | 519 | 9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd providers/implementations/ciphers/cipher_tdes_common.c |
529 | 529 | 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c |
530 | 530 | 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c |
531 | 531 | de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c |
532 | b14f76813cb10cb1cfadfc04bb5e0660bb12c5a120c96d196b0f6f1a948d2f48 providers/implementations/exchange/dh_exch.c | |
532 | 007d431b3cdb53374c5f5aaef2fcb557e213c23f26e55ebdd32b53527f3f4826 providers/implementations/exchange/dh_exch.c | |
533 | 533 | 9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c |
534 | 534 | 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c |
535 | 535 | 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513 providers/implementations/exchange/kdf_exch.c |
538 | 538 | dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h |
539 | 539 | 0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h |
540 | 540 | 79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5 providers/implementations/include/prov/digestcommon.h |
541 | 19ddd49020b421794be5e69645a62a3ebfa75cb9cb32253bb52d8d7a508e147c providers/implementations/include/prov/implementations.h | |
541 | c47c960398bad27844f837e68d19df3912e2c9497362789b3d5c858ca4f9242b providers/implementations/include/prov/implementations.h | |
542 | 542 | 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8 providers/implementations/include/prov/kdfexchange.h |
543 | 543 | c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h |
544 | 968eaa42bcc58d8b4991a4071768a497ca12bfc332b57c6644dfb749e1e84461 providers/implementations/include/prov/names.h | |
544 | 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h | |
545 | 545 | 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h |
546 | 925c5beb1f5e204d27aa2ba045d67dcceeda453cc029dbc8ed194bb897306d8a providers/implementations/kdfs/hkdf.c | |
546 | 432e2d5e467a50bd031a6b94b27072f5d66f4fadb6d62c9bfd9453d444c2aedf providers/implementations/kdfs/hkdf.c | |
547 | 547 | b2e971a5a5d91da121db468cd8c8501c154643120dae31bb674e758c6403ad14 providers/implementations/kdfs/kbkdf.c |
548 | 548 | fb62e76d7d751bf3b4c39157d601aa0a16477bb9335121ec6649ba7176a43f8d providers/implementations/kdfs/pbkdf2.c |
549 | 549 | c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h |
0 | 0c627e1484ecf223a7939c9ab5c4b59eea02025d821ae634b9db5f0581b2d916 providers/fips-sources.checksums | |
0 | bbbd640470428086f7a658e7020fa73149e276e594412a83347ca1782c0e0486 providers/fips-sources.checksums |
497 | 497 | providers/implementations/ciphers/cipher_aes_ccm.h |
498 | 498 | providers/implementations/ciphers/cipher_aes_ccm_hw.c |
499 | 499 | providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc |
500 | providers/implementations/ciphers/cipher_aes_cts.c | |
501 | providers/implementations/ciphers/cipher_aes_cts.h | |
502 | 500 | providers/implementations/ciphers/cipher_aes_cts.inc |
503 | 501 | providers/implementations/ciphers/cipher_aes_gcm.c |
504 | 502 | providers/implementations/ciphers/cipher_aes_gcm.h |
514 | 512 | providers/implementations/ciphers/cipher_aes_xts.h |
515 | 513 | providers/implementations/ciphers/cipher_aes_xts_fips.c |
516 | 514 | providers/implementations/ciphers/cipher_aes_xts_hw.c |
515 | providers/implementations/ciphers/cipher_cts.c | |
516 | providers/implementations/ciphers/cipher_cts.h | |
517 | 517 | providers/implementations/ciphers/cipher_tdes.c |
518 | 518 | providers/implementations/ciphers/cipher_tdes.h |
519 | 519 | providers/implementations/ciphers/cipher_tdes_common.c |
109 | 109 | return 0; |
110 | 110 | |
111 | 111 | if (out == NULL) { |
112 | if (!ossl_sm2_plaintext_size(psm2ctx->key, md, inlen, outlen)) | |
112 | if (!ossl_sm2_plaintext_size(in, inlen, outlen)) | |
113 | 113 | return 0; |
114 | 114 | return 1; |
115 | 115 | } |
46 | 46 | cipher_aes_wrp.c \ |
47 | 47 | cipher_aes_cbc_hmac_sha.c \ |
48 | 48 | cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \ |
49 | cipher_aes_cts.c | |
49 | cipher_cts.c | |
50 | 50 | |
51 | 51 | # Extra code to satisfy the FIPS and non-FIPS separation. |
52 | 52 | # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed. |
0 | /* | |
1 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | /* | |
10 | * Helper functions for AES CBC CTS ciphers. | |
11 | * | |
12 | * The function dispatch tables are embedded into cipher_aes.c | |
13 | * using cipher_aes_cts.inc | |
14 | */ | |
15 | ||
16 | /* | |
17 | * Refer to SP800-38A-Addendum | |
18 | * | |
19 | * Ciphertext stealing encrypts plaintext using a block cipher, without padding | |
20 | * the message to a multiple of the block size, so the ciphertext is the same | |
21 | * size as the plaintext. | |
22 | * It does this by altering processing of the last two blocks of the message. | |
23 | * The processing of all but the last two blocks is unchanged, but a portion of | |
24 | * the second-last block's ciphertext is "stolen" to pad the last plaintext | |
25 | * block. The padded final block is then encrypted as usual. | |
26 | * The final ciphertext for the last two blocks, consists of the partial block | |
27 | * (with the "stolen" portion omitted) plus the full final block, | |
28 | * which are the same size as the original plaintext. | |
29 | * Decryption requires decrypting the final block first, then restoring the | |
30 | * stolen ciphertext to the partial block, which can then be decrypted as usual. | |
31 | ||
32 | * AES_CBC_CTS has 3 variants: | |
33 | * (1) CS1 The NIST variant. | |
34 | * If the length is a multiple of the blocksize it is the same as CBC mode. | |
35 | * otherwise it produces C1||C2||(C(n-1))*||Cn. | |
36 | * Where C(n-1)* is a partial block. | |
37 | * (2) CS2 | |
38 | * If the length is a multiple of the blocksize it is the same as CBC mode. | |
39 | * otherwise it produces C1||C2||Cn||(C(n-1))*. | |
40 | * Where C(n-1)* is a partial block. | |
41 | * (3) CS3 The Kerberos5 variant. | |
42 | * Produces C1||C2||Cn||(C(n-1))* regardless of the length. | |
43 | * If the length is a multiple of the blocksize it looks similar to CBC mode | |
44 | * with the last 2 blocks swapped. | |
45 | * Otherwise it is the same as CS2. | |
46 | */ | |
47 | ||
48 | #include "e_os.h" /* strcasecmp */ | |
49 | #include <openssl/core_names.h> | |
50 | #include <openssl/aes.h> | |
51 | #include "prov/ciphercommon.h" | |
52 | #include "internal/nelem.h" | |
53 | #include "cipher_aes_cts.h" | |
54 | ||
55 | /* The value assigned to 0 is the default */ | |
56 | #define CTS_CS1 0 | |
57 | #define CTS_CS2 1 | |
58 | #define CTS_CS3 2 | |
59 | ||
60 | typedef union { | |
61 | size_t align; | |
62 | unsigned char c[AES_BLOCK_SIZE]; | |
63 | } aligned_16bytes; | |
64 | ||
65 | typedef struct cts_mode_name2id_st { | |
66 | unsigned int id; | |
67 | const char *name; | |
68 | } CTS_MODE_NAME2ID; | |
69 | ||
70 | static CTS_MODE_NAME2ID cts_modes[] = | |
71 | { | |
72 | { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 }, | |
73 | { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 }, | |
74 | { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, | |
75 | }; | |
76 | ||
77 | const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id) | |
78 | { | |
79 | size_t i; | |
80 | ||
81 | for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { | |
82 | if (cts_modes[i].id == id) | |
83 | return cts_modes[i].name; | |
84 | } | |
85 | return NULL; | |
86 | } | |
87 | ||
88 | int ossl_aes_cbc_cts_mode_name2id(const char *name) | |
89 | { | |
90 | size_t i; | |
91 | ||
92 | for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { | |
93 | if (strcasecmp(name, cts_modes[i].name) == 0) | |
94 | return (int)cts_modes[i].id; | |
95 | } | |
96 | return -1; | |
97 | } | |
98 | ||
99 | static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
100 | unsigned char *out, size_t len) | |
101 | { | |
102 | aligned_16bytes tmp_in; | |
103 | size_t residue; | |
104 | ||
105 | residue = len % AES_BLOCK_SIZE; | |
106 | len -= residue; | |
107 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
108 | return 0; | |
109 | ||
110 | if (residue == 0) | |
111 | return len; | |
112 | ||
113 | in += len; | |
114 | out += len; | |
115 | ||
116 | memset(tmp_in.c, 0, sizeof(tmp_in)); | |
117 | memcpy(tmp_in.c, in, residue); | |
118 | if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE + residue, tmp_in.c, | |
119 | AES_BLOCK_SIZE)) | |
120 | return 0; | |
121 | return len + residue; | |
122 | } | |
123 | ||
124 | static void do_xor(const unsigned char *in1, const unsigned char *in2, | |
125 | size_t len, unsigned char *out) | |
126 | { | |
127 | size_t i; | |
128 | ||
129 | for (i = 0; i < len; ++i) | |
130 | out[i] = in1[i] ^ in2[i]; | |
131 | } | |
132 | ||
133 | static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
134 | unsigned char *out, size_t len) | |
135 | { | |
136 | aligned_16bytes mid_iv, ct_mid, pt_last; | |
137 | size_t residue; | |
138 | ||
139 | residue = len % AES_BLOCK_SIZE; | |
140 | if (residue == 0) { | |
141 | /* If there are no partial blocks then it is the same as CBC mode */ | |
142 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
143 | return 0; | |
144 | return len; | |
145 | } | |
146 | /* Process blocks at the start - but leave the last 2 blocks */ | |
147 | len -= AES_BLOCK_SIZE + residue; | |
148 | if (len > 0) { | |
149 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
150 | return 0; | |
151 | in += len; | |
152 | out += len; | |
153 | } | |
154 | /* Save the iv that will be used by the second last block */ | |
155 | memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); | |
156 | ||
157 | /* Decrypt the last block first using an iv of zero */ | |
158 | memset(ctx->iv, 0, AES_BLOCK_SIZE); | |
159 | if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, AES_BLOCK_SIZE)) | |
160 | return 0; | |
161 | ||
162 | /* | |
163 | * Rebuild the ciphertext of the second last block as a combination of | |
164 | * the decrypted last block + replace the start with the ciphertext bytes | |
165 | * of the partial second last block. | |
166 | */ | |
167 | memcpy(ct_mid.c, in, residue); | |
168 | memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); | |
169 | /* | |
170 | * Restore the last partial ciphertext block. | |
171 | * Now that we have the cipher text of the second last block, apply | |
172 | * that to the partial plaintext end block. We have already decrypted the | |
173 | * block using an IV of zero. For decryption the IV is just XORed after | |
174 | * doing an AES block - so just XOR in the cipher text. | |
175 | */ | |
176 | do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); | |
177 | ||
178 | /* Restore the iv needed by the second last block */ | |
179 | memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); | |
180 | /* | |
181 | * Decrypt the second last plaintext block now that we have rebuilt the | |
182 | * ciphertext. | |
183 | */ | |
184 | if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) | |
185 | return 0; | |
186 | ||
187 | return len + AES_BLOCK_SIZE + residue; | |
188 | } | |
189 | ||
190 | static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
191 | unsigned char *out, size_t len) | |
192 | { | |
193 | aligned_16bytes tmp_in; | |
194 | size_t residue; | |
195 | ||
196 | if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ | |
197 | return 0; | |
198 | ||
199 | residue = len % AES_BLOCK_SIZE; | |
200 | if (residue == 0) | |
201 | residue = AES_BLOCK_SIZE; | |
202 | len -= residue; | |
203 | ||
204 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
205 | return 0; | |
206 | ||
207 | in += len; | |
208 | out += len; | |
209 | ||
210 | memset(tmp_in.c, 0, sizeof(tmp_in)); | |
211 | memcpy(tmp_in.c, in, residue); | |
212 | memcpy(out, out - AES_BLOCK_SIZE, residue); | |
213 | if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE, tmp_in.c, AES_BLOCK_SIZE)) | |
214 | return 0; | |
215 | return len + residue; | |
216 | } | |
217 | ||
218 | /* | |
219 | * Note: | |
220 | * The cipher text (in) is of the form C(0), C(1), ., C(n), C(n-1)* where | |
221 | * C(n) is a full block and C(n-1)* can be a partial block | |
222 | * (but could be a full block). | |
223 | * This means that the output plaintext (out) needs to swap the plaintext of | |
224 | * the last two decoded ciphertext blocks. | |
225 | */ | |
226 | static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
227 | unsigned char *out, size_t len) | |
228 | { | |
229 | aligned_16bytes mid_iv, ct_mid, pt_last; | |
230 | size_t residue; | |
231 | ||
232 | if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */ | |
233 | return 0; | |
234 | ||
235 | /* Process blocks at the start - but leave the last 2 blocks */ | |
236 | residue = len % AES_BLOCK_SIZE; | |
237 | if (residue == 0) | |
238 | residue = AES_BLOCK_SIZE; | |
239 | len -= AES_BLOCK_SIZE + residue; | |
240 | ||
241 | if (len > 0) { | |
242 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
243 | return 0; | |
244 | in += len; | |
245 | out += len; | |
246 | } | |
247 | /* Save the iv that will be used by the second last block */ | |
248 | memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE); | |
249 | ||
250 | /* Decrypt the Cn block first using an iv of zero */ | |
251 | memset(ctx->iv, 0, AES_BLOCK_SIZE); | |
252 | if (!ctx->hw->cipher(ctx, pt_last.c, in, AES_BLOCK_SIZE)) | |
253 | return 0; | |
254 | ||
255 | /* | |
256 | * Rebuild the ciphertext of C(n-1) as a combination of | |
257 | * the decrypted C(n) block + replace the start with the ciphertext bytes | |
258 | * of the partial last block. | |
259 | */ | |
260 | memcpy(ct_mid.c, in + AES_BLOCK_SIZE, residue); | |
261 | if (residue != AES_BLOCK_SIZE) | |
262 | memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue); | |
263 | /* | |
264 | * Restore the last partial ciphertext block. | |
265 | * Now that we have the cipher text of the second last block, apply | |
266 | * that to the partial plaintext end block. We have already decrypted the | |
267 | * block using an IV of zero. For decryption the IV is just XORed after | |
268 | * doing an AES block - so just XOR in the ciphertext. | |
269 | */ | |
270 | do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE); | |
271 | ||
272 | /* Restore the iv needed by the second last block */ | |
273 | memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE); | |
274 | /* | |
275 | * Decrypt the second last plaintext block now that we have rebuilt the | |
276 | * ciphertext. | |
277 | */ | |
278 | if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE)) | |
279 | return 0; | |
280 | ||
281 | return len + AES_BLOCK_SIZE + residue; | |
282 | } | |
283 | ||
284 | static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
285 | unsigned char *out, size_t len) | |
286 | { | |
287 | if (len % AES_BLOCK_SIZE == 0) { | |
288 | /* If there are no partial blocks then it is the same as CBC mode */ | |
289 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
290 | return 0; | |
291 | return len; | |
292 | } | |
293 | /* For partial blocks CS2 is equivalent to CS3 */ | |
294 | return cts128_cs3_encrypt(ctx, in, out, len); | |
295 | } | |
296 | ||
297 | static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
298 | unsigned char *out, size_t len) | |
299 | { | |
300 | if (len % AES_BLOCK_SIZE == 0) { | |
301 | /* If there are no partial blocks then it is the same as CBC mode */ | |
302 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
303 | return 0; | |
304 | return len; | |
305 | } | |
306 | /* For partial blocks CS2 is equivalent to CS3 */ | |
307 | return cts128_cs3_decrypt(ctx, in, out, len); | |
308 | } | |
309 | ||
310 | int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, | |
311 | size_t outsize, const unsigned char *in, | |
312 | size_t inl) | |
313 | { | |
314 | PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; | |
315 | size_t sz = 0; | |
316 | ||
317 | if (inl < AES_BLOCK_SIZE) /* There must be at least one block for CTS mode */ | |
318 | return 0; | |
319 | if (outsize < inl) | |
320 | return 0; | |
321 | if (out == NULL) { | |
322 | *outl = inl; | |
323 | return 1; | |
324 | } | |
325 | ||
326 | /* | |
327 | * Return an error if the update is called multiple times, only one shot | |
328 | * is supported. | |
329 | */ | |
330 | if (ctx->updated == 1) | |
331 | return 0; | |
332 | ||
333 | if (ctx->enc) { | |
334 | if (ctx->cts_mode == CTS_CS1) | |
335 | sz = cts128_cs1_encrypt(ctx, in, out, inl); | |
336 | else if (ctx->cts_mode == CTS_CS2) | |
337 | sz = cts128_cs2_encrypt(ctx, in, out, inl); | |
338 | else if (ctx->cts_mode == CTS_CS3) | |
339 | sz = cts128_cs3_encrypt(ctx, in, out, inl); | |
340 | } else { | |
341 | if (ctx->cts_mode == CTS_CS1) | |
342 | sz = cts128_cs1_decrypt(ctx, in, out, inl); | |
343 | else if (ctx->cts_mode == CTS_CS2) | |
344 | sz = cts128_cs2_decrypt(ctx, in, out, inl); | |
345 | else if (ctx->cts_mode == CTS_CS3) | |
346 | sz = cts128_cs3_decrypt(ctx, in, out, inl); | |
347 | } | |
348 | if (sz == 0) | |
349 | return 0; | |
350 | ctx->updated = 1; /* Stop multiple updates being allowed */ | |
351 | *outl = sz; | |
352 | return 1; | |
353 | } | |
354 | ||
355 | int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, | |
356 | size_t outsize) | |
357 | { | |
358 | *outl = 0; | |
359 | return 1; | |
360 | } |
0 | /* | |
1 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | #include "crypto/evp.h" | |
10 | ||
11 | OSSL_FUNC_cipher_update_fn ossl_aes_cbc_cts_block_update; | |
12 | OSSL_FUNC_cipher_final_fn ossl_aes_cbc_cts_block_final; | |
13 | ||
14 | const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id); | |
15 | int ossl_aes_cbc_cts_mode_name2id(const char *name); |
9 | 9 | /* Dispatch functions for AES CBC CTS ciphers */ |
10 | 10 | |
11 | 11 | #include <openssl/proverr.h> |
12 | #include "cipher_aes_cts.h" | |
12 | #include "cipher_cts.h" | |
13 | 13 | |
14 | #define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS | |
14 | #define CTS_FLAGS PROV_CIPHER_FLAG_CTS | |
15 | 15 | |
16 | 16 | static OSSL_FUNC_cipher_encrypt_init_fn aes_cbc_cts_einit; |
17 | 17 | static OSSL_FUNC_cipher_decrypt_init_fn aes_cbc_cts_dinit; |
49 | 49 | |
50 | 50 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); |
51 | 51 | if (p != NULL) { |
52 | const char *name = ossl_aes_cbc_cts_mode_id2name(ctx->cts_mode); | |
52 | const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode); | |
53 | 53 | |
54 | 54 | if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { |
55 | 55 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); |
73 | 73 | if (p != NULL) { |
74 | 74 | if (p->data_type != OSSL_PARAM_UTF8_STRING) |
75 | 75 | goto err; |
76 | id = ossl_aes_cbc_cts_mode_name2id(p->data); | |
76 | id = ossl_cipher_cbc_cts_mode_name2id(p->data); | |
77 | 77 | if (id < 0) |
78 | 78 | goto err; |
79 | 79 | |
85 | 85 | return 0; |
86 | 86 | } |
87 | 87 | |
88 | /* NOTE: The underlying block cipher is AES CBC so we reuse most of the code */ | |
89 | #define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ | |
90 | blkbits, ivbits, typ) \ | |
91 | static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ | |
92 | static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ | |
93 | { \ | |
94 | return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \ | |
95 | kbits, blkbits, ivbits); \ | |
96 | } \ | |
97 | const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ | |
98 | { OSSL_FUNC_CIPHER_NEWCTX, \ | |
99 | (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ | |
100 | { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ | |
101 | { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ | |
102 | { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_cbc_cts_einit }, \ | |
103 | { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_cbc_cts_dinit }, \ | |
104 | { OSSL_FUNC_CIPHER_UPDATE, \ | |
105 | (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_update }, \ | |
106 | { OSSL_FUNC_CIPHER_FINAL, \ | |
107 | (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_final }, \ | |
108 | { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ | |
109 | { OSSL_FUNC_CIPHER_GET_PARAMS, \ | |
110 | (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ | |
111 | { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ | |
112 | (void (*)(void))ossl_cipher_generic_gettable_params }, \ | |
113 | { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ | |
114 | (void (*)(void))aes_cbc_cts_get_ctx_params }, \ | |
115 | { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ | |
116 | (void (*)(void))aes_cbc_cts_set_ctx_params }, \ | |
117 | { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ | |
118 | (void (*)(void))aes_cbc_cts_gettable_ctx_params }, \ | |
119 | { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ | |
120 | (void (*)(void))aes_cbc_cts_settable_ctx_params }, \ | |
121 | { 0, NULL } \ | |
122 | }; | |
123 | ||
124 | 88 | /* ossl_aes256cbc_cts_functions */ |
125 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block) | |
89 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) | |
126 | 90 | /* ossl_aes192cbc_cts_functions */ |
127 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block) | |
91 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) | |
128 | 92 | /* ossl_aes128cbc_cts_functions */ |
129 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block) | |
93 | IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) |
151 | 151 | return 0; |
152 | 152 | |
153 | 153 | /* Input length must always be non-zero */ |
154 | if (inlen == 0) | |
155 | return -1; | |
154 | if (inlen == 0) { | |
155 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); | |
156 | return -1; | |
157 | } | |
156 | 158 | |
157 | 159 | /* If decrypting need at least 16 bytes and multiple of 8 */ |
158 | if (!ctx->enc && (inlen < 16 || inlen & 0x7)) | |
159 | return -1; | |
160 | if (!ctx->enc && (inlen < 16 || inlen & 0x7)) { | |
161 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); | |
162 | return -1; | |
163 | } | |
160 | 164 | |
161 | 165 | /* If not padding input must be multiple of 8 */ |
162 | if (!pad && inlen & 0x7) | |
163 | return -1; | |
166 | if (!pad && inlen & 0x7) { | |
167 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); | |
168 | return -1; | |
169 | } | |
164 | 170 | |
165 | 171 | if (out == NULL) { |
166 | 172 | if (ctx->enc) { |
181 | 187 | |
182 | 188 | rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in, |
183 | 189 | inlen, ctx->block); |
184 | return rv ? (int)rv : -1; | |
190 | if (!rv) { | |
191 | ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); | |
192 | return -1; | |
193 | } | |
194 | if (rv > INT_MAX) { | |
195 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); | |
196 | return -1; | |
197 | } | |
198 | return (int)rv; | |
185 | 199 | } |
186 | 200 | |
187 | 201 | static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, |
211 | 225 | |
212 | 226 | if (outsize < inl) { |
213 | 227 | ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); |
214 | return -1; | |
228 | return 0; | |
215 | 229 | } |
216 | 230 | |
217 | 231 | len = aes_wrap_cipher_internal(ctx, out, in, inl); |
218 | if (len == 0) | |
219 | return -1; | |
232 | if (len <= 0) | |
233 | return 0; | |
220 | 234 | |
221 | 235 | *outl = len; |
222 | 236 | return 1; |
0 | 0 | /* |
1 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
90 | 90 | /* ossl_camellia128ctr_functions */ |
91 | 91 | IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream) |
92 | 92 | |
93 | #include "cipher_camellia_cts.inc" |
0 | /* | |
1 | * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | /* Dispatch functions for CAMELLIA CBC CTS ciphers */ | |
10 | ||
11 | #include <openssl/proverr.h> | |
12 | #include "cipher_cts.h" | |
13 | ||
14 | #define CTS_FLAGS PROV_CIPHER_FLAG_CTS | |
15 | ||
16 | static OSSL_FUNC_cipher_encrypt_init_fn camellia_cbc_cts_einit; | |
17 | static OSSL_FUNC_cipher_decrypt_init_fn camellia_cbc_cts_dinit; | |
18 | static OSSL_FUNC_cipher_get_ctx_params_fn camellia_cbc_cts_get_ctx_params; | |
19 | static OSSL_FUNC_cipher_set_ctx_params_fn camellia_cbc_cts_set_ctx_params; | |
20 | static OSSL_FUNC_cipher_gettable_ctx_params_fn camellia_cbc_cts_gettable_ctx_params; | |
21 | static OSSL_FUNC_cipher_settable_ctx_params_fn camellia_cbc_cts_settable_ctx_params; | |
22 | ||
23 | CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(camellia_cbc_cts) | |
24 | OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), | |
25 | CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(camellia_cbc_cts) | |
26 | ||
27 | static int camellia_cbc_cts_einit(void *ctx, const unsigned char *key, size_t keylen, | |
28 | const unsigned char *iv, size_t ivlen, | |
29 | const OSSL_PARAM params[]) | |
30 | { | |
31 | if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL)) | |
32 | return 0; | |
33 | return camellia_cbc_cts_set_ctx_params(ctx, params); | |
34 | } | |
35 | ||
36 | static int camellia_cbc_cts_dinit(void *ctx, const unsigned char *key, size_t keylen, | |
37 | const unsigned char *iv, size_t ivlen, | |
38 | const OSSL_PARAM params[]) | |
39 | { | |
40 | if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL)) | |
41 | return 0; | |
42 | return camellia_cbc_cts_set_ctx_params(ctx, params); | |
43 | } | |
44 | ||
45 | static int camellia_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[]) | |
46 | { | |
47 | PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; | |
48 | OSSL_PARAM *p; | |
49 | ||
50 | p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE); | |
51 | if (p != NULL) { | |
52 | const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode); | |
53 | ||
54 | if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) { | |
55 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
56 | return 0; | |
57 | } | |
58 | } | |
59 | return ossl_cipher_generic_get_ctx_params(vctx, params); | |
60 | } | |
61 | ||
62 | CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(camellia_cbc_cts) | |
63 | OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0), | |
64 | CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(camellia_cbc_cts) | |
65 | ||
66 | static int camellia_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
67 | { | |
68 | PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; | |
69 | const OSSL_PARAM *p; | |
70 | int id; | |
71 | ||
72 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE); | |
73 | if (p != NULL) { | |
74 | if (p->data_type != OSSL_PARAM_UTF8_STRING) | |
75 | goto err; | |
76 | id = ossl_cipher_cbc_cts_mode_name2id(p->data); | |
77 | if (id < 0) | |
78 | goto err; | |
79 | ||
80 | ctx->cts_mode = (unsigned int)id; | |
81 | } | |
82 | return ossl_cipher_generic_set_ctx_params(vctx, params); | |
83 | err: | |
84 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); | |
85 | return 0; | |
86 | } | |
87 | ||
88 | /* ossl_camellia256cbc_cts_functions */ | |
89 | IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block) | |
90 | /* ossl_camellia192cbc_cts_functions */ | |
91 | IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block) | |
92 | /* ossl_camellia128cbc_cts_functions */ | |
93 | IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block) |
0 | /* | |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | /* | |
10 | * Helper functions for 128 bit CBC CTS ciphers (Currently AES and Camellia). | |
11 | * | |
12 | * The function dispatch tables are embedded into cipher_aes.c | |
13 | * and cipher_camellia.c using cipher_aes_cts.inc and cipher_camellia_cts.inc | |
14 | */ | |
15 | ||
16 | /* | |
17 | * Refer to SP800-38A-Addendum | |
18 | * | |
19 | * Ciphertext stealing encrypts plaintext using a block cipher, without padding | |
20 | * the message to a multiple of the block size, so the ciphertext is the same | |
21 | * size as the plaintext. | |
22 | * It does this by altering processing of the last two blocks of the message. | |
23 | * The processing of all but the last two blocks is unchanged, but a portion of | |
24 | * the second-last block's ciphertext is "stolen" to pad the last plaintext | |
25 | * block. The padded final block is then encrypted as usual. | |
26 | * The final ciphertext for the last two blocks, consists of the partial block | |
27 | * (with the "stolen" portion omitted) plus the full final block, | |
28 | * which are the same size as the original plaintext. | |
29 | * Decryption requires decrypting the final block first, then restoring the | |
30 | * stolen ciphertext to the partial block, which can then be decrypted as usual. | |
31 | ||
32 | * AES_CBC_CTS has 3 variants: | |
33 | * (1) CS1 The NIST variant. | |
34 | * If the length is a multiple of the blocksize it is the same as CBC mode. | |
35 | * otherwise it produces C1||C2||(C(n-1))*||Cn. | |
36 | * Where C(n-1)* is a partial block. | |
37 | * (2) CS2 | |
38 | * If the length is a multiple of the blocksize it is the same as CBC mode. | |
39 | * otherwise it produces C1||C2||Cn||(C(n-1))*. | |
40 | * Where C(n-1)* is a partial block. | |
41 | * (3) CS3 The Kerberos5 variant. | |
42 | * Produces C1||C2||Cn||(C(n-1))* regardless of the length. | |
43 | * If the length is a multiple of the blocksize it looks similar to CBC mode | |
44 | * with the last 2 blocks swapped. | |
45 | * Otherwise it is the same as CS2. | |
46 | */ | |
47 | ||
48 | #include "e_os.h" /* strcasecmp */ | |
49 | #include <openssl/core_names.h> | |
50 | #include "prov/ciphercommon.h" | |
51 | #include "internal/nelem.h" | |
52 | #include "cipher_cts.h" | |
53 | ||
54 | /* The value assigned to 0 is the default */ | |
55 | #define CTS_CS1 0 | |
56 | #define CTS_CS2 1 | |
57 | #define CTS_CS3 2 | |
58 | ||
59 | #define CTS_BLOCK_SIZE 16 | |
60 | ||
61 | typedef union { | |
62 | size_t align; | |
63 | unsigned char c[CTS_BLOCK_SIZE]; | |
64 | } aligned_16bytes; | |
65 | ||
66 | typedef struct cts_mode_name2id_st { | |
67 | unsigned int id; | |
68 | const char *name; | |
69 | } CTS_MODE_NAME2ID; | |
70 | ||
71 | static CTS_MODE_NAME2ID cts_modes[] = | |
72 | { | |
73 | { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 }, | |
74 | { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 }, | |
75 | { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 }, | |
76 | }; | |
77 | ||
78 | const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id) | |
79 | { | |
80 | size_t i; | |
81 | ||
82 | for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { | |
83 | if (cts_modes[i].id == id) | |
84 | return cts_modes[i].name; | |
85 | } | |
86 | return NULL; | |
87 | } | |
88 | ||
89 | int ossl_cipher_cbc_cts_mode_name2id(const char *name) | |
90 | { | |
91 | size_t i; | |
92 | ||
93 | for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { | |
94 | if (strcasecmp(name, cts_modes[i].name) == 0) | |
95 | return (int)cts_modes[i].id; | |
96 | } | |
97 | return -1; | |
98 | } | |
99 | ||
100 | static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
101 | unsigned char *out, size_t len) | |
102 | { | |
103 | aligned_16bytes tmp_in; | |
104 | size_t residue; | |
105 | ||
106 | residue = len % CTS_BLOCK_SIZE; | |
107 | len -= residue; | |
108 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
109 | return 0; | |
110 | ||
111 | if (residue == 0) | |
112 | return len; | |
113 | ||
114 | in += len; | |
115 | out += len; | |
116 | ||
117 | memset(tmp_in.c, 0, sizeof(tmp_in)); | |
118 | memcpy(tmp_in.c, in, residue); | |
119 | if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE + residue, tmp_in.c, | |
120 | CTS_BLOCK_SIZE)) | |
121 | return 0; | |
122 | return len + residue; | |
123 | } | |
124 | ||
125 | static void do_xor(const unsigned char *in1, const unsigned char *in2, | |
126 | size_t len, unsigned char *out) | |
127 | { | |
128 | size_t i; | |
129 | ||
130 | for (i = 0; i < len; ++i) | |
131 | out[i] = in1[i] ^ in2[i]; | |
132 | } | |
133 | ||
134 | static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
135 | unsigned char *out, size_t len) | |
136 | { | |
137 | aligned_16bytes mid_iv, ct_mid, cn, pt_last; | |
138 | size_t residue; | |
139 | ||
140 | residue = len % CTS_BLOCK_SIZE; | |
141 | if (residue == 0) { | |
142 | /* If there are no partial blocks then it is the same as CBC mode */ | |
143 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
144 | return 0; | |
145 | return len; | |
146 | } | |
147 | /* Process blocks at the start - but leave the last 2 blocks */ | |
148 | len -= CTS_BLOCK_SIZE + residue; | |
149 | if (len > 0) { | |
150 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
151 | return 0; | |
152 | in += len; | |
153 | out += len; | |
154 | } | |
155 | /* Save the iv that will be used by the second last block */ | |
156 | memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE); | |
157 | /* Save the C(n) block */ | |
158 | memcpy(cn.c, in + residue, CTS_BLOCK_SIZE); | |
159 | ||
160 | /* Decrypt the last block first using an iv of zero */ | |
161 | memset(ctx->iv, 0, CTS_BLOCK_SIZE); | |
162 | if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, CTS_BLOCK_SIZE)) | |
163 | return 0; | |
164 | ||
165 | /* | |
166 | * Rebuild the ciphertext of the second last block as a combination of | |
167 | * the decrypted last block + replace the start with the ciphertext bytes | |
168 | * of the partial second last block. | |
169 | */ | |
170 | memcpy(ct_mid.c, in, residue); | |
171 | memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue); | |
172 | /* | |
173 | * Restore the last partial ciphertext block. | |
174 | * Now that we have the cipher text of the second last block, apply | |
175 | * that to the partial plaintext end block. We have already decrypted the | |
176 | * block using an IV of zero. For decryption the IV is just XORed after | |
177 | * doing an Cipher CBC block - so just XOR in the cipher text. | |
178 | */ | |
179 | do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE); | |
180 | ||
181 | /* Restore the iv needed by the second last block */ | |
182 | memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE); | |
183 | ||
184 | /* | |
185 | * Decrypt the second last plaintext block now that we have rebuilt the | |
186 | * ciphertext. | |
187 | */ | |
188 | if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE)) | |
189 | return 0; | |
190 | ||
191 | /* The returned iv is the C(n) block */ | |
192 | memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE); | |
193 | return len + CTS_BLOCK_SIZE + residue; | |
194 | } | |
195 | ||
196 | static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
197 | unsigned char *out, size_t len) | |
198 | { | |
199 | aligned_16bytes tmp_in; | |
200 | size_t residue; | |
201 | ||
202 | if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ | |
203 | return 0; | |
204 | ||
205 | /* If we only have one block then just process the aligned block */ | |
206 | if (len == CTS_BLOCK_SIZE) | |
207 | return ctx->hw->cipher(ctx, out, in, len) ? len : 0; | |
208 | ||
209 | residue = len % CTS_BLOCK_SIZE; | |
210 | if (residue == 0) | |
211 | residue = CTS_BLOCK_SIZE; | |
212 | len -= residue; | |
213 | ||
214 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
215 | return 0; | |
216 | ||
217 | in += len; | |
218 | out += len; | |
219 | ||
220 | memset(tmp_in.c, 0, sizeof(tmp_in)); | |
221 | memcpy(tmp_in.c, in, residue); | |
222 | memcpy(out, out - CTS_BLOCK_SIZE, residue); | |
223 | if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE, tmp_in.c, CTS_BLOCK_SIZE)) | |
224 | return 0; | |
225 | return len + residue; | |
226 | } | |
227 | ||
228 | /* | |
229 | * Note: | |
230 | * The cipher text (in) is of the form C(0), C(1), ., C(n), C(n-1)* where | |
231 | * C(n) is a full block and C(n-1)* can be a partial block | |
232 | * (but could be a full block). | |
233 | * This means that the output plaintext (out) needs to swap the plaintext of | |
234 | * the last two decoded ciphertext blocks. | |
235 | */ | |
236 | static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
237 | unsigned char *out, size_t len) | |
238 | { | |
239 | aligned_16bytes mid_iv, ct_mid, cn, pt_last; | |
240 | size_t residue; | |
241 | ||
242 | if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ | |
243 | return 0; | |
244 | ||
245 | /* If we only have one block then just process the aligned block */ | |
246 | if (len == CTS_BLOCK_SIZE) | |
247 | return ctx->hw->cipher(ctx, out, in, len) ? len : 0; | |
248 | ||
249 | /* Process blocks at the start - but leave the last 2 blocks */ | |
250 | residue = len % CTS_BLOCK_SIZE; | |
251 | if (residue == 0) | |
252 | residue = CTS_BLOCK_SIZE; | |
253 | len -= CTS_BLOCK_SIZE + residue; | |
254 | ||
255 | if (len > 0) { | |
256 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
257 | return 0; | |
258 | in += len; | |
259 | out += len; | |
260 | } | |
261 | /* Save the iv that will be used by the second last block */ | |
262 | memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE); | |
263 | /* Save the C(n) block : For CS3 it is C(1)||...||C(n-2)||C(n)||C(n-1)* */ | |
264 | memcpy(cn.c, in, CTS_BLOCK_SIZE); | |
265 | ||
266 | /* Decrypt the C(n) block first using an iv of zero */ | |
267 | memset(ctx->iv, 0, CTS_BLOCK_SIZE); | |
268 | if (!ctx->hw->cipher(ctx, pt_last.c, in, CTS_BLOCK_SIZE)) | |
269 | return 0; | |
270 | ||
271 | /* | |
272 | * Rebuild the ciphertext of C(n-1) as a combination of | |
273 | * the decrypted C(n) block + replace the start with the ciphertext bytes | |
274 | * of the partial last block. | |
275 | */ | |
276 | memcpy(ct_mid.c, in + CTS_BLOCK_SIZE, residue); | |
277 | if (residue != CTS_BLOCK_SIZE) | |
278 | memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue); | |
279 | /* | |
280 | * Restore the last partial ciphertext block. | |
281 | * Now that we have the cipher text of the second last block, apply | |
282 | * that to the partial plaintext end block. We have already decrypted the | |
283 | * block using an IV of zero. For decryption the IV is just XORed after | |
284 | * doing an AES block - so just XOR in the ciphertext. | |
285 | */ | |
286 | do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE); | |
287 | ||
288 | /* Restore the iv needed by the second last block */ | |
289 | memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE); | |
290 | /* | |
291 | * Decrypt the second last plaintext block now that we have rebuilt the | |
292 | * ciphertext. | |
293 | */ | |
294 | if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE)) | |
295 | return 0; | |
296 | ||
297 | /* The returned iv is the C(n) block */ | |
298 | memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE); | |
299 | return len + CTS_BLOCK_SIZE + residue; | |
300 | } | |
301 | ||
302 | static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
303 | unsigned char *out, size_t len) | |
304 | { | |
305 | if (len % CTS_BLOCK_SIZE == 0) { | |
306 | /* If there are no partial blocks then it is the same as CBC mode */ | |
307 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
308 | return 0; | |
309 | return len; | |
310 | } | |
311 | /* For partial blocks CS2 is equivalent to CS3 */ | |
312 | return cts128_cs3_encrypt(ctx, in, out, len); | |
313 | } | |
314 | ||
315 | static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, | |
316 | unsigned char *out, size_t len) | |
317 | { | |
318 | if (len % CTS_BLOCK_SIZE == 0) { | |
319 | /* If there are no partial blocks then it is the same as CBC mode */ | |
320 | if (!ctx->hw->cipher(ctx, out, in, len)) | |
321 | return 0; | |
322 | return len; | |
323 | } | |
324 | /* For partial blocks CS2 is equivalent to CS3 */ | |
325 | return cts128_cs3_decrypt(ctx, in, out, len); | |
326 | } | |
327 | ||
328 | int ossl_cipher_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl, | |
329 | size_t outsize, const unsigned char *in, | |
330 | size_t inl) | |
331 | { | |
332 | PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; | |
333 | size_t sz = 0; | |
334 | ||
335 | if (inl < CTS_BLOCK_SIZE) /* There must be at least one block for CTS mode */ | |
336 | return 0; | |
337 | if (outsize < inl) | |
338 | return 0; | |
339 | if (out == NULL) { | |
340 | *outl = inl; | |
341 | return 1; | |
342 | } | |
343 | ||
344 | /* | |
345 | * Return an error if the update is called multiple times, only one shot | |
346 | * is supported. | |
347 | */ | |
348 | if (ctx->updated == 1) | |
349 | return 0; | |
350 | ||
351 | if (ctx->enc) { | |
352 | if (ctx->cts_mode == CTS_CS1) | |
353 | sz = cts128_cs1_encrypt(ctx, in, out, inl); | |
354 | else if (ctx->cts_mode == CTS_CS2) | |
355 | sz = cts128_cs2_encrypt(ctx, in, out, inl); | |
356 | else if (ctx->cts_mode == CTS_CS3) | |
357 | sz = cts128_cs3_encrypt(ctx, in, out, inl); | |
358 | } else { | |
359 | if (ctx->cts_mode == CTS_CS1) | |
360 | sz = cts128_cs1_decrypt(ctx, in, out, inl); | |
361 | else if (ctx->cts_mode == CTS_CS2) | |
362 | sz = cts128_cs2_decrypt(ctx, in, out, inl); | |
363 | else if (ctx->cts_mode == CTS_CS3) | |
364 | sz = cts128_cs3_decrypt(ctx, in, out, inl); | |
365 | } | |
366 | if (sz == 0) | |
367 | return 0; | |
368 | ctx->updated = 1; /* Stop multiple updates being allowed */ | |
369 | *outl = sz; | |
370 | return 1; | |
371 | } | |
372 | ||
373 | int ossl_cipher_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl, | |
374 | size_t outsize) | |
375 | { | |
376 | *outl = 0; | |
377 | return 1; | |
378 | } |
0 | /* | |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | #include "crypto/evp.h" | |
10 | ||
11 | /* NOTE: The underlying block cipher is CBC so we reuse most of the code */ | |
12 | #define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \ | |
13 | blkbits, ivbits, typ) \ | |
14 | static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \ | |
15 | static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ | |
16 | { \ | |
17 | return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \ | |
18 | flags, kbits, blkbits, ivbits); \ | |
19 | } \ | |
20 | const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \ | |
21 | { OSSL_FUNC_CIPHER_NEWCTX, \ | |
22 | (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \ | |
23 | { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \ | |
24 | { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \ | |
25 | { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) alg##_cbc_cts_einit }, \ | |
26 | { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) alg##_cbc_cts_dinit }, \ | |
27 | { OSSL_FUNC_CIPHER_UPDATE, \ | |
28 | (void (*)(void)) ossl_cipher_cbc_cts_block_update }, \ | |
29 | { OSSL_FUNC_CIPHER_FINAL, \ | |
30 | (void (*)(void)) ossl_cipher_cbc_cts_block_final }, \ | |
31 | { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \ | |
32 | { OSSL_FUNC_CIPHER_GET_PARAMS, \ | |
33 | (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \ | |
34 | { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ | |
35 | (void (*)(void))ossl_cipher_generic_gettable_params }, \ | |
36 | { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \ | |
37 | (void (*)(void)) alg##_cbc_cts_get_ctx_params }, \ | |
38 | { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \ | |
39 | (void (*)(void)) alg##_cbc_cts_set_ctx_params }, \ | |
40 | { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \ | |
41 | (void (*)(void)) alg##_cbc_cts_gettable_ctx_params }, \ | |
42 | { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \ | |
43 | (void (*)(void)) alg##_cbc_cts_settable_ctx_params }, \ | |
44 | { 0, NULL } \ | |
45 | }; | |
46 | ||
47 | OSSL_FUNC_cipher_update_fn ossl_cipher_cbc_cts_block_update; | |
48 | OSSL_FUNC_cipher_final_fn ossl_cipher_cbc_cts_block_final; | |
49 | ||
50 | const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id); | |
51 | int ossl_cipher_cbc_cts_mode_name2id(const char *name); |
122 | 122 | * though there is no provider interface to handle such objects, yet. |
123 | 123 | * However, this is beneficial for the OSSL_STORE result handler. |
124 | 124 | */ |
125 | { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, NULL }, | |
126 | { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, NULL }, | |
127 | { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, NULL }, | |
128 | { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, NULL } | |
125 | { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, "Certificate" }, | |
126 | { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, "Certificate" }, | |
127 | { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, "Certificate" }, | |
128 | { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, "CertificateList" } | |
129 | 129 | }; |
130 | 130 | struct pem2der_ctx_st *ctx = vctx; |
131 | 131 | char *pem_name = NULL, *pem_header = NULL; |
177 | 177 | char *data_type = (char *)pem_name_map[i].data_type; |
178 | 178 | char *data_structure = (char *)pem_name_map[i].data_structure; |
179 | 179 | |
180 | objtype = pem_name_map[i].object_type; | |
180 | 181 | if (data_type != NULL) |
181 | 182 | *p++ = |
182 | 183 | OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, |
166 | 166 | * key_to_epki_* produce encoded output with the private key data in a |
167 | 167 | * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require |
168 | 168 | * that there's an intent to encrypt, anything else is an error. |
169 | * They are currently only called from the corresponding key_to_pki_ function. | |
170 | 169 | * |
171 | 170 | * key_to_pki_* primarly produce encoded output with the private key data |
172 | 171 | * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if |
509 | 508 | return ret; |
510 | 509 | } |
511 | 510 | |
511 | # define dh_epki_priv_to_der dh_pki_priv_to_der | |
512 | ||
512 | 513 | static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) |
513 | 514 | { |
514 | 515 | if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) |
621 | 622 | ASN1_STRING_clear_free(priv_key); |
622 | 623 | return ret; |
623 | 624 | } |
625 | ||
626 | # define dsa_epki_priv_to_der dsa_pki_priv_to_der | |
624 | 627 | |
625 | 628 | # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey |
626 | 629 | # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey |
720 | 723 | return ret; /* return the length of the der encoded data */ |
721 | 724 | } |
722 | 725 | |
726 | # define ec_epki_priv_to_der ec_pki_priv_to_der | |
727 | ||
723 | 728 | # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters |
724 | 729 | # define ec_type_specific_pub_to_der (i2d_of_void *)i2o_ECPublicKey |
725 | 730 | # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey |
784 | 789 | |
785 | 790 | return keybloblen; |
786 | 791 | } |
792 | ||
793 | # define ecx_epki_priv_to_der ecx_pki_priv_to_der | |
787 | 794 | |
788 | 795 | /* |
789 | 796 | * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo |
888 | 895 | * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. |
889 | 896 | */ |
890 | 897 | #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der |
898 | #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der | |
891 | 899 | #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der |
892 | 900 | #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey |
893 | 901 | #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey |
1114 | 1122 | #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask |
1115 | 1123 | #define DO_PrivateKeyInfo(impl, type, output) \ |
1116 | 1124 | DO_PRIVATE_KEY(impl, type, pki, output) |
1125 | ||
1126 | #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask | |
1127 | #define DO_EncryptedPrivateKeyInfo(impl, type, output) \ | |
1128 | DO_PRIVATE_KEY(impl, type, epki, output) | |
1117 | 1129 | |
1118 | 1130 | /* SubjectPublicKeyInfo is a structure for public keys only */ |
1119 | 1131 | #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask |
1327 | 1339 | * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), |
1328 | 1340 | * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). |
1329 | 1341 | */ |
1342 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); | |
1343 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); | |
1330 | 1344 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); |
1331 | 1345 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); |
1332 | 1346 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); |
1333 | 1347 | MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); |
1348 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); | |
1349 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); | |
1334 | 1350 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); |
1335 | 1351 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); |
1336 | 1352 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); |
1337 | 1353 | MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); |
1338 | 1354 | #ifndef OPENSSL_NO_DH |
1355 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); | |
1356 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); | |
1339 | 1357 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); |
1340 | 1358 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); |
1341 | 1359 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); |
1342 | 1360 | MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); |
1361 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); | |
1362 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); | |
1343 | 1363 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); |
1344 | 1364 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); |
1345 | 1365 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); |
1346 | 1366 | MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); |
1347 | 1367 | #endif |
1348 | 1368 | #ifndef OPENSSL_NO_DSA |
1369 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); | |
1370 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); | |
1349 | 1371 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); |
1350 | 1372 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); |
1351 | 1373 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); |
1352 | 1374 | MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); |
1353 | 1375 | #endif |
1354 | 1376 | #ifndef OPENSSL_NO_EC |
1377 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); | |
1378 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); | |
1355 | 1379 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); |
1356 | 1380 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); |
1357 | 1381 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); |
1358 | 1382 | MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); |
1359 | 1383 | # ifndef OPENSSL_NO_SM2 |
1384 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); | |
1385 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); | |
1360 | 1386 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); |
1361 | 1387 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); |
1362 | 1388 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); |
1363 | 1389 | MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); |
1364 | 1390 | # endif |
1391 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); | |
1392 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); | |
1365 | 1393 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); |
1366 | 1394 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); |
1367 | 1395 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); |
1368 | 1396 | MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); |
1397 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); | |
1398 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); | |
1369 | 1399 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); |
1370 | 1400 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); |
1371 | 1401 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); |
1372 | 1402 | MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); |
1403 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); | |
1404 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); | |
1373 | 1405 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); |
1374 | 1406 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); |
1375 | 1407 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); |
1376 | 1408 | MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); |
1409 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); | |
1410 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); | |
1377 | 1411 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); |
1378 | 1412 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); |
1379 | 1413 | MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); |
632 | 632 | { |
633 | 633 | const RSA *rsa = key; |
634 | 634 | const char *type_label = "RSA key"; |
635 | const char *modulus_label; | |
636 | const char *exponent_label; | |
635 | const char *modulus_label = NULL; | |
636 | const char *exponent_label = NULL; | |
637 | 637 | const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; |
638 | 638 | STACK_OF(BIGNUM_const) *factors = NULL; |
639 | 639 | STACK_OF(BIGNUM_const) *exps = NULL; |
237 | 237 | return 0; |
238 | 238 | } |
239 | 239 | |
240 | ||
241 | 240 | static void dh_freectx(void *vpdhctx) |
242 | 241 | { |
243 | 242 | PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; |
270 | 269 | dstctx->kdf_ukm = NULL; |
271 | 270 | dstctx->kdf_cekalg = NULL; |
272 | 271 | |
273 | if (dstctx->dh != NULL && !DH_up_ref(srcctx->dh)) | |
272 | if (srcctx->dh != NULL && !DH_up_ref(srcctx->dh)) | |
274 | 273 | goto err; |
275 | 274 | else |
276 | 275 | dstctx->dh = srcctx->dh; |
277 | 276 | |
278 | if (dstctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer)) | |
277 | if (srcctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer)) | |
279 | 278 | goto err; |
280 | 279 | else |
281 | 280 | dstctx->dhpeer = srcctx->dhpeer; |
128 | 128 | extern const OSSL_DISPATCH ossl_camellia256cbc_functions[]; |
129 | 129 | extern const OSSL_DISPATCH ossl_camellia192cbc_functions[]; |
130 | 130 | extern const OSSL_DISPATCH ossl_camellia128cbc_functions[]; |
131 | extern const OSSL_DISPATCH ossl_camellia256cbc_cts_functions[]; | |
132 | extern const OSSL_DISPATCH ossl_camellia192cbc_cts_functions[]; | |
133 | extern const OSSL_DISPATCH ossl_camellia128cbc_cts_functions[]; | |
131 | 134 | extern const OSSL_DISPATCH ossl_camellia256ofb_functions[]; |
132 | 135 | extern const OSSL_DISPATCH ossl_camellia192ofb_functions[]; |
133 | 136 | extern const OSSL_DISPATCH ossl_camellia128ofb_functions[]; |
256 | 259 | #endif |
257 | 260 | extern const OSSL_DISPATCH ossl_kdf_tls1_prf_functions[]; |
258 | 261 | extern const OSSL_DISPATCH ossl_kdf_hkdf_functions[]; |
262 | extern const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[]; | |
259 | 263 | extern const OSSL_DISPATCH ossl_kdf_sshkdf_functions[]; |
260 | 264 | extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[]; |
261 | 265 | extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[]; |
322 | 326 | /* Encoders */ |
323 | 327 | extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_der_encoder_functions[]; |
324 | 328 | extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_pem_encoder_functions[]; |
329 | extern const OSSL_DISPATCH ossl_rsa_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
330 | extern const OSSL_DISPATCH ossl_rsa_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
325 | 331 | extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_der_encoder_functions[]; |
326 | 332 | extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_pem_encoder_functions[]; |
327 | 333 | extern const OSSL_DISPATCH ossl_rsa_to_RSA_der_encoder_functions[]; |
336 | 342 | |
337 | 343 | extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_der_encoder_functions[]; |
338 | 344 | extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_pem_encoder_functions[]; |
345 | extern const OSSL_DISPATCH ossl_rsapss_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
346 | extern const OSSL_DISPATCH ossl_rsapss_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
339 | 347 | extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_der_encoder_functions[]; |
340 | 348 | extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_pem_encoder_functions[]; |
341 | 349 | extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
346 | 354 | extern const OSSL_DISPATCH ossl_dh_to_DH_pem_encoder_functions[]; |
347 | 355 | extern const OSSL_DISPATCH ossl_dh_to_PKCS3_der_encoder_functions[]; |
348 | 356 | extern const OSSL_DISPATCH ossl_dh_to_PKCS3_pem_encoder_functions[]; |
357 | extern const OSSL_DISPATCH ossl_dh_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
358 | extern const OSSL_DISPATCH ossl_dh_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
349 | 359 | extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_der_encoder_functions[]; |
350 | 360 | extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_pem_encoder_functions[]; |
351 | 361 | extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
356 | 366 | |
357 | 367 | extern const OSSL_DISPATCH ossl_dhx_to_DHX_der_encoder_functions[]; |
358 | 368 | extern const OSSL_DISPATCH ossl_dhx_to_DHX_pem_encoder_functions[]; |
369 | extern const OSSL_DISPATCH ossl_dhx_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
370 | extern const OSSL_DISPATCH ossl_dhx_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
359 | 371 | extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_der_encoder_functions[]; |
360 | 372 | extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_pem_encoder_functions[]; |
361 | 373 | extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
368 | 380 | |
369 | 381 | extern const OSSL_DISPATCH ossl_dsa_to_DSA_der_encoder_functions[]; |
370 | 382 | extern const OSSL_DISPATCH ossl_dsa_to_DSA_pem_encoder_functions[]; |
383 | extern const OSSL_DISPATCH ossl_dsa_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
384 | extern const OSSL_DISPATCH ossl_dsa_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
371 | 385 | extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_der_encoder_functions[]; |
372 | 386 | extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_pem_encoder_functions[]; |
373 | 387 | extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
381 | 395 | extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[]; |
382 | 396 | extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[]; |
383 | 397 | extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[]; |
398 | extern const OSSL_DISPATCH ossl_ec_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
399 | extern const OSSL_DISPATCH ossl_ec_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
384 | 400 | extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_der_encoder_functions[]; |
385 | 401 | extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_pem_encoder_functions[]; |
386 | 402 | extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
395 | 411 | extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[]; |
396 | 412 | extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[]; |
397 | 413 | extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[]; |
414 | extern const OSSL_DISPATCH ossl_sm2_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
415 | extern const OSSL_DISPATCH ossl_sm2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
398 | 416 | extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_der_encoder_functions[]; |
399 | 417 | extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_pem_encoder_functions[]; |
400 | 418 | extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
404 | 422 | extern const OSSL_DISPATCH ossl_sm2_to_text_encoder_functions[]; |
405 | 423 | #endif |
406 | 424 | |
425 | extern const OSSL_DISPATCH ossl_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
426 | extern const OSSL_DISPATCH ossl_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
407 | 427 | extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; |
408 | 428 | extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; |
409 | 429 | extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
411 | 431 | extern const OSSL_DISPATCH ossl_ed25519_to_OSSL_current_der_encoder_functions[]; |
412 | 432 | extern const OSSL_DISPATCH ossl_ed25519_to_text_encoder_functions[]; |
413 | 433 | |
434 | extern const OSSL_DISPATCH ossl_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
435 | extern const OSSL_DISPATCH ossl_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
414 | 436 | extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_der_encoder_functions[]; |
415 | 437 | extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; |
416 | 438 | extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
418 | 440 | extern const OSSL_DISPATCH ossl_ed448_to_OSSL_current_der_encoder_functions[]; |
419 | 441 | extern const OSSL_DISPATCH ossl_ed448_to_text_encoder_functions[]; |
420 | 442 | |
443 | extern const OSSL_DISPATCH ossl_x25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
444 | extern const OSSL_DISPATCH ossl_x25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
421 | 445 | extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_der_encoder_functions[]; |
422 | 446 | extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_pem_encoder_functions[]; |
423 | 447 | extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
425 | 449 | extern const OSSL_DISPATCH ossl_x25519_to_OSSL_current_der_encoder_functions[]; |
426 | 450 | extern const OSSL_DISPATCH ossl_x25519_to_text_encoder_functions[]; |
427 | 451 | |
452 | extern const OSSL_DISPATCH ossl_x448_to_EncryptedPrivateKeyInfo_der_encoder_functions[]; | |
453 | extern const OSSL_DISPATCH ossl_x448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[]; | |
428 | 454 | extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_der_encoder_functions[]; |
429 | 455 | extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_pem_encoder_functions[]; |
430 | 456 | extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_der_encoder_functions[]; |
129 | 129 | #define PROV_NAMES_CAMELLIA_256_CBC "CAMELLIA-256-CBC:CAMELLIA256:1.2.392.200011.61.1.1.1.4" |
130 | 130 | #define PROV_NAMES_CAMELLIA_192_CBC "CAMELLIA-192-CBC:CAMELLIA192:1.2.392.200011.61.1.1.1.3" |
131 | 131 | #define PROV_NAMES_CAMELLIA_128_CBC "CAMELLIA-128-CBC:CAMELLIA128:1.2.392.200011.61.1.1.1.2" |
132 | #define PROV_NAMES_CAMELLIA_256_CBC_CTS "CAMELLIA-256-CBC-CTS" | |
133 | #define PROV_NAMES_CAMELLIA_192_CBC_CTS "CAMELLIA-192-CBC-CTS" | |
134 | #define PROV_NAMES_CAMELLIA_128_CBC_CTS "CAMELLIA-128-CBC-CTS" | |
132 | 135 | #define PROV_NAMES_CAMELLIA_256_OFB "CAMELLIA-256-OFB:0.3.4401.5.3.1.9.43" |
133 | 136 | #define PROV_NAMES_CAMELLIA_192_OFB "CAMELLIA-192-OFB:0.3.4401.5.3.1.9.23" |
134 | 137 | #define PROV_NAMES_CAMELLIA_128_OFB "CAMELLIA-128-OFB:0.3.4401.5.3.1.9.3" |
248 | 251 | */ |
249 | 252 | #define PROV_NAMES_HKDF "HKDF" |
250 | 253 | #define PROV_DESCS_HKDF_SIGN "OpenSSL HKDF via EVP_PKEY implementation" |
254 | #define PROV_NAMES_TLS1_3_KDF "TLS13-KDF" | |
251 | 255 | #define PROV_NAMES_SSKDF "SSKDF" |
252 | 256 | #define PROV_NAMES_PBKDF1 "PBKDF1" |
253 | 257 | #define PROV_NAMES_PBKDF2 "PBKDF2:1.2.840.113549.1.5.12" |
22 | 22 | #include <openssl/proverr.h> |
23 | 23 | #include "internal/cryptlib.h" |
24 | 24 | #include "internal/numbers.h" |
25 | #include "internal/packet.h" | |
25 | 26 | #include "crypto/evp.h" |
26 | 27 | #include "prov/provider_ctx.h" |
27 | 28 | #include "prov/providercommon.h" |
39 | 40 | static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params; |
40 | 41 | static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; |
41 | 42 | static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params; |
43 | static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive; | |
44 | static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params; | |
45 | static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params; | |
42 | 46 | |
43 | 47 | static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, |
44 | 48 | const unsigned char *salt, size_t salt_len, |
54 | 58 | const unsigned char *info, size_t info_len, |
55 | 59 | unsigned char *okm, size_t okm_len); |
56 | 60 | |
61 | /* Settable context parameters that are common across HKDF and the TLS KDF */ | |
62 | #define HKDF_COMMON_SETTABLES \ | |
63 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), \ | |
64 | OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), \ | |
65 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \ | |
66 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \ | |
67 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \ | |
68 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0) | |
69 | ||
57 | 70 | typedef struct { |
58 | 71 | void *provctx; |
59 | 72 | int mode; |
62 | 75 | size_t salt_len; |
63 | 76 | unsigned char *key; |
64 | 77 | size_t key_len; |
78 | unsigned char *prefix; | |
79 | size_t prefix_len; | |
80 | unsigned char *label; | |
81 | size_t label_len; | |
82 | unsigned char *data; | |
83 | size_t data_len; | |
65 | 84 | unsigned char info[HKDF_MAXBUF]; |
66 | 85 | size_t info_len; |
67 | 86 | } KDF_HKDF; |
97 | 116 | |
98 | 117 | ossl_prov_digest_reset(&ctx->digest); |
99 | 118 | OPENSSL_free(ctx->salt); |
119 | OPENSSL_free(ctx->prefix); | |
120 | OPENSSL_free(ctx->label); | |
121 | OPENSSL_clear_free(ctx->data, ctx->data_len); | |
100 | 122 | OPENSSL_clear_free(ctx->key, ctx->key_len); |
101 | 123 | OPENSSL_cleanse(ctx->info, ctx->info_len); |
102 | 124 | memset(ctx, 0, sizeof(*ctx)); |
162 | 184 | } |
163 | 185 | } |
164 | 186 | |
165 | static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
166 | { | |
187 | static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[]) | |
188 | { | |
189 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); | |
167 | 190 | const OSSL_PARAM *p; |
168 | KDF_HKDF *ctx = vctx; | |
169 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); | |
170 | 191 | int n; |
171 | 192 | |
172 | 193 | if (params == NULL) |
218 | 239 | return 0; |
219 | 240 | } |
220 | 241 | } |
242 | ||
243 | return 1; | |
244 | } | |
245 | ||
246 | static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
247 | { | |
248 | const OSSL_PARAM *p; | |
249 | KDF_HKDF *ctx = vctx; | |
250 | ||
251 | if (params == NULL) | |
252 | return 1; | |
253 | ||
254 | if (!hkdf_common_set_ctx_params(ctx, params)) | |
255 | return 0; | |
256 | ||
221 | 257 | /* The info fields concatenate, so process them all */ |
222 | 258 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) { |
223 | 259 | ctx->info_len = 0; |
242 | 278 | ossl_unused void *provctx) |
243 | 279 | { |
244 | 280 | static const OSSL_PARAM known_settable_ctx_params[] = { |
245 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), | |
246 | OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), | |
247 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), | |
248 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), | |
249 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), | |
250 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), | |
281 | HKDF_COMMON_SETTABLES, | |
251 | 282 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), |
252 | 283 | OSSL_PARAM_END |
253 | 284 | }; |
495 | 526 | HMAC_CTX_free(hmac); |
496 | 527 | return ret; |
497 | 528 | } |
529 | ||
530 | /* | |
531 | * TLS uses slight variations of the above and for FIPS validation purposes, | |
532 | * they need to be present here. | |
533 | * Refer to RFC 8446 section 7 for specific details. | |
534 | */ | |
535 | ||
536 | /* | |
537 | * Given a |secret|; a |label| of length |labellen|; and |data| of length | |
538 | * |datalen| (e.g. typically a hash of the handshake messages), derive a new | |
539 | * secret |outlen| bytes long and store it in the location pointed to be |out|. | |
540 | * The |data| value may be zero length. Returns 1 on success and 0 on failure. | |
541 | */ | |
542 | static int prov_tls13_hkdf_expand(const EVP_MD *md, | |
543 | const unsigned char *key, size_t keylen, | |
544 | const unsigned char *prefix, size_t prefixlen, | |
545 | const unsigned char *label, size_t labellen, | |
546 | const unsigned char *data, size_t datalen, | |
547 | unsigned char *out, size_t outlen) | |
548 | { | |
549 | size_t hkdflabellen; | |
550 | unsigned char hkdflabel[HKDF_MAXBUF]; | |
551 | WPACKET pkt; | |
552 | ||
553 | /* | |
554 | * 2 bytes for length of derived secret + 1 byte for length of combined | |
555 | * prefix and label + bytes for the label itself + 1 byte length of hash | |
556 | * + bytes for the hash itself. We've got the maximum the KDF can handle | |
557 | * which should always be sufficient. | |
558 | */ | |
559 | if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) | |
560 | || !WPACKET_put_bytes_u16(&pkt, outlen) | |
561 | || !WPACKET_start_sub_packet_u8(&pkt) | |
562 | || !WPACKET_memcpy(&pkt, prefix, prefixlen) | |
563 | || !WPACKET_memcpy(&pkt, label, labellen) | |
564 | || !WPACKET_close(&pkt) | |
565 | || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) | |
566 | || !WPACKET_get_total_written(&pkt, &hkdflabellen) | |
567 | || !WPACKET_finish(&pkt)) { | |
568 | WPACKET_cleanup(&pkt); | |
569 | return 0; | |
570 | } | |
571 | ||
572 | return HKDF_Expand(md, key, keylen, hkdflabel, hkdflabellen, | |
573 | out, outlen); | |
574 | } | |
575 | ||
576 | static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx, | |
577 | const EVP_MD *md, | |
578 | const unsigned char *prevsecret, | |
579 | size_t prevsecretlen, | |
580 | const unsigned char *insecret, | |
581 | size_t insecretlen, | |
582 | const unsigned char *prefix, | |
583 | size_t prefixlen, | |
584 | const unsigned char *label, | |
585 | size_t labellen, | |
586 | unsigned char *out, size_t outlen) | |
587 | { | |
588 | size_t mdlen; | |
589 | int ret; | |
590 | unsigned char preextractsec[EVP_MAX_MD_SIZE]; | |
591 | /* Always filled with zeros */ | |
592 | static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; | |
593 | ||
594 | ret = EVP_MD_get_size(md); | |
595 | /* Ensure cast to size_t is safe */ | |
596 | if (ret <= 0) | |
597 | return 0; | |
598 | mdlen = (size_t)ret; | |
599 | ||
600 | if (insecret == NULL) { | |
601 | insecret = default_zeros; | |
602 | insecretlen = mdlen; | |
603 | } | |
604 | if (prevsecret == NULL) { | |
605 | prevsecret = default_zeros; | |
606 | prevsecretlen = 0; | |
607 | } else { | |
608 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); | |
609 | unsigned char hash[EVP_MAX_MD_SIZE]; | |
610 | ||
611 | /* The pre-extract derive step uses a hash of no messages */ | |
612 | if (mctx == NULL | |
613 | || EVP_DigestInit_ex(mctx, md, NULL) <= 0 | |
614 | || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { | |
615 | EVP_MD_CTX_free(mctx); | |
616 | return 0; | |
617 | } | |
618 | EVP_MD_CTX_free(mctx); | |
619 | ||
620 | /* Generate the pre-extract secret */ | |
621 | if (!prov_tls13_hkdf_expand(md, prevsecret, mdlen, | |
622 | prefix, prefixlen, label, labellen, | |
623 | hash, mdlen, preextractsec, mdlen)) | |
624 | return 0; | |
625 | prevsecret = preextractsec; | |
626 | prevsecretlen = mdlen; | |
627 | } | |
628 | ||
629 | ret = HKDF_Extract(libctx, md, prevsecret, prevsecretlen, | |
630 | insecret, insecretlen, out, outlen); | |
631 | ||
632 | if (prevsecret == preextractsec) | |
633 | OPENSSL_cleanse(preextractsec, mdlen); | |
634 | return ret; | |
635 | } | |
636 | ||
637 | static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen, | |
638 | const OSSL_PARAM params[]) | |
639 | { | |
640 | KDF_HKDF *ctx = (KDF_HKDF *)vctx; | |
641 | const EVP_MD *md; | |
642 | ||
643 | if (!ossl_prov_is_running() || !kdf_tls1_3_set_ctx_params(ctx, params)) | |
644 | return 0; | |
645 | ||
646 | md = ossl_prov_digest_md(&ctx->digest); | |
647 | if (md == NULL) { | |
648 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
649 | return 0; | |
650 | } | |
651 | ||
652 | switch (ctx->mode) { | |
653 | default: | |
654 | return 0; | |
655 | ||
656 | case EVP_KDF_HKDF_MODE_EXTRACT_ONLY: | |
657 | return prov_tls13_hkdf_generate_secret(PROV_LIBCTX_OF(ctx->provctx), | |
658 | md, | |
659 | ctx->salt, ctx->salt_len, | |
660 | ctx->key, ctx->key_len, | |
661 | ctx->prefix, ctx->prefix_len, | |
662 | ctx->label, ctx->label_len, | |
663 | key, keylen); | |
664 | ||
665 | case EVP_KDF_HKDF_MODE_EXPAND_ONLY: | |
666 | return prov_tls13_hkdf_expand(md, ctx->key, ctx->key_len, | |
667 | ctx->prefix, ctx->prefix_len, | |
668 | ctx->label, ctx->label_len, | |
669 | ctx->data, ctx->data_len, | |
670 | key, keylen); | |
671 | } | |
672 | } | |
673 | ||
674 | static int kdf_tls1_3_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
675 | { | |
676 | const OSSL_PARAM *p; | |
677 | KDF_HKDF *ctx = vctx; | |
678 | ||
679 | if (params == NULL) | |
680 | return 1; | |
681 | ||
682 | if (!hkdf_common_set_ctx_params(ctx, params)) | |
683 | return 0; | |
684 | ||
685 | if (ctx->mode == EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND) { | |
686 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); | |
687 | return 0; | |
688 | } | |
689 | ||
690 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PREFIX)) != NULL) { | |
691 | OPENSSL_free(ctx->prefix); | |
692 | ctx->prefix = NULL; | |
693 | if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->prefix, 0, | |
694 | &ctx->prefix_len)) | |
695 | return 0; | |
696 | } | |
697 | ||
698 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_LABEL)) != NULL) { | |
699 | OPENSSL_free(ctx->label); | |
700 | ctx->label = NULL; | |
701 | if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->label, 0, | |
702 | &ctx->label_len)) | |
703 | return 0; | |
704 | } | |
705 | ||
706 | OPENSSL_clear_free(ctx->data, ctx->data_len); | |
707 | ctx->data = NULL; | |
708 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DATA)) != NULL | |
709 | && !OSSL_PARAM_get_octet_string(p, (void **)&ctx->data, 0, | |
710 | &ctx->data_len)) | |
711 | return 0; | |
712 | return 1; | |
713 | } | |
714 | ||
715 | static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx, | |
716 | ossl_unused void *provctx) | |
717 | { | |
718 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
719 | HKDF_COMMON_SETTABLES, | |
720 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PREFIX, NULL, 0), | |
721 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_LABEL, NULL, 0), | |
722 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_DATA, NULL, 0), | |
723 | OSSL_PARAM_END | |
724 | }; | |
725 | return known_settable_ctx_params; | |
726 | } | |
727 | ||
728 | const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = { | |
729 | { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new }, | |
730 | { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free }, | |
731 | { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset }, | |
732 | { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_3_derive }, | |
733 | { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, | |
734 | (void(*)(void))kdf_tls1_3_settable_ctx_params }, | |
735 | { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_tls1_3_set_ctx_params }, | |
736 | { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, | |
737 | (void(*)(void))kdf_hkdf_gettable_ctx_params }, | |
738 | { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params }, | |
739 | { 0, NULL } | |
740 | }; |
63 | 63 | } |
64 | 64 | vi = EVP_MD_get_block_size(md_type); |
65 | 65 | ui = EVP_MD_get_size(md_type); |
66 | if (ui < 0 || vi <= 0) { | |
66 | if (ui <= 0 || vi <= 0) { | |
67 | 67 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE); |
68 | 68 | goto end; |
69 | 69 | } |
38 | 38 | #if defined(__DragonFly__) |
39 | 39 | # include <sys/param.h> |
40 | 40 | # include <sys/random.h> |
41 | #endif | |
42 | #if defined(__APPLE__) | |
43 | # include <CommonCrypto/CommonRandom.h> | |
44 | 41 | #endif |
45 | 42 | |
46 | 43 | #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \ |
368 | 365 | if (errno != ENOSYS) |
369 | 366 | return -1; |
370 | 367 | } |
371 | # elif defined(__APPLE__) | |
368 | # elif defined(OPENSSL_APPLE_CRYPTO_RANDOM) | |
372 | 369 | |
373 | 370 | if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) |
374 | 371 | return (ssize_t)buflen; |
478 | 478 | struct { |
479 | 479 | pid_t pid; |
480 | 480 | CRYPTO_THREAD_ID tid; |
481 | uint64_t time; | |
481 | unsigned __int64 time; | |
482 | 482 | } data; |
483 | 483 | |
484 | 484 | /* Erase the entire structure including any padding */ |
579 | 579 | { |
580 | 580 | struct { |
581 | 581 | CRYPTO_THREAD_ID tid; |
582 | uint64_t time; | |
582 | unsigned __int64 time; | |
583 | 583 | } data; |
584 | 584 | |
585 | 585 | /* Erase the entire structure including any padding */ |
436 | 436 | goto err; |
437 | 437 | } |
438 | 438 | |
439 | /* | |
440 | * Where applicable, set the outermost structure name. | |
441 | * The goal is to avoid the STORE object types that are | |
442 | * potentially password protected but aren't interesting | |
443 | * for this load. | |
444 | */ | |
445 | switch (ctx->expected_type) { | |
446 | case OSSL_STORE_INFO_CERT: | |
447 | if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, | |
448 | "Certificate")) { | |
449 | ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); | |
450 | goto err; | |
451 | } | |
452 | break; | |
453 | case OSSL_STORE_INFO_CRL: | |
454 | if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, | |
455 | "CertificateList")) { | |
456 | ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); | |
457 | goto err; | |
458 | } | |
459 | break; | |
460 | default: | |
461 | break; | |
462 | } | |
463 | ||
439 | 464 | for (to_algo = ossl_any_to_obj_algorithm; |
440 | 465 | to_algo->algorithm_names != NULL; |
441 | 466 | to_algo++) { |
351 | 351 | void dtls1_stop_timer(SSL *s) |
352 | 352 | { |
353 | 353 | /* Reset everything */ |
354 | memset(&s->d1->timeout, 0, sizeof(s->d1->timeout)); | |
354 | s->d1->timeout_num_alerts = 0; | |
355 | 355 | memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); |
356 | 356 | s->d1->timeout_duration_us = 1000000; |
357 | 357 | BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, |
364 | 364 | { |
365 | 365 | size_t mtu; |
366 | 366 | |
367 | s->d1->timeout.num_alerts++; | |
367 | s->d1->timeout_num_alerts++; | |
368 | 368 | |
369 | 369 | /* Reduce MTU after 2 unsuccessful retransmissions */ |
370 | if (s->d1->timeout.num_alerts > 2 | |
370 | if (s->d1->timeout_num_alerts > 2 | |
371 | 371 | && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { |
372 | 372 | mtu = |
373 | 373 | BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); |
375 | 375 | s->d1->mtu = mtu; |
376 | 376 | } |
377 | 377 | |
378 | if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { | |
378 | if (s->d1->timeout_num_alerts > DTLS1_TMO_ALERT_COUNT) { | |
379 | 379 | /* fail the connection, enough alerts have been sent */ |
380 | 380 | SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_READ_TIMEOUT_EXPIRED); |
381 | 381 | return -1; |
399 | 399 | if (dtls1_check_timeout_num(s) < 0) { |
400 | 400 | /* SSLfatal() already called */ |
401 | 401 | return -1; |
402 | } | |
403 | ||
404 | s->d1->timeout.read_timeouts++; | |
405 | if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { | |
406 | s->d1->timeout.read_timeouts = 1; | |
407 | 402 | } |
408 | 403 | |
409 | 404 | dtls1_start_timer(s); |
1046 | 1046 | |
1047 | 1047 | if (SSL_IS_DTLS(s)) { |
1048 | 1048 | /* DTLS does not support pipelining */ |
1049 | unsigned char dtlsseq[9], *p = dtlsseq; | |
1049 | unsigned char dtlsseq[8], *p = dtlsseq; | |
1050 | 1050 | |
1051 | 1051 | s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : |
1052 | 1052 | DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); |
228 | 228 | static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, |
229 | 229 | ASN1_OCTET_STRING *src, size_t maxlen) |
230 | 230 | { |
231 | if (src == NULL) { | |
231 | if (src == NULL || src->length == 0) { | |
232 | 232 | *pdstlen = 0; |
233 | 233 | return 1; |
234 | 234 | } |
1861 | 1861 | struct dtls1_retransmit_state saved_retransmit_state; |
1862 | 1862 | }; |
1863 | 1863 | |
1864 | struct dtls1_timeout_st { | |
1865 | /* Number of read timeouts so far */ | |
1866 | unsigned int read_timeouts; | |
1867 | /* Number of write timeouts so far */ | |
1868 | unsigned int write_timeouts; | |
1869 | /* Number of alerts received so far */ | |
1870 | unsigned int num_alerts; | |
1871 | }; | |
1872 | ||
1873 | 1864 | typedef struct hm_fragment_st { |
1874 | 1865 | struct hm_header_st msg_header; |
1875 | 1866 | unsigned char *fragment; |
1915 | 1906 | size_t mtu; /* max DTLS packet size */ |
1916 | 1907 | struct hm_header_st w_msg_hdr; |
1917 | 1908 | struct hm_header_st r_msg_hdr; |
1918 | struct dtls1_timeout_st timeout; | |
1909 | /* Number of alerts received so far */ | |
1910 | unsigned int timeout_num_alerts; | |
1919 | 1911 | /* |
1920 | 1912 | * Indicates when the last handshake msg sent will timeout |
1921 | 1913 | */ |
0 | 0 | /* |
1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2005 Nokia. All rights reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
136 | 136 | case TLS_ST_CW_NEXT_PROTO: |
137 | 137 | return "TWNP"; |
138 | 138 | case TLS_ST_BEFORE: |
139 | return "PINIT "; | |
139 | return "PINIT"; | |
140 | 140 | case TLS_ST_OK: |
141 | return "SSLOK "; | |
141 | return "SSLOK"; | |
142 | 142 | case TLS_ST_CW_CLNT_HELLO: |
143 | 143 | return "TWCH"; |
144 | 144 | case TLS_ST_CR_SRVR_HELLO: |
200 | 200 | case TLS_ST_CR_CERT_VRFY: |
201 | 201 | return "TRSCV"; |
202 | 202 | case TLS_ST_SW_CERT_VRFY: |
203 | return "TRSCV"; | |
203 | return "TWSCV"; | |
204 | 204 | case TLS_ST_CR_HELLO_REQ: |
205 | 205 | return "TRHR"; |
206 | 206 | case TLS_ST_SW_KEY_UPDATE: |
220 | 220 | case TLS_ST_SR_END_OF_EARLY_DATA: |
221 | 221 | return "TWEOED"; |
222 | 222 | default: |
223 | return "UNKWN "; | |
223 | return "UNKWN"; | |
224 | 224 | } |
225 | 225 | } |
226 | 226 |
3555 | 3555 | |
3556 | 3556 | sk_X509_pop_free(s->session->peer_chain, X509_free); |
3557 | 3557 | s->session->peer_chain = sk; |
3558 | sk = NULL; | |
3558 | 3559 | |
3559 | 3560 | /* |
3560 | 3561 | * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE |
3569 | 3570 | * Inconsistency alert: cert_chain does *not* include the peer's own |
3570 | 3571 | * certificate, while we do include it in statem_clnt.c |
3571 | 3572 | */ |
3572 | sk = NULL; | |
3573 | 3573 | |
3574 | 3574 | /* Save the current hash state for when we receive the CertificateVerify */ |
3575 | 3575 | if (SSL_IS_TLS13(s)) { |
3301 | 3301 | if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { |
3302 | 3302 | if (!fatalerrs) |
3303 | 3303 | return 1; |
3304 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
3304 | SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, | |
3305 | 3305 | SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); |
3306 | 3306 | return 0; |
3307 | 3307 | } |
3316 | 3316 | if (i == sent_sigslen) { |
3317 | 3317 | if (!fatalerrs) |
3318 | 3318 | return 1; |
3319 | SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, | |
3319 | SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, | |
3320 | 3320 | SSL_R_WRONG_SIGNATURE_TYPE); |
3321 | 3321 | return 0; |
3322 | 3322 | } |
17 | 17 | |
18 | 18 | #define TLS13_MAX_LABEL_LEN 249 |
19 | 19 | |
20 | /* Always filled with zeros */ | |
21 | static const unsigned char default_zeros[EVP_MAX_MD_SIZE]; | |
20 | #ifdef CHARSET_EBCDIC | |
21 | static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; | |
22 | #else | |
23 | static const unsigned char label_prefix[] = "tls13 "; | |
24 | #endif | |
22 | 25 | |
23 | 26 | /* |
24 | 27 | * Given a |secret|; a |label| of length |labellen|; and |data| of length |
28 | 31 | * |fatal| is set. Returns 1 on success 0 on failure. |
29 | 32 | */ |
30 | 33 | int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, |
31 | const unsigned char *label, size_t labellen, | |
32 | const unsigned char *data, size_t datalen, | |
33 | unsigned char *out, size_t outlen, int fatal) | |
34 | { | |
35 | #ifdef CHARSET_EBCDIC | |
36 | static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 }; | |
37 | #else | |
38 | static const unsigned char label_prefix[] = "tls13 "; | |
39 | #endif | |
40 | EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, | |
34 | const unsigned char *label, size_t labellen, | |
35 | const unsigned char *data, size_t datalen, | |
36 | unsigned char *out, size_t outlen, int fatal) | |
37 | { | |
38 | EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, | |
41 | 39 | s->ctx->propq); |
42 | 40 | EVP_KDF_CTX *kctx; |
43 | OSSL_PARAM params[5], *p = params; | |
41 | OSSL_PARAM params[7], *p = params; | |
44 | 42 | int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; |
45 | 43 | const char *mdname = EVP_MD_get0_name(md); |
46 | 44 | int ret; |
47 | size_t hkdflabellen; | |
48 | 45 | size_t hashlen; |
49 | /* | |
50 | * 2 bytes for length of derived secret + 1 byte for length of combined | |
51 | * prefix and label + bytes for the label itself + 1 byte length of hash | |
52 | * + bytes for the hash itself | |
53 | */ | |
54 | unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) | |
55 | + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN | |
56 | + 1 + EVP_MAX_MD_SIZE]; | |
57 | WPACKET pkt; | |
58 | 46 | |
59 | 47 | kctx = EVP_KDF_CTX_new(kdf); |
60 | 48 | EVP_KDF_free(kdf); |
75 | 63 | return 0; |
76 | 64 | } |
77 | 65 | |
78 | hashlen = EVP_MD_get_size(md); | |
79 | ||
80 | if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) | |
81 | || !WPACKET_put_bytes_u16(&pkt, outlen) | |
82 | || !WPACKET_start_sub_packet_u8(&pkt) | |
83 | || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1) | |
84 | || !WPACKET_memcpy(&pkt, label, labellen) | |
85 | || !WPACKET_close(&pkt) | |
86 | || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) | |
87 | || !WPACKET_get_total_written(&pkt, &hkdflabellen) | |
88 | || !WPACKET_finish(&pkt)) { | |
66 | if ((ret = EVP_MD_get_size(md)) <= 0) { | |
89 | 67 | EVP_KDF_CTX_free(kctx); |
90 | WPACKET_cleanup(&pkt); | |
91 | 68 | if (fatal) |
92 | 69 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
93 | 70 | else |
94 | 71 | ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); |
95 | 72 | return 0; |
96 | 73 | } |
74 | hashlen = (size_t)ret; | |
97 | 75 | |
98 | 76 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); |
99 | 77 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
100 | 78 | (char *)mdname, 0); |
101 | 79 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, |
102 | 80 | (unsigned char *)secret, hashlen); |
103 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, | |
104 | hkdflabel, hkdflabellen); | |
81 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, | |
82 | (unsigned char *)label_prefix, | |
83 | sizeof(label_prefix) - 1); | |
84 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, | |
85 | (unsigned char *)label, labellen); | |
86 | if (data != NULL) | |
87 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_DATA, | |
88 | (unsigned char *)data, | |
89 | datalen); | |
105 | 90 | *p++ = OSSL_PARAM_construct_end(); |
106 | 91 | |
107 | 92 | ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0; |
108 | ||
109 | 93 | EVP_KDF_CTX_free(kctx); |
110 | 94 | |
111 | 95 | if (ret != 0) { |
177 | 161 | size_t insecretlen, |
178 | 162 | unsigned char *outsecret) |
179 | 163 | { |
180 | size_t mdlen, prevsecretlen; | |
164 | size_t mdlen; | |
181 | 165 | int mdleni; |
182 | 166 | int ret; |
183 | 167 | EVP_KDF *kdf; |
184 | 168 | EVP_KDF_CTX *kctx; |
185 | OSSL_PARAM params[5], *p = params; | |
169 | OSSL_PARAM params[7], *p = params; | |
186 | 170 | int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; |
187 | 171 | const char *mdname = EVP_MD_get0_name(md); |
188 | 172 | #ifdef CHARSET_EBCDIC |
190 | 174 | #else |
191 | 175 | static const char derived_secret_label[] = "derived"; |
192 | 176 | #endif |
193 | unsigned char preextractsec[EVP_MAX_MD_SIZE]; | |
194 | ||
195 | kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq); | |
177 | ||
178 | kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq); | |
196 | 179 | kctx = EVP_KDF_CTX_new(kdf); |
197 | 180 | EVP_KDF_free(kdf); |
198 | 181 | if (kctx == NULL) { |
209 | 192 | } |
210 | 193 | mdlen = (size_t)mdleni; |
211 | 194 | |
212 | if (insecret == NULL) { | |
213 | insecret = default_zeros; | |
214 | insecretlen = mdlen; | |
215 | } | |
216 | if (prevsecret == NULL) { | |
217 | prevsecret = default_zeros; | |
218 | prevsecretlen = 0; | |
219 | } else { | |
220 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); | |
221 | unsigned char hash[EVP_MAX_MD_SIZE]; | |
222 | ||
223 | /* The pre-extract derive step uses a hash of no messages */ | |
224 | if (mctx == NULL | |
225 | || EVP_DigestInit_ex(mctx, md, NULL) <= 0 | |
226 | || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) { | |
227 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
228 | EVP_MD_CTX_free(mctx); | |
229 | EVP_KDF_CTX_free(kctx); | |
230 | return 0; | |
231 | } | |
232 | EVP_MD_CTX_free(mctx); | |
233 | ||
234 | /* Generate the pre-extract secret */ | |
235 | if (!tls13_hkdf_expand(s, md, prevsecret, | |
236 | (unsigned char *)derived_secret_label, | |
237 | sizeof(derived_secret_label) - 1, hash, mdlen, | |
238 | preextractsec, mdlen, 1)) { | |
239 | /* SSLfatal() already called */ | |
240 | EVP_KDF_CTX_free(kctx); | |
241 | return 0; | |
242 | } | |
243 | ||
244 | prevsecret = preextractsec; | |
245 | prevsecretlen = mdlen; | |
246 | } | |
247 | ||
248 | 195 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); |
249 | 196 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
250 | 197 | (char *)mdname, 0); |
251 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, | |
252 | (unsigned char *)insecret, | |
253 | insecretlen); | |
254 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
255 | (unsigned char *)prevsecret, | |
256 | prevsecretlen); | |
198 | if (insecret != NULL) | |
199 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, | |
200 | (unsigned char *)insecret, | |
201 | insecretlen); | |
202 | if (prevsecret != NULL) | |
203 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
204 | (unsigned char *)prevsecret, mdlen); | |
205 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX, | |
206 | (unsigned char *)label_prefix, | |
207 | sizeof(label_prefix) - 1); | |
208 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL, | |
209 | (unsigned char *)derived_secret_label, | |
210 | sizeof(derived_secret_label) - 1); | |
257 | 211 | *p++ = OSSL_PARAM_construct_end(); |
258 | 212 | |
259 | 213 | ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0; |
262 | 216 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
263 | 217 | |
264 | 218 | EVP_KDF_CTX_free(kctx); |
265 | if (prevsecret == preextractsec) | |
266 | OPENSSL_cleanse(preextractsec, mdlen); | |
267 | 219 | return ret == 0; |
268 | 220 | } |
269 | 221 |
1 | 1 | # |
2 | 2 | # This config is used by the Time Stamp Authority tests. |
3 | 3 | # |
4 | ||
5 | # Comment out the next line to ignore configuration errors | |
6 | config_diagnostics = 1 | |
4 | 7 | |
5 | 8 | # Extra OBJECT IDENTIFIER info: |
6 | 9 | oid_section = new_oids |
43 | 43 | |
44 | 44 | A script that just runs a program looks like this: |
45 | 45 | |
46 | #! /usr/bin/perl | |
46 | #! /usr/bin/env perl | |
47 | 47 | |
48 | 48 | use OpenSSL::Test::Simple; |
49 | 49 | |
66 | 66 | |
67 | 67 | A script to start from could be this: |
68 | 68 | |
69 | #! /usr/bin/perl | |
69 | #! /usr/bin/env perl | |
70 | 70 | |
71 | 71 | use strict; |
72 | 72 | use warnings; |
10 | 10 | ENDIF |
11 | 11 | IF[{- $config{target} =~ /^vms-/ -}] |
12 | 12 | $AUXLIBAPPSSRC=../apps/lib/vms_term_sock.c ../apps/lib/vms_decc_argv.c |
13 | ENDIF | |
14 | # Program init source, that don't have direct linkage with the rest of the | |
15 | # source, and can therefore not be part of a library. | |
16 | IF[{- !$disabled{uplink} -}] | |
17 | $INITSRC=../ms/applink.c | |
13 | 18 | ENDIF |
14 | 19 | $LIBAPPSSRC=../apps/lib/opt.c $AUXLIBAPPSSRC |
15 | 20 | |
56 | 61 | context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ |
57 | 62 | keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ |
58 | 63 | bio_readbuffer_test user_property_test pkcs7_test upcallstest \ |
59 | provfetchtest | |
64 | provfetchtest prov_config_test | |
60 | 65 | |
61 | 66 | IF[{- !$disabled{'deprecated-3.0'} -}] |
62 | 67 | PROGRAMS{noinst}=enginetest |
174 | 179 | SOURCE[provfetchtest]=provfetchtest.c |
175 | 180 | INCLUDE[provfetchtest]=../include ../apps/include |
176 | 181 | DEPEND[provfetchtest]=../libcrypto.a libtestutil.a |
182 | ||
183 | SOURCE[prov_config_test]=prov_config_test.c | |
184 | INCLUDE[prov_config_test]=../include ../apps/include | |
185 | DEPEND[prov_config_test]=../libcrypto.a libtestutil.a | |
177 | 186 | |
178 | 187 | SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c |
179 | 188 | INCLUDE[evp_pkey_provided_test]=../include ../apps/include |
707 | 716 | INCLUDE[rc5test]=../include ../apps/include |
708 | 717 | DEPEND[rc5test]=../libcrypto.a libtestutil.a |
709 | 718 | |
710 | SOURCE[ec_internal_test]=ec_internal_test.c | |
719 | SOURCE[ec_internal_test]=ec_internal_test.c $INITSRC | |
711 | 720 | INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include |
712 | 721 | DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a |
713 | 722 |
0 | ||
1 | # Comment out the next line to ignore configuration errors | |
2 | config_diagnostics = 1 | |
0 | 3 | |
1 | 4 | CN2 = Brother 2 |
2 | 5 |
0 | 0 | /* |
1 | * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright Nokia 2007-2019 |
3 | 3 | * Copyright Siemens AG 2015-2019 |
4 | 4 | * |
57 | 57 | if (!TEST_ptr(statusString = |
58 | 58 | sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si), |
59 | 59 | 0)) |
60 | || !TEST_str_eq(fixture->text, (char *)statusString->data)) | |
60 | || !TEST_mem_eq(fixture->text, strlen(fixture->text), | |
61 | (char *)statusString->data, statusString->length)) | |
61 | 62 | goto end; |
62 | 63 | |
63 | 64 | if (!TEST_int_eq(fixture->pkifailure, |
0 | 0 | enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | [test] |
3 | 6 | description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | .include fipsmodule.cnf |
3 | 6 |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | [openssl_init] |
3 | 6 | providers = provider_sect |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | [openssl_init] |
3 | 6 | providers = provider_sect |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
16 | 16 | #include <string.h> |
17 | 17 | |
18 | 18 | #include "testutil.h" |
19 | #include "internal/nelem.h" | |
19 | 20 | |
20 | 21 | #ifndef OPENSSL_NO_DES |
21 | 22 | # include <openssl/des.h> |
696 | 697 | return 0; |
697 | 698 | return 1; |
698 | 699 | } |
700 | ||
701 | /* | |
702 | * Test TDES based key wrapping. | |
703 | * The wrapping process uses a randomly generated IV so it is difficult to | |
704 | * undertake KATs. End to end testing is performed instead. | |
705 | */ | |
706 | static const int test_des_key_wrap_sizes[] = { | |
707 | 8, 16, 24, 32, 64, 80 | |
708 | }; | |
709 | ||
710 | static int test_des_key_wrap(int idx) | |
711 | { | |
712 | int in_bytes = test_des_key_wrap_sizes[idx]; | |
713 | unsigned char in[100], c_txt[200], p_txt[200], key[24]; | |
714 | int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i; | |
715 | EVP_CIPHER *cipher = NULL; | |
716 | EVP_CIPHER_CTX *ctx = NULL; | |
717 | int res = 0; | |
718 | ||
719 | /* Some sanity checks and cipher loading */ | |
720 | if (!TEST_size_t_le(in_bytes, sizeof(in)) | |
721 | || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL)) | |
722 | || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8) | |
723 | || !TEST_size_t_eq(bs * 3u, sizeof(key)) | |
724 | || !TEST_true(in_bytes % bs == 0) | |
725 | || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())) | |
726 | goto err; | |
727 | ||
728 | /* Create random data to end to end test */ | |
729 | for (i = 0; i < in_bytes; i++) | |
730 | in[i] = test_random(); | |
731 | ||
732 | /* Build the key */ | |
733 | memcpy(key, cbc_key, sizeof(cbc_key)); | |
734 | memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key)); | |
735 | memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key)); | |
736 | ||
737 | /* Wrap / encrypt the key */ | |
738 | clen_upd = sizeof(c_txt); | |
739 | if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL)) | |
740 | || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd, | |
741 | in, in_bytes))) | |
742 | goto err; | |
743 | ||
744 | expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs; | |
745 | if (!TEST_int_eq(clen_upd, expect)) | |
746 | goto err; | |
747 | ||
748 | clen_fin = sizeof(c_txt) - clen_upd; | |
749 | if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin)) | |
750 | || !TEST_int_eq(clen_fin, 0)) | |
751 | goto err; | |
752 | clen = clen_upd + clen_fin; | |
753 | ||
754 | /* Decrypt the wrapped key */ | |
755 | plen_upd = sizeof(p_txt); | |
756 | if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL)) | |
757 | || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd, | |
758 | c_txt, clen))) | |
759 | goto err; | |
760 | plen_fin = sizeof(p_txt) - plen_upd; | |
761 | if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin))) | |
762 | goto err; | |
763 | plen = plen_upd + plen_fin; | |
764 | ||
765 | if (!TEST_mem_eq(in, in_bytes, p_txt, plen)) | |
766 | goto err; | |
767 | res = 1; | |
768 | err: | |
769 | EVP_CIPHER_free(cipher); | |
770 | EVP_CIPHER_CTX_free(ctx); | |
771 | return res; | |
772 | } | |
699 | 773 | #endif |
700 | 774 | |
701 | 775 | int setup_tests(void) |
721 | 795 | ADD_TEST(test_des_crypt); |
722 | 796 | ADD_ALL_TESTS(test_input_align, 4); |
723 | 797 | ADD_ALL_TESTS(test_output_align, 4); |
798 | ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes)); | |
724 | 799 | #endif |
725 | 800 | return 1; |
726 | 801 | } |
107 | 107 | if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) |
108 | 108 | goto end; |
109 | 109 | |
110 | DSA_generate_key(dsa); | |
111 | DSA_sign(0, str1, 20, sig, &siglen, dsa); | |
112 | if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) | |
110 | if (!TEST_true(DSA_generate_key(dsa))) | |
111 | goto end; | |
112 | if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa))) | |
113 | goto end; | |
114 | if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) | |
113 | 115 | ret = 1; |
114 | 116 | |
115 | 117 | end: |
358 | 358 | return testresult; |
359 | 359 | } |
360 | 360 | |
361 | static | |
362 | int ecpkparams_i2d2i_test(int n) | |
363 | { | |
364 | EC_GROUP *g1 = NULL, *g2 = NULL; | |
365 | FILE *fp = NULL; | |
366 | int nid = curves[n].nid; | |
367 | int testresult = 0; | |
368 | ||
369 | /* create group */ | |
370 | if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) | |
371 | goto end; | |
372 | ||
373 | /* encode params to file */ | |
374 | if (!TEST_ptr(fp = fopen("params.der", "wb")) | |
375 | || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) | |
376 | goto end; | |
377 | ||
378 | /* flush and close file */ | |
379 | if (!TEST_int_eq(fclose(fp), 0)) { | |
380 | fp = NULL; | |
381 | goto end; | |
382 | } | |
383 | fp = NULL; | |
384 | ||
385 | /* decode params from file */ | |
386 | if (!TEST_ptr(fp = fopen("params.der", "rb")) | |
387 | || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) | |
388 | goto end; | |
389 | ||
390 | testresult = 1; /* PASS */ | |
391 | ||
392 | end: | |
393 | if (fp != NULL) | |
394 | fclose(fp); | |
395 | ||
396 | EC_GROUP_free(g1); | |
397 | EC_GROUP_free(g2); | |
398 | ||
399 | return testresult; | |
400 | } | |
401 | ||
361 | 402 | int setup_tests(void) |
362 | 403 | { |
363 | 404 | crv_len = EC_get_builtin_curves(NULL, 0); |
375 | 416 | ADD_TEST(underflow_test); |
376 | 417 | #endif |
377 | 418 | ADD_TEST(decoded_flag_test); |
419 | ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); | |
420 | ||
378 | 421 | return 1; |
379 | 422 | } |
380 | 423 |
702 | 702 | return test_encode_decode(__FILE__, __LINE__, type, key, |
703 | 703 | OSSL_KEYMGMT_SELECT_KEYPAIR |
704 | 704 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
705 | "DER", "PrivateKeyInfo", | |
705 | "DER", "EncryptedPrivateKeyInfo", | |
706 | 706 | pass, pass_cipher, |
707 | 707 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
708 | 708 | test_mem, check_protected_PKCS8_DER, |
725 | 725 | return test_encode_decode(__FILE__, __LINE__, type, key, |
726 | 726 | OSSL_KEYMGMT_SELECT_KEYPAIR |
727 | 727 | | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
728 | "PEM", "PrivateKeyInfo", | |
728 | "PEM", "EncryptedPrivateKeyInfo", | |
729 | 729 | pass, pass_cipher, |
730 | 730 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
731 | 731 | test_text, check_protected_PKCS8_PEM, |
1050 | 1050 | { |
1051 | 1051 | int ret = 0; |
1052 | 1052 | EVP_PKEY *pkey = NULL; |
1053 | unsigned char *sig = NULL; | |
1054 | size_t sig_len = 0; | |
1053 | unsigned char *sig = NULL, *sig2 = NULL; | |
1054 | size_t sig_len = 0, sig2_len = 0; | |
1055 | 1055 | EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; |
1056 | 1056 | EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; |
1057 | 1057 | BIO *mdbio = NULL, *membio = NULL; |
1114 | 1114 | || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) |
1115 | 1115 | goto out; |
1116 | 1116 | |
1117 | if (tst >= 6) { | |
1118 | if (!TEST_int_gt(BIO_reset(mdbio), 0) | |
1119 | || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) | |
1120 | goto out; | |
1121 | } | |
1122 | ||
1123 | 1117 | /* |
1124 | 1118 | * Ensure that the signature round-trips (Verification isn't supported for |
1125 | 1119 | * HMAC via EVP_DigestVerify*) |
1126 | 1120 | */ |
1127 | 1121 | if (tst != 2 && tst != 5 && tst != 8) { |
1122 | if (tst >= 6) { | |
1123 | if (!TEST_int_gt(BIO_reset(mdbio), 0) | |
1124 | || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) | |
1125 | goto out; | |
1126 | } | |
1127 | ||
1128 | 1128 | if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, |
1129 | 1129 | NULL, pkey))) |
1130 | 1130 | goto out; |
1139 | 1139 | } |
1140 | 1140 | if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) |
1141 | 1141 | goto out; |
1142 | ||
1143 | /* Multiple calls to EVP_DigestVerifyFinal should work */ | |
1144 | if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) | |
1145 | goto out; | |
1146 | } else { | |
1147 | /* | |
1148 | * For HMAC a doubled call to DigestSignFinal should produce the same | |
1149 | * value as finalization should not happen. | |
1150 | */ | |
1151 | if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) | |
1152 | || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) | |
1153 | || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) | |
1154 | goto out; | |
1155 | ||
1156 | if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) | |
1157 | goto out; | |
1142 | 1158 | } |
1143 | 1159 | |
1144 | 1160 | ret = 1; |
1150 | 1166 | EVP_MD_CTX_free(a_md_ctx_verify); |
1151 | 1167 | EVP_PKEY_free(pkey); |
1152 | 1168 | OPENSSL_free(sig); |
1169 | OPENSSL_free(sig2); | |
1153 | 1170 | EVP_MD_free(mdexp); |
1154 | 1171 | |
1155 | 1172 | return ret; |
2480 | 2497 | EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; |
2481 | 2498 | int ret = 0; |
2482 | 2499 | BIGNUM *p, *g = NULL; |
2500 | BIGNUM *pubkey = NULL; | |
2501 | unsigned char pub[2048 / 8]; | |
2502 | size_t len = 0; | |
2483 | 2503 | |
2484 | 2504 | if (!TEST_ptr(p = BN_new()) |
2485 | 2505 | || !TEST_ptr(g = BN_new()) |
2486 | || !BN_set_word(p, 9999) | |
2487 | || !BN_set_word(g, 2) | |
2506 | || !TEST_ptr(pubkey = BN_new()) | |
2507 | || !TEST_true(BN_set_word(p, 9999)) | |
2508 | || !TEST_true(BN_set_word(g, 2)) | |
2509 | || !TEST_true(BN_set_word(pubkey, 4321)) | |
2488 | 2510 | || !TEST_ptr(noqdh = DH_new()) |
2489 | || !DH_set0_pqg(noqdh, p, NULL, g)) | |
2511 | || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) | |
2512 | || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) | |
2513 | || !TEST_ptr(pubkey = BN_new()) | |
2514 | || !TEST_true(BN_set_word(pubkey, 4321))) | |
2490 | 2515 | goto err; |
2491 | 2516 | p = g = NULL; |
2492 | 2517 | |
2496 | 2521 | if (!TEST_ptr(x942dh) |
2497 | 2522 | || !TEST_ptr(noqdh) |
2498 | 2523 | || !TEST_ptr(pkey1) |
2499 | || !TEST_ptr(pkey2)) | |
2500 | goto err; | |
2501 | ||
2502 | if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) | |
2524 | || !TEST_ptr(pkey2) | |
2525 | || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) | |
2526 | goto err; | |
2527 | pubkey = NULL; | |
2528 | ||
2529 | if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) | |
2503 | 2530 | || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) |
2504 | 2531 | goto err; |
2505 | 2532 | |
2506 | if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) | |
2533 | if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, | |
2534 | &pubkey)) | |
2535 | || !TEST_ptr(pubkey)) | |
2536 | goto err; | |
2537 | ||
2538 | if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) | |
2507 | 2539 | || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) |
2540 | goto err; | |
2541 | ||
2542 | if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, | |
2543 | OSSL_PKEY_PARAM_PUB_KEY, | |
2544 | pub, sizeof(pub), &len)) | |
2545 | || !TEST_size_t_ne(len, 0)) | |
2508 | 2546 | goto err; |
2509 | 2547 | |
2510 | 2548 | ret = 1; |
2511 | 2549 | err: |
2512 | 2550 | BN_free(p); |
2513 | 2551 | BN_free(g); |
2552 | BN_free(pubkey); | |
2514 | 2553 | EVP_PKEY_free(pkey1); |
2515 | 2554 | EVP_PKEY_free(pkey2); |
2516 | 2555 | DH_free(x942dh); |
3311 | 3350 | } |
3312 | 3351 | |
3313 | 3352 | typedef struct { |
3353 | const char *cipher; | |
3354 | int enc; | |
3355 | } EVP_UPDATED_IV_TEST_st; | |
3356 | ||
3357 | static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { | |
3358 | { | |
3359 | "aes-128-cfb", 1 | |
3360 | }, | |
3361 | { | |
3362 | "aes-128-cfb", 0 | |
3363 | }, | |
3364 | { | |
3365 | "aes-128-cfb1", 1 | |
3366 | }, | |
3367 | { | |
3368 | "aes-128-cfb1", 0 | |
3369 | }, | |
3370 | { | |
3371 | "aes-128-cfb8", 1 | |
3372 | }, | |
3373 | { | |
3374 | "aes-128-cfb8", 0 | |
3375 | }, | |
3376 | { | |
3377 | "aes-128-ofb", 1 | |
3378 | }, | |
3379 | { | |
3380 | "aes-128-ofb", 0 | |
3381 | }, | |
3382 | { | |
3383 | "aes-128-ctr", 1 | |
3384 | }, | |
3385 | { | |
3386 | "aes-128-ctr", 0 | |
3387 | }, | |
3388 | { | |
3389 | "aes-128-cbc", 1 | |
3390 | }, | |
3391 | { | |
3392 | "aes-128-cbc", 0 | |
3393 | } | |
3394 | }; | |
3395 | ||
3396 | /* | |
3397 | * Test that the IV in the context is updated during a crypto operation for CFB | |
3398 | * and OFB. | |
3399 | */ | |
3400 | static int test_evp_updated_iv(int idx) | |
3401 | { | |
3402 | const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; | |
3403 | int outlen1, outlen2; | |
3404 | int testresult = 0; | |
3405 | unsigned char outbuf[1024]; | |
3406 | EVP_CIPHER_CTX *ctx = NULL; | |
3407 | EVP_CIPHER *type = NULL; | |
3408 | unsigned char updated_iv[EVP_MAX_IV_LENGTH]; | |
3409 | int iv_len; | |
3410 | char *errmsg = NULL; | |
3411 | ||
3412 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { | |
3413 | errmsg = "CTX_ALLOC"; | |
3414 | goto err; | |
3415 | } | |
3416 | if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { | |
3417 | TEST_info("cipher %s not supported, skipping", t->cipher); | |
3418 | goto ok; | |
3419 | } | |
3420 | ||
3421 | if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { | |
3422 | errmsg = "CIPHER_INIT"; | |
3423 | goto err; | |
3424 | } | |
3425 | if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { | |
3426 | errmsg = "PADDING"; | |
3427 | goto err; | |
3428 | } | |
3429 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { | |
3430 | errmsg = "CIPHER_UPDATE"; | |
3431 | goto err; | |
3432 | } | |
3433 | if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { | |
3434 | errmsg = "CIPHER_CTX_GET_UPDATED_IV"; | |
3435 | goto err; | |
3436 | } | |
3437 | if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { | |
3438 | errmsg = "CIPHER_CTX_GET_IV_LEN"; | |
3439 | goto err; | |
3440 | } | |
3441 | if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { | |
3442 | errmsg = "IV_NOT_UPDATED"; | |
3443 | goto err; | |
3444 | } | |
3445 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
3446 | errmsg = "CIPHER_FINAL"; | |
3447 | goto err; | |
3448 | } | |
3449 | ok: | |
3450 | testresult = 1; | |
3451 | err: | |
3452 | if (errmsg != NULL) | |
3453 | TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); | |
3454 | EVP_CIPHER_CTX_free(ctx); | |
3455 | EVP_CIPHER_free(type); | |
3456 | return testresult; | |
3457 | } | |
3458 | ||
3459 | typedef struct { | |
3314 | 3460 | const unsigned char *iv1; |
3315 | 3461 | const unsigned char *iv2; |
3316 | 3462 | const unsigned char *expected1; |
3828 | 3974 | ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); |
3829 | 3975 | ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); |
3830 | 3976 | ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); |
3977 | ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); | |
3831 | 3978 | |
3832 | 3979 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
3833 | 3980 | ADD_ALL_TESTS(test_custom_pmeth, 12); |
524 | 524 | int ret = 0; |
525 | 525 | EVP_PKEY *pub = NULL; |
526 | 526 | EVP_PKEY *priv = NULL; |
527 | EVP_PKEY_CTX *sctx = NULL, *rctx = NULL; | |
527 | EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL; | |
528 | 528 | unsigned char secret[256] = { 0, }; |
529 | 529 | unsigned char ct[256] = { 0, }; |
530 | 530 | unsigned char unwrap[256] = { 0, }; |
535 | 535 | && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL)) |
536 | 536 | && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1) |
537 | 537 | && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1) |
538 | && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL, | |
538 | && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx)) | |
539 | && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL, | |
539 | 540 | &secretlen), 1) |
540 | 541 | && TEST_int_eq(ctlen, secretlen) |
541 | 542 | && TEST_int_eq(ctlen, bits / 8) |
542 | && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret, | |
543 | && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret, | |
543 | 544 | &secretlen), 1) |
544 | 545 | && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL)) |
545 | 546 | && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1) |
552 | 553 | EVP_PKEY_free(pub); |
553 | 554 | EVP_PKEY_free(priv); |
554 | 555 | EVP_PKEY_CTX_free(rctx); |
556 | EVP_PKEY_CTX_free(dctx); | |
555 | 557 | EVP_PKEY_CTX_free(sctx); |
556 | 558 | return ret; |
557 | 559 | } |
13 | 13 | #include <openssl/provider.h> |
14 | 14 | #include <openssl/param_build.h> |
15 | 15 | #include <openssl/core_names.h> |
16 | #include <openssl/sha.h> | |
16 | 17 | #include "crypto/ecx.h" |
17 | 18 | #include "crypto/evp.h" /* For the internal API */ |
18 | 19 | #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ |
523 | 524 | if (!TEST_true(EVP_PKEY_fromdata_init(ctx)) |
524 | 525 | || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, |
525 | 526 | fromdata_params))) |
527 | goto err; | |
528 | ||
529 | /* | |
530 | * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that | |
531 | * it behaves as expected with regards to string length and terminating | |
532 | * NUL byte. | |
533 | */ | |
534 | if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, | |
535 | OSSL_PKEY_PARAM_GROUP_NAME, | |
536 | NULL, sizeof(name_out), | |
537 | &len)) | |
538 | || !TEST_size_t_eq(len, sizeof(group_name) - 1) | |
539 | /* Just enough space to hold the group name and a terminating NUL */ | |
540 | || !TEST_true(EVP_PKEY_get_utf8_string_param(pk, | |
541 | OSSL_PKEY_PARAM_GROUP_NAME, | |
542 | name_out, | |
543 | sizeof(group_name), | |
544 | &len)) | |
545 | || !TEST_size_t_eq(len, sizeof(group_name) - 1) | |
546 | /* Too small buffer to hold the terminating NUL byte */ | |
547 | || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, | |
548 | OSSL_PKEY_PARAM_GROUP_NAME, | |
549 | name_out, | |
550 | sizeof(group_name) - 1, | |
551 | &len)) | |
552 | /* Too small buffer to hold the whole group name, even! */ | |
553 | || !TEST_false(EVP_PKEY_get_utf8_string_param(pk, | |
554 | OSSL_PKEY_PARAM_GROUP_NAME, | |
555 | name_out, | |
556 | sizeof(group_name) - 2, | |
557 | &len))) | |
526 | 558 | goto err; |
527 | 559 | |
528 | 560 | while (dup_pk == NULL) { |
1590 | 1622 | #endif /* OPENSSL_NO_DSA */ |
1591 | 1623 | |
1592 | 1624 | |
1625 | static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key, | |
1626 | size_t keylen, char *salt) | |
1627 | { | |
1628 | OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); | |
1629 | OSSL_PARAM *p = params; | |
1630 | ||
1631 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0); | |
1632 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
1633 | salt, strlen(salt)); | |
1634 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, | |
1635 | (unsigned char *)key, keylen); | |
1636 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, | |
1637 | "EXTRACT_ONLY", 0); | |
1638 | *p = OSSL_PARAM_construct_end(); | |
1639 | ||
1640 | return params; | |
1641 | } | |
1642 | ||
1643 | /* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */ | |
1644 | static int test_evp_pkey_ctx_dup_kdf_fail(void) | |
1645 | { | |
1646 | int ret = 0; | |
1647 | size_t len = 0; | |
1648 | EVP_PKEY_CTX *pctx = NULL, *dctx = NULL; | |
1649 | OSSL_PARAM *params = NULL; | |
1650 | ||
1651 | if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6, | |
1652 | "salt"))) | |
1653 | goto err; | |
1654 | if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL))) | |
1655 | goto err; | |
1656 | if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1)) | |
1657 | goto err; | |
1658 | if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1) | |
1659 | || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH)) | |
1660 | goto err; | |
1661 | if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx))) | |
1662 | goto err; | |
1663 | ret = 1; | |
1664 | err: | |
1665 | OPENSSL_free(params); | |
1666 | EVP_PKEY_CTX_free(dctx); | |
1667 | EVP_PKEY_CTX_free(pctx); | |
1668 | return ret; | |
1669 | } | |
1670 | ||
1593 | 1671 | int setup_tests(void) |
1594 | 1672 | { |
1595 | 1673 | if (!test_skip_common_options()) { |
1600 | 1678 | if (!TEST_ptr(datadir = test_get_argument(0))) |
1601 | 1679 | return 0; |
1602 | 1680 | |
1681 | ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail); | |
1603 | 1682 | ADD_TEST(test_evp_pkey_get_bn_param_large); |
1604 | 1683 | ADD_TEST(test_fromdata_rsa); |
1605 | 1684 | #ifndef OPENSSL_NO_DH |
1847 | 1847 | |
1848 | 1848 | static int pderive_test_run(EVP_TEST *t) |
1849 | 1849 | { |
1850 | EVP_PKEY_CTX *dctx = NULL; | |
1850 | 1851 | PKEY_DATA *expected = t->data; |
1851 | 1852 | unsigned char *got = NULL; |
1852 | 1853 | size_t got_len; |
1853 | 1854 | |
1854 | if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { | |
1855 | if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) { | |
1856 | t->err = "DERIVE_ERROR"; | |
1857 | goto err; | |
1858 | } | |
1859 | ||
1860 | if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0) { | |
1855 | 1861 | t->err = "DERIVE_ERROR"; |
1856 | 1862 | goto err; |
1857 | 1863 | } |
1859 | 1865 | t->err = "DERIVE_ERROR"; |
1860 | 1866 | goto err; |
1861 | 1867 | } |
1862 | if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { | |
1868 | if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) { | |
1863 | 1869 | t->err = "DERIVE_ERROR"; |
1864 | 1870 | goto err; |
1865 | 1871 | } |
1871 | 1877 | t->err = NULL; |
1872 | 1878 | err: |
1873 | 1879 | OPENSSL_free(got); |
1880 | EVP_PKEY_CTX_free(dctx); | |
1874 | 1881 | return 1; |
1875 | 1882 | } |
1876 | 1883 | |
2663 | 2670 | t->err = "KDF_CTRL_ERROR"; |
2664 | 2671 | return 1; |
2665 | 2672 | } |
2666 | if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { | |
2673 | if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { | |
2667 | 2674 | t->err = "INTERNAL_ERROR"; |
2668 | 2675 | goto err; |
2669 | 2676 | } |
2759 | 2766 | unsigned char *got = NULL; |
2760 | 2767 | size_t got_len = expected->output_len; |
2761 | 2768 | |
2762 | if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { | |
2769 | if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { | |
2763 | 2770 | t->err = "INTERNAL_ERROR"; |
2764 | 2771 | goto err; |
2765 | 2772 | } |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | .include fipsmodule.cnf |
3 | 6 |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | .include fipsmodule.cnf |
3 | 6 |
478 | 478 | break; |
479 | 479 | |
480 | 480 | case V_ASN1_UTF8STRING: |
481 | if (!TEST_str_eq(txt, (char *)av->value.utf8string->data)) | |
481 | if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data, | |
482 | av->value.utf8string->length)) | |
482 | 483 | goto err; |
483 | 484 | break; |
484 | 485 | |
485 | 486 | case V_ASN1_OCTET_STRING: |
486 | if (!TEST_str_eq(txt, (char *)av->value.octet_string->data)) | |
487 | if (!TEST_mem_eq(txt, strlen(txt), | |
488 | (char *)av->value.octet_string->data, | |
489 | av->value.octet_string->length)) | |
487 | 490 | goto err; |
488 | 491 | break; |
489 | 492 |
0 | 0 | openssl_conf = openssl_init |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | [openssl_init] |
3 | 6 | providers = provider_sect |
0 | /* | |
1 | * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * | |
3 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | * this file except in compliance with the License. You can obtain a copy | |
5 | * in the file LICENSE in the source distribution or at | |
6 | * https://www.openssl.org/source/license.html | |
7 | */ | |
8 | ||
9 | #include <openssl/evp.h> | |
10 | #include "testutil.h" | |
11 | ||
12 | static char *configfile = NULL; | |
13 | ||
14 | /* | |
15 | * Test to make sure there are no leaks or failures from loading the config | |
16 | * file twice. | |
17 | */ | |
18 | static int test_double_config(void) | |
19 | { | |
20 | OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); | |
21 | int testresult = 0; | |
22 | EVP_MD *sha256 = NULL; | |
23 | ||
24 | if (!TEST_ptr(configfile)) | |
25 | return 0; | |
26 | if (!TEST_ptr(ctx)) | |
27 | return 0; | |
28 | ||
29 | if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) | |
30 | return 0; | |
31 | if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) | |
32 | return 0; | |
33 | ||
34 | /* Check we can actually fetch something */ | |
35 | sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); | |
36 | if (!TEST_ptr(sha256)) | |
37 | goto err; | |
38 | ||
39 | testresult = 1; | |
40 | err: | |
41 | EVP_MD_free(sha256); | |
42 | OSSL_LIB_CTX_free(ctx); | |
43 | return testresult; | |
44 | } | |
45 | ||
46 | OPT_TEST_DECLARE_USAGE("configfile\n") | |
47 | ||
48 | int setup_tests(void) | |
49 | { | |
50 | if (!test_skip_common_options()) { | |
51 | TEST_error("Error parsing test options\n"); | |
52 | return 0; | |
53 | } | |
54 | ||
55 | if (!TEST_ptr(configfile = test_get_argument(0))) | |
56 | return 0; | |
57 | ||
58 | ADD_TEST(test_double_config); | |
59 | return 1; | |
60 | } |
0 | # Comment out the next line to ignore configuration errors | |
1 | config_diagnostics = 1 | |
2 | ||
0 | 3 | {- use platform -} |
1 | 4 | openssl_conf = openssl_init |
2 | 5 |
0 | 0 | |
1 | 1 | ## Config file for proxy certificate testing. |
2 | ||
3 | # Comment out the next line to ignore configuration errors | |
4 | config_diagnostics = 1 | |
2 | 5 | |
3 | 6 | [ req ] |
4 | 7 | distinguished_name = req_distinguished_name_p1 |
234 | 234 | '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", |
235 | 235 | '-section_name', 'fips_sect', |
236 | 236 | '-corrupt_desc', 'DSA', |
237 | '-corrupt_type', 'KAT_Signature'])), | |
237 | '-corrupt_type', 'PCT_Signature'])), | |
238 | 238 | "fipsinstall fails when the signature result is corrupted"); |
239 | 239 | } |
240 | 240 |
0 | #! /usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | |
2 | 2 | # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | # | |
3 | # | |
4 | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | # this file except in compliance with the License. You can obtain a copy |
6 | 6 | # in the file LICENSE in the source distribution or at |
0 | #! /usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | |
2 | 2 | # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | # | |
3 | # | |
4 | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | # this file except in compliance with the License. You can obtain a copy |
6 | 6 | # in the file LICENSE in the source distribution or at |
16 | 16 | |
17 | 17 | setup("test_dgst"); |
18 | 18 | |
19 | plan tests => 8; | |
19 | plan tests => 9; | |
20 | 20 | |
21 | 21 | sub tsignverify { |
22 | 22 | my $testtext = shift; |
130 | 130 | "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); |
131 | 131 | }; |
132 | 132 | |
133 | subtest "HMAC generation with `dgst` CLI, key via option" => sub { | |
134 | plan tests => 2; | |
135 | ||
136 | my $testdata = srctop_file('test', 'data.bin'); | |
137 | #HMAC the data twice to check consistency | |
138 | my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac', | |
139 | '-macopt', 'hexkey:FFFF', | |
140 | $testdata, $testdata]), capture => 1); | |
141 | chomp(@hmacdata); | |
142 | my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/; | |
143 | ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)"); | |
144 | ok($hmacdata[1] =~ $expected, | |
145 | "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)"); | |
146 | }; | |
147 | ||
133 | 148 | subtest "Custom length XOF digest generation with `dgst` CLI" => sub { |
134 | 149 | plan tests => 2; |
135 | 150 |
11 | 11 | |
12 | 12 | use File::Spec; |
13 | 13 | use OpenSSL::Test::Utils; |
14 | use OpenSSL::Test qw/:DEFAULT srctop_file/; | |
14 | use OpenSSL::Test qw/:DEFAULT srctop_file with/; | |
15 | 15 | |
16 | 16 | setup("test_eai_data"); |
17 | 17 | |
20 | 20 | #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem |
21 | 21 | #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem |
22 | 22 | |
23 | plan tests => 11; | |
23 | plan tests => 12; | |
24 | 24 | |
25 | 25 | require_ok(srctop_file('test','recipes','tconversion.pl')); |
26 | 26 | my $folder = "test/recipes/25-test_eai_data"; |
59 | 59 | ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); |
60 | 60 | ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); |
61 | 61 | |
62 | #Check that we get the expected failure return code | |
63 | with({ exit_checker => sub { return shift == 2; } }, | |
64 | sub { | |
65 | ok(run(app(["openssl", "verify", "-CAfile", | |
66 | srctop_file("test", "certs", "bad-othername-namec.pem"), | |
67 | "-partial_chain", "-no_check_time", "-verify_email", | |
68 | 'foo@example.com', | |
69 | srctop_file("test", "certs", "bad-othername-namec.pem")]))); | |
70 | }); | |
71 |
77 | 77 | |
78 | 78 | |
79 | 79 | subtest "generating certificate requests with RSA" => sub { |
80 | plan tests => 7; | |
80 | plan tests => 8; | |
81 | 81 | |
82 | 82 | SKIP: { |
83 | 83 | skip "RSA is not supported by this OpenSSL build", 2 |
101 | 101 | "-config", srctop_file("test", "test.cnf"), |
102 | 102 | "-verify", "-in", "testreq-rsa.pem", "-noout"])), |
103 | 103 | "Verifying signature on request"); |
104 | ||
105 | ok(run(app(["openssl", "req", | |
106 | "-config", srctop_file("test", "test.cnf"), | |
107 | "-modulus", "-in", "testreq-rsa.pem", "-noout"])), | |
108 | "Printing a modulus of the request key"); | |
104 | 109 | |
105 | 110 | ok(run(app(["openssl", "req", |
106 | 111 | "-config", srctop_file("test", "test.cnf"), |
10 | 10 | use warnings; |
11 | 11 | |
12 | 12 | use File::Spec::Functions qw/canonpath/; |
13 | use File::Copy; | |
13 | 14 | use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; |
14 | 15 | use OpenSSL::Test::Utils; |
15 | 16 | |
27 | 28 | run(app([@args])); |
28 | 29 | } |
29 | 30 | |
30 | plan tests => 157; | |
31 | plan tests => 159; | |
31 | 32 | |
32 | 33 | # Canonical success |
33 | 34 | ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), |
447 | 448 | ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"), |
448 | 449 | "SM2 hex ID test"); |
449 | 450 | } |
451 | ||
452 | # Mixed content tests | |
453 | my $cert_file = srctop_file('test', 'certs', 'root-cert.pem'); | |
454 | my $rsa_file = srctop_file('test', 'certs', 'key-pass-12345.pem'); | |
455 | ||
456 | SKIP: { | |
457 | my $certplusrsa_file = 'certplusrsa.pem'; | |
458 | my $certplusrsa; | |
459 | ||
460 | skip "Couldn't create certplusrsa.pem", 1 | |
461 | unless ( open $certplusrsa, '>', $certplusrsa_file | |
462 | and copy($cert_file, $certplusrsa) | |
463 | and copy($rsa_file, $certplusrsa) | |
464 | and close $certplusrsa ); | |
465 | ||
466 | ok(run(app([ qw(openssl verify -trusted), $certplusrsa_file, $cert_file ])), | |
467 | 'Mixed cert + key file test'); | |
468 | } | |
469 | ||
470 | SKIP: { | |
471 | my $rsapluscert_file = 'rsapluscert.pem'; | |
472 | my $rsapluscert; | |
473 | ||
474 | skip "Couldn't create rsapluscert.pem", 1 | |
475 | unless ( open $rsapluscert, '>', $rsapluscert_file | |
476 | and copy($rsa_file, $rsapluscert) | |
477 | and copy($cert_file, $rsapluscert) | |
478 | and close $rsapluscert ); | |
479 | ||
480 | ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])), | |
481 | 'Mixed key + cert file test'); | |
482 | } |
35 | 35 | |
36 | 36 | #Configured to run FIPS but the module-mac is bad |
37 | 37 | $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf")); |
38 | $ENV{OPENSSL_CONF_INCLUDE} = srctop_file("test", "recipes", "30-test_defltfips"); | |
38 | $ENV{OPENSSL_CONF_INCLUDE} = srctop_dir("test", "recipes", "30-test_defltfips"); | |
39 | 39 | ok(run(test(["defltfips_test", "badfips"])), "running defltfips_test badfips"); |
40 | 40 | |
41 | 41 | #Test an alternative way of configuring fips (but still with bad module-mac) |
49 | 49 | evpkdf_ss.txt |
50 | 50 | evpkdf_ssh.txt |
51 | 51 | evpkdf_tls12_prf.txt |
52 | evpkdf_tls13_kdf.txt | |
52 | 53 | evpkdf_x942.txt |
53 | 54 | evpkdf_x963.txt |
54 | 55 | evpmac_common.txt |
84 | 85 | evpciph_aria.txt |
85 | 86 | evpciph_bf.txt |
86 | 87 | evpciph_camellia.txt |
88 | evpciph_camellia_cts.txt | |
87 | 89 | evpciph_cast5.txt |
88 | 90 | evpciph_chacha.txt |
89 | 91 | evpciph_des.txt |
0 | 0 | # |
1 | # Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
47 | 47 | IV = 00000000000000000000000000000000 |
48 | 48 | Plaintext = 4920776f756c64206c696b652074686520 |
49 | 49 | Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f |
50 | NextIV = c6353568f2bf8cb4d8a580362da7ff7f | |
50 | 51 | |
51 | 52 | # 31 bytes input |
52 | 53 | Cipher = AES-128-CBC-CTS |
55 | 56 | IV = 00000000000000000000000000000000 |
56 | 57 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 |
57 | 58 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22 |
59 | NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 | |
58 | 60 | |
59 | 61 | # 32 bytes input |
60 | 62 | Cipher = AES-128-CBC-CTS |
63 | 65 | IV = 00000000000000000000000000000000 |
64 | 66 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 |
65 | 67 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 |
68 | NextIV = 39312523a78662d5be7fcbcc98ebf5a8 | |
66 | 69 | |
67 | 70 | # 47 bytes input |
68 | 71 | Cipher = AES-128-CBC-CTS |
70 | 73 | IV = 00000000000000000000000000000000 |
71 | 74 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c |
72 | 75 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e |
76 | NextIV = b3fffd940c16a18c1b5549d2f838029e | |
73 | 77 | |
74 | 78 | # 64 bytes input (CS1 is equivalent to CBC when the last block in full) |
75 | 79 | Cipher = AES-128-CBC-CTS |
78 | 82 | IV = 00000000000000000000000000000000 |
79 | 83 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e |
80 | 84 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 |
85 | NextIV = 4807efe836ee89a526730dbc2f7bc840 | |
81 | 86 | |
82 | 87 | #------------------------------------------------------------------------------- |
83 | 88 | # Generated test values using an IV. |
158 | 163 | IV = 00000000000000000000000000000000 |
159 | 164 | Plaintext = 4920776f756c64206c696b652074686520 |
160 | 165 | Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 |
166 | NextIV = c6353568f2bf8cb4d8a580362da7ff7f | |
161 | 167 | |
162 | 168 | # 31 bytes input (For partial blocks the output should match CS3) |
163 | 169 | Cipher = AES-128-CBC-CTS |
166 | 172 | IV = 00000000000000000000000000000000 |
167 | 173 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 |
168 | 174 | Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 |
175 | NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 | |
169 | 176 | |
170 | 177 | # 32 bytes input (Aligned blocks should match normal CBC mode) |
171 | 178 | Cipher = AES-128-CBC-CTS |
174 | 181 | IV = 00000000000000000000000000000000 |
175 | 182 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 |
176 | 183 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8 |
184 | NextIV = 39312523a78662d5be7fcbcc98ebf5a8 | |
177 | 185 | |
178 | 186 | # 47 bytes input |
179 | 187 | Cipher = AES-128-CBC-CTS |
182 | 190 | IV = 00000000000000000000000000000000 |
183 | 191 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c |
184 | 192 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 |
193 | NextIV = b3fffd940c16a18c1b5549d2f838029e | |
185 | 194 | |
186 | 195 | # 64 bytes input (CS2 is equivalent to CBC when the last block in full) |
187 | 196 | Cipher = AES-128-CBC-CTS |
190 | 199 | IV = 00000000000000000000000000000000 |
191 | 200 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e |
192 | 201 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840 |
202 | NextIV = 4807efe836ee89a526730dbc2f7bc840 | |
193 | 203 | |
194 | 204 | # Generated test values using an IV. |
195 | 205 | |
235 | 245 | IV = 00000000000000000000000000000000 |
236 | 246 | Plaintext = 4920776f756c64206c696b652074686520 |
237 | 247 | Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97 |
248 | NextIV = c6353568f2bf8cb4d8a580362da7ff7f | |
238 | 249 | |
239 | 250 | # 31 bytes input |
240 | 251 | Cipher = AES-128-CBC-CTS |
243 | 254 | IV = 00000000000000000000000000000000 |
244 | 255 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320 |
245 | 256 | Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5 |
257 | NextIV = fc00783e0efdb2c1d445d4c8eff7ed22 | |
246 | 258 | |
247 | 259 | # 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) |
248 | 260 | Cipher = AES-128-CBC-CTS |
251 | 263 | IV = 00000000000000000000000000000000 |
252 | 264 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043 |
253 | 265 | Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584 |
266 | NextIV = 39312523a78662d5be7fcbcc98ebf5a8 | |
254 | 267 | |
255 | 268 | # 47 bytes input |
256 | 269 | Cipher = AES-128-CBC-CTS |
259 | 272 | IV = 00000000000000000000000000000000 |
260 | 273 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c |
261 | 274 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5 |
275 | NextIV = b3fffd940c16a18c1b5549d2f838029e | |
262 | 276 | |
263 | 277 | # 48 bytes input |
264 | 278 | Cipher = AES-128-CBC-CTS |
267 | 281 | IV = 00000000000000000000000000000000 |
268 | 282 | Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20 |
269 | 283 | Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8 |
284 | NextIV = 9dad8bbb96c4cdc03bc103e1a194bbd8 | |
270 | 285 | |
271 | 286 | # 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block) |
272 | 287 | Cipher = AES-128-CBC-CTS |
343 | 358 | Plaintext = 0102030405060708090A0B0C0D0E0F |
344 | 359 | Result = CIPHERUPDATE_ERROR |
345 | 360 | |
346 | # 16 bytes should fail for CS3 (since it always needs 2 blocks). | |
347 | Cipher = AES-128-CBC-CTS | |
348 | CTSMode = CS3 | |
361 | # 16 bytes input | |
362 | Cipher = AES-128-CBC | |
349 | 363 | Key = 636869636b656e207465726979616b69 |
350 | 364 | IV = 00000000000000000000000000000000 |
351 | 365 | Plaintext = 0102030405060708090A0B0C0D0E0F00 |
352 | Result = CIPHERUPDATE_ERROR | |
353 | ||
366 | Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e | |
367 | ||
368 | # 16 bytes with CS3 should return the same as plain CBC mode. | |
369 | Cipher = AES-128-CBC-CTS | |
370 | CTSMode = CS1 | |
371 | Key = 636869636b656e207465726979616b69 | |
372 | IV = 00000000000000000000000000000000 | |
373 | Plaintext = 0102030405060708090A0B0C0D0E0F00 | |
374 | Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e | |
375 | ||
376 | Cipher = AES-128-CBC-CTS | |
377 | CTSMode = CS2 | |
378 | Key = 636869636b656e207465726979616b69 | |
379 | IV = 00000000000000000000000000000000 | |
380 | Plaintext = 0102030405060708090A0B0C0D0E0F00 | |
381 | Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e | |
382 | ||
383 | Cipher = AES-128-CBC-CTS | |
384 | CTSMode = CS3 | |
385 | Key = 636869636b656e207465726979616b69 | |
386 | IV = 00000000000000000000000000000000 | |
387 | Plaintext = 0102030405060708090A0B0C0D0E0F00 | |
388 | Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e | |
389 |
0 | # | |
1 | # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # | |
3 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
7 | ||
8 | Title = Camellia CTS tests from RFC6803 | |
9 | ||
10 | # The encryption test vectors in RFC6803 specify the base_key, | |
11 | # not the derived encryption key. | |
12 | # The encryption key was manually derived using: | |
13 | # ke = KBKDF(mac = CMAC, mode = FEEDBACK, base_key, | |
14 | # salt = 0000000 || usage || AA, | |
15 | # seed = 00000000000000000000000000000000) | |
16 | # NOTE: that the usage was not specified in the test vectors, | |
17 | # but is listed here in https://www.rfc-editor.org/errata_search.php?rfc=6803 | |
18 | # | |
19 | # e.g: openssl kdf -cipher CAMELLIA-128-CBC | |
20 | # -keylen 16 | |
21 | # -kdfopt hexkey:1DC46A8D763F4F93742BCBA3387576C3 | |
22 | # -kdfopt hexsalt:00000000AA | |
23 | # -kdfopt mode:FEEDBACK | |
24 | # -kdfopt hexseed:00000000000000000000000000000000 | |
25 | # -mac CMAC | |
26 | # KBKDF | |
27 | # | |
28 | # The ciphertext result also contains a MAC result so this was also manually stripped from the test data. | |
29 | # The random confounder is also prepended to the plaintext. | |
30 | # | |
31 | ||
32 | # 128-bit Camellia key: 1DC46A8D763F4F93742BCBA3387576C3 | |
33 | # Key usage: 0 | |
34 | # Random confounder: B69822A19A6B09C0EBC8557D1F1B6C0A | |
35 | # Plaintext: (empty) | |
36 | Cipher = CAMELLIA-128-CBC-CTS | |
37 | CTSMode = CS3 | |
38 | Key = E99B82B36C4AE8EA19E95DFA9EDE882C | |
39 | IV = 00000000000000000000000000000000 | |
40 | Plaintext = B69822A19A6B09C0EBC8557D1F1B6C0A | |
41 | Ciphertext = C466F1871069921EDB7C6FDE244A52DB | |
42 | ||
43 | # 128-bit Camellia key: 5027BC231D0F3A9D23333F1CA6FDBE7C | |
44 | # Key usage: 1 | |
45 | # Random confounder: 6F2FC3C2A166FD8898967A83DE9596D9 | |
46 | # Plaintext: 1 (31) | |
47 | Cipher = CAMELLIA-128-CBC-CTS | |
48 | CTSMode = CS3 | |
49 | Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD | |
50 | IV = 00000000000000000000000000000000 | |
51 | Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931 | |
52 | Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88 | |
53 | ||
54 | # 128-bit Camellia key: A1BB61E805F9BA6DDE8FDBDDC05CDEA0 | |
55 | # Key usage: 2 | |
56 | # Random confounder: A5B4A71E077AEEF93C8763C18FDB1F10 | |
57 | # Plaintext: 9 bytesss (392062797465737373) | |
58 | Cipher = CAMELLIA-128-CBC-CTS | |
59 | CTSMode = CS3 | |
60 | Key = DDE42ECA7CD9863FC3CE89CBC94362D7 | |
61 | IV = 00000000000000000000000000000000 | |
62 | Plaintext = A5B4A71E077AEEF93C8763C18FDB1F10392062797465737373 | |
63 | Ciphertext = 619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901 | |
64 | ||
65 | # 128-bit Camellia key: 2CA27A5FAF5532244506434E1CEF6676 | |
66 | # Key usage: 3 | |
67 | # Random confounder: 19FEE40D810C524B5B22F01874C693DA | |
68 | # Plaintext: 13 bytes byte (31332062797465732062797465) | |
69 | Cipher = CAMELLIA-128-CBC-CTS | |
70 | CTSMode = CS3 | |
71 | Key = C3113A258590B9AEBF721B1AF6B0CBF8 | |
72 | IV = 00000000000000000000000000000000 | |
73 | Plaintext = 19FEE40D810C524B5B22F01874C693DA31332062797465732062797465 | |
74 | Ciphertext = B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D64 | |
75 | ||
76 | # 128-bit Camellia key: 7824F8C16F83FF354C6BF7515B973F43 | |
77 | # Key usage: 4 | |
78 | # Random confounder: CA7A7AB4BE192DABD603506DB19C39E2 | |
79 | # Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974) | |
80 | Cipher = CAMELLIA-128-CBC-CTS | |
81 | CTSMode = CS3 | |
82 | Key = 8B07EED30149916AA20DB3F5CED8AFAD | |
83 | IV = 00000000000000000000000000000000 | |
84 | Plaintext = CA7A7AB4BE192DABD603506DB19C39E2333020627974657320627974657320627974657320627974657320627974 | |
85 | Ciphertext = A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587 | |
86 | ||
87 | # 256-bit Camellia key: B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B | |
88 | # Key usage: 0 | |
89 | # Random confounder: 3CBBD2B45917941067F96599BB98926C | |
90 | # Plaintext: (empty) | |
91 | Cipher = CAMELLIA-256-CBC-CTS | |
92 | CTSMode = CS3 | |
93 | Key = 6CCB3F25D8AE57F4E8F6CA474BDDEFF116CE131B3F71012E756D6B1E3F70A7F1 | |
94 | IV = 00000000000000000000000000000000 | |
95 | Plaintext = 3CBBD2B45917941067F96599BB98926C | |
96 | Ciphertext = 03886D03310B47A6D8F06D7B94D1DD83 | |
97 | ||
98 | # 256-bit Camellia key: 1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833 | |
99 | # Key usage: 1 | |
100 | # Random confounder: DEF487FCEBE6DE6346D4DA4521BBA2D2 | |
101 | # Plaintext: 1 (31) | |
102 | Cipher = CAMELLIA-256-CBC-CTS | |
103 | CTSMode = CS3 | |
104 | Key = E93173AA01EB3C246231DAFC7802EE32AF24851D8C7387D18CB9B2C5B7F570B8 | |
105 | IV = 00000000000000000000000000000000 | |
106 | Plaintext = DEF487FCEBE6DE6346D4DA4521BBA2D231 | |
107 | Ciphertext = 2C9C1570133C99BF6A34BC1B0212002FD1 | |
108 | ||
109 | # 256-bit Camellia key: 32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05 | |
110 | # Key usage: 2 | |
111 | # Random confounder: AD4FF904D34E555384B14100FC465F88 | |
112 | # Plaintext: 9 bytesss (392062797465737373) | |
113 | Cipher = CAMELLIA-256-CBC-CTS | |
114 | CTSMode = CS3 | |
115 | Key = CDA2D39A9B243FFEB56E8D5F4BD528741ECB520C62123FB040B8418B15C7D70C | |
116 | IV = 00000000000000000000000000000000 | |
117 | Plaintext = AD4FF904D34E555384B14100FC465F88392062797465737373 | |
118 | Ciphertext = 9C6DE75F812DE7ED0D28B2963557A115640998275B0AF51527 | |
119 | ||
120 | # 256-bit Camellia key: B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715 | |
121 | # Key usage: 3 | |
122 | # Random confounder: CF9BCA6DF1144E0C0AF9B8F34C90D514 | |
123 | # Plaintext: 13 bytes byte (31332062797465732062797465) | |
124 | Cipher = CAMELLIA-256-CBC-CTS | |
125 | CTSMode = CS3 | |
126 | Key = CD8A10E279DADDB6901EC30BDF9873250F6EFC6A77367D74DC3EE7F74BC7774E | |
127 | IV = 00000000000000000000000000000000 | |
128 | Plaintext = CF9BCA6DF1144E0C0AF9B8F34C90D51431332062797465732062797465 | |
129 | Ciphertext = EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA | |
130 | ||
131 | # 256-bit Camellia key: CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7 | |
132 | # Key usage: 4 | |
133 | # Random confounder: 644DEF38DA35007275878D216855E228 | |
134 | # Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974) | |
135 | Cipher = CAMELLIA-256-CBC-CTS | |
136 | CTSMode = CS3 | |
137 | Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A | |
138 | IV = 00000000000000000000000000000000 | |
139 | Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974 | |
140 | Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6 |
0 | 0 | # |
1 | # Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
56 | 56 | KDF = id-scrypt |
57 | 57 | Ctrl.pass = pass:pleaseletmein |
58 | 58 | Ctrl.salt = salt:SodiumChloride |
59 | Ctrl.N = n:1048576 | |
59 | Ctrl.N = n:2097152 | |
60 | 60 | Ctrl.r = r:8 |
61 | 61 | Ctrl.p = p:1 |
62 | Result = INTERNAL_ERROR | |
62 | Result = KDF_DERIVE_ERROR |
0 | # | |
1 | # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # | |
3 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
7 | ||
8 | # Tests start with one of these keywords | |
9 | # Cipher Decrypt Derive Digest Encoding KDF MAC PBE | |
10 | # PrivPubKeyPair Sign Verify VerifyRecover | |
11 | # and continue until a blank line. Lines starting with a pound sign are ignored. | |
12 | ||
13 | Title = TLS 1.3 KDF tests (from ACVP test vectors) | |
14 | ||
15 | # Each test suite simulates the steps in a TLS 1.3 session | |
16 | # The output of each step is used as an input for the next. These were not | |
17 | # generally included in the ACVP data and have been generated. The end to end | |
18 | # correctness indicates that the intermediate values are okay. | |
19 | ||
20 | KDF = TLS13-KDF | |
21 | Ctrl.mode = mode:EXTRACT_ONLY | |
22 | Ctrl.digest = digest:SHA2-256 | |
23 | Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 | |
24 | Output = 153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 | |
25 | ||
26 | KDF = TLS13-KDF | |
27 | Ctrl.mode = mode:EXPAND_ONLY | |
28 | Ctrl.digest = digest:SHA2-256 | |
29 | Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 | |
30 | Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 | |
31 | Ctrl.prefix = hexprefix:746c73313320 | |
32 | Ctrl.label = hexlabel:6320652074726166666963 | |
33 | Output = c80583a90e995c489600492a5da642e6b1f679ba674828792df087b939636171 | |
34 | ||
35 | KDF = TLS13-KDF | |
36 | Ctrl.mode = mode:EXPAND_ONLY | |
37 | Ctrl.digest = digest:SHA2-256 | |
38 | Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 | |
39 | Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3 | |
40 | Ctrl.prefix = hexprefix:746c73313320 | |
41 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
42 | Output = 1fe336ab43b4a69b11ebc64c8343ed21a9c7f6724702d9d63970e8ff72a4bde7 | |
43 | ||
44 | KDF = TLS13-KDF | |
45 | Ctrl.mode = mode:EXTRACT_ONLY | |
46 | Ctrl.digest = digest:SHA2-256 | |
47 | Ctrl.key = hexkey:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4 | |
48 | Ctrl.salt = hexsalt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 | |
49 | Ctrl.prefix = hexprefix:746c73313320 | |
50 | Ctrl.label = hexlabel:64657269766564 | |
51 | Output = cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd | |
52 | ||
53 | KDF = TLS13-KDF | |
54 | Ctrl.mode = mode:EXPAND_ONLY | |
55 | Ctrl.digest = digest:SHA2-256 | |
56 | Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd | |
57 | Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc | |
58 | Ctrl.prefix = hexprefix:746c73313320 | |
59 | Ctrl.label = hexlabel:632068732074726166666963 | |
60 | Output = c2451ee08fd221331f3dabada534393ed1fc8f5983afa251c1d004ec94e823a2 | |
61 | ||
62 | KDF = TLS13-KDF | |
63 | Ctrl.mode = mode:EXPAND_ONLY | |
64 | Ctrl.digest = digest:SHA2-256 | |
65 | Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd | |
66 | Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc | |
67 | Ctrl.prefix = hexprefix:746c73313320 | |
68 | Ctrl.label = hexlabel:732068732074726166666963 | |
69 | Output = 40eefbf66cb79c41c9ee1bf0be7f41696da165e7e69628ca8e342fee51827abd | |
70 | ||
71 | KDF = TLS13-KDF | |
72 | Ctrl.mode = mode:EXTRACT_ONLY | |
73 | Ctrl.digest = digest:SHA2-256 | |
74 | Ctrl.salt = hexsalt:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd | |
75 | Ctrl.prefix = hexprefix:746c73313320 | |
76 | Ctrl.label = hexlabel:64657269766564 | |
77 | Output = 9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 | |
78 | ||
79 | KDF = TLS13-KDF | |
80 | Ctrl.mode = mode:EXPAND_ONLY | |
81 | Ctrl.digest = digest:SHA2-256 | |
82 | Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 | |
83 | Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e | |
84 | Ctrl.prefix = hexprefix:746c73313320 | |
85 | Ctrl.label = hexlabel:632061702074726166666963 | |
86 | Output = b162c65cdc0f9425aa7cd8fb30a821c8c8f0e8f8f9eb42209d10d784dafadcb5 | |
87 | ||
88 | KDF = TLS13-KDF | |
89 | Ctrl.mode = mode:EXPAND_ONLY | |
90 | Ctrl.digest = digest:SHA2-256 | |
91 | Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 | |
92 | Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e | |
93 | Ctrl.prefix = hexprefix:746c73313320 | |
94 | Ctrl.label = hexlabel:732061702074726166666963 | |
95 | Output = 6fe71fd9a81dffb3fecedd80c7a4801804116c79bc37b3605f54bc01a9cbed99 | |
96 | ||
97 | KDF = TLS13-KDF | |
98 | Ctrl.mode = mode:EXPAND_ONLY | |
99 | Ctrl.digest = digest:SHA2-256 | |
100 | Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 | |
101 | Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e | |
102 | Ctrl.prefix = hexprefix:746c73313320 | |
103 | Ctrl.label = hexlabel:657870206d6173746572 | |
104 | Output = eb1069417c771402a32b4797099adc449fd2be22ac47fb771ccd319e1a11ce55 | |
105 | ||
106 | KDF = TLS13-KDF | |
107 | Ctrl.mode = mode:EXPAND_ONLY | |
108 | Ctrl.digest = digest:SHA2-256 | |
109 | Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17 | |
110 | Ctrl.data = hexdata:db603b863e82a12147bd81a8e715d3273efe641d467436309e19ae0254461a35 | |
111 | Ctrl.prefix = hexprefix:746c73313320 | |
112 | Ctrl.label = hexlabel:726573206d6173746572 | |
113 | Output = b4face4931df0e3380830805af22055bf29b030988a9e278f7d04f2b00f323e8 | |
114 | ||
115 | # New TLS 1.3 session starts here | |
116 | ||
117 | KDF = TLS13-KDF | |
118 | Ctrl.mode = mode:EXTRACT_ONLY | |
119 | Ctrl.digest = digest:SHA2-256 | |
120 | Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
121 | ||
122 | KDF = TLS13-KDF | |
123 | Ctrl.mode = mode:EXPAND_ONLY | |
124 | Ctrl.digest = digest:SHA2-256 | |
125 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
126 | Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2 | |
127 | Ctrl.prefix = hexprefix:746c73313320 | |
128 | Ctrl.label = hexlabel:6320652074726166666963 | |
129 | Output = 265aa1591dd7b8046d95580c5dec47f4f175cd3121afc066ab65b14c2ff2eeec | |
130 | ||
131 | KDF = TLS13-KDF | |
132 | Ctrl.mode = mode:EXPAND_ONLY | |
133 | Ctrl.digest = digest:SHA2-256 | |
134 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
135 | Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2 | |
136 | Ctrl.prefix = hexprefix:746c73313320 | |
137 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
138 | Output = dfeadee3e4cd8d260ae389043e5f806ea55ee332270487289abaf3933ec219ed | |
139 | ||
140 | KDF = TLS13-KDF | |
141 | Ctrl.mode = mode:EXTRACT_ONLY | |
142 | Ctrl.digest = digest:SHA2-256 | |
143 | Ctrl.key = hexkey:8ba75a8cee15fe15599cec2d6590313ca4cf2efd7aed87a85ed4cbcbdc5edf9bb1 | |
144 | Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
145 | Ctrl.prefix = hexprefix:746c73313320 | |
146 | Ctrl.label = hexlabel:64657269766564 | |
147 | Output = 7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 | |
148 | ||
149 | KDF = TLS13-KDF | |
150 | Ctrl.mode = mode:EXPAND_ONLY | |
151 | Ctrl.digest = digest:SHA2-256 | |
152 | Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 | |
153 | Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15 | |
154 | Ctrl.prefix = hexprefix:746c73313320 | |
155 | Ctrl.label = hexlabel:632068732074726166666963 | |
156 | Output = f1f7241a9c150b2a9e1e20f00ba42c038688468167201cae15a51f83ddd8520b | |
157 | ||
158 | KDF = TLS13-KDF | |
159 | Ctrl.mode = mode:EXPAND_ONLY | |
160 | Ctrl.digest = digest:SHA2-256 | |
161 | Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 | |
162 | Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15 | |
163 | Ctrl.prefix = hexprefix:746c73313320 | |
164 | Ctrl.label = hexlabel:732068732074726166666963 | |
165 | Output = 38f88680f83f4cbc7afc2e58c7161076da181185009074b5f576c61643bc2e55 | |
166 | ||
167 | KDF = TLS13-KDF | |
168 | Ctrl.mode = mode:EXTRACT_ONLY | |
169 | Ctrl.digest = digest:SHA2-256 | |
170 | Ctrl.salt = hexsalt:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702 | |
171 | Ctrl.prefix = hexprefix:746c73313320 | |
172 | Ctrl.label = hexlabel:64657269766564 | |
173 | Output = 160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce | |
174 | ||
175 | KDF = TLS13-KDF | |
176 | Ctrl.mode = mode:EXPAND_ONLY | |
177 | Ctrl.digest = digest:SHA2-256 | |
178 | Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce | |
179 | Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 | |
180 | Ctrl.prefix = hexprefix:746c73313320 | |
181 | Ctrl.label = hexlabel:632061702074726166666963 | |
182 | Output = e8634a48b7162c0c0d55afea28af35f06fcbbd268328bd6a9034b6fcddc48bb2 | |
183 | ||
184 | KDF = TLS13-KDF | |
185 | Ctrl.mode = mode:EXPAND_ONLY | |
186 | Ctrl.digest = digest:SHA2-256 | |
187 | Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce | |
188 | Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 | |
189 | Ctrl.prefix = hexprefix:746c73313320 | |
190 | Ctrl.label = hexlabel:732061702074726166666963 | |
191 | Output = 1f5f7e35b4495e94f2b847129e246d98cc67d511729ed9ce60fa3c8176a7c41d | |
192 | ||
193 | KDF = TLS13-KDF | |
194 | Ctrl.mode = mode:EXPAND_ONLY | |
195 | Ctrl.digest = digest:SHA2-256 | |
196 | Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce | |
197 | Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070 | |
198 | Ctrl.prefix = hexprefix:746c73313320 | |
199 | Ctrl.label = hexlabel:657870206d6173746572 | |
200 | Output = ff76b85accc260ce264686e011c9ab08e955cd01943d8c03989ac060ea4ad12e | |
201 | ||
202 | KDF = TLS13-KDF | |
203 | Ctrl.mode = mode:EXPAND_ONLY | |
204 | Ctrl.digest = digest:SHA2-256 | |
205 | Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce | |
206 | Ctrl.data = hexdata:26872f541995715cbf7fcdd26544cfeff9fdff638578d166851127fb8a91ade7 | |
207 | Ctrl.prefix = hexprefix:746c73313320 | |
208 | Ctrl.label = hexlabel:726573206d6173746572 | |
209 | Output = 9d0a1aa3ed67e5bd066e61f15fdfd7a552bea57aed956af3f8b49abc2a9480b7 | |
210 | ||
211 | # New TLS 1.3 session starts here | |
212 | ||
213 | KDF = TLS13-KDF | |
214 | Ctrl.mode = mode:EXTRACT_ONLY | |
215 | Ctrl.digest = digest:SHA2-256 | |
216 | Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
217 | ||
218 | KDF = TLS13-KDF | |
219 | Ctrl.mode = mode:EXPAND_ONLY | |
220 | Ctrl.digest = digest:SHA2-256 | |
221 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
222 | Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd | |
223 | Ctrl.prefix = hexprefix:746c73313320 | |
224 | Ctrl.label = hexlabel:6320652074726166666963 | |
225 | Output = 22c60538c233cbabc8d14ca55fa7b264f4bf1eaa68ca7460be6f965edc2706bd | |
226 | ||
227 | KDF = TLS13-KDF | |
228 | Ctrl.mode = mode:EXPAND_ONLY | |
229 | Ctrl.digest = digest:SHA2-256 | |
230 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
231 | Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd | |
232 | Ctrl.prefix = hexprefix:746c73313320 | |
233 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
234 | Output = 04c9e7d5e5709d0d5e98cce5b8d995973427a2adb1e3d092c5418e520959d24c | |
235 | ||
236 | KDF = TLS13-KDF | |
237 | Ctrl.mode = mode:EXTRACT_ONLY | |
238 | Ctrl.digest = digest:SHA2-256 | |
239 | Ctrl.key = hexkey:079d4c92c73f842771e76173ffc79976499728b81e75ba77255d3f97a9b075b515 | |
240 | Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
241 | Ctrl.prefix = hexprefix:746c73313320 | |
242 | Ctrl.label = hexlabel:64657269766564 | |
243 | Output = 18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 | |
244 | ||
245 | KDF = TLS13-KDF | |
246 | Ctrl.mode = mode:EXPAND_ONLY | |
247 | Ctrl.digest = digest:SHA2-256 | |
248 | Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 | |
249 | Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af | |
250 | Ctrl.prefix = hexprefix:746c73313320 | |
251 | Ctrl.label = hexlabel:632068732074726166666963 | |
252 | Output = 2f0e7afb326b06b482c82e5a775d65656ae653cd4f9c5527f9fea54c4872331d | |
253 | ||
254 | KDF = TLS13-KDF | |
255 | Ctrl.mode = mode:EXPAND_ONLY | |
256 | Ctrl.digest = digest:SHA2-256 | |
257 | Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 | |
258 | Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af | |
259 | Ctrl.prefix = hexprefix:746c73313320 | |
260 | Ctrl.label = hexlabel:732068732074726166666963 | |
261 | Output = 4c0d8dff2bb81366bde630eb466479765acd151bd14da1ce5a313292ad2e7f3f | |
262 | ||
263 | KDF = TLS13-KDF | |
264 | Ctrl.mode = mode:EXTRACT_ONLY | |
265 | Ctrl.digest = digest:SHA2-256 | |
266 | Ctrl.salt = hexsalt:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284 | |
267 | Ctrl.prefix = hexprefix:746c73313320 | |
268 | Ctrl.label = hexlabel:64657269766564 | |
269 | Output = 8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 | |
270 | ||
271 | KDF = TLS13-KDF | |
272 | Ctrl.mode = mode:EXPAND_ONLY | |
273 | Ctrl.digest = digest:SHA2-256 | |
274 | Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 | |
275 | Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb | |
276 | Ctrl.prefix = hexprefix:746c73313320 | |
277 | Ctrl.label = hexlabel:632061702074726166666963 | |
278 | Output = 21ecbb49c1013e3fb86e21600b2643bb22db2a5747d1d580b088ec545985750c | |
279 | ||
280 | KDF = TLS13-KDF | |
281 | Ctrl.mode = mode:EXPAND_ONLY | |
282 | Ctrl.digest = digest:SHA2-256 | |
283 | Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 | |
284 | Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb | |
285 | Ctrl.prefix = hexprefix:746c73313320 | |
286 | Ctrl.label = hexlabel:732061702074726166666963 | |
287 | Output = 692ce960da75200ba64c0898172c383eba3e910f943e2dc6fb0ca5ea860dd128 | |
288 | ||
289 | KDF = TLS13-KDF | |
290 | Ctrl.mode = mode:EXPAND_ONLY | |
291 | Ctrl.digest = digest:SHA2-256 | |
292 | Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 | |
293 | Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb | |
294 | Ctrl.prefix = hexprefix:746c73313320 | |
295 | Ctrl.label = hexlabel:657870206d6173746572 | |
296 | Output = 414267573db54653b960060e78f24efbbe0e6eb3bba77f8a1330c52ce748cea9 | |
297 | ||
298 | KDF = TLS13-KDF | |
299 | Ctrl.mode = mode:EXPAND_ONLY | |
300 | Ctrl.digest = digest:SHA2-256 | |
301 | Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058 | |
302 | Ctrl.data = hexdata:2cf39c1d072fe6ca2e9385b5deb93f6706ca97c4cecd7141968ae9f92d1b331d | |
303 | Ctrl.prefix = hexprefix:746c73313320 | |
304 | Ctrl.label = hexlabel:726573206d6173746572 | |
305 | Output = 71afefcc45ef6cf641320fd33c0711fce1b177f2de278a3009a423c013eb156e | |
306 | ||
307 | # New TLS 1.3 session starts here | |
308 | ||
309 | KDF = TLS13-KDF | |
310 | Ctrl.mode = mode:EXTRACT_ONLY | |
311 | Ctrl.digest = digest:SHA2-256 | |
312 | Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
313 | ||
314 | KDF = TLS13-KDF | |
315 | Ctrl.mode = mode:EXPAND_ONLY | |
316 | Ctrl.digest = digest:SHA2-256 | |
317 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
318 | Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d | |
319 | Ctrl.prefix = hexprefix:746c73313320 | |
320 | Ctrl.label = hexlabel:6320652074726166666963 | |
321 | Output = bcb5dab7001fb36b9877b3cc53c92157de4a4a304be8ce1ae8a49b71b5cf5384 | |
322 | ||
323 | KDF = TLS13-KDF | |
324 | Ctrl.mode = mode:EXPAND_ONLY | |
325 | Ctrl.digest = digest:SHA2-256 | |
326 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
327 | Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d | |
328 | Ctrl.prefix = hexprefix:746c73313320 | |
329 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
330 | Output = efc512b05a887d11ed829bdf90162ace73456c83a6543d74ef95f98022b6162c | |
331 | ||
332 | KDF = TLS13-KDF | |
333 | Ctrl.mode = mode:EXTRACT_ONLY | |
334 | Ctrl.digest = digest:SHA2-256 | |
335 | Ctrl.key = hexkey:51b7a0a74de27eed1bc77a0691850387f4bfbaafef1033780d027fb0a00d1ba957 | |
336 | Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
337 | Ctrl.prefix = hexprefix:746c73313320 | |
338 | Ctrl.label = hexlabel:64657269766564 | |
339 | Output = bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b | |
340 | ||
341 | KDF = TLS13-KDF | |
342 | Ctrl.mode = mode:EXPAND_ONLY | |
343 | Ctrl.digest = digest:SHA2-256 | |
344 | Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b | |
345 | Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e | |
346 | Ctrl.prefix = hexprefix:746c73313320 | |
347 | Ctrl.label = hexlabel:632068732074726166666963 | |
348 | Output = 7c318f397dd56ec69c7ab5eafde196c06aefccaf24fb2487e045b55f8d5865dc | |
349 | ||
350 | KDF = TLS13-KDF | |
351 | Ctrl.mode = mode:EXPAND_ONLY | |
352 | Ctrl.digest = digest:SHA2-256 | |
353 | Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b | |
354 | Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e | |
355 | Ctrl.prefix = hexprefix:746c73313320 | |
356 | Ctrl.label = hexlabel:732068732074726166666963 | |
357 | Output = f9b5e2e18869a920128dad1c836d57deacaa85cfec21012823a52182cb5484fc | |
358 | ||
359 | KDF = TLS13-KDF | |
360 | Ctrl.mode = mode:EXTRACT_ONLY | |
361 | Ctrl.digest = digest:SHA2-256 | |
362 | Ctrl.salt = hexsalt:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b | |
363 | Ctrl.prefix = hexprefix:746c73313320 | |
364 | Ctrl.label = hexlabel:64657269766564 | |
365 | Output = 71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba | |
366 | ||
367 | KDF = TLS13-KDF | |
368 | Ctrl.mode = mode:EXPAND_ONLY | |
369 | Ctrl.digest = digest:SHA2-256 | |
370 | Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba | |
371 | Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 | |
372 | Ctrl.prefix = hexprefix:746c73313320 | |
373 | Ctrl.label = hexlabel:632061702074726166666963 | |
374 | Output = 7b48562a81323355b3c090d59b8adbb6aaf17b8489448d3d20bee397523ef0ac | |
375 | ||
376 | KDF = TLS13-KDF | |
377 | Ctrl.mode = mode:EXPAND_ONLY | |
378 | Ctrl.digest = digest:SHA2-256 | |
379 | Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba | |
380 | Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 | |
381 | Ctrl.prefix = hexprefix:746c73313320 | |
382 | Ctrl.label = hexlabel:732061702074726166666963 | |
383 | Output = 19c59876c3f79fad0f66e3038ef2126ff1f0167a15d8fe10901671fbdb7aca9e | |
384 | ||
385 | KDF = TLS13-KDF | |
386 | Ctrl.mode = mode:EXPAND_ONLY | |
387 | Ctrl.digest = digest:SHA2-256 | |
388 | Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba | |
389 | Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8 | |
390 | Ctrl.prefix = hexprefix:746c73313320 | |
391 | Ctrl.label = hexlabel:657870206d6173746572 | |
392 | Output = a41b62871f071de5536da378f4b88071dd9839b367065e84da932e45a6b155e6 | |
393 | ||
394 | KDF = TLS13-KDF | |
395 | Ctrl.mode = mode:EXPAND_ONLY | |
396 | Ctrl.digest = digest:SHA2-256 | |
397 | Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba | |
398 | Ctrl.data = hexdata:40248b70ecbe954e7b825281e052f5d1f784678f02c1574f91034c09fa5b4f91 | |
399 | Ctrl.prefix = hexprefix:746c73313320 | |
400 | Ctrl.label = hexlabel:726573206d6173746572 | |
401 | Output = c27da667ff071ee5907d272d0f26cb204af7df95895670a96c8441bcc9433c6c | |
402 | ||
403 | # New TLS 1.3 session starts here | |
404 | ||
405 | KDF = TLS13-KDF | |
406 | Ctrl.mode = mode:EXTRACT_ONLY | |
407 | Ctrl.digest = digest:SHA2-256 | |
408 | Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
409 | ||
410 | KDF = TLS13-KDF | |
411 | Ctrl.mode = mode:EXPAND_ONLY | |
412 | Ctrl.digest = digest:SHA2-256 | |
413 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
414 | Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0 | |
415 | Ctrl.prefix = hexprefix:746c73313320 | |
416 | Ctrl.label = hexlabel:6320652074726166666963 | |
417 | Output = 9988ba03ffa2aa8f8332efc47051278dd4831bb2b2231010b49354f23a14fcc2 | |
418 | ||
419 | KDF = TLS13-KDF | |
420 | Ctrl.mode = mode:EXPAND_ONLY | |
421 | Ctrl.digest = digest:SHA2-256 | |
422 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
423 | Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0 | |
424 | Ctrl.prefix = hexprefix:746c73313320 | |
425 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
426 | Output = 332e88ff7e3b1b3e592a89b3151bb79a418f5db6dff522a73ff53bc7e237777e | |
427 | ||
428 | KDF = TLS13-KDF | |
429 | Ctrl.mode = mode:EXTRACT_ONLY | |
430 | Ctrl.digest = digest:SHA2-256 | |
431 | Ctrl.key = hexkey:6d42939374a8adf6d3d96bf450eece38f2d0268814262f9780acf5b6769582b0aa | |
432 | Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
433 | Ctrl.prefix = hexprefix:746c73313320 | |
434 | Ctrl.label = hexlabel:64657269766564 | |
435 | Output = ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 | |
436 | ||
437 | KDF = TLS13-KDF | |
438 | Ctrl.mode = mode:EXPAND_ONLY | |
439 | Ctrl.digest = digest:SHA2-256 | |
440 | Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 | |
441 | Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f | |
442 | Ctrl.prefix = hexprefix:746c73313320 | |
443 | Ctrl.label = hexlabel:632068732074726166666963 | |
444 | Output = 60822aa502f3065ec3972e5dba90f14b254544f99d3274cd67fa3565e5e78f11 | |
445 | ||
446 | KDF = TLS13-KDF | |
447 | Ctrl.mode = mode:EXPAND_ONLY | |
448 | Ctrl.digest = digest:SHA2-256 | |
449 | Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 | |
450 | Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f | |
451 | Ctrl.prefix = hexprefix:746c73313320 | |
452 | Ctrl.label = hexlabel:732068732074726166666963 | |
453 | Output = 4534439181f03ed7c34471c0b2cd59a064402a6cb8092f5e30dfe3db4ce29c65 | |
454 | ||
455 | KDF = TLS13-KDF | |
456 | Ctrl.mode = mode:EXTRACT_ONLY | |
457 | Ctrl.digest = digest:SHA2-256 | |
458 | Ctrl.salt = hexsalt:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1 | |
459 | Ctrl.prefix = hexprefix:746c73313320 | |
460 | Ctrl.label = hexlabel:64657269766564 | |
461 | Output = bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 | |
462 | ||
463 | KDF = TLS13-KDF | |
464 | Ctrl.mode = mode:EXPAND_ONLY | |
465 | Ctrl.digest = digest:SHA2-256 | |
466 | Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 | |
467 | Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a | |
468 | Ctrl.prefix = hexprefix:746c73313320 | |
469 | Ctrl.label = hexlabel:632061702074726166666963 | |
470 | Output = 1fa11fda9fc1840f2082a9a81b9212bca08915c8402f5d9d3e6403df529a6872 | |
471 | ||
472 | KDF = TLS13-KDF | |
473 | Ctrl.mode = mode:EXPAND_ONLY | |
474 | Ctrl.digest = digest:SHA2-256 | |
475 | Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 | |
476 | Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a | |
477 | Ctrl.prefix = hexprefix:746c73313320 | |
478 | Ctrl.label = hexlabel:732061702074726166666963 | |
479 | Output = 5d3b814a5ea0b320dc2d6b0d50f766013073e92203184ea6f990f3a23ba1b936 | |
480 | ||
481 | KDF = TLS13-KDF | |
482 | Ctrl.mode = mode:EXPAND_ONLY | |
483 | Ctrl.digest = digest:SHA2-256 | |
484 | Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 | |
485 | Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a | |
486 | Ctrl.prefix = hexprefix:746c73313320 | |
487 | Ctrl.label = hexlabel:657870206d6173746572 | |
488 | Output = 12c9b8c8b42467ccfb6161cafda1027212c59782891fc9f4b43e68f66a6ff0be | |
489 | ||
490 | KDF = TLS13-KDF | |
491 | Ctrl.mode = mode:EXPAND_ONLY | |
492 | Ctrl.digest = digest:SHA2-256 | |
493 | Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96 | |
494 | Ctrl.data = hexdata:7d3160a347ba24ed246af7287f60a64cebe1678aa3055958693c1189f9ae45b8 | |
495 | Ctrl.prefix = hexprefix:746c73313320 | |
496 | Ctrl.label = hexlabel:726573206d6173746572 | |
497 | Output = b39060999fb0e2319294654c6ddf17c6375e25d5e44da3d00474aba66384f961 | |
498 | ||
499 | # New TLS 1.3 session starts here | |
500 | ||
501 | KDF = TLS13-KDF | |
502 | Ctrl.mode = mode:EXTRACT_ONLY | |
503 | Ctrl.digest = digest:SHA2-256 | |
504 | Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
505 | ||
506 | KDF = TLS13-KDF | |
507 | Ctrl.mode = mode:EXPAND_ONLY | |
508 | Ctrl.digest = digest:SHA2-256 | |
509 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
510 | Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5 | |
511 | Ctrl.prefix = hexprefix:746c73313320 | |
512 | Ctrl.label = hexlabel:6320652074726166666963 | |
513 | Output = 659f7cc8a36d4efcea9bb1dbe7d0723b968a7a78eb80d18966afb24fabdb86a2 | |
514 | ||
515 | KDF = TLS13-KDF | |
516 | Ctrl.mode = mode:EXPAND_ONLY | |
517 | Ctrl.digest = digest:SHA2-256 | |
518 | Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
519 | Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5 | |
520 | Ctrl.prefix = hexprefix:746c73313320 | |
521 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
522 | Output = 292bcf6dd3c94e79d2ac4bd4de158f0bedb7416591e87a911ea4034ba6da7a7c | |
523 | ||
524 | KDF = TLS13-KDF | |
525 | Ctrl.mode = mode:EXTRACT_ONLY | |
526 | Ctrl.digest = digest:SHA2-256 | |
527 | Ctrl.key = hexkey:8bed9e790b96b98846068b237082f9c0c0e53af3bea98bdda5f1a079448775ab6d | |
528 | Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a | |
529 | Ctrl.prefix = hexprefix:746c73313320 | |
530 | Ctrl.label = hexlabel:64657269766564 | |
531 | Output = 9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 | |
532 | ||
533 | KDF = TLS13-KDF | |
534 | Ctrl.mode = mode:EXPAND_ONLY | |
535 | Ctrl.digest = digest:SHA2-256 | |
536 | Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 | |
537 | Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812 | |
538 | Ctrl.prefix = hexprefix:746c73313320 | |
539 | Ctrl.label = hexlabel:632068732074726166666963 | |
540 | Output = 7b4d547ba11886f439c6d53b1e65b09aff3f1fea4fb8628962a546013fd53bbc | |
541 | ||
542 | KDF = TLS13-KDF | |
543 | Ctrl.mode = mode:EXPAND_ONLY | |
544 | Ctrl.digest = digest:SHA2-256 | |
545 | Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 | |
546 | Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812 | |
547 | Ctrl.prefix = hexprefix:746c73313320 | |
548 | Ctrl.label = hexlabel:732068732074726166666963 | |
549 | Output = cdb6b0be56d99c2a9a9c201a4b62b27df40877b228ba085fd0d06a5489545595 | |
550 | ||
551 | KDF = TLS13-KDF | |
552 | Ctrl.mode = mode:EXTRACT_ONLY | |
553 | Ctrl.digest = digest:SHA2-256 | |
554 | Ctrl.salt = hexsalt:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0 | |
555 | Ctrl.prefix = hexprefix:746c73313320 | |
556 | Ctrl.label = hexlabel:64657269766564 | |
557 | Output = c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb | |
558 | ||
559 | KDF = TLS13-KDF | |
560 | Ctrl.mode = mode:EXPAND_ONLY | |
561 | Ctrl.digest = digest:SHA2-256 | |
562 | Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb | |
563 | Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da | |
564 | Ctrl.prefix = hexprefix:746c73313320 | |
565 | Ctrl.label = hexlabel:632061702074726166666963 | |
566 | Output = f2a8f833af1dc5db36b842769955d97db05d3bd5014ca9c9fa301e8ac6214ebe | |
567 | ||
568 | KDF = TLS13-KDF | |
569 | Ctrl.mode = mode:EXPAND_ONLY | |
570 | Ctrl.digest = digest:SHA2-256 | |
571 | Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb | |
572 | Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da | |
573 | Ctrl.prefix = hexprefix:746c73313320 | |
574 | Ctrl.label = hexlabel:732061702074726166666963 | |
575 | Output = 1ac34b3063a496f7be40f83e01055a97a0899c9a0484121df5f11ce25d9ca426 | |
576 | ||
577 | KDF = TLS13-KDF | |
578 | Ctrl.mode = mode:EXPAND_ONLY | |
579 | Ctrl.digest = digest:SHA2-256 | |
580 | Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb | |
581 | Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da | |
582 | Ctrl.prefix = hexprefix:746c73313320 | |
583 | Ctrl.label = hexlabel:657870206d6173746572 | |
584 | Output = 58374f792176371d434f9866ba8958fab9eced9edc0a4d7a787798ded90fa9b7 | |
585 | ||
586 | KDF = TLS13-KDF | |
587 | Ctrl.mode = mode:EXPAND_ONLY | |
588 | Ctrl.digest = digest:SHA2-256 | |
589 | Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb | |
590 | Ctrl.data = hexdata:3279a4e27fc27a69208764df2fc0de77e3d9c73dd971b368b8d0a32536a6f8bb | |
591 | Ctrl.prefix = hexprefix:746c73313320 | |
592 | Ctrl.label = hexlabel:726573206d6173746572 | |
593 | Output = 1aff1cdf216ba86913a3d191159de6869490ca94e79da7fbc6173643c87d407a | |
594 | ||
595 | # New TLS 1.3 session starts here | |
596 | ||
597 | KDF = TLS13-KDF | |
598 | Ctrl.mode = mode:EXTRACT_ONLY | |
599 | Ctrl.digest = digest:SHA2-256 | |
600 | Ctrl.key = hexkey:b6d0a81fd3c91c1970a2d85ed695fba34143ae0fea07bc7c8653ad4830c905db | |
601 | Output = 94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc | |
602 | ||
603 | KDF = TLS13-KDF | |
604 | Ctrl.mode = mode:EXPAND_ONLY | |
605 | Ctrl.digest = digest:SHA2-256 | |
606 | Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc | |
607 | Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3 | |
608 | Ctrl.prefix = hexprefix:746c73313320 | |
609 | Ctrl.label = hexlabel:6320652074726166666963 | |
610 | Output = 122a73631c397d888895544f34925464a3d6983cdf647d6e23b050d140af1273 | |
611 | ||
612 | KDF = TLS13-KDF | |
613 | Ctrl.mode = mode:EXPAND_ONLY | |
614 | Ctrl.digest = digest:SHA2-256 | |
615 | Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc | |
616 | Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3 | |
617 | Ctrl.prefix = hexprefix:746c73313320 | |
618 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
619 | Output = 0bb4c7419f9a02f9eb52ab21886b20b7be6ae8223db2e67c50d5d3461ec9b936 | |
620 | ||
621 | KDF = TLS13-KDF | |
622 | Ctrl.mode = mode:EXTRACT_ONLY | |
623 | Ctrl.digest = digest:SHA2-256 | |
624 | Ctrl.key = hexkey:d36680e32c17596202cbf2765472708cb5bc41399b2c9d7cf1c88ca219e7a1ee | |
625 | Ctrl.salt = hexsalt:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc | |
626 | Ctrl.prefix = hexprefix:746c73313320 | |
627 | Ctrl.label = hexlabel:64657269766564 | |
628 | Output = e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 | |
629 | ||
630 | KDF = TLS13-KDF | |
631 | Ctrl.mode = mode:EXPAND_ONLY | |
632 | Ctrl.digest = digest:SHA2-256 | |
633 | Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 | |
634 | Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0 | |
635 | Ctrl.prefix = hexprefix:746c73313320 | |
636 | Ctrl.label = hexlabel:632068732074726166666963 | |
637 | Output = 0de142b91cfda627b365dab23e69ad00edb0085b33076052cf5f7f0ec735abc8 | |
638 | ||
639 | KDF = TLS13-KDF | |
640 | Ctrl.mode = mode:EXPAND_ONLY | |
641 | Ctrl.digest = digest:SHA2-256 | |
642 | Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 | |
643 | Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0 | |
644 | Ctrl.prefix = hexprefix:746c73313320 | |
645 | Ctrl.label = hexlabel:732068732074726166666963 | |
646 | Output = abdeed5d5f41fb963e1a136ac914aa35617c3cd19a56b1c975f27656b967db89 | |
647 | ||
648 | KDF = TLS13-KDF | |
649 | Ctrl.mode = mode:EXTRACT_ONLY | |
650 | Ctrl.digest = digest:SHA2-256 | |
651 | Ctrl.salt = hexsalt:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3 | |
652 | Ctrl.prefix = hexprefix:746c73313320 | |
653 | Ctrl.label = hexlabel:64657269766564 | |
654 | Output = 7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 | |
655 | ||
656 | KDF = TLS13-KDF | |
657 | Ctrl.mode = mode:EXPAND_ONLY | |
658 | Ctrl.digest = digest:SHA2-256 | |
659 | Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 | |
660 | Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 | |
661 | Ctrl.prefix = hexprefix:746c73313320 | |
662 | Ctrl.label = hexlabel:632061702074726166666963 | |
663 | Output = d4e9ecf730820bf96846489a1b717af11cf498f7b0a2a779a4064996597cb97b | |
664 | ||
665 | KDF = TLS13-KDF | |
666 | Ctrl.mode = mode:EXPAND_ONLY | |
667 | Ctrl.digest = digest:SHA2-256 | |
668 | Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 | |
669 | Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 | |
670 | Ctrl.prefix = hexprefix:746c73313320 | |
671 | Ctrl.label = hexlabel:732061702074726166666963 | |
672 | Output = 6d9189f42b5cc41f50c26ada399521e2e3a79f9d8764f00e76e6bce962169cc8 | |
673 | ||
674 | KDF = TLS13-KDF | |
675 | Ctrl.mode = mode:EXPAND_ONLY | |
676 | Ctrl.digest = digest:SHA2-256 | |
677 | Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 | |
678 | Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3 | |
679 | Ctrl.prefix = hexprefix:746c73313320 | |
680 | Ctrl.label = hexlabel:657870206d6173746572 | |
681 | Output = 3998b7178fef3a48ce434d8ead4b09f136dc2f900218dcfcbe7321bc9ce4ec4b | |
682 | ||
683 | KDF = TLS13-KDF | |
684 | Ctrl.mode = mode:EXPAND_ONLY | |
685 | Ctrl.digest = digest:SHA2-256 | |
686 | Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129 | |
687 | Ctrl.data = hexdata:e8a32347070a957786be61942a657b1e51ef0a37591e4d69e4c1362033ced9f0 | |
688 | Ctrl.prefix = hexprefix:746c73313320 | |
689 | Ctrl.label = hexlabel:726573206d6173746572 | |
690 | Output = c3112140c8aed04d114af73b6f245fafdc0c7ff4661ad6252cc754b9afb5b59a | |
691 | ||
692 | # New TLS 1.3 session starts here | |
693 | ||
694 | KDF = TLS13-KDF | |
695 | Ctrl.mode = mode:EXTRACT_ONLY | |
696 | Ctrl.digest = digest:SHA2-256 | |
697 | Ctrl.key = hexkey:89f7a556f3c19a2833b3313868dc11f5728880fb3ac74eb142042bd5e951a1a6 | |
698 | Output = 7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 | |
699 | ||
700 | KDF = TLS13-KDF | |
701 | Ctrl.mode = mode:EXPAND_ONLY | |
702 | Ctrl.digest = digest:SHA2-256 | |
703 | Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 | |
704 | Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f | |
705 | Ctrl.prefix = hexprefix:746c73313320 | |
706 | Ctrl.label = hexlabel:6320652074726166666963 | |
707 | Output = 97cddc9e02e8a54646e1d3cd1018185d93bd76743a64cef03fef3bc1305db4cc | |
708 | ||
709 | KDF = TLS13-KDF | |
710 | Ctrl.mode = mode:EXPAND_ONLY | |
711 | Ctrl.digest = digest:SHA2-256 | |
712 | Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 | |
713 | Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f | |
714 | Ctrl.prefix = hexprefix:746c73313320 | |
715 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
716 | Output = b78c86ab545bd86e890359a2c0bf695c95dec4e3207ad7c110372153328641ae | |
717 | ||
718 | KDF = TLS13-KDF | |
719 | Ctrl.mode = mode:EXTRACT_ONLY | |
720 | Ctrl.digest = digest:SHA2-256 | |
721 | Ctrl.key = hexkey:0cec10693bc11dee75ca5e1d06cb42abba7d1d76762f7400f323b1c191e7e745 | |
722 | Ctrl.salt = hexsalt:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5 | |
723 | Ctrl.prefix = hexprefix:746c73313320 | |
724 | Ctrl.label = hexlabel:64657269766564 | |
725 | Output = 1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee | |
726 | ||
727 | KDF = TLS13-KDF | |
728 | Ctrl.mode = mode:EXPAND_ONLY | |
729 | Ctrl.digest = digest:SHA2-256 | |
730 | Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee | |
731 | Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1 | |
732 | Ctrl.prefix = hexprefix:746c73313320 | |
733 | Ctrl.label = hexlabel:632068732074726166666963 | |
734 | Output = 8f4432e28701a3491742a5588ab506ef378d2ee46dcb9df3c2b8f1161638226a | |
735 | ||
736 | KDF = TLS13-KDF | |
737 | Ctrl.mode = mode:EXPAND_ONLY | |
738 | Ctrl.digest = digest:SHA2-256 | |
739 | Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee | |
740 | Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1 | |
741 | Ctrl.prefix = hexprefix:746c73313320 | |
742 | Ctrl.label = hexlabel:732068732074726166666963 | |
743 | Output = 62ddaed76a7bc9aa623a10176e180333bf50e2d436ab9d6df2e6327c3934b0aa | |
744 | ||
745 | KDF = TLS13-KDF | |
746 | Ctrl.mode = mode:EXTRACT_ONLY | |
747 | Ctrl.digest = digest:SHA2-256 | |
748 | Ctrl.salt = hexsalt:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee | |
749 | Ctrl.prefix = hexprefix:746c73313320 | |
750 | Ctrl.label = hexlabel:64657269766564 | |
751 | Output = f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 | |
752 | ||
753 | KDF = TLS13-KDF | |
754 | Ctrl.mode = mode:EXPAND_ONLY | |
755 | Ctrl.digest = digest:SHA2-256 | |
756 | Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 | |
757 | Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de | |
758 | Ctrl.prefix = hexprefix:746c73313320 | |
759 | Ctrl.label = hexlabel:632061702074726166666963 | |
760 | Output = 5a25fbebbb09a70ee782337a601f6e86e7a77cdfe980c90d2e2acf48a2426c8b | |
761 | ||
762 | KDF = TLS13-KDF | |
763 | Ctrl.mode = mode:EXPAND_ONLY | |
764 | Ctrl.digest = digest:SHA2-256 | |
765 | Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 | |
766 | Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de | |
767 | Ctrl.prefix = hexprefix:746c73313320 | |
768 | Ctrl.label = hexlabel:732061702074726166666963 | |
769 | Output = 495df78c999d00de7c410c8e964df0dbf9192231bbe1b06880b13a0dafee1003 | |
770 | ||
771 | KDF = TLS13-KDF | |
772 | Ctrl.mode = mode:EXPAND_ONLY | |
773 | Ctrl.digest = digest:SHA2-256 | |
774 | Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 | |
775 | Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de | |
776 | Ctrl.prefix = hexprefix:746c73313320 | |
777 | Ctrl.label = hexlabel:657870206d6173746572 | |
778 | Output = d39992ac1cfbe2715b1b95affff6e23934121d3b0b54685f668f5c4473f36f1d | |
779 | ||
780 | KDF = TLS13-KDF | |
781 | Ctrl.mode = mode:EXPAND_ONLY | |
782 | Ctrl.digest = digest:SHA2-256 | |
783 | Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8 | |
784 | Ctrl.data = hexdata:77100f9b44422180a922b28ef83701c5ac19fdc3aea8e4f966840f9fa3c893eb | |
785 | Ctrl.prefix = hexprefix:746c73313320 | |
786 | Ctrl.label = hexlabel:726573206d6173746572 | |
787 | Output = 928104946f6338386e8ac29c6a9b16453fa8c96ee18e7dd9e2f4091cd5399f91 | |
788 | ||
789 | # New TLS 1.3 session starts here | |
790 | ||
791 | KDF = TLS13-KDF | |
792 | Ctrl.mode = mode:EXTRACT_ONLY | |
793 | Ctrl.digest = digest:SHA2-256 | |
794 | Ctrl.key = hexkey:90f8ba43a34bffd93495f3d854c84594e0daf85d9468b35c4dcf44a80eb31718 | |
795 | Output = c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 | |
796 | ||
797 | KDF = TLS13-KDF | |
798 | Ctrl.mode = mode:EXPAND_ONLY | |
799 | Ctrl.digest = digest:SHA2-256 | |
800 | Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 | |
801 | Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9 | |
802 | Ctrl.prefix = hexprefix:746c73313320 | |
803 | Ctrl.label = hexlabel:6320652074726166666963 | |
804 | Output = fd0edb84e6742a9f33892c91e7fc9fe59d932c7677ab3627ede5b15991a607ec | |
805 | ||
806 | KDF = TLS13-KDF | |
807 | Ctrl.mode = mode:EXPAND_ONLY | |
808 | Ctrl.digest = digest:SHA2-256 | |
809 | Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 | |
810 | Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9 | |
811 | Ctrl.prefix = hexprefix:746c73313320 | |
812 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
813 | Output = 25a8973e89c3f3eb3f1394df0f62ee66a7003c794876473c2cc800f7cf4c11fb | |
814 | ||
815 | KDF = TLS13-KDF | |
816 | Ctrl.mode = mode:EXTRACT_ONLY | |
817 | Ctrl.digest = digest:SHA2-256 | |
818 | Ctrl.key = hexkey:a2092cf8a9357e82253844c9f563385e8d44b89d960a7b2fffbc8d697fdcb057 | |
819 | Ctrl.salt = hexsalt:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5 | |
820 | Ctrl.prefix = hexprefix:746c73313320 | |
821 | Ctrl.label = hexlabel:64657269766564 | |
822 | Output = 917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf | |
823 | ||
824 | KDF = TLS13-KDF | |
825 | Ctrl.mode = mode:EXPAND_ONLY | |
826 | Ctrl.digest = digest:SHA2-256 | |
827 | Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf | |
828 | Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f | |
829 | Ctrl.prefix = hexprefix:746c73313320 | |
830 | Ctrl.label = hexlabel:632068732074726166666963 | |
831 | Output = a2861ceecd2842fac7245facc65f6b13145635eaaabd2c3a02db6b20b91f9d38 | |
832 | ||
833 | KDF = TLS13-KDF | |
834 | Ctrl.mode = mode:EXPAND_ONLY | |
835 | Ctrl.digest = digest:SHA2-256 | |
836 | Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf | |
837 | Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f | |
838 | Ctrl.prefix = hexprefix:746c73313320 | |
839 | Ctrl.label = hexlabel:732068732074726166666963 | |
840 | Output = 3b74970ceec49ff0aa043603487194c7c42f4e31ac4aab661f9056c8000afa25 | |
841 | ||
842 | KDF = TLS13-KDF | |
843 | Ctrl.mode = mode:EXTRACT_ONLY | |
844 | Ctrl.digest = digest:SHA2-256 | |
845 | Ctrl.salt = hexsalt:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf | |
846 | Ctrl.prefix = hexprefix:746c73313320 | |
847 | Ctrl.label = hexlabel:64657269766564 | |
848 | Output = 67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af | |
849 | ||
850 | KDF = TLS13-KDF | |
851 | Ctrl.mode = mode:EXPAND_ONLY | |
852 | Ctrl.digest = digest:SHA2-256 | |
853 | Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af | |
854 | Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 | |
855 | Ctrl.prefix = hexprefix:746c73313320 | |
856 | Ctrl.label = hexlabel:632061702074726166666963 | |
857 | Output = c10c35faa34fc917cf0acb280fdb0c3ac513d5c86f418a99e5590d40ccb8fcb9 | |
858 | ||
859 | KDF = TLS13-KDF | |
860 | Ctrl.mode = mode:EXPAND_ONLY | |
861 | Ctrl.digest = digest:SHA2-256 | |
862 | Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af | |
863 | Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 | |
864 | Ctrl.prefix = hexprefix:746c73313320 | |
865 | Ctrl.label = hexlabel:732061702074726166666963 | |
866 | Output = f0ac9ca472ab7587b074d59824a5daec75d613da9b168a2589bbbdcd76c51976 | |
867 | ||
868 | KDF = TLS13-KDF | |
869 | Ctrl.mode = mode:EXPAND_ONLY | |
870 | Ctrl.digest = digest:SHA2-256 | |
871 | Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af | |
872 | Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9 | |
873 | Ctrl.prefix = hexprefix:746c73313320 | |
874 | Ctrl.label = hexlabel:657870206d6173746572 | |
875 | Output = 5e8deab072f10d9c8ffdcda58b93ea5a61f11cf72ca0647118164a2a7fa03a08 | |
876 | ||
877 | KDF = TLS13-KDF | |
878 | Ctrl.mode = mode:EXPAND_ONLY | |
879 | Ctrl.digest = digest:SHA2-256 | |
880 | Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af | |
881 | Ctrl.data = hexdata:b8d1e9993b45dfda130aa77c5319074806042cb4aad1b505bedb951a40cf2003 | |
882 | Ctrl.prefix = hexprefix:746c73313320 | |
883 | Ctrl.label = hexlabel:726573206d6173746572 | |
884 | Output = 6cf8a005b4b453cc982f4707dc64bc3dc8d00602aebd5f85413f4d405e656851 | |
885 | ||
886 | # New TLS 1.3 session starts here | |
887 | ||
888 | KDF = TLS13-KDF | |
889 | Ctrl.mode = mode:EXTRACT_ONLY | |
890 | Ctrl.digest = digest:SHA2-256 | |
891 | Ctrl.key = hexkey:bd1eead608338b0308e4243325a02b350ef6eb5e5fae728fd73f3f9a02c3d515 | |
892 | Output = c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c | |
893 | ||
894 | KDF = TLS13-KDF | |
895 | Ctrl.mode = mode:EXPAND_ONLY | |
896 | Ctrl.digest = digest:SHA2-256 | |
897 | Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c | |
898 | Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e | |
899 | Ctrl.prefix = hexprefix:746c73313320 | |
900 | Ctrl.label = hexlabel:6320652074726166666963 | |
901 | Output = 308ecfa294dec305f736df30570315d28b63b6c72507c1ce14c4f51441982e63 | |
902 | ||
903 | KDF = TLS13-KDF | |
904 | Ctrl.mode = mode:EXPAND_ONLY | |
905 | Ctrl.digest = digest:SHA2-256 | |
906 | Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c | |
907 | Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e | |
908 | Ctrl.prefix = hexprefix:746c73313320 | |
909 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
910 | Output = a41017b7a9ef987dc543e52539688cfc74bb95094693ecf6d9a1724f78ba6403 | |
911 | ||
912 | KDF = TLS13-KDF | |
913 | Ctrl.mode = mode:EXTRACT_ONLY | |
914 | Ctrl.digest = digest:SHA2-256 | |
915 | Ctrl.key = hexkey:a501370b0ffebbf0f115b367ed21f6d8816b10282a2724cb480993583f64f787 | |
916 | Ctrl.salt = hexsalt:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c | |
917 | Ctrl.prefix = hexprefix:746c73313320 | |
918 | Ctrl.label = hexlabel:64657269766564 | |
919 | Output = 6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 | |
920 | ||
921 | KDF = TLS13-KDF | |
922 | Ctrl.mode = mode:EXPAND_ONLY | |
923 | Ctrl.digest = digest:SHA2-256 | |
924 | Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 | |
925 | Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4 | |
926 | Ctrl.prefix = hexprefix:746c73313320 | |
927 | Ctrl.label = hexlabel:632068732074726166666963 | |
928 | Output = f2bed07ad9d2efd2718fb4da4a9dc90fa1dc40440b98c5291377beca16dc6599 | |
929 | ||
930 | KDF = TLS13-KDF | |
931 | Ctrl.mode = mode:EXPAND_ONLY | |
932 | Ctrl.digest = digest:SHA2-256 | |
933 | Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 | |
934 | Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4 | |
935 | Ctrl.prefix = hexprefix:746c73313320 | |
936 | Ctrl.label = hexlabel:732068732074726166666963 | |
937 | Output = f47f4524fd86c43d2c4c1618b03492f8bbcc3bdc1b8c8b97b4ec18581dc13f8e | |
938 | ||
939 | KDF = TLS13-KDF | |
940 | Ctrl.mode = mode:EXTRACT_ONLY | |
941 | Ctrl.digest = digest:SHA2-256 | |
942 | Ctrl.salt = hexsalt:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53 | |
943 | Ctrl.prefix = hexprefix:746c73313320 | |
944 | Ctrl.label = hexlabel:64657269766564 | |
945 | Output = 55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a | |
946 | ||
947 | KDF = TLS13-KDF | |
948 | Ctrl.mode = mode:EXPAND_ONLY | |
949 | Ctrl.digest = digest:SHA2-256 | |
950 | Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a | |
951 | Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 | |
952 | Ctrl.prefix = hexprefix:746c73313320 | |
953 | Ctrl.label = hexlabel:632061702074726166666963 | |
954 | Output = 64e2482febc65460e45d3b9dad2fa847ba2ec91737225920fa4d0afb83ac4558 | |
955 | ||
956 | KDF = TLS13-KDF | |
957 | Ctrl.mode = mode:EXPAND_ONLY | |
958 | Ctrl.digest = digest:SHA2-256 | |
959 | Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a | |
960 | Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 | |
961 | Ctrl.prefix = hexprefix:746c73313320 | |
962 | Ctrl.label = hexlabel:732061702074726166666963 | |
963 | Output = 902dcd1e49c7facf55ce6dbedab06f7265a092418a235df019102b4265d648d2 | |
964 | ||
965 | KDF = TLS13-KDF | |
966 | Ctrl.mode = mode:EXPAND_ONLY | |
967 | Ctrl.digest = digest:SHA2-256 | |
968 | Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a | |
969 | Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335 | |
970 | Ctrl.prefix = hexprefix:746c73313320 | |
971 | Ctrl.label = hexlabel:657870206d6173746572 | |
972 | Output = e168010de64b519d0cf575dbf267590c03b45782d875e10e193be95366d450cd | |
973 | ||
974 | KDF = TLS13-KDF | |
975 | Ctrl.mode = mode:EXPAND_ONLY | |
976 | Ctrl.digest = digest:SHA2-256 | |
977 | Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a | |
978 | Ctrl.data = hexdata:0fe329b7ebec20e21a6322f657702873afb4a52dab88f7484c9cfbfd3b1c1105 | |
979 | Ctrl.prefix = hexprefix:746c73313320 | |
980 | Ctrl.label = hexlabel:726573206d6173746572 | |
981 | Output = 815929e43c3624dccc01db4adfd97f0fea124ff83bfe79cfd0aa76f91e36d9ea | |
982 | ||
983 | # New TLS 1.3 session starts here | |
984 | ||
985 | KDF = TLS13-KDF | |
986 | Ctrl.mode = mode:EXTRACT_ONLY | |
987 | Ctrl.digest = digest:SHA2-256 | |
988 | Ctrl.key = hexkey:47a2f1ed109d1ed2e7a31288312da8930e8f3445c98b6a8862da85ae07507bc6 | |
989 | Output = 1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b | |
990 | ||
991 | KDF = TLS13-KDF | |
992 | Ctrl.mode = mode:EXPAND_ONLY | |
993 | Ctrl.digest = digest:SHA2-256 | |
994 | Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b | |
995 | Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842 | |
996 | Ctrl.prefix = hexprefix:746c73313320 | |
997 | Ctrl.label = hexlabel:6320652074726166666963 | |
998 | Output = 7b57c9475d089b4798340fec63fe876f9fd1214cf0947c8779d0f4952f6aa9c7 | |
999 | ||
1000 | KDF = TLS13-KDF | |
1001 | Ctrl.mode = mode:EXPAND_ONLY | |
1002 | Ctrl.digest = digest:SHA2-256 | |
1003 | Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b | |
1004 | Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842 | |
1005 | Ctrl.prefix = hexprefix:746c73313320 | |
1006 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1007 | Output = 0f0790d9d50286db6cb769f3b6c1ca72a8a9597176ff8c79d8969aa38be74215 | |
1008 | ||
1009 | KDF = TLS13-KDF | |
1010 | Ctrl.mode = mode:EXTRACT_ONLY | |
1011 | Ctrl.digest = digest:SHA2-256 | |
1012 | Ctrl.key = hexkey:9674cae88f3468d7b34df9bd2c348b99f1a964d7ed2bd5340edae2c9c96399db | |
1013 | Ctrl.salt = hexsalt:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b | |
1014 | Ctrl.prefix = hexprefix:746c73313320 | |
1015 | Ctrl.label = hexlabel:64657269766564 | |
1016 | Output = cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c | |
1017 | ||
1018 | KDF = TLS13-KDF | |
1019 | Ctrl.mode = mode:EXPAND_ONLY | |
1020 | Ctrl.digest = digest:SHA2-256 | |
1021 | Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c | |
1022 | Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819 | |
1023 | Ctrl.prefix = hexprefix:746c73313320 | |
1024 | Ctrl.label = hexlabel:632068732074726166666963 | |
1025 | Output = b0beb402fbbd33be12a60927c160210f0343c31143945d0320d0337ed1466aa7 | |
1026 | ||
1027 | KDF = TLS13-KDF | |
1028 | Ctrl.mode = mode:EXPAND_ONLY | |
1029 | Ctrl.digest = digest:SHA2-256 | |
1030 | Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c | |
1031 | Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819 | |
1032 | Ctrl.prefix = hexprefix:746c73313320 | |
1033 | Ctrl.label = hexlabel:732068732074726166666963 | |
1034 | Output = 09bf60f0d825d1fa6696e0d52b93dd40cc1087bdeade1eb0970f55bd4cbe85fc | |
1035 | ||
1036 | KDF = TLS13-KDF | |
1037 | Ctrl.mode = mode:EXTRACT_ONLY | |
1038 | Ctrl.digest = digest:SHA2-256 | |
1039 | Ctrl.salt = hexsalt:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c | |
1040 | Ctrl.prefix = hexprefix:746c73313320 | |
1041 | Ctrl.label = hexlabel:64657269766564 | |
1042 | Output = 8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c | |
1043 | ||
1044 | KDF = TLS13-KDF | |
1045 | Ctrl.mode = mode:EXPAND_ONLY | |
1046 | Ctrl.digest = digest:SHA2-256 | |
1047 | Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c | |
1048 | Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e | |
1049 | Ctrl.prefix = hexprefix:746c73313320 | |
1050 | Ctrl.label = hexlabel:632061702074726166666963 | |
1051 | Output = a5150664aec6f4600ee21c9285943f26427e399a7d348fcd291ac804527be921 | |
1052 | ||
1053 | KDF = TLS13-KDF | |
1054 | Ctrl.mode = mode:EXPAND_ONLY | |
1055 | Ctrl.digest = digest:SHA2-256 | |
1056 | Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c | |
1057 | Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e | |
1058 | Ctrl.prefix = hexprefix:746c73313320 | |
1059 | Ctrl.label = hexlabel:732061702074726166666963 | |
1060 | Output = 695dedb2a8762a90ec40ea1c6c1cbd592b0106a7833df9a4d07cd108e62039bd | |
1061 | ||
1062 | KDF = TLS13-KDF | |
1063 | Ctrl.mode = mode:EXPAND_ONLY | |
1064 | Ctrl.digest = digest:SHA2-256 | |
1065 | Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c | |
1066 | Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e | |
1067 | Ctrl.prefix = hexprefix:746c73313320 | |
1068 | Ctrl.label = hexlabel:657870206d6173746572 | |
1069 | Output = 389d8adce83b1b0aa6574155e62c22d999b43babb388d9223c0ed9f1fe458084 | |
1070 | ||
1071 | KDF = TLS13-KDF | |
1072 | Ctrl.mode = mode:EXPAND_ONLY | |
1073 | Ctrl.digest = digest:SHA2-256 | |
1074 | Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c | |
1075 | Ctrl.data = hexdata:9a38f4bc144df26d362f0249ed9a47ed0d29c2c40e566d0a688584303dcc79eb | |
1076 | Ctrl.prefix = hexprefix:746c73313320 | |
1077 | Ctrl.label = hexlabel:726573206d6173746572 | |
1078 | Output = 4ba917b3adcbc372aa431bef94a44a4afa1b528ce9278aeb79a9bd35885ad745 | |
1079 | ||
1080 | # New TLS 1.3 session starts here | |
1081 | ||
1082 | KDF = TLS13-KDF | |
1083 | Ctrl.mode = mode:EXTRACT_ONLY | |
1084 | Ctrl.digest = digest:SHA2-256 | |
1085 | Ctrl.key = hexkey:c4c9a0266ed3b657058cb9674c530247a09b660954cc26b888a2d56e579fcbd82ef6 | |
1086 | Output = 3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 | |
1087 | ||
1088 | KDF = TLS13-KDF | |
1089 | Ctrl.mode = mode:EXPAND_ONLY | |
1090 | Ctrl.digest = digest:SHA2-256 | |
1091 | Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 | |
1092 | Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691 | |
1093 | Ctrl.prefix = hexprefix:746c73313320 | |
1094 | Ctrl.label = hexlabel:6320652074726166666963 | |
1095 | Output = 08a4b77232d0c46ff57fd77306a2ed3edf0f10272525532fb69ad88c7d01a785 | |
1096 | ||
1097 | KDF = TLS13-KDF | |
1098 | Ctrl.mode = mode:EXPAND_ONLY | |
1099 | Ctrl.digest = digest:SHA2-256 | |
1100 | Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 | |
1101 | Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691 | |
1102 | Ctrl.prefix = hexprefix:746c73313320 | |
1103 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1104 | Output = 2b7574a39cdcebe3f0fc50a42422cd227d72164203661ad3ab0146220c51d638 | |
1105 | ||
1106 | KDF = TLS13-KDF | |
1107 | Ctrl.mode = mode:EXTRACT_ONLY | |
1108 | Ctrl.digest = digest:SHA2-256 | |
1109 | Ctrl.salt = hexsalt:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222 | |
1110 | Ctrl.prefix = hexprefix:746c73313320 | |
1111 | Ctrl.label = hexlabel:64657269766564 | |
1112 | Output = bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c | |
1113 | ||
1114 | KDF = TLS13-KDF | |
1115 | Ctrl.mode = mode:EXPAND_ONLY | |
1116 | Ctrl.digest = digest:SHA2-256 | |
1117 | Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c | |
1118 | Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58 | |
1119 | Ctrl.prefix = hexprefix:746c73313320 | |
1120 | Ctrl.label = hexlabel:632068732074726166666963 | |
1121 | Output = 3c808386d173aa3edad8e0eb9e9bbec629d5a00d3503f1a524aa75c7e8ff4002 | |
1122 | ||
1123 | KDF = TLS13-KDF | |
1124 | Ctrl.mode = mode:EXPAND_ONLY | |
1125 | Ctrl.digest = digest:SHA2-256 | |
1126 | Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c | |
1127 | Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58 | |
1128 | Ctrl.prefix = hexprefix:746c73313320 | |
1129 | Ctrl.label = hexlabel:732068732074726166666963 | |
1130 | Output = db33c5ae5c8b525ebfa000d5446c62a4b2469da9faa913c0694f154371e2c16b | |
1131 | ||
1132 | KDF = TLS13-KDF | |
1133 | Ctrl.mode = mode:EXTRACT_ONLY | |
1134 | Ctrl.digest = digest:SHA2-256 | |
1135 | Ctrl.salt = hexsalt:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c | |
1136 | Ctrl.prefix = hexprefix:746c73313320 | |
1137 | Ctrl.label = hexlabel:64657269766564 | |
1138 | Output = 5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e | |
1139 | ||
1140 | KDF = TLS13-KDF | |
1141 | Ctrl.mode = mode:EXPAND_ONLY | |
1142 | Ctrl.digest = digest:SHA2-256 | |
1143 | Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e | |
1144 | Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a | |
1145 | Ctrl.prefix = hexprefix:746c73313320 | |
1146 | Ctrl.label = hexlabel:632061702074726166666963 | |
1147 | Output = 8885938e3e4be164c56aa53c52695ba4739c6fabdb51a9ab2b35423ebeec2416 | |
1148 | ||
1149 | KDF = TLS13-KDF | |
1150 | Ctrl.mode = mode:EXPAND_ONLY | |
1151 | Ctrl.digest = digest:SHA2-256 | |
1152 | Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e | |
1153 | Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a | |
1154 | Ctrl.prefix = hexprefix:746c73313320 | |
1155 | Ctrl.label = hexlabel:732061702074726166666963 | |
1156 | Output = 3e7d7c5f9ac3a184715ed7a45d68da393cf07a297456849ec671e1a3b29e1dce | |
1157 | ||
1158 | KDF = TLS13-KDF | |
1159 | Ctrl.mode = mode:EXPAND_ONLY | |
1160 | Ctrl.digest = digest:SHA2-256 | |
1161 | Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e | |
1162 | Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a | |
1163 | Ctrl.prefix = hexprefix:746c73313320 | |
1164 | Ctrl.label = hexlabel:657870206d6173746572 | |
1165 | Output = 86e5c6fd2304433f8532a1f863716fc09022346a2f76e2d52fe03f8294fff882 | |
1166 | ||
1167 | KDF = TLS13-KDF | |
1168 | Ctrl.mode = mode:EXPAND_ONLY | |
1169 | Ctrl.digest = digest:SHA2-256 | |
1170 | Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e | |
1171 | Ctrl.data = hexdata:1a06ef15e61cb724a2f84f51c9ba466877261e5597858adda4f461d8cb5352ef | |
1172 | Ctrl.prefix = hexprefix:746c73313320 | |
1173 | Ctrl.label = hexlabel:726573206d6173746572 | |
1174 | Output = 426b2739c854867d4ea7b560092786a4601648d35505ad8040cf67b5978a5f25 | |
1175 | ||
1176 | # New TLS 1.3 session starts here | |
1177 | ||
1178 | KDF = TLS13-KDF | |
1179 | Ctrl.mode = mode:EXTRACT_ONLY | |
1180 | Ctrl.digest = digest:SHA2-256 | |
1181 | Ctrl.key = hexkey:925f595de96572a2e8c35346d9beeca43329f3a66c96168d50588f4e262ed01c66f2 | |
1182 | Output = 3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d | |
1183 | ||
1184 | KDF = TLS13-KDF | |
1185 | Ctrl.mode = mode:EXPAND_ONLY | |
1186 | Ctrl.digest = digest:SHA2-256 | |
1187 | Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d | |
1188 | Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9 | |
1189 | Ctrl.prefix = hexprefix:746c73313320 | |
1190 | Ctrl.label = hexlabel:6320652074726166666963 | |
1191 | Output = 7450f33c7ba624e4151bc8230df0a7163c164f863801949102d4e9715e4813f9 | |
1192 | ||
1193 | KDF = TLS13-KDF | |
1194 | Ctrl.mode = mode:EXPAND_ONLY | |
1195 | Ctrl.digest = digest:SHA2-256 | |
1196 | Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d | |
1197 | Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9 | |
1198 | Ctrl.prefix = hexprefix:746c73313320 | |
1199 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1200 | Output = c6047f5c4eed302b627d1f10bac575db43a29e20a4fdfec20975c8e63a410205 | |
1201 | ||
1202 | KDF = TLS13-KDF | |
1203 | Ctrl.mode = mode:EXTRACT_ONLY | |
1204 | Ctrl.digest = digest:SHA2-256 | |
1205 | Ctrl.salt = hexsalt:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d | |
1206 | Ctrl.prefix = hexprefix:746c73313320 | |
1207 | Ctrl.label = hexlabel:64657269766564 | |
1208 | Output = 7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 | |
1209 | ||
1210 | KDF = TLS13-KDF | |
1211 | Ctrl.mode = mode:EXPAND_ONLY | |
1212 | Ctrl.digest = digest:SHA2-256 | |
1213 | Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 | |
1214 | Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978 | |
1215 | Ctrl.prefix = hexprefix:746c73313320 | |
1216 | Ctrl.label = hexlabel:632068732074726166666963 | |
1217 | Output = cce2f4cf5dc234c4c2366488a8ea141a5be0ec1ef1418aafec947c08d37325b6 | |
1218 | ||
1219 | KDF = TLS13-KDF | |
1220 | Ctrl.mode = mode:EXPAND_ONLY | |
1221 | Ctrl.digest = digest:SHA2-256 | |
1222 | Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 | |
1223 | Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978 | |
1224 | Ctrl.prefix = hexprefix:746c73313320 | |
1225 | Ctrl.label = hexlabel:732068732074726166666963 | |
1226 | Output = 2a3c42a2125c21a7bdfb1902dbc5ab3df1cee0d496472c841751128b4f6ba7ea | |
1227 | ||
1228 | KDF = TLS13-KDF | |
1229 | Ctrl.mode = mode:EXTRACT_ONLY | |
1230 | Ctrl.digest = digest:SHA2-256 | |
1231 | Ctrl.salt = hexsalt:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73 | |
1232 | Ctrl.prefix = hexprefix:746c73313320 | |
1233 | Ctrl.label = hexlabel:64657269766564 | |
1234 | Output = a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 | |
1235 | ||
1236 | KDF = TLS13-KDF | |
1237 | Ctrl.mode = mode:EXPAND_ONLY | |
1238 | Ctrl.digest = digest:SHA2-256 | |
1239 | Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 | |
1240 | Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 | |
1241 | Ctrl.prefix = hexprefix:746c73313320 | |
1242 | Ctrl.label = hexlabel:632061702074726166666963 | |
1243 | Output = efd8f8e08644e81b8a2068d59bf4957da16f376dcce547d485f35158ed934463 | |
1244 | ||
1245 | KDF = TLS13-KDF | |
1246 | Ctrl.mode = mode:EXPAND_ONLY | |
1247 | Ctrl.digest = digest:SHA2-256 | |
1248 | Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 | |
1249 | Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 | |
1250 | Ctrl.prefix = hexprefix:746c73313320 | |
1251 | Ctrl.label = hexlabel:732061702074726166666963 | |
1252 | Output = 1ec28e0fdb42e283058c3cb093b64b2a51f25f309f6903736de591cb730b0d59 | |
1253 | ||
1254 | KDF = TLS13-KDF | |
1255 | Ctrl.mode = mode:EXPAND_ONLY | |
1256 | Ctrl.digest = digest:SHA2-256 | |
1257 | Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 | |
1258 | Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982 | |
1259 | Ctrl.prefix = hexprefix:746c73313320 | |
1260 | Ctrl.label = hexlabel:657870206d6173746572 | |
1261 | Output = 1cd2d315b8720a771f7b8d84ee19704193a3ad7f903d62561d51318fda4ef8e2 | |
1262 | ||
1263 | KDF = TLS13-KDF | |
1264 | Ctrl.mode = mode:EXPAND_ONLY | |
1265 | Ctrl.digest = digest:SHA2-256 | |
1266 | Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4 | |
1267 | Ctrl.data = hexdata:6094455245209c442e19e5f313534da9f9c7e5d634d443d8cd14b9e9b6d778ab | |
1268 | Ctrl.prefix = hexprefix:746c73313320 | |
1269 | Ctrl.label = hexlabel:726573206d6173746572 | |
1270 | Output = 7df15d385663c45a359e5d1f4b648d6e77156b48e3d382db08cb26d3218dabee | |
1271 | ||
1272 | # New TLS 1.3 session starts here | |
1273 | ||
1274 | KDF = TLS13-KDF | |
1275 | Ctrl.mode = mode:EXTRACT_ONLY | |
1276 | Ctrl.digest = digest:SHA2-256 | |
1277 | Ctrl.key = hexkey:3a985db779275ed7c23af0f123220d862db237fc9ac9834e76eec0692b1e98055c12 | |
1278 | Output = 75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd | |
1279 | ||
1280 | KDF = TLS13-KDF | |
1281 | Ctrl.mode = mode:EXPAND_ONLY | |
1282 | Ctrl.digest = digest:SHA2-256 | |
1283 | Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd | |
1284 | Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad | |
1285 | Ctrl.prefix = hexprefix:746c73313320 | |
1286 | Ctrl.label = hexlabel:6320652074726166666963 | |
1287 | Output = adaacbad9407c0c69632800eb3c7e5f901af2bfae618fa0cbcf63fb0064df997 | |
1288 | ||
1289 | KDF = TLS13-KDF | |
1290 | Ctrl.mode = mode:EXPAND_ONLY | |
1291 | Ctrl.digest = digest:SHA2-256 | |
1292 | Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd | |
1293 | Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad | |
1294 | Ctrl.prefix = hexprefix:746c73313320 | |
1295 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1296 | Output = 70a6fd6201cddc6ac218cacf4487be2c23382e9a898a8e959d443602e66bc9ff | |
1297 | ||
1298 | KDF = TLS13-KDF | |
1299 | Ctrl.mode = mode:EXTRACT_ONLY | |
1300 | Ctrl.digest = digest:SHA2-256 | |
1301 | Ctrl.salt = hexsalt:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd | |
1302 | Ctrl.prefix = hexprefix:746c73313320 | |
1303 | Ctrl.label = hexlabel:64657269766564 | |
1304 | Output = b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea | |
1305 | ||
1306 | KDF = TLS13-KDF | |
1307 | Ctrl.mode = mode:EXPAND_ONLY | |
1308 | Ctrl.digest = digest:SHA2-256 | |
1309 | Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea | |
1310 | Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b | |
1311 | Ctrl.prefix = hexprefix:746c73313320 | |
1312 | Ctrl.label = hexlabel:632068732074726166666963 | |
1313 | Output = cedc4ca3f6acfc0495e9c4aacf236309e80688394296baab08b2821d8adeb3b2 | |
1314 | ||
1315 | KDF = TLS13-KDF | |
1316 | Ctrl.mode = mode:EXPAND_ONLY | |
1317 | Ctrl.digest = digest:SHA2-256 | |
1318 | Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea | |
1319 | Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b | |
1320 | Ctrl.prefix = hexprefix:746c73313320 | |
1321 | Ctrl.label = hexlabel:732068732074726166666963 | |
1322 | Output = 22d95b8d42edc48c71e82ef68f3d0adea616742d829ef8dc40ee5a4a127e0c2f | |
1323 | ||
1324 | KDF = TLS13-KDF | |
1325 | Ctrl.mode = mode:EXTRACT_ONLY | |
1326 | Ctrl.digest = digest:SHA2-256 | |
1327 | Ctrl.salt = hexsalt:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea | |
1328 | Ctrl.prefix = hexprefix:746c73313320 | |
1329 | Ctrl.label = hexlabel:64657269766564 | |
1330 | Output = 7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 | |
1331 | ||
1332 | KDF = TLS13-KDF | |
1333 | Ctrl.mode = mode:EXPAND_ONLY | |
1334 | Ctrl.digest = digest:SHA2-256 | |
1335 | Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 | |
1336 | Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f | |
1337 | Ctrl.prefix = hexprefix:746c73313320 | |
1338 | Ctrl.label = hexlabel:632061702074726166666963 | |
1339 | Output = 36079cac5cd69338b13cdf43902c52353c0ad3bee52d9d4b80bdcbafb896c1f2 | |
1340 | ||
1341 | KDF = TLS13-KDF | |
1342 | Ctrl.mode = mode:EXPAND_ONLY | |
1343 | Ctrl.digest = digest:SHA2-256 | |
1344 | Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 | |
1345 | Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f | |
1346 | Ctrl.prefix = hexprefix:746c73313320 | |
1347 | Ctrl.label = hexlabel:732061702074726166666963 | |
1348 | Output = 5ccccbec1e524afdbfeb3f79eee231445ea4b970775ca44780b836278459e800 | |
1349 | ||
1350 | KDF = TLS13-KDF | |
1351 | Ctrl.mode = mode:EXPAND_ONLY | |
1352 | Ctrl.digest = digest:SHA2-256 | |
1353 | Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 | |
1354 | Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f | |
1355 | Ctrl.prefix = hexprefix:746c73313320 | |
1356 | Ctrl.label = hexlabel:657870206d6173746572 | |
1357 | Output = 1f99d16935378ad2b629602be4902ef36803a0456f4b412dc60069b02907c157 | |
1358 | ||
1359 | KDF = TLS13-KDF | |
1360 | Ctrl.mode = mode:EXPAND_ONLY | |
1361 | Ctrl.digest = digest:SHA2-256 | |
1362 | Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8 | |
1363 | Ctrl.data = hexdata:53fa7ef57bd948347ee221a58e0357e5d64fc68337a40e1a2a955c362305b7d0 | |
1364 | Ctrl.prefix = hexprefix:746c73313320 | |
1365 | Ctrl.label = hexlabel:726573206d6173746572 | |
1366 | Output = 3f314a8cdade0c8fb7a8ada062c076cdc66f48ae85b06e9866823071b24569f6 | |
1367 | ||
1368 | # New TLS 1.3 session starts here | |
1369 | ||
1370 | KDF = TLS13-KDF | |
1371 | Ctrl.mode = mode:EXTRACT_ONLY | |
1372 | Ctrl.digest = digest:SHA2-256 | |
1373 | Ctrl.key = hexkey:147e5b2a8c852a29cd2dbe0889eae5e127c08c7dc4ef2fcd10c7f074132b9316f82c | |
1374 | Output = a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a | |
1375 | ||
1376 | KDF = TLS13-KDF | |
1377 | Ctrl.mode = mode:EXPAND_ONLY | |
1378 | Ctrl.digest = digest:SHA2-256 | |
1379 | Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a | |
1380 | Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768 | |
1381 | Ctrl.prefix = hexprefix:746c73313320 | |
1382 | Ctrl.label = hexlabel:6320652074726166666963 | |
1383 | Output = cf72dbf54ef12ad90c826cc5f745332a051bd22f3d4a4980e38ed5c91acdbe00 | |
1384 | ||
1385 | KDF = TLS13-KDF | |
1386 | Ctrl.mode = mode:EXPAND_ONLY | |
1387 | Ctrl.digest = digest:SHA2-256 | |
1388 | Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a | |
1389 | Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768 | |
1390 | Ctrl.prefix = hexprefix:746c73313320 | |
1391 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1392 | Output = 04e7fa07f592562b442f41403f89ce197a777b890dd6ad4a37330d7b97f9297f | |
1393 | ||
1394 | KDF = TLS13-KDF | |
1395 | Ctrl.mode = mode:EXTRACT_ONLY | |
1396 | Ctrl.digest = digest:SHA2-256 | |
1397 | Ctrl.salt = hexsalt:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a | |
1398 | Ctrl.prefix = hexprefix:746c73313320 | |
1399 | Ctrl.label = hexlabel:64657269766564 | |
1400 | Output = facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 | |
1401 | ||
1402 | KDF = TLS13-KDF | |
1403 | Ctrl.mode = mode:EXPAND_ONLY | |
1404 | Ctrl.digest = digest:SHA2-256 | |
1405 | Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 | |
1406 | Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee | |
1407 | Ctrl.prefix = hexprefix:746c73313320 | |
1408 | Ctrl.label = hexlabel:632068732074726166666963 | |
1409 | Output = e86ea8bf6c00c4e1415f55ffe5c6fc639cfde1aedb549eea54e536920794b677 | |
1410 | ||
1411 | KDF = TLS13-KDF | |
1412 | Ctrl.mode = mode:EXPAND_ONLY | |
1413 | Ctrl.digest = digest:SHA2-256 | |
1414 | Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 | |
1415 | Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee | |
1416 | Ctrl.prefix = hexprefix:746c73313320 | |
1417 | Ctrl.label = hexlabel:732068732074726166666963 | |
1418 | Output = 4470d8eaf03e31af06885a327decd84b44b073ed040d81e223cd40e018ae3ebb | |
1419 | ||
1420 | KDF = TLS13-KDF | |
1421 | Ctrl.mode = mode:EXTRACT_ONLY | |
1422 | Ctrl.digest = digest:SHA2-256 | |
1423 | Ctrl.salt = hexsalt:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2 | |
1424 | Ctrl.prefix = hexprefix:746c73313320 | |
1425 | Ctrl.label = hexlabel:64657269766564 | |
1426 | Output = 77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c | |
1427 | ||
1428 | KDF = TLS13-KDF | |
1429 | Ctrl.mode = mode:EXPAND_ONLY | |
1430 | Ctrl.digest = digest:SHA2-256 | |
1431 | Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c | |
1432 | Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 | |
1433 | Ctrl.prefix = hexprefix:746c73313320 | |
1434 | Ctrl.label = hexlabel:632061702074726166666963 | |
1435 | Output = e7a16831383b4617205c40de58a169f567f4c612b2c07667f10b61a4b137a088 | |
1436 | ||
1437 | KDF = TLS13-KDF | |
1438 | Ctrl.mode = mode:EXPAND_ONLY | |
1439 | Ctrl.digest = digest:SHA2-256 | |
1440 | Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c | |
1441 | Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 | |
1442 | Ctrl.prefix = hexprefix:746c73313320 | |
1443 | Ctrl.label = hexlabel:732061702074726166666963 | |
1444 | Output = 912010401679c0279d6e45cc968232ed8cea41b66dc80fa5ad1d4ac666a38873 | |
1445 | ||
1446 | KDF = TLS13-KDF | |
1447 | Ctrl.mode = mode:EXPAND_ONLY | |
1448 | Ctrl.digest = digest:SHA2-256 | |
1449 | Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c | |
1450 | Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29 | |
1451 | Ctrl.prefix = hexprefix:746c73313320 | |
1452 | Ctrl.label = hexlabel:657870206d6173746572 | |
1453 | Output = d3ad734749b9c723c3a4186ac4af12e70a6c8f209c96277af7caaf0a8a30a284 | |
1454 | ||
1455 | KDF = TLS13-KDF | |
1456 | Ctrl.mode = mode:EXPAND_ONLY | |
1457 | Ctrl.digest = digest:SHA2-256 | |
1458 | Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c | |
1459 | Ctrl.data = hexdata:19c68fab2d15ea5cefe7de3478c9207f8321be8045ff3a3463cdc0c11dbe7cd1 | |
1460 | Ctrl.prefix = hexprefix:746c73313320 | |
1461 | Ctrl.label = hexlabel:726573206d6173746572 | |
1462 | Output = 6acd62983abf673fc0884510ca8c92f617089ad5dad4b16b4a9c43c45af97020 | |
1463 | ||
1464 | # New TLS 1.3 session starts here | |
1465 | ||
1466 | KDF = TLS13-KDF | |
1467 | Ctrl.mode = mode:EXTRACT_ONLY | |
1468 | Ctrl.digest = digest:SHA2-256 | |
1469 | Ctrl.key = hexkey:d3b971aced61ea7ec4fbe922509a9f7184ee8fec3758728d199a78207ebb14078e68 | |
1470 | Output = 5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b | |
1471 | ||
1472 | KDF = TLS13-KDF | |
1473 | Ctrl.mode = mode:EXPAND_ONLY | |
1474 | Ctrl.digest = digest:SHA2-256 | |
1475 | Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b | |
1476 | Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744 | |
1477 | Ctrl.prefix = hexprefix:746c73313320 | |
1478 | Ctrl.label = hexlabel:6320652074726166666963 | |
1479 | Output = 747dd5593aa133934f8be2e7c92e7431dcb5c369222a2d5c6a8142435d1d6df5 | |
1480 | ||
1481 | KDF = TLS13-KDF | |
1482 | Ctrl.mode = mode:EXPAND_ONLY | |
1483 | Ctrl.digest = digest:SHA2-256 | |
1484 | Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b | |
1485 | Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744 | |
1486 | Ctrl.prefix = hexprefix:746c73313320 | |
1487 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1488 | Output = 20a8ddd7a7d1ba973465bf35610018bdc54baf59dc4984a6dad05d11308e4952 | |
1489 | ||
1490 | KDF = TLS13-KDF | |
1491 | Ctrl.mode = mode:EXTRACT_ONLY | |
1492 | Ctrl.digest = digest:SHA2-256 | |
1493 | Ctrl.salt = hexsalt:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b | |
1494 | Ctrl.prefix = hexprefix:746c73313320 | |
1495 | Ctrl.label = hexlabel:64657269766564 | |
1496 | Output = 58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc | |
1497 | ||
1498 | KDF = TLS13-KDF | |
1499 | Ctrl.mode = mode:EXPAND_ONLY | |
1500 | Ctrl.digest = digest:SHA2-256 | |
1501 | Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc | |
1502 | Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc | |
1503 | Ctrl.prefix = hexprefix:746c73313320 | |
1504 | Ctrl.label = hexlabel:632068732074726166666963 | |
1505 | Output = 8c8ea28aad5411f3963ad2827f2bdc84041cc6da53c7400c998c6434c5c15ba1 | |
1506 | ||
1507 | KDF = TLS13-KDF | |
1508 | Ctrl.mode = mode:EXPAND_ONLY | |
1509 | Ctrl.digest = digest:SHA2-256 | |
1510 | Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc | |
1511 | Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc | |
1512 | Ctrl.prefix = hexprefix:746c73313320 | |
1513 | Ctrl.label = hexlabel:732068732074726166666963 | |
1514 | Output = 123b12381753a82aeb705cb2c3f2a2ae729511f1b1c92e6be3e587b07fe4c60f | |
1515 | ||
1516 | KDF = TLS13-KDF | |
1517 | Ctrl.mode = mode:EXTRACT_ONLY | |
1518 | Ctrl.digest = digest:SHA2-256 | |
1519 | Ctrl.salt = hexsalt:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc | |
1520 | Ctrl.prefix = hexprefix:746c73313320 | |
1521 | Ctrl.label = hexlabel:64657269766564 | |
1522 | Output = 3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 | |
1523 | ||
1524 | KDF = TLS13-KDF | |
1525 | Ctrl.mode = mode:EXPAND_ONLY | |
1526 | Ctrl.digest = digest:SHA2-256 | |
1527 | Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 | |
1528 | Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 | |
1529 | Ctrl.prefix = hexprefix:746c73313320 | |
1530 | Ctrl.label = hexlabel:632061702074726166666963 | |
1531 | Output = 5a8fde0ac38739f0eb2e739b440530c3943b37ad26ffaff73f2904e17bde058d | |
1532 | ||
1533 | KDF = TLS13-KDF | |
1534 | Ctrl.mode = mode:EXPAND_ONLY | |
1535 | Ctrl.digest = digest:SHA2-256 | |
1536 | Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 | |
1537 | Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 | |
1538 | Ctrl.prefix = hexprefix:746c73313320 | |
1539 | Ctrl.label = hexlabel:732061702074726166666963 | |
1540 | Output = 97e9a4d00eff6997d6e60d5a060851d7c1f5c6878ef198063fa5a3a9cc77e5e9 | |
1541 | ||
1542 | KDF = TLS13-KDF | |
1543 | Ctrl.mode = mode:EXPAND_ONLY | |
1544 | Ctrl.digest = digest:SHA2-256 | |
1545 | Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 | |
1546 | Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7 | |
1547 | Ctrl.prefix = hexprefix:746c73313320 | |
1548 | Ctrl.label = hexlabel:657870206d6173746572 | |
1549 | Output = 5b596ab4521a354c141898211ac96fdf6965931fb142ca601ec5dcaccd900f39 | |
1550 | ||
1551 | KDF = TLS13-KDF | |
1552 | Ctrl.mode = mode:EXPAND_ONLY | |
1553 | Ctrl.digest = digest:SHA2-256 | |
1554 | Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037 | |
1555 | Ctrl.data = hexdata:622bf37da14b1110ffd9fde15a8b34b5a9192b7c003279df2d779a8441eb832a | |
1556 | Ctrl.prefix = hexprefix:746c73313320 | |
1557 | Ctrl.label = hexlabel:726573206d6173746572 | |
1558 | Output = 86fc27400916d558eb24e277ada87cfb217bb41993b5947049eaab30ee1967de | |
1559 | ||
1560 | # New TLS 1.3 session starts here | |
1561 | ||
1562 | KDF = TLS13-KDF | |
1563 | Ctrl.mode = mode:EXTRACT_ONLY | |
1564 | Ctrl.digest = digest:SHA2-256 | |
1565 | Ctrl.key = hexkey:6e9a209d728b63a2649820ecba2439c3ced3facc56973fc63359e73f1fe8a5f0 | |
1566 | Output = 5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 | |
1567 | ||
1568 | KDF = TLS13-KDF | |
1569 | Ctrl.mode = mode:EXPAND_ONLY | |
1570 | Ctrl.digest = digest:SHA2-256 | |
1571 | Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 | |
1572 | Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942 | |
1573 | Ctrl.prefix = hexprefix:746c73313320 | |
1574 | Ctrl.label = hexlabel:6320652074726166666963 | |
1575 | Output = 4b3538bdc30df6f4052310a5f66ea6de2ca506a22a0e3631b2d3eff387dd2425 | |
1576 | ||
1577 | KDF = TLS13-KDF | |
1578 | Ctrl.mode = mode:EXPAND_ONLY | |
1579 | Ctrl.digest = digest:SHA2-256 | |
1580 | Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 | |
1581 | Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942 | |
1582 | Ctrl.prefix = hexprefix:746c73313320 | |
1583 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1584 | Output = 377e1abcc286c58d438f146ceb39050d453a1b9c842ed8d9275842cfac27484b | |
1585 | ||
1586 | KDF = TLS13-KDF | |
1587 | Ctrl.mode = mode:EXTRACT_ONLY | |
1588 | Ctrl.digest = digest:SHA2-256 | |
1589 | Ctrl.salt = hexsalt:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974 | |
1590 | Ctrl.prefix = hexprefix:746c73313320 | |
1591 | Ctrl.label = hexlabel:64657269766564 | |
1592 | Output = 5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 | |
1593 | ||
1594 | KDF = TLS13-KDF | |
1595 | Ctrl.mode = mode:EXPAND_ONLY | |
1596 | Ctrl.digest = digest:SHA2-256 | |
1597 | Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 | |
1598 | Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270 | |
1599 | Ctrl.prefix = hexprefix:746c73313320 | |
1600 | Ctrl.label = hexlabel:632068732074726166666963 | |
1601 | Output = 992ef872ba2d217c7e2256e42a2e4391a3482105db09fb0330813f4ae093d8ec | |
1602 | ||
1603 | KDF = TLS13-KDF | |
1604 | Ctrl.mode = mode:EXPAND_ONLY | |
1605 | Ctrl.digest = digest:SHA2-256 | |
1606 | Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 | |
1607 | Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270 | |
1608 | Ctrl.prefix = hexprefix:746c73313320 | |
1609 | Ctrl.label = hexlabel:732068732074726166666963 | |
1610 | Output = e439ad92cd58b349cf2d44ceada80f0dc62cd03a216c0a6e98b9c4faa762e178 | |
1611 | ||
1612 | KDF = TLS13-KDF | |
1613 | Ctrl.mode = mode:EXTRACT_ONLY | |
1614 | Ctrl.digest = digest:SHA2-256 | |
1615 | Ctrl.salt = hexsalt:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006 | |
1616 | Ctrl.prefix = hexprefix:746c73313320 | |
1617 | Ctrl.label = hexlabel:64657269766564 | |
1618 | Output = 02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d | |
1619 | ||
1620 | KDF = TLS13-KDF | |
1621 | Ctrl.mode = mode:EXPAND_ONLY | |
1622 | Ctrl.digest = digest:SHA2-256 | |
1623 | Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d | |
1624 | Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a | |
1625 | Ctrl.prefix = hexprefix:746c73313320 | |
1626 | Ctrl.label = hexlabel:632061702074726166666963 | |
1627 | Output = 5915a67e1934c6a65cc0ff2a8101d2ab42c1d2fb448374cc4a4a1aa5b79304d2 | |
1628 | ||
1629 | KDF = TLS13-KDF | |
1630 | Ctrl.mode = mode:EXPAND_ONLY | |
1631 | Ctrl.digest = digest:SHA2-256 | |
1632 | Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d | |
1633 | Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a | |
1634 | Ctrl.prefix = hexprefix:746c73313320 | |
1635 | Ctrl.label = hexlabel:732061702074726166666963 | |
1636 | Output = 1526a83cee865495333b13328e5b6cf6a6f42f1cb354d5e0fac6ab75e32a059f | |
1637 | ||
1638 | KDF = TLS13-KDF | |
1639 | Ctrl.mode = mode:EXPAND_ONLY | |
1640 | Ctrl.digest = digest:SHA2-256 | |
1641 | Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d | |
1642 | Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a | |
1643 | Ctrl.prefix = hexprefix:746c73313320 | |
1644 | Ctrl.label = hexlabel:657870206d6173746572 | |
1645 | Output = 4f7a8ecd191d6b18ede079553a6472159aed46da19f891349e94d14517614fe4 | |
1646 | ||
1647 | KDF = TLS13-KDF | |
1648 | Ctrl.mode = mode:EXPAND_ONLY | |
1649 | Ctrl.digest = digest:SHA2-256 | |
1650 | Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d | |
1651 | Ctrl.data = hexdata:27c96e77f7f7e4dbdd958348ce3d95683f3b78652605fd41bc02280c091d199e | |
1652 | Ctrl.prefix = hexprefix:746c73313320 | |
1653 | Ctrl.label = hexlabel:726573206d6173746572 | |
1654 | Output = c2d6e4992b13331da0843572e55dd0624a04067c9415a2f231f08e86d496fd15 | |
1655 | ||
1656 | # New TLS 1.3 session starts here | |
1657 | ||
1658 | KDF = TLS13-KDF | |
1659 | Ctrl.mode = mode:EXTRACT_ONLY | |
1660 | Ctrl.digest = digest:SHA2-256 | |
1661 | Ctrl.key = hexkey:d339bc83462b544456e27a735516d50bd330bce6f39d0c388a89ef33ac209001 | |
1662 | Output = 4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 | |
1663 | ||
1664 | KDF = TLS13-KDF | |
1665 | Ctrl.mode = mode:EXPAND_ONLY | |
1666 | Ctrl.digest = digest:SHA2-256 | |
1667 | Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 | |
1668 | Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94 | |
1669 | Ctrl.prefix = hexprefix:746c73313320 | |
1670 | Ctrl.label = hexlabel:6320652074726166666963 | |
1671 | Output = 977fc35f7a57f30e6509cb0a2ad9ad5cd1bc18d9d945ef3d6efede51ca727be6 | |
1672 | ||
1673 | KDF = TLS13-KDF | |
1674 | Ctrl.mode = mode:EXPAND_ONLY | |
1675 | Ctrl.digest = digest:SHA2-256 | |
1676 | Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 | |
1677 | Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94 | |
1678 | Ctrl.prefix = hexprefix:746c73313320 | |
1679 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1680 | Output = a0a444d95f34b3abd80fa9c61f00e522ebaaba9b0b392bce0d5bdd64c66faea8 | |
1681 | ||
1682 | KDF = TLS13-KDF | |
1683 | Ctrl.mode = mode:EXTRACT_ONLY | |
1684 | Ctrl.digest = digest:SHA2-256 | |
1685 | Ctrl.salt = hexsalt:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67 | |
1686 | Ctrl.prefix = hexprefix:746c73313320 | |
1687 | Ctrl.label = hexlabel:64657269766564 | |
1688 | Output = 6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 | |
1689 | ||
1690 | KDF = TLS13-KDF | |
1691 | Ctrl.mode = mode:EXPAND_ONLY | |
1692 | Ctrl.digest = digest:SHA2-256 | |
1693 | Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 | |
1694 | Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f | |
1695 | Ctrl.prefix = hexprefix:746c73313320 | |
1696 | Ctrl.label = hexlabel:632068732074726166666963 | |
1697 | Output = ae767de352cd5de70f06fa89c97c384f3114459d2d34358254536d6dc2a51a43 | |
1698 | ||
1699 | KDF = TLS13-KDF | |
1700 | Ctrl.mode = mode:EXPAND_ONLY | |
1701 | Ctrl.digest = digest:SHA2-256 | |
1702 | Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 | |
1703 | Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f | |
1704 | Ctrl.prefix = hexprefix:746c73313320 | |
1705 | Ctrl.label = hexlabel:732068732074726166666963 | |
1706 | Output = eadd1815582776d2af4c5b2459884f636c668ddb4f9de2a3c9d748f3d30c6c55 | |
1707 | ||
1708 | KDF = TLS13-KDF | |
1709 | Ctrl.mode = mode:EXTRACT_ONLY | |
1710 | Ctrl.digest = digest:SHA2-256 | |
1711 | Ctrl.salt = hexsalt:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9 | |
1712 | Ctrl.prefix = hexprefix:746c73313320 | |
1713 | Ctrl.label = hexlabel:64657269766564 | |
1714 | Output = 87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 | |
1715 | ||
1716 | KDF = TLS13-KDF | |
1717 | Ctrl.mode = mode:EXPAND_ONLY | |
1718 | Ctrl.digest = digest:SHA2-256 | |
1719 | Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 | |
1720 | Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 | |
1721 | Ctrl.prefix = hexprefix:746c73313320 | |
1722 | Ctrl.label = hexlabel:632061702074726166666963 | |
1723 | Output = 05df2e13f0bbc39095a751653198fbd71316d60f0b0ff34a571be0f24a0110e4 | |
1724 | ||
1725 | KDF = TLS13-KDF | |
1726 | Ctrl.mode = mode:EXPAND_ONLY | |
1727 | Ctrl.digest = digest:SHA2-256 | |
1728 | Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 | |
1729 | Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 | |
1730 | Ctrl.prefix = hexprefix:746c73313320 | |
1731 | Ctrl.label = hexlabel:732061702074726166666963 | |
1732 | Output = 7548a168eadc002e00a9f6992464d89053a09fafe5455424043e88625f6aa1f5 | |
1733 | ||
1734 | KDF = TLS13-KDF | |
1735 | Ctrl.mode = mode:EXPAND_ONLY | |
1736 | Ctrl.digest = digest:SHA2-256 | |
1737 | Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 | |
1738 | Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376 | |
1739 | Ctrl.prefix = hexprefix:746c73313320 | |
1740 | Ctrl.label = hexlabel:657870206d6173746572 | |
1741 | Output = 55d8638f0b4e4a8c0c86a3b499c1f5a22c4b763f74f34415852fe66f5b14fc64 | |
1742 | ||
1743 | KDF = TLS13-KDF | |
1744 | Ctrl.mode = mode:EXPAND_ONLY | |
1745 | Ctrl.digest = digest:SHA2-256 | |
1746 | Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1 | |
1747 | Ctrl.data = hexdata:ef6958939a40f5a6da5514b25c61e65c785529da24b7abe4c2ff24de90e22865 | |
1748 | Ctrl.prefix = hexprefix:746c73313320 | |
1749 | Ctrl.label = hexlabel:726573206d6173746572 | |
1750 | Output = 91621081e013738d0565d87d48299f9663e9cb00ea10de8b4e524faed12b2549 | |
1751 | ||
1752 | # New TLS 1.3 session starts here | |
1753 | ||
1754 | KDF = TLS13-KDF | |
1755 | Ctrl.mode = mode:EXTRACT_ONLY | |
1756 | Ctrl.digest = digest:SHA2-256 | |
1757 | Ctrl.key = hexkey:10cd69a2ff07b9fc1b97f048ff04f76bde83ffa1b7c55a7c90f4a335c678e603 | |
1758 | Output = 1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a | |
1759 | ||
1760 | KDF = TLS13-KDF | |
1761 | Ctrl.mode = mode:EXPAND_ONLY | |
1762 | Ctrl.digest = digest:SHA2-256 | |
1763 | Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a | |
1764 | Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19 | |
1765 | Ctrl.prefix = hexprefix:746c73313320 | |
1766 | Ctrl.label = hexlabel:6320652074726166666963 | |
1767 | Output = 4a274d1c3ffb31ccfd02b822c58e22540a08e8805467949049c790523f22a521 | |
1768 | ||
1769 | KDF = TLS13-KDF | |
1770 | Ctrl.mode = mode:EXPAND_ONLY | |
1771 | Ctrl.digest = digest:SHA2-256 | |
1772 | Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a | |
1773 | Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19 | |
1774 | Ctrl.prefix = hexprefix:746c73313320 | |
1775 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1776 | Output = fd0c1024664dce62f20828f6523804b6c3cf8cac1d0c226ca82c216617749278 | |
1777 | ||
1778 | KDF = TLS13-KDF | |
1779 | Ctrl.mode = mode:EXTRACT_ONLY | |
1780 | Ctrl.digest = digest:SHA2-256 | |
1781 | Ctrl.salt = hexsalt:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a | |
1782 | Ctrl.prefix = hexprefix:746c73313320 | |
1783 | Ctrl.label = hexlabel:64657269766564 | |
1784 | Output = f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d | |
1785 | ||
1786 | KDF = TLS13-KDF | |
1787 | Ctrl.mode = mode:EXPAND_ONLY | |
1788 | Ctrl.digest = digest:SHA2-256 | |
1789 | Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d | |
1790 | Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24 | |
1791 | Ctrl.prefix = hexprefix:746c73313320 | |
1792 | Ctrl.label = hexlabel:632068732074726166666963 | |
1793 | Output = 649f88a321910f7e079515517de528f096ad00b460f700ca3a42249ffb0f198c | |
1794 | ||
1795 | KDF = TLS13-KDF | |
1796 | Ctrl.mode = mode:EXPAND_ONLY | |
1797 | Ctrl.digest = digest:SHA2-256 | |
1798 | Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d | |
1799 | Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24 | |
1800 | Ctrl.prefix = hexprefix:746c73313320 | |
1801 | Ctrl.label = hexlabel:732068732074726166666963 | |
1802 | Output = 591cccb532575b11f3f7644305fc98b39b4ab5e857884b83f112eded0748d86c | |
1803 | ||
1804 | KDF = TLS13-KDF | |
1805 | Ctrl.mode = mode:EXTRACT_ONLY | |
1806 | Ctrl.digest = digest:SHA2-256 | |
1807 | Ctrl.salt = hexsalt:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d | |
1808 | Ctrl.prefix = hexprefix:746c73313320 | |
1809 | Ctrl.label = hexlabel:64657269766564 | |
1810 | Output = 9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 | |
1811 | ||
1812 | KDF = TLS13-KDF | |
1813 | Ctrl.mode = mode:EXPAND_ONLY | |
1814 | Ctrl.digest = digest:SHA2-256 | |
1815 | Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 | |
1816 | Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 | |
1817 | Ctrl.prefix = hexprefix:746c73313320 | |
1818 | Ctrl.label = hexlabel:632061702074726166666963 | |
1819 | Output = 3b5e42c71b7f84c0c533c5b33fb677e5dbd00fa19461643a9f9a28ac68d33a34 | |
1820 | ||
1821 | KDF = TLS13-KDF | |
1822 | Ctrl.mode = mode:EXPAND_ONLY | |
1823 | Ctrl.digest = digest:SHA2-256 | |
1824 | Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 | |
1825 | Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 | |
1826 | Ctrl.prefix = hexprefix:746c73313320 | |
1827 | Ctrl.label = hexlabel:732061702074726166666963 | |
1828 | Output = 0755417db746dbca652cac12fc9e272f2ee1d65b7ddb95be3a1458cc0feb7ceb | |
1829 | ||
1830 | KDF = TLS13-KDF | |
1831 | Ctrl.mode = mode:EXPAND_ONLY | |
1832 | Ctrl.digest = digest:SHA2-256 | |
1833 | Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 | |
1834 | Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216 | |
1835 | Ctrl.prefix = hexprefix:746c73313320 | |
1836 | Ctrl.label = hexlabel:657870206d6173746572 | |
1837 | Output = 7e518bab7a36df94f3e43c022300afcc5219c4a0b0353d7ec8d7b81a957fe8b3 | |
1838 | ||
1839 | KDF = TLS13-KDF | |
1840 | Ctrl.mode = mode:EXPAND_ONLY | |
1841 | Ctrl.digest = digest:SHA2-256 | |
1842 | Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710 | |
1843 | Ctrl.data = hexdata:05e757c9c7a0a88a5242f101a8b9813ff7c28cbb60f82fe8d64efb3b29e2a35f | |
1844 | Ctrl.prefix = hexprefix:746c73313320 | |
1845 | Ctrl.label = hexlabel:726573206d6173746572 | |
1846 | Output = 9df1f3a9a73ccf046ae832e6567f0381df1c279051d5e8d3d438533a8e3c286e | |
1847 | ||
1848 | # New TLS 1.3 session starts here | |
1849 | ||
1850 | KDF = TLS13-KDF | |
1851 | Ctrl.mode = mode:EXTRACT_ONLY | |
1852 | Ctrl.digest = digest:SHA2-256 | |
1853 | Ctrl.key = hexkey:1d6a3ca45771b6de38bfa21ef1b18c7f392dc245a40a678638ff703bc429cdfa | |
1854 | Output = e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd | |
1855 | ||
1856 | KDF = TLS13-KDF | |
1857 | Ctrl.mode = mode:EXPAND_ONLY | |
1858 | Ctrl.digest = digest:SHA2-256 | |
1859 | Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd | |
1860 | Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4 | |
1861 | Ctrl.prefix = hexprefix:746c73313320 | |
1862 | Ctrl.label = hexlabel:6320652074726166666963 | |
1863 | Output = 35379b66e3989f860493b7f1a19d35a6b1786ead286f058b291a9e45f154984d | |
1864 | ||
1865 | KDF = TLS13-KDF | |
1866 | Ctrl.mode = mode:EXPAND_ONLY | |
1867 | Ctrl.digest = digest:SHA2-256 | |
1868 | Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd | |
1869 | Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4 | |
1870 | Ctrl.prefix = hexprefix:746c73313320 | |
1871 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1872 | Output = 3c06224ebfe816c633c1ca1785d1b9c234b41a050608cd24d3873f3e8caf3c6d | |
1873 | ||
1874 | KDF = TLS13-KDF | |
1875 | Ctrl.mode = mode:EXTRACT_ONLY | |
1876 | Ctrl.digest = digest:SHA2-256 | |
1877 | Ctrl.salt = hexsalt:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd | |
1878 | Ctrl.prefix = hexprefix:746c73313320 | |
1879 | Ctrl.label = hexlabel:64657269766564 | |
1880 | Output = 43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 | |
1881 | ||
1882 | KDF = TLS13-KDF | |
1883 | Ctrl.mode = mode:EXPAND_ONLY | |
1884 | Ctrl.digest = digest:SHA2-256 | |
1885 | Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 | |
1886 | Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf | |
1887 | Ctrl.prefix = hexprefix:746c73313320 | |
1888 | Ctrl.label = hexlabel:632068732074726166666963 | |
1889 | Output = 9d2d1d2d3aef26d116c4e8ae64c9cfc785c34b4e48ebed03291c05d97fbed48c | |
1890 | ||
1891 | KDF = TLS13-KDF | |
1892 | Ctrl.mode = mode:EXPAND_ONLY | |
1893 | Ctrl.digest = digest:SHA2-256 | |
1894 | Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 | |
1895 | Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf | |
1896 | Ctrl.prefix = hexprefix:746c73313320 | |
1897 | Ctrl.label = hexlabel:732068732074726166666963 | |
1898 | Output = 8def30bd06498ab5d3687e1d5b7b255a4d8f0a350fff033e09fdedac103b33af | |
1899 | ||
1900 | KDF = TLS13-KDF | |
1901 | Ctrl.mode = mode:EXTRACT_ONLY | |
1902 | Ctrl.digest = digest:SHA2-256 | |
1903 | Ctrl.salt = hexsalt:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237 | |
1904 | Ctrl.prefix = hexprefix:746c73313320 | |
1905 | Ctrl.label = hexlabel:64657269766564 | |
1906 | Output = bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 | |
1907 | ||
1908 | KDF = TLS13-KDF | |
1909 | Ctrl.mode = mode:EXPAND_ONLY | |
1910 | Ctrl.digest = digest:SHA2-256 | |
1911 | Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 | |
1912 | Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 | |
1913 | Ctrl.prefix = hexprefix:746c73313320 | |
1914 | Ctrl.label = hexlabel:632061702074726166666963 | |
1915 | Output = e45932f62656d9b4a4424d25b0dee0edc4dd7e5cd97ed559826ac2dc8753e234 | |
1916 | ||
1917 | KDF = TLS13-KDF | |
1918 | Ctrl.mode = mode:EXPAND_ONLY | |
1919 | Ctrl.digest = digest:SHA2-256 | |
1920 | Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 | |
1921 | Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 | |
1922 | Ctrl.prefix = hexprefix:746c73313320 | |
1923 | Ctrl.label = hexlabel:732061702074726166666963 | |
1924 | Output = 79e88b3776b65e1cf86e1652c1fa503b0fa9f425fb2d7f12ed980c82aea480d8 | |
1925 | ||
1926 | KDF = TLS13-KDF | |
1927 | Ctrl.mode = mode:EXPAND_ONLY | |
1928 | Ctrl.digest = digest:SHA2-256 | |
1929 | Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 | |
1930 | Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8 | |
1931 | Ctrl.prefix = hexprefix:746c73313320 | |
1932 | Ctrl.label = hexlabel:657870206d6173746572 | |
1933 | Output = a99de25f23b4c3b53e0f94c20e4cacbf69449eb6662ede20ecaf80f4b3588549 | |
1934 | ||
1935 | KDF = TLS13-KDF | |
1936 | Ctrl.mode = mode:EXPAND_ONLY | |
1937 | Ctrl.digest = digest:SHA2-256 | |
1938 | Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749 | |
1939 | Ctrl.data = hexdata:093be188157ab8ebdbc0862581178d451a89a496eec1d75a735c63745346d07e | |
1940 | Ctrl.prefix = hexprefix:746c73313320 | |
1941 | Ctrl.label = hexlabel:726573206d6173746572 | |
1942 | Output = 5d068f2083afa672d025b89c6883a7d47899352d1f534f757cf9d046f42f2158 | |
1943 | ||
1944 | # New TLS 1.3 session starts here | |
1945 | ||
1946 | KDF = TLS13-KDF | |
1947 | Ctrl.mode = mode:EXTRACT_ONLY | |
1948 | Ctrl.digest = digest:SHA2-256 | |
1949 | Ctrl.key = hexkey:b5c0634df696089d878e37b775c4c2f03f42748cec9dfc12661a8b888ed40685 | |
1950 | Output = c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 | |
1951 | ||
1952 | KDF = TLS13-KDF | |
1953 | Ctrl.mode = mode:EXPAND_ONLY | |
1954 | Ctrl.digest = digest:SHA2-256 | |
1955 | Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 | |
1956 | Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a | |
1957 | Ctrl.prefix = hexprefix:746c73313320 | |
1958 | Ctrl.label = hexlabel:6320652074726166666963 | |
1959 | Output = cb5f4de81d60d9d8537b365b4311014a1380808c3b9c3a98a25dace58c0961c4 | |
1960 | ||
1961 | KDF = TLS13-KDF | |
1962 | Ctrl.mode = mode:EXPAND_ONLY | |
1963 | Ctrl.digest = digest:SHA2-256 | |
1964 | Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 | |
1965 | Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a | |
1966 | Ctrl.prefix = hexprefix:746c73313320 | |
1967 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
1968 | Output = 7aa5d4b291c159958c1781f0833e8dabf48ccd0d93553fbda644fea6ab1d730f | |
1969 | ||
1970 | KDF = TLS13-KDF | |
1971 | Ctrl.mode = mode:EXTRACT_ONLY | |
1972 | Ctrl.digest = digest:SHA2-256 | |
1973 | Ctrl.salt = hexsalt:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795 | |
1974 | Ctrl.prefix = hexprefix:746c73313320 | |
1975 | Ctrl.label = hexlabel:64657269766564 | |
1976 | Output = cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 | |
1977 | ||
1978 | KDF = TLS13-KDF | |
1979 | Ctrl.mode = mode:EXPAND_ONLY | |
1980 | Ctrl.digest = digest:SHA2-256 | |
1981 | Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 | |
1982 | Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d | |
1983 | Ctrl.prefix = hexprefix:746c73313320 | |
1984 | Ctrl.label = hexlabel:632068732074726166666963 | |
1985 | Output = bd18fde839dd5b186595135f6cce58f544c35168753489956d3bfc1691fdc9ea | |
1986 | ||
1987 | KDF = TLS13-KDF | |
1988 | Ctrl.mode = mode:EXPAND_ONLY | |
1989 | Ctrl.digest = digest:SHA2-256 | |
1990 | Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 | |
1991 | Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d | |
1992 | Ctrl.prefix = hexprefix:746c73313320 | |
1993 | Ctrl.label = hexlabel:732068732074726166666963 | |
1994 | Output = bd404aafe66f33b525da924eab5a01330eed5e6792c18a2733594efa5fbe1770 | |
1995 | ||
1996 | KDF = TLS13-KDF | |
1997 | Ctrl.mode = mode:EXTRACT_ONLY | |
1998 | Ctrl.digest = digest:SHA2-256 | |
1999 | Ctrl.salt = hexsalt:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306 | |
2000 | Ctrl.prefix = hexprefix:746c73313320 | |
2001 | Ctrl.label = hexlabel:64657269766564 | |
2002 | Output = 17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 | |
2003 | ||
2004 | KDF = TLS13-KDF | |
2005 | Ctrl.mode = mode:EXPAND_ONLY | |
2006 | Ctrl.digest = digest:SHA2-256 | |
2007 | Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 | |
2008 | Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e | |
2009 | Ctrl.prefix = hexprefix:746c73313320 | |
2010 | Ctrl.label = hexlabel:632061702074726166666963 | |
2011 | Output = 4a28e31a44a9084c31045bab3cd9ca4bb7cc6c0a7a3339265919b6dbbf9bd439 | |
2012 | ||
2013 | KDF = TLS13-KDF | |
2014 | Ctrl.mode = mode:EXPAND_ONLY | |
2015 | Ctrl.digest = digest:SHA2-256 | |
2016 | Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 | |
2017 | Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e | |
2018 | Ctrl.prefix = hexprefix:746c73313320 | |
2019 | Ctrl.label = hexlabel:732061702074726166666963 | |
2020 | Output = 8f7bcfb0a364acb09af591dbfbd1f5d76a1b5da68eb86e22633e3d4ffd4ffb3b | |
2021 | ||
2022 | KDF = TLS13-KDF | |
2023 | Ctrl.mode = mode:EXPAND_ONLY | |
2024 | Ctrl.digest = digest:SHA2-256 | |
2025 | Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 | |
2026 | Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e | |
2027 | Ctrl.prefix = hexprefix:746c73313320 | |
2028 | Ctrl.label = hexlabel:657870206d6173746572 | |
2029 | Output = 3d5d45e78c540d05a19ee723ef075ff5c30e4e637af9075a519224751bf73cbb | |
2030 | ||
2031 | KDF = TLS13-KDF | |
2032 | Ctrl.mode = mode:EXPAND_ONLY | |
2033 | Ctrl.digest = digest:SHA2-256 | |
2034 | Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5 | |
2035 | Ctrl.data = hexdata:0f147eef330ea13e24db0e4f0f99ef57e226fcd893bcad0aa775736043a5678c | |
2036 | Ctrl.prefix = hexprefix:746c73313320 | |
2037 | Ctrl.label = hexlabel:726573206d6173746572 | |
2038 | Output = 865f8cf4b1065211f6c79e2a269fc5d292c496389458ee1defdbdecdae3c178e | |
2039 | ||
2040 | # New TLS 1.3 session starts here | |
2041 | ||
2042 | KDF = TLS13-KDF | |
2043 | Ctrl.mode = mode:EXTRACT_ONLY | |
2044 | Ctrl.digest = digest:SHA2-256 | |
2045 | Ctrl.key = hexkey:c83e2d0710fea2c69df3ddb8e44ab8eff77b331b5bab68693150cb57024bb513 | |
2046 | Output = 670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 | |
2047 | ||
2048 | KDF = TLS13-KDF | |
2049 | Ctrl.mode = mode:EXPAND_ONLY | |
2050 | Ctrl.digest = digest:SHA2-256 | |
2051 | Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 | |
2052 | Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6 | |
2053 | Ctrl.prefix = hexprefix:746c73313320 | |
2054 | Ctrl.label = hexlabel:6320652074726166666963 | |
2055 | Output = da288713ae469437c7d49934f87461dec0884cc1c075d0c2b80467c9b497493e | |
2056 | ||
2057 | KDF = TLS13-KDF | |
2058 | Ctrl.mode = mode:EXPAND_ONLY | |
2059 | Ctrl.digest = digest:SHA2-256 | |
2060 | Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 | |
2061 | Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6 | |
2062 | Ctrl.prefix = hexprefix:746c73313320 | |
2063 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2064 | Output = 9c4d05cc523e7486fa518512c15697e8da785182c9a07553d185634653ad57e1 | |
2065 | ||
2066 | KDF = TLS13-KDF | |
2067 | Ctrl.mode = mode:EXTRACT_ONLY | |
2068 | Ctrl.digest = digest:SHA2-256 | |
2069 | Ctrl.key = hexkey:3b2a40cdb43badc2354bbcab3232f150a29cdb6d701a4d954e53f93122ddb384 | |
2070 | Ctrl.salt = hexsalt:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7 | |
2071 | Ctrl.prefix = hexprefix:746c73313320 | |
2072 | Ctrl.label = hexlabel:64657269766564 | |
2073 | Output = 0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 | |
2074 | ||
2075 | KDF = TLS13-KDF | |
2076 | Ctrl.mode = mode:EXPAND_ONLY | |
2077 | Ctrl.digest = digest:SHA2-256 | |
2078 | Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 | |
2079 | Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac | |
2080 | Ctrl.prefix = hexprefix:746c73313320 | |
2081 | Ctrl.label = hexlabel:632068732074726166666963 | |
2082 | Output = 11ca6d097742c16dd5b42af8508d46771fac61ad30120f1eeffd90b8c0ecb0d9 | |
2083 | ||
2084 | KDF = TLS13-KDF | |
2085 | Ctrl.mode = mode:EXPAND_ONLY | |
2086 | Ctrl.digest = digest:SHA2-256 | |
2087 | Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 | |
2088 | Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac | |
2089 | Ctrl.prefix = hexprefix:746c73313320 | |
2090 | Ctrl.label = hexlabel:732068732074726166666963 | |
2091 | Output = 4305a71a34bdb5e0821501b4bdd271593ab82dd4532cc273fed3db050ac2c1b6 | |
2092 | ||
2093 | KDF = TLS13-KDF | |
2094 | Ctrl.mode = mode:EXTRACT_ONLY | |
2095 | Ctrl.digest = digest:SHA2-256 | |
2096 | Ctrl.salt = hexsalt:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3 | |
2097 | Ctrl.prefix = hexprefix:746c73313320 | |
2098 | Ctrl.label = hexlabel:64657269766564 | |
2099 | Output = 59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c | |
2100 | ||
2101 | KDF = TLS13-KDF | |
2102 | Ctrl.mode = mode:EXPAND_ONLY | |
2103 | Ctrl.digest = digest:SHA2-256 | |
2104 | Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c | |
2105 | Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e | |
2106 | Ctrl.prefix = hexprefix:746c73313320 | |
2107 | Ctrl.label = hexlabel:632061702074726166666963 | |
2108 | Output = 403399b9a3b3d8c729e488aedf59572057288184d845f65762965638d9044f02 | |
2109 | ||
2110 | KDF = TLS13-KDF | |
2111 | Ctrl.mode = mode:EXPAND_ONLY | |
2112 | Ctrl.digest = digest:SHA2-256 | |
2113 | Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c | |
2114 | Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e | |
2115 | Ctrl.prefix = hexprefix:746c73313320 | |
2116 | Ctrl.label = hexlabel:732061702074726166666963 | |
2117 | Output = 84c047db046fe61aff8a08b1baf4d2d19cc64e5d8520e0a7b0d53cf1c4a0d931 | |
2118 | ||
2119 | KDF = TLS13-KDF | |
2120 | Ctrl.mode = mode:EXPAND_ONLY | |
2121 | Ctrl.digest = digest:SHA2-256 | |
2122 | Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c | |
2123 | Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e | |
2124 | Ctrl.prefix = hexprefix:746c73313320 | |
2125 | Ctrl.label = hexlabel:657870206d6173746572 | |
2126 | Output = 4ff1809a55380799faac1c9e7795f61d2f2e8d94e05076a863cf0624b2f7910e | |
2127 | ||
2128 | KDF = TLS13-KDF | |
2129 | Ctrl.mode = mode:EXPAND_ONLY | |
2130 | Ctrl.digest = digest:SHA2-256 | |
2131 | Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c | |
2132 | Ctrl.data = hexdata:b3a2661fca9d2bd11f011da167daa18d7d705dffae6987ef1410fa932543bbc0 | |
2133 | Ctrl.prefix = hexprefix:746c73313320 | |
2134 | Ctrl.label = hexlabel:726573206d6173746572 | |
2135 | Output = c5fced915b2f444eba12a1dbda3487a2054201378640682a3a668a1513f6a232 | |
2136 | ||
2137 | # New TLS 1.3 session starts here | |
2138 | ||
2139 | KDF = TLS13-KDF | |
2140 | Ctrl.mode = mode:EXTRACT_ONLY | |
2141 | Ctrl.digest = digest:SHA2-256 | |
2142 | Ctrl.key = hexkey:76d2def296a73bbbe2c0c58061fda9a8486a65fe0d25a312061a33de39665229 | |
2143 | Output = aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab | |
2144 | ||
2145 | KDF = TLS13-KDF | |
2146 | Ctrl.mode = mode:EXPAND_ONLY | |
2147 | Ctrl.digest = digest:SHA2-256 | |
2148 | Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab | |
2149 | Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd | |
2150 | Ctrl.prefix = hexprefix:746c73313320 | |
2151 | Ctrl.label = hexlabel:6320652074726166666963 | |
2152 | Output = d2a135057bcf8843aed48c7c37a8d891ca459ac6def66950c57cf849a60cad9b | |
2153 | ||
2154 | KDF = TLS13-KDF | |
2155 | Ctrl.mode = mode:EXPAND_ONLY | |
2156 | Ctrl.digest = digest:SHA2-256 | |
2157 | Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab | |
2158 | Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd | |
2159 | Ctrl.prefix = hexprefix:746c73313320 | |
2160 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2161 | Output = 5c920375f607f4b1a179d31aff80074b3357108960051a22de8e001aa6979c0f | |
2162 | ||
2163 | KDF = TLS13-KDF | |
2164 | Ctrl.mode = mode:EXTRACT_ONLY | |
2165 | Ctrl.digest = digest:SHA2-256 | |
2166 | Ctrl.key = hexkey:3313848ca37d8491646fd92c252257742d983c65090bc542c9a03fd4b26e9b1c | |
2167 | Ctrl.salt = hexsalt:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab | |
2168 | Ctrl.prefix = hexprefix:746c73313320 | |
2169 | Ctrl.label = hexlabel:64657269766564 | |
2170 | Output = 3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 | |
2171 | ||
2172 | KDF = TLS13-KDF | |
2173 | Ctrl.mode = mode:EXPAND_ONLY | |
2174 | Ctrl.digest = digest:SHA2-256 | |
2175 | Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 | |
2176 | Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3 | |
2177 | Ctrl.prefix = hexprefix:746c73313320 | |
2178 | Ctrl.label = hexlabel:632068732074726166666963 | |
2179 | Output = 929e776e48697a19220f40bcdb91d17aa81c72609dad9e44ce504a9b1b1a3666 | |
2180 | ||
2181 | KDF = TLS13-KDF | |
2182 | Ctrl.mode = mode:EXPAND_ONLY | |
2183 | Ctrl.digest = digest:SHA2-256 | |
2184 | Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 | |
2185 | Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3 | |
2186 | Ctrl.prefix = hexprefix:746c73313320 | |
2187 | Ctrl.label = hexlabel:732068732074726166666963 | |
2188 | Output = ca770b94d778f80d7bf5e9c57385d311944074fc971d4509666d9fd2da082f6f | |
2189 | ||
2190 | KDF = TLS13-KDF | |
2191 | Ctrl.mode = mode:EXTRACT_ONLY | |
2192 | Ctrl.digest = digest:SHA2-256 | |
2193 | Ctrl.salt = hexsalt:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9 | |
2194 | Ctrl.prefix = hexprefix:746c73313320 | |
2195 | Ctrl.label = hexlabel:64657269766564 | |
2196 | Output = c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 | |
2197 | ||
2198 | KDF = TLS13-KDF | |
2199 | Ctrl.mode = mode:EXPAND_ONLY | |
2200 | Ctrl.digest = digest:SHA2-256 | |
2201 | Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 | |
2202 | Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 | |
2203 | Ctrl.prefix = hexprefix:746c73313320 | |
2204 | Ctrl.label = hexlabel:632061702074726166666963 | |
2205 | Output = 9cbdcf2aab74218e206b09990759afacf0b0fc6e9663df2ef3b1be8baa04137f | |
2206 | ||
2207 | KDF = TLS13-KDF | |
2208 | Ctrl.mode = mode:EXPAND_ONLY | |
2209 | Ctrl.digest = digest:SHA2-256 | |
2210 | Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 | |
2211 | Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 | |
2212 | Ctrl.prefix = hexprefix:746c73313320 | |
2213 | Ctrl.label = hexlabel:732061702074726166666963 | |
2214 | Output = 68b56ade508cb9a80659247476e9bc51e11a2bf8996abcf31ef7ca40db8ce038 | |
2215 | ||
2216 | KDF = TLS13-KDF | |
2217 | Ctrl.mode = mode:EXPAND_ONLY | |
2218 | Ctrl.digest = digest:SHA2-256 | |
2219 | Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 | |
2220 | Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4 | |
2221 | Ctrl.prefix = hexprefix:746c73313320 | |
2222 | Ctrl.label = hexlabel:657870206d6173746572 | |
2223 | Output = 99b1731836e008fce195b2656a978653fab931ca7568538ea445e07758eaec3e | |
2224 | ||
2225 | KDF = TLS13-KDF | |
2226 | Ctrl.mode = mode:EXPAND_ONLY | |
2227 | Ctrl.digest = digest:SHA2-256 | |
2228 | Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316 | |
2229 | Ctrl.data = hexdata:9d6de017899f4866cf158fbcdff17f9be461b515424fcc68983ea14199b4f93e | |
2230 | Ctrl.prefix = hexprefix:746c73313320 | |
2231 | Ctrl.label = hexlabel:726573206d6173746572 | |
2232 | Output = cfa68b4390998107c071a7a7f05aeaa67c399fbc74ae078d239953d97a9b192c | |
2233 | ||
2234 | # New TLS 1.3 session starts here | |
2235 | ||
2236 | KDF = TLS13-KDF | |
2237 | Ctrl.mode = mode:EXTRACT_ONLY | |
2238 | Ctrl.digest = digest:SHA2-256 | |
2239 | Ctrl.key = hexkey:84e4720169f84d06305f31d48bc80c38533262092dad037431595504652ad812 | |
2240 | Output = e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 | |
2241 | ||
2242 | KDF = TLS13-KDF | |
2243 | Ctrl.mode = mode:EXPAND_ONLY | |
2244 | Ctrl.digest = digest:SHA2-256 | |
2245 | Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 | |
2246 | Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b | |
2247 | Ctrl.prefix = hexprefix:746c73313320 | |
2248 | Ctrl.label = hexlabel:6320652074726166666963 | |
2249 | Output = 4de207e64746e30b0422f9f61bb0d62f3e1559685a5b6231491dbedd7e7d3c70 | |
2250 | ||
2251 | KDF = TLS13-KDF | |
2252 | Ctrl.mode = mode:EXPAND_ONLY | |
2253 | Ctrl.digest = digest:SHA2-256 | |
2254 | Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 | |
2255 | Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b | |
2256 | Ctrl.prefix = hexprefix:746c73313320 | |
2257 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2258 | Output = f98601cd853b472676a12f4d2b0ed496ded451aa7255f2261d9bc6b0e1831e26 | |
2259 | ||
2260 | KDF = TLS13-KDF | |
2261 | Ctrl.mode = mode:EXTRACT_ONLY | |
2262 | Ctrl.digest = digest:SHA2-256 | |
2263 | Ctrl.key = hexkey:0130ef5db75ffa78e0dd43c3c61d887a9153044d2ac8fe4046bb2b0c38034715 | |
2264 | Ctrl.salt = hexsalt:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67 | |
2265 | Ctrl.prefix = hexprefix:746c73313320 | |
2266 | Ctrl.label = hexlabel:64657269766564 | |
2267 | Output = 45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf | |
2268 | ||
2269 | KDF = TLS13-KDF | |
2270 | Ctrl.mode = mode:EXPAND_ONLY | |
2271 | Ctrl.digest = digest:SHA2-256 | |
2272 | Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf | |
2273 | Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0 | |
2274 | Ctrl.prefix = hexprefix:746c73313320 | |
2275 | Ctrl.label = hexlabel:632068732074726166666963 | |
2276 | Output = 5e827d8f0a5198f40ce9a179220c64a5be7ffbb7238a7ce3924af12435517829 | |
2277 | ||
2278 | KDF = TLS13-KDF | |
2279 | Ctrl.mode = mode:EXPAND_ONLY | |
2280 | Ctrl.digest = digest:SHA2-256 | |
2281 | Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf | |
2282 | Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0 | |
2283 | Ctrl.prefix = hexprefix:746c73313320 | |
2284 | Ctrl.label = hexlabel:732068732074726166666963 | |
2285 | Output = cd3650173b74032cd5923eedd2ca939f4986071612025a3931fcbdae424c3fe0 | |
2286 | ||
2287 | KDF = TLS13-KDF | |
2288 | Ctrl.mode = mode:EXTRACT_ONLY | |
2289 | Ctrl.digest = digest:SHA2-256 | |
2290 | Ctrl.salt = hexsalt:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf | |
2291 | Ctrl.prefix = hexprefix:746c73313320 | |
2292 | Ctrl.label = hexlabel:64657269766564 | |
2293 | Output = 305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d | |
2294 | ||
2295 | KDF = TLS13-KDF | |
2296 | Ctrl.mode = mode:EXPAND_ONLY | |
2297 | Ctrl.digest = digest:SHA2-256 | |
2298 | Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d | |
2299 | Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 | |
2300 | Ctrl.prefix = hexprefix:746c73313320 | |
2301 | Ctrl.label = hexlabel:632061702074726166666963 | |
2302 | Output = 87c29eb07ed9d69f4f17d19dbe7d792c96243bcbab5a6ad674d476ab2723f3e9 | |
2303 | ||
2304 | KDF = TLS13-KDF | |
2305 | Ctrl.mode = mode:EXPAND_ONLY | |
2306 | Ctrl.digest = digest:SHA2-256 | |
2307 | Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d | |
2308 | Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 | |
2309 | Ctrl.prefix = hexprefix:746c73313320 | |
2310 | Ctrl.label = hexlabel:732061702074726166666963 | |
2311 | Output = 1bea4e5a0cce346fcf3784bbea219060a733bb9b3d9fbcd51b230df79e7bbaf7 | |
2312 | ||
2313 | KDF = TLS13-KDF | |
2314 | Ctrl.mode = mode:EXPAND_ONLY | |
2315 | Ctrl.digest = digest:SHA2-256 | |
2316 | Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d | |
2317 | Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280 | |
2318 | Ctrl.prefix = hexprefix:746c73313320 | |
2319 | Ctrl.label = hexlabel:657870206d6173746572 | |
2320 | Output = 56ad7e5af0a0c80dedf12d1206d731527e4a19d821ca666b887532da4dafddc2 | |
2321 | ||
2322 | KDF = TLS13-KDF | |
2323 | Ctrl.mode = mode:EXPAND_ONLY | |
2324 | Ctrl.digest = digest:SHA2-256 | |
2325 | Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d | |
2326 | Ctrl.data = hexdata:2f35a4e79e594f9552231c0a20b1c044f335970e1672fcd232ee080e0b1003d5 | |
2327 | Ctrl.prefix = hexprefix:746c73313320 | |
2328 | Ctrl.label = hexlabel:726573206d6173746572 | |
2329 | Output = 439199cbd6c133c77a01fd46314381dac23f9f75bc25a5b6bd3a0c3ae65c213a | |
2330 | ||
2331 | # New TLS 1.3 session starts here | |
2332 | ||
2333 | KDF = TLS13-KDF | |
2334 | Ctrl.mode = mode:EXTRACT_ONLY | |
2335 | Ctrl.digest = digest:SHA2-256 | |
2336 | Ctrl.key = hexkey:846579bee2d8787197afac0ad73a05ace42fdc88973863867f7034edaaa67bab | |
2337 | Output = f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 | |
2338 | ||
2339 | KDF = TLS13-KDF | |
2340 | Ctrl.mode = mode:EXPAND_ONLY | |
2341 | Ctrl.digest = digest:SHA2-256 | |
2342 | Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 | |
2343 | Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9 | |
2344 | Ctrl.prefix = hexprefix:746c73313320 | |
2345 | Ctrl.label = hexlabel:6320652074726166666963 | |
2346 | Output = 539cbdca2eea93fb99498a1828d74e538110602331ca05e2e0a33904dbacc7e0 | |
2347 | ||
2348 | KDF = TLS13-KDF | |
2349 | Ctrl.mode = mode:EXPAND_ONLY | |
2350 | Ctrl.digest = digest:SHA2-256 | |
2351 | Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 | |
2352 | Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9 | |
2353 | Ctrl.prefix = hexprefix:746c73313320 | |
2354 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2355 | Output = c5eed5ccc461fc4eed16ba2d4e73e61ee5e1e65fd37e4c683f754f69300b9d0f | |
2356 | ||
2357 | KDF = TLS13-KDF | |
2358 | Ctrl.mode = mode:EXTRACT_ONLY | |
2359 | Ctrl.digest = digest:SHA2-256 | |
2360 | Ctrl.key = hexkey:0dc18e5c75390fcbff95fd629727fb8561efc9dbf88875aa37e59b204876d016 | |
2361 | Ctrl.salt = hexsalt:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882 | |
2362 | Ctrl.prefix = hexprefix:746c73313320 | |
2363 | Ctrl.label = hexlabel:64657269766564 | |
2364 | Output = a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee | |
2365 | ||
2366 | KDF = TLS13-KDF | |
2367 | Ctrl.mode = mode:EXPAND_ONLY | |
2368 | Ctrl.digest = digest:SHA2-256 | |
2369 | Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee | |
2370 | Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d | |
2371 | Ctrl.prefix = hexprefix:746c73313320 | |
2372 | Ctrl.label = hexlabel:632068732074726166666963 | |
2373 | Output = d2ac822767a490a8087be7adcbcb2e213a98c5bed4a54c827ad2fc19ac0084e1 | |
2374 | ||
2375 | KDF = TLS13-KDF | |
2376 | Ctrl.mode = mode:EXPAND_ONLY | |
2377 | Ctrl.digest = digest:SHA2-256 | |
2378 | Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee | |
2379 | Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d | |
2380 | Ctrl.prefix = hexprefix:746c73313320 | |
2381 | Ctrl.label = hexlabel:732068732074726166666963 | |
2382 | Output = 06613eeefdc210ff2624820604ae88d7160de324b8bfbb279b40bb0caea4b251 | |
2383 | ||
2384 | KDF = TLS13-KDF | |
2385 | Ctrl.mode = mode:EXTRACT_ONLY | |
2386 | Ctrl.digest = digest:SHA2-256 | |
2387 | Ctrl.salt = hexsalt:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee | |
2388 | Ctrl.prefix = hexprefix:746c73313320 | |
2389 | Ctrl.label = hexlabel:64657269766564 | |
2390 | Output = 36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece | |
2391 | ||
2392 | KDF = TLS13-KDF | |
2393 | Ctrl.mode = mode:EXPAND_ONLY | |
2394 | Ctrl.digest = digest:SHA2-256 | |
2395 | Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece | |
2396 | Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 | |
2397 | Ctrl.prefix = hexprefix:746c73313320 | |
2398 | Ctrl.label = hexlabel:632061702074726166666963 | |
2399 | Output = 382e756a88f3dde4b775bc30064877563716e48e05c70382c4b4717b804f7900 | |
2400 | ||
2401 | KDF = TLS13-KDF | |
2402 | Ctrl.mode = mode:EXPAND_ONLY | |
2403 | Ctrl.digest = digest:SHA2-256 | |
2404 | Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece | |
2405 | Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 | |
2406 | Ctrl.prefix = hexprefix:746c73313320 | |
2407 | Ctrl.label = hexlabel:732061702074726166666963 | |
2408 | Output = 08fbcf658bf0ccd792bf9486c8304d5cec3e066fb310e14c642b5e838a80cec2 | |
2409 | ||
2410 | KDF = TLS13-KDF | |
2411 | Ctrl.mode = mode:EXPAND_ONLY | |
2412 | Ctrl.digest = digest:SHA2-256 | |
2413 | Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece | |
2414 | Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140 | |
2415 | Ctrl.prefix = hexprefix:746c73313320 | |
2416 | Ctrl.label = hexlabel:657870206d6173746572 | |
2417 | Output = af263cbe584c6257872182e4259e90dacce4e857c0971e63e90ef68313241f09 | |
2418 | ||
2419 | KDF = TLS13-KDF | |
2420 | Ctrl.mode = mode:EXPAND_ONLY | |
2421 | Ctrl.digest = digest:SHA2-256 | |
2422 | Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece | |
2423 | Ctrl.data = hexdata:db71bdb1435bf594988f4288e9c8aa9d1ffc400d3b74a8f166dfff72ac2d251e | |
2424 | Ctrl.prefix = hexprefix:746c73313320 | |
2425 | Ctrl.label = hexlabel:726573206d6173746572 | |
2426 | Output = f79d066e915aa9fdc491b522536fd389309d93b9e386adbeabf276bc18826a4d | |
2427 | ||
2428 | # New TLS 1.3 session starts here | |
2429 | ||
2430 | KDF = TLS13-KDF | |
2431 | Ctrl.mode = mode:EXTRACT_ONLY | |
2432 | Ctrl.digest = digest:SHA2-256 | |
2433 | Ctrl.key = hexkey:1c48bc355454d145972bf3e2fea127c34443a214ca2df0873d78db5610fd5598 | |
2434 | Output = 4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 | |
2435 | ||
2436 | KDF = TLS13-KDF | |
2437 | Ctrl.mode = mode:EXPAND_ONLY | |
2438 | Ctrl.digest = digest:SHA2-256 | |
2439 | Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 | |
2440 | Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0 | |
2441 | Ctrl.prefix = hexprefix:746c73313320 | |
2442 | Ctrl.label = hexlabel:6320652074726166666963 | |
2443 | Output = 6e9db9369095c899626c20463ddd98d1885e41dac533981bb0d0352ef9874697 | |
2444 | ||
2445 | KDF = TLS13-KDF | |
2446 | Ctrl.mode = mode:EXPAND_ONLY | |
2447 | Ctrl.digest = digest:SHA2-256 | |
2448 | Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 | |
2449 | Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0 | |
2450 | Ctrl.prefix = hexprefix:746c73313320 | |
2451 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2452 | Output = 93877fd5a8a4b5323b8561cfbb0e7cff34d63db1f6c0783de9edaee832a93026 | |
2453 | ||
2454 | KDF = TLS13-KDF | |
2455 | Ctrl.mode = mode:EXTRACT_ONLY | |
2456 | Ctrl.digest = digest:SHA2-256 | |
2457 | Ctrl.key = hexkey:ca08248684cb6529a53900f08a28734f5722193c21e8b01b99b968a4711f67e6 | |
2458 | Ctrl.salt = hexsalt:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017 | |
2459 | Ctrl.prefix = hexprefix:746c73313320 | |
2460 | Ctrl.label = hexlabel:64657269766564 | |
2461 | Output = e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 | |
2462 | ||
2463 | KDF = TLS13-KDF | |
2464 | Ctrl.mode = mode:EXPAND_ONLY | |
2465 | Ctrl.digest = digest:SHA2-256 | |
2466 | Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 | |
2467 | Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200 | |
2468 | Ctrl.prefix = hexprefix:746c73313320 | |
2469 | Ctrl.label = hexlabel:632068732074726166666963 | |
2470 | Output = 18764172b9bf192527e7640b553c49785f49b17c139aec41d9ca711ad5c5aaa5 | |
2471 | ||
2472 | KDF = TLS13-KDF | |
2473 | Ctrl.mode = mode:EXPAND_ONLY | |
2474 | Ctrl.digest = digest:SHA2-256 | |
2475 | Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 | |
2476 | Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200 | |
2477 | Ctrl.prefix = hexprefix:746c73313320 | |
2478 | Ctrl.label = hexlabel:732068732074726166666963 | |
2479 | Output = 07f5837669456a7a5cbadb1f88e8faa50a620e1a0577ef3c4304f4679596ba4d | |
2480 | ||
2481 | KDF = TLS13-KDF | |
2482 | Ctrl.mode = mode:EXTRACT_ONLY | |
2483 | Ctrl.digest = digest:SHA2-256 | |
2484 | Ctrl.salt = hexsalt:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9 | |
2485 | Ctrl.prefix = hexprefix:746c73313320 | |
2486 | Ctrl.label = hexlabel:64657269766564 | |
2487 | Output = 5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b | |
2488 | ||
2489 | KDF = TLS13-KDF | |
2490 | Ctrl.mode = mode:EXPAND_ONLY | |
2491 | Ctrl.digest = digest:SHA2-256 | |
2492 | Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b | |
2493 | Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 | |
2494 | Ctrl.prefix = hexprefix:746c73313320 | |
2495 | Ctrl.label = hexlabel:632061702074726166666963 | |
2496 | Output = 1f145b433d726ad8aed2b3d7a91dbf7dfee700a3a82650c496785c898b7be0f8 | |
2497 | ||
2498 | KDF = TLS13-KDF | |
2499 | Ctrl.mode = mode:EXPAND_ONLY | |
2500 | Ctrl.digest = digest:SHA2-256 | |
2501 | Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b | |
2502 | Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 | |
2503 | Ctrl.prefix = hexprefix:746c73313320 | |
2504 | Ctrl.label = hexlabel:732061702074726166666963 | |
2505 | Output = ba32a25990ad0d52861f0e24e283b1bf2f229c14649867415b8d0ac3c1d55b8e | |
2506 | ||
2507 | KDF = TLS13-KDF | |
2508 | Ctrl.mode = mode:EXPAND_ONLY | |
2509 | Ctrl.digest = digest:SHA2-256 | |
2510 | Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b | |
2511 | Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78 | |
2512 | Ctrl.prefix = hexprefix:746c73313320 | |
2513 | Ctrl.label = hexlabel:657870206d6173746572 | |
2514 | Output = 8d95c36d97d0d724a4a925d30db54fa9a00a7f40491617149f354f6a22abde69 | |
2515 | ||
2516 | KDF = TLS13-KDF | |
2517 | Ctrl.mode = mode:EXPAND_ONLY | |
2518 | Ctrl.digest = digest:SHA2-256 | |
2519 | Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b | |
2520 | Ctrl.data = hexdata:9581b3ed9dff21ace07228323489626f403dda4bf997885e80e23edaaa988d52 | |
2521 | Ctrl.prefix = hexprefix:746c73313320 | |
2522 | Ctrl.label = hexlabel:726573206d6173746572 | |
2523 | Output = 62750f7ddf116735e656c7014c9243b6c57a84f0ba6088f28deea97a91c6f2d3 | |
2524 | ||
2525 | # New TLS 1.3 session starts here | |
2526 | ||
2527 | KDF = TLS13-KDF | |
2528 | Ctrl.mode = mode:EXTRACT_ONLY | |
2529 | Ctrl.digest = digest:SHA2-384 | |
2530 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2531 | ||
2532 | KDF = TLS13-KDF | |
2533 | Ctrl.mode = mode:EXPAND_ONLY | |
2534 | Ctrl.digest = digest:SHA2-384 | |
2535 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2536 | Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf | |
2537 | Ctrl.prefix = hexprefix:746c73313320 | |
2538 | Ctrl.label = hexlabel:6320652074726166666963 | |
2539 | Output = b7af828d2d478d384d2a3c49e4068156de9ecefce3deebf281e2cb0947cd83dd28d1472bcf4b0484a9e2fd3b33d3cb81 | |
2540 | ||
2541 | KDF = TLS13-KDF | |
2542 | Ctrl.mode = mode:EXPAND_ONLY | |
2543 | Ctrl.digest = digest:SHA2-384 | |
2544 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2545 | Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf | |
2546 | Ctrl.prefix = hexprefix:746c73313320 | |
2547 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2548 | Output = 98aaaed14b4ea329d9e1c2c4ae4e1c9fc74b58ca5748acb35be214cc106e23675ba8e7e95bea77aabdcaff37b7180953 | |
2549 | ||
2550 | KDF = TLS13-KDF | |
2551 | Ctrl.mode = mode:EXTRACT_ONLY | |
2552 | Ctrl.digest = digest:SHA2-384 | |
2553 | Ctrl.key = hexkey:69ebe2a6f0cbc6bda4f1fca02786df58a9abde209e15ca02ed167ecdaabaf78c26 | |
2554 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2555 | Ctrl.prefix = hexprefix:746c73313320 | |
2556 | Ctrl.label = hexlabel:64657269766564 | |
2557 | Output = 19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 | |
2558 | ||
2559 | KDF = TLS13-KDF | |
2560 | Ctrl.mode = mode:EXPAND_ONLY | |
2561 | Ctrl.digest = digest:SHA2-384 | |
2562 | Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 | |
2563 | Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d | |
2564 | Ctrl.prefix = hexprefix:746c73313320 | |
2565 | Ctrl.label = hexlabel:632068732074726166666963 | |
2566 | Output = c087814576d3a18ec8cf9d7e0fd4e720f0e32cada8bbfc59d048376d57334ac6847dc2f2e642fcd5f100e187d728c626 | |
2567 | ||
2568 | KDF = TLS13-KDF | |
2569 | Ctrl.mode = mode:EXPAND_ONLY | |
2570 | Ctrl.digest = digest:SHA2-384 | |
2571 | Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 | |
2572 | Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d | |
2573 | Ctrl.prefix = hexprefix:746c73313320 | |
2574 | Ctrl.label = hexlabel:732068732074726166666963 | |
2575 | Output = 0d6a7b15387fb7d8a748a07ddd4b6dc3ed9854410cb6c18515d013a8b0496cb3df1bbad7fa4ca64bec04e42362315269 | |
2576 | ||
2577 | KDF = TLS13-KDF | |
2578 | Ctrl.mode = mode:EXTRACT_ONLY | |
2579 | Ctrl.digest = digest:SHA2-384 | |
2580 | Ctrl.salt = hexsalt:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15 | |
2581 | Ctrl.prefix = hexprefix:746c73313320 | |
2582 | Ctrl.label = hexlabel:64657269766564 | |
2583 | Output = 5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 | |
2584 | ||
2585 | KDF = TLS13-KDF | |
2586 | Ctrl.mode = mode:EXPAND_ONLY | |
2587 | Ctrl.digest = digest:SHA2-384 | |
2588 | Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 | |
2589 | Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca | |
2590 | Ctrl.prefix = hexprefix:746c73313320 | |
2591 | Ctrl.label = hexlabel:632061702074726166666963 | |
2592 | Output = eb4e606e2198835b8733a026ef1c97bd7a8df3da598f32494ebc5809cf697c7999e0154c56399a60ec20b705d50ed9e0 | |
2593 | ||
2594 | KDF = TLS13-KDF | |
2595 | Ctrl.mode = mode:EXPAND_ONLY | |
2596 | Ctrl.digest = digest:SHA2-384 | |
2597 | Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 | |
2598 | Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca | |
2599 | Ctrl.prefix = hexprefix:746c73313320 | |
2600 | Ctrl.label = hexlabel:732061702074726166666963 | |
2601 | Output = 580bb4a16e81ba7b21b1ae7688037bd76684dd8e5e1e9254732685acdcd44dd1a1ce8126815fcdb42f47ac6d8ac7d4b0 | |
2602 | ||
2603 | KDF = TLS13-KDF | |
2604 | Ctrl.mode = mode:EXPAND_ONLY | |
2605 | Ctrl.digest = digest:SHA2-384 | |
2606 | Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 | |
2607 | Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca | |
2608 | Ctrl.prefix = hexprefix:746c73313320 | |
2609 | Ctrl.label = hexlabel:657870206d6173746572 | |
2610 | Output = caa396d3f1b8bfce67752855df1b5150b34613f74d6f02d6f1c3d07cf1f64b1c69d8e4cb129de293de5addca635467c9 | |
2611 | ||
2612 | KDF = TLS13-KDF | |
2613 | Ctrl.mode = mode:EXPAND_ONLY | |
2614 | Ctrl.digest = digest:SHA2-384 | |
2615 | Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8 | |
2616 | Ctrl.data = hexdata:37543f85f9c51e29d5bf1efeb8e82d35633fc1e53a6947453f579cbf3424e036b2d287b068079f9852cb2ed0b1577f65 | |
2617 | Ctrl.prefix = hexprefix:746c73313320 | |
2618 | Ctrl.label = hexlabel:726573206d6173746572 | |
2619 | Output = 0cd8131737f5411766ae31c739a8cf9c6156623c7e8a61960b368469db3df24be159f0dc3ea33489db810edfa38798bc | |
2620 | ||
2621 | # New TLS 1.3 session starts here | |
2622 | ||
2623 | KDF = TLS13-KDF | |
2624 | Ctrl.mode = mode:EXTRACT_ONLY | |
2625 | Ctrl.digest = digest:SHA2-384 | |
2626 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2627 | ||
2628 | KDF = TLS13-KDF | |
2629 | Ctrl.mode = mode:EXPAND_ONLY | |
2630 | Ctrl.digest = digest:SHA2-384 | |
2631 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2632 | Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714 | |
2633 | Ctrl.prefix = hexprefix:746c73313320 | |
2634 | Ctrl.label = hexlabel:6320652074726166666963 | |
2635 | Output = 9ea652bed125a4f5eb038bb92b45bb2206a885536280cdd33dc04837b9f243ce60ac08f6a1b60e410e1cbe6da2d1bfa5 | |
2636 | ||
2637 | KDF = TLS13-KDF | |
2638 | Ctrl.mode = mode:EXPAND_ONLY | |
2639 | Ctrl.digest = digest:SHA2-384 | |
2640 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2641 | Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714 | |
2642 | Ctrl.prefix = hexprefix:746c73313320 | |
2643 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2644 | Output = 379bac9dbc4c02bd651db88b2109402259526992a6be8051052046baafabfcba43ecc95b85b212eefeb82abb9bf6342c | |
2645 | ||
2646 | KDF = TLS13-KDF | |
2647 | Ctrl.mode = mode:EXTRACT_ONLY | |
2648 | Ctrl.digest = digest:SHA2-384 | |
2649 | Ctrl.key = hexkey:afd957f59d3891c7dc0274a3f017f1002e81694fdc48890f9b1f174eea8335ab20 | |
2650 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2651 | Ctrl.prefix = hexprefix:746c73313320 | |
2652 | Ctrl.label = hexlabel:64657269766564 | |
2653 | Output = 040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac | |
2654 | ||
2655 | KDF = TLS13-KDF | |
2656 | Ctrl.mode = mode:EXPAND_ONLY | |
2657 | Ctrl.digest = digest:SHA2-384 | |
2658 | Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac | |
2659 | Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690 | |
2660 | Ctrl.prefix = hexprefix:746c73313320 | |
2661 | Ctrl.label = hexlabel:632068732074726166666963 | |
2662 | Output = 8cf001ed150ee074eef37bc5ed369b46e5f47b022cdafc1feb8b506037983e2d7344ee7836348d66ad945507adea2852 | |
2663 | ||
2664 | KDF = TLS13-KDF | |
2665 | Ctrl.mode = mode:EXPAND_ONLY | |
2666 | Ctrl.digest = digest:SHA2-384 | |
2667 | Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac | |
2668 | Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690 | |
2669 | Ctrl.prefix = hexprefix:746c73313320 | |
2670 | Ctrl.label = hexlabel:732068732074726166666963 | |
2671 | Output = f920e99ce8b8765d9a4656ee00da97d5c26f9c9194202de256a27be7414ef6292bd0694ec07b6a7ceb50d31cec440645 | |
2672 | ||
2673 | KDF = TLS13-KDF | |
2674 | Ctrl.mode = mode:EXTRACT_ONLY | |
2675 | Ctrl.digest = digest:SHA2-384 | |
2676 | Ctrl.salt = hexsalt:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac | |
2677 | Ctrl.prefix = hexprefix:746c73313320 | |
2678 | Ctrl.label = hexlabel:64657269766564 | |
2679 | Output = e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 | |
2680 | ||
2681 | KDF = TLS13-KDF | |
2682 | Ctrl.mode = mode:EXPAND_ONLY | |
2683 | Ctrl.digest = digest:SHA2-384 | |
2684 | Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 | |
2685 | Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b | |
2686 | Ctrl.prefix = hexprefix:746c73313320 | |
2687 | Ctrl.label = hexlabel:632061702074726166666963 | |
2688 | Output = 7053327731504219b522361396d6aba6d401bb4b5eabb9d05065c97b30b1cf704418740437b5afe6f4c3e1663d4fb602 | |
2689 | ||
2690 | KDF = TLS13-KDF | |
2691 | Ctrl.mode = mode:EXPAND_ONLY | |
2692 | Ctrl.digest = digest:SHA2-384 | |
2693 | Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 | |
2694 | Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b | |
2695 | Ctrl.prefix = hexprefix:746c73313320 | |
2696 | Ctrl.label = hexlabel:732061702074726166666963 | |
2697 | Output = 9b8e8196e2aaf0e1d8840fff8d17f7b2911a4f8cfd06a30d05a28792b4c6800bd0f0bac01552945733e7995ec67573f3 | |
2698 | ||
2699 | KDF = TLS13-KDF | |
2700 | Ctrl.mode = mode:EXPAND_ONLY | |
2701 | Ctrl.digest = digest:SHA2-384 | |
2702 | Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 | |
2703 | Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b | |
2704 | Ctrl.prefix = hexprefix:746c73313320 | |
2705 | Ctrl.label = hexlabel:657870206d6173746572 | |
2706 | Output = 48f982ca8046c850fe5431eee4c043e78c0a96c7ba87dcc97b9afc69ae2d0dd18f9fd2054f811976774098a91f7917b2 | |
2707 | ||
2708 | KDF = TLS13-KDF | |
2709 | Ctrl.mode = mode:EXPAND_ONLY | |
2710 | Ctrl.digest = digest:SHA2-384 | |
2711 | Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694 | |
2712 | Ctrl.data = hexdata:5f458dd3261694b6a3f57918a94dfeb7c77851441bfee4dd2d118051abdb945d37c74bee575fe52d71d6ff696991893a | |
2713 | Ctrl.prefix = hexprefix:746c73313320 | |
2714 | Ctrl.label = hexlabel:726573206d6173746572 | |
2715 | Output = f3a292849c0daa0abf9257cdd5b5c2f92092a904a80f017d1020fbe33637e2733d583332aa212d942d70f7fe30f15677 | |
2716 | ||
2717 | # New TLS 1.3 session starts here | |
2718 | ||
2719 | KDF = TLS13-KDF | |
2720 | Ctrl.mode = mode:EXTRACT_ONLY | |
2721 | Ctrl.digest = digest:SHA2-384 | |
2722 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2723 | ||
2724 | KDF = TLS13-KDF | |
2725 | Ctrl.mode = mode:EXPAND_ONLY | |
2726 | Ctrl.digest = digest:SHA2-384 | |
2727 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2728 | Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8 | |
2729 | Ctrl.prefix = hexprefix:746c73313320 | |
2730 | Ctrl.label = hexlabel:6320652074726166666963 | |
2731 | Output = 3cec2e60c6386fa9edad0635132eab0ece3eee9bd71e8884813cca61d3da3a7dfbfd9a4775a9e69510fb9455cd9bdcd9 | |
2732 | ||
2733 | KDF = TLS13-KDF | |
2734 | Ctrl.mode = mode:EXPAND_ONLY | |
2735 | Ctrl.digest = digest:SHA2-384 | |
2736 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2737 | Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8 | |
2738 | Ctrl.prefix = hexprefix:746c73313320 | |
2739 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2740 | Output = 80c3e31156ad5bfd762b27d3f30bfa8a12f26eb0eb41ffe5cb155187b9a50178856f54e97076bb57518caad873cbd9d3 | |
2741 | ||
2742 | KDF = TLS13-KDF | |
2743 | Ctrl.mode = mode:EXTRACT_ONLY | |
2744 | Ctrl.digest = digest:SHA2-384 | |
2745 | Ctrl.key = hexkey:0ccc950ef8aa96c6b282e24741769bfb271d08a8b59324f6b08c6ef700d9a57049 | |
2746 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2747 | Ctrl.prefix = hexprefix:746c73313320 | |
2748 | Ctrl.label = hexlabel:64657269766564 | |
2749 | Output = af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef | |
2750 | ||
2751 | KDF = TLS13-KDF | |
2752 | Ctrl.mode = mode:EXPAND_ONLY | |
2753 | Ctrl.digest = digest:SHA2-384 | |
2754 | Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef | |
2755 | Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1 | |
2756 | Ctrl.prefix = hexprefix:746c73313320 | |
2757 | Ctrl.label = hexlabel:632068732074726166666963 | |
2758 | Output = cf114347819d9818f848be8662e1d88125558b48c5aa85b9fc51cb21934eaf6821c281beef7e8daece6ab7e48bdde433 | |
2759 | ||
2760 | KDF = TLS13-KDF | |
2761 | Ctrl.mode = mode:EXPAND_ONLY | |
2762 | Ctrl.digest = digest:SHA2-384 | |
2763 | Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef | |
2764 | Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1 | |
2765 | Ctrl.prefix = hexprefix:746c73313320 | |
2766 | Ctrl.label = hexlabel:732068732074726166666963 | |
2767 | Output = 531d87cc6e5319d60dd7b3b068249930572459219ec6d7dac14ebe6e79619f21a2cc370086f2090ac52e4e361d715ca5 | |
2768 | ||
2769 | KDF = TLS13-KDF | |
2770 | Ctrl.mode = mode:EXTRACT_ONLY | |
2771 | Ctrl.digest = digest:SHA2-384 | |
2772 | Ctrl.salt = hexsalt:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef | |
2773 | Ctrl.prefix = hexprefix:746c73313320 | |
2774 | Ctrl.label = hexlabel:64657269766564 | |
2775 | Output = 93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 | |
2776 | ||
2777 | KDF = TLS13-KDF | |
2778 | Ctrl.mode = mode:EXPAND_ONLY | |
2779 | Ctrl.digest = digest:SHA2-384 | |
2780 | Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 | |
2781 | Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 | |
2782 | Ctrl.prefix = hexprefix:746c73313320 | |
2783 | Ctrl.label = hexlabel:632061702074726166666963 | |
2784 | Output = 92f638eaff114606821a19f881474502b3e761f70dc6b942280fbf2bc2b37976b4dc9c92bedb3c62e0a57d0d51259f75 | |
2785 | ||
2786 | KDF = TLS13-KDF | |
2787 | Ctrl.mode = mode:EXPAND_ONLY | |
2788 | Ctrl.digest = digest:SHA2-384 | |
2789 | Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 | |
2790 | Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 | |
2791 | Ctrl.prefix = hexprefix:746c73313320 | |
2792 | Ctrl.label = hexlabel:732061702074726166666963 | |
2793 | Output = 4d46be5133166d6b700177efc6ae82d6f35532d2bb5e25b7e8dc4cccbe8f3a2c232002e3ed88dea06bdfe637e7f87f65 | |
2794 | ||
2795 | KDF = TLS13-KDF | |
2796 | Ctrl.mode = mode:EXPAND_ONLY | |
2797 | Ctrl.digest = digest:SHA2-384 | |
2798 | Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 | |
2799 | Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29 | |
2800 | Ctrl.prefix = hexprefix:746c73313320 | |
2801 | Ctrl.label = hexlabel:657870206d6173746572 | |
2802 | Output = bc93830f69c49b15adec691b878ad08eba5bef6e721464dca985473456864231bde995571e9a3762d5db89c9e76f792b | |
2803 | ||
2804 | KDF = TLS13-KDF | |
2805 | Ctrl.mode = mode:EXPAND_ONLY | |
2806 | Ctrl.digest = digest:SHA2-384 | |
2807 | Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2 | |
2808 | Ctrl.data = hexdata:6847a6b4f5923482be779c96ab86e9f0e05d8b50d3deaa160f9806e53021d0eaac196371f01b0e523def730935ff5d60 | |
2809 | Ctrl.prefix = hexprefix:746c73313320 | |
2810 | Ctrl.label = hexlabel:726573206d6173746572 | |
2811 | Output = 35dae76a13277d942955c4a0ee6f03d540493184bb609be848d5ce0e0b3bdabfb62028e60eb006c1ef4dbcd5b5706e79 | |
2812 | ||
2813 | # New TLS 1.3 session starts here | |
2814 | ||
2815 | KDF = TLS13-KDF | |
2816 | Ctrl.mode = mode:EXTRACT_ONLY | |
2817 | Ctrl.digest = digest:SHA2-384 | |
2818 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2819 | ||
2820 | KDF = TLS13-KDF | |
2821 | Ctrl.mode = mode:EXPAND_ONLY | |
2822 | Ctrl.digest = digest:SHA2-384 | |
2823 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2824 | Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e | |
2825 | Ctrl.prefix = hexprefix:746c73313320 | |
2826 | Ctrl.label = hexlabel:6320652074726166666963 | |
2827 | Output = 8523607e3e5c9af1847211985f78397ead777b35d4b105c5176593131f3530709c60c8585b44250d770a4635db1a9980 | |
2828 | ||
2829 | KDF = TLS13-KDF | |
2830 | Ctrl.mode = mode:EXPAND_ONLY | |
2831 | Ctrl.digest = digest:SHA2-384 | |
2832 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2833 | Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e | |
2834 | Ctrl.prefix = hexprefix:746c73313320 | |
2835 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2836 | Output = 638a7cab97994346d8a0cbab1a2d62ab83c924d91a8e4cd0df1dfa5e2803ff0770d41dd5000a2e0794e06aedfa52e43c | |
2837 | ||
2838 | KDF = TLS13-KDF | |
2839 | Ctrl.mode = mode:EXTRACT_ONLY | |
2840 | Ctrl.digest = digest:SHA2-384 | |
2841 | Ctrl.key = hexkey:cd6f89d27bd11c9256080283dbce48f51375f74ae31658cb811c0bf8f991f11311 | |
2842 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2843 | Ctrl.prefix = hexprefix:746c73313320 | |
2844 | Ctrl.label = hexlabel:64657269766564 | |
2845 | Output = a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 | |
2846 | ||
2847 | KDF = TLS13-KDF | |
2848 | Ctrl.mode = mode:EXPAND_ONLY | |
2849 | Ctrl.digest = digest:SHA2-384 | |
2850 | Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 | |
2851 | Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31 | |
2852 | Ctrl.prefix = hexprefix:746c73313320 | |
2853 | Ctrl.label = hexlabel:632068732074726166666963 | |
2854 | Output = dfc278a206e08140fcfab6dbd56687bbf8279e5669c5272dc737654db955168de3e796c1b96dbd5f54ef31e578e228b1 | |
2855 | ||
2856 | KDF = TLS13-KDF | |
2857 | Ctrl.mode = mode:EXPAND_ONLY | |
2858 | Ctrl.digest = digest:SHA2-384 | |
2859 | Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 | |
2860 | Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31 | |
2861 | Ctrl.prefix = hexprefix:746c73313320 | |
2862 | Ctrl.label = hexlabel:732068732074726166666963 | |
2863 | Output = cf79486a3d6be7736df39ea7127b32b6968f7cfed044f6f1fea84cd63361e11582689aa5b9c082c93c466e9265094da5 | |
2864 | ||
2865 | KDF = TLS13-KDF | |
2866 | Ctrl.mode = mode:EXTRACT_ONLY | |
2867 | Ctrl.digest = digest:SHA2-384 | |
2868 | Ctrl.salt = hexsalt:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113 | |
2869 | Ctrl.prefix = hexprefix:746c73313320 | |
2870 | Ctrl.label = hexlabel:64657269766564 | |
2871 | Output = e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b | |
2872 | ||
2873 | KDF = TLS13-KDF | |
2874 | Ctrl.mode = mode:EXPAND_ONLY | |
2875 | Ctrl.digest = digest:SHA2-384 | |
2876 | Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b | |
2877 | Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 | |
2878 | Ctrl.prefix = hexprefix:746c73313320 | |
2879 | Ctrl.label = hexlabel:632061702074726166666963 | |
2880 | Output = 5f3cdcf3ba4ace0797f4057bddc682a08fc87f8dc1fc22ea081881bfdb4d12e304339ee2afd4de9d5f532656fab410a5 | |
2881 | ||
2882 | KDF = TLS13-KDF | |
2883 | Ctrl.mode = mode:EXPAND_ONLY | |
2884 | Ctrl.digest = digest:SHA2-384 | |
2885 | Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b | |
2886 | Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 | |
2887 | Ctrl.prefix = hexprefix:746c73313320 | |
2888 | Ctrl.label = hexlabel:732061702074726166666963 | |
2889 | Output = ff655c4b338b8db54474a5f810cef029c9fcd96f7b264818692695373f74585f20584fbf434d200f2b47862a797ed052 | |
2890 | ||
2891 | KDF = TLS13-KDF | |
2892 | Ctrl.mode = mode:EXPAND_ONLY | |
2893 | Ctrl.digest = digest:SHA2-384 | |
2894 | Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b | |
2895 | Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306 | |
2896 | Ctrl.prefix = hexprefix:746c73313320 | |
2897 | Ctrl.label = hexlabel:657870206d6173746572 | |
2898 | Output = 78a1e7c8f28704c2dc74ad35cfa88d79858449099daa274ff6fbc8c7ab60a00949e7c91f50bcc2f351af349fa1f4d912 | |
2899 | ||
2900 | KDF = TLS13-KDF | |
2901 | Ctrl.mode = mode:EXPAND_ONLY | |
2902 | Ctrl.digest = digest:SHA2-384 | |
2903 | Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b | |
2904 | Ctrl.data = hexdata:5d469943c925e80019b2e5e7c0556cfef6e6184125a1e9f1455fe7df95f8efbb5298f033c7a34a0433af8c804d4d08c8 | |
2905 | Ctrl.prefix = hexprefix:746c73313320 | |
2906 | Ctrl.label = hexlabel:726573206d6173746572 | |
2907 | Output = 17fccc64a56ff0967de7552a4dbe131eba2fea98dab6ea1d8b53fa86ae73b6ba837d989080c2f3cb7199b533fcddca0f | |
2908 | ||
2909 | # New TLS 1.3 session starts here | |
2910 | ||
2911 | KDF = TLS13-KDF | |
2912 | Ctrl.mode = mode:EXTRACT_ONLY | |
2913 | Ctrl.digest = digest:SHA2-384 | |
2914 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2915 | ||
2916 | KDF = TLS13-KDF | |
2917 | Ctrl.mode = mode:EXPAND_ONLY | |
2918 | Ctrl.digest = digest:SHA2-384 | |
2919 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2920 | Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20 | |
2921 | Ctrl.prefix = hexprefix:746c73313320 | |
2922 | Ctrl.label = hexlabel:6320652074726166666963 | |
2923 | Output = 7b4fbea544f26b5a16a26b9b9b45a76531871daca970f56fe121de31a718abfca41c041d0c7a5da3c65e6635e40a53a5 | |
2924 | ||
2925 | KDF = TLS13-KDF | |
2926 | Ctrl.mode = mode:EXPAND_ONLY | |
2927 | Ctrl.digest = digest:SHA2-384 | |
2928 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2929 | Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20 | |
2930 | Ctrl.prefix = hexprefix:746c73313320 | |
2931 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
2932 | Output = bd94d381832c448f4ba15c98343152382b61903d0f4644ef19ce53a75507a3eae68cc24114aa67c6a6e42a20f9358e1a | |
2933 | ||
2934 | KDF = TLS13-KDF | |
2935 | Ctrl.mode = mode:EXTRACT_ONLY | |
2936 | Ctrl.digest = digest:SHA2-384 | |
2937 | Ctrl.key = hexkey:6829094ea40dfe78cb9936cf95eff5888ebbdb087bb287b890ad2ab124f64d222e | |
2938 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
2939 | Ctrl.prefix = hexprefix:746c73313320 | |
2940 | Ctrl.label = hexlabel:64657269766564 | |
2941 | Output = f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 | |
2942 | ||
2943 | KDF = TLS13-KDF | |
2944 | Ctrl.mode = mode:EXPAND_ONLY | |
2945 | Ctrl.digest = digest:SHA2-384 | |
2946 | Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 | |
2947 | Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b | |
2948 | Ctrl.prefix = hexprefix:746c73313320 | |
2949 | Ctrl.label = hexlabel:632068732074726166666963 | |
2950 | Output = 11edee9dd7f7f70a1106b9db5096cb55acc0ddedbac1c042c9bbcc9ec95f60c7428af61fcb30f83e9f324a1d0833f743 | |
2951 | ||
2952 | KDF = TLS13-KDF | |
2953 | Ctrl.mode = mode:EXPAND_ONLY | |
2954 | Ctrl.digest = digest:SHA2-384 | |
2955 | Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 | |
2956 | Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b | |
2957 | Ctrl.prefix = hexprefix:746c73313320 | |
2958 | Ctrl.label = hexlabel:732068732074726166666963 | |
2959 | Output = 7836f550debcc3933937f7d04fc6a5d5150f220a5bd6ea6c743aa843027ea8c97220b79f746d08f8504a61f7b5815e11 | |
2960 | ||
2961 | KDF = TLS13-KDF | |
2962 | Ctrl.mode = mode:EXTRACT_ONLY | |
2963 | Ctrl.digest = digest:SHA2-384 | |
2964 | Ctrl.salt = hexsalt:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43 | |
2965 | Ctrl.prefix = hexprefix:746c73313320 | |
2966 | Ctrl.label = hexlabel:64657269766564 | |
2967 | Output = aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 | |
2968 | ||
2969 | KDF = TLS13-KDF | |
2970 | Ctrl.mode = mode:EXPAND_ONLY | |
2971 | Ctrl.digest = digest:SHA2-384 | |
2972 | Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 | |
2973 | Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d | |
2974 | Ctrl.prefix = hexprefix:746c73313320 | |
2975 | Ctrl.label = hexlabel:632061702074726166666963 | |
2976 | Output = b13cde3c6dce710537f6eaa538feef006710081d4f600e2fe3e54c82c217db99cb0d616b79b43f0a3b4c6d477f379432 | |
2977 | ||
2978 | KDF = TLS13-KDF | |
2979 | Ctrl.mode = mode:EXPAND_ONLY | |
2980 | Ctrl.digest = digest:SHA2-384 | |
2981 | Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 | |
2982 | Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d | |
2983 | Ctrl.prefix = hexprefix:746c73313320 | |
2984 | Ctrl.label = hexlabel:732061702074726166666963 | |
2985 | Output = f31d0fc7abc50b7b4e671eb15441b559d635f928b3fb406362107d6312aa2aee8e6edc5904f275e145bf699b43e91dc9 | |
2986 | ||
2987 | KDF = TLS13-KDF | |
2988 | Ctrl.mode = mode:EXPAND_ONLY | |
2989 | Ctrl.digest = digest:SHA2-384 | |
2990 | Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 | |
2991 | Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d | |
2992 | Ctrl.prefix = hexprefix:746c73313320 | |
2993 | Ctrl.label = hexlabel:657870206d6173746572 | |
2994 | Output = 18dd5faaa96109c04f4f1ebb454b259aeedf288938c75bcb53213789d5efb450cb068e7fc82f8ddf934108390d1b8824 | |
2995 | ||
2996 | KDF = TLS13-KDF | |
2997 | Ctrl.mode = mode:EXPAND_ONLY | |
2998 | Ctrl.digest = digest:SHA2-384 | |
2999 | Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02 | |
3000 | Ctrl.data = hexdata:097d40e52726a966258ad8860a005bfc09d00502ad4a8bd741188d95a1501bc2468bb4ace05aa6cccb3ce0664de814a6 | |
3001 | Ctrl.prefix = hexprefix:746c73313320 | |
3002 | Ctrl.label = hexlabel:726573206d6173746572 | |
3003 | Output = 3b5fc3f285bb93f59aa710cd294443a8e2835ebe170ef653222ca38bbacbff38251a836f8fd0705c9e734f547d89b5b0 | |
3004 | ||
3005 | # New TLS 1.3 session starts here | |
3006 | ||
3007 | KDF = TLS13-KDF | |
3008 | Ctrl.mode = mode:EXTRACT_ONLY | |
3009 | Ctrl.digest = digest:SHA2-384 | |
3010 | Ctrl.key = hexkey:8d552361c11a65c87f2118e14bd4fb35b3a3191bb3ae6b4877e4d6a8ee7a221956f4 | |
3011 | Output = 4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 | |
3012 | ||
3013 | KDF = TLS13-KDF | |
3014 | Ctrl.mode = mode:EXPAND_ONLY | |
3015 | Ctrl.digest = digest:SHA2-384 | |
3016 | Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 | |
3017 | Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52 | |
3018 | Ctrl.prefix = hexprefix:746c73313320 | |
3019 | Ctrl.label = hexlabel:6320652074726166666963 | |
3020 | Output = b6aeb75145d044afb9091680cc3e1c94e0ad92994f5986e5cfb0441d12bad5be3727b6d41e16a395704fd30e4a04f28a | |
3021 | ||
3022 | KDF = TLS13-KDF | |
3023 | Ctrl.mode = mode:EXPAND_ONLY | |
3024 | Ctrl.digest = digest:SHA2-384 | |
3025 | Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 | |
3026 | Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52 | |
3027 | Ctrl.prefix = hexprefix:746c73313320 | |
3028 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3029 | Output = 9eaa4fb09fb6cd5c94c0ead11d065c0fe846bad38098b9afaa258682e3f9ab0a6f2c14fedec5a9733d08814ce2c9484f | |
3030 | ||
3031 | KDF = TLS13-KDF | |
3032 | Ctrl.mode = mode:EXTRACT_ONLY | |
3033 | Ctrl.digest = digest:SHA2-384 | |
3034 | Ctrl.salt = hexsalt:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30 | |
3035 | Ctrl.prefix = hexprefix:746c73313320 | |
3036 | Ctrl.label = hexlabel:64657269766564 | |
3037 | Output = fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 | |
3038 | ||
3039 | KDF = TLS13-KDF | |
3040 | Ctrl.mode = mode:EXPAND_ONLY | |
3041 | Ctrl.digest = digest:SHA2-384 | |
3042 | Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 | |
3043 | Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b | |
3044 | Ctrl.prefix = hexprefix:746c73313320 | |
3045 | Ctrl.label = hexlabel:632068732074726166666963 | |
3046 | Output = 3edeed16646bfd7c54b088155f2fb9ecab99cc7db84f8c1a3db0cf0f6164d77e451dfaaab26f0b65c9cf88726aa84c90 | |
3047 | ||
3048 | KDF = TLS13-KDF | |
3049 | Ctrl.mode = mode:EXPAND_ONLY | |
3050 | Ctrl.digest = digest:SHA2-384 | |
3051 | Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 | |
3052 | Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b | |
3053 | Ctrl.prefix = hexprefix:746c73313320 | |
3054 | Ctrl.label = hexlabel:732068732074726166666963 | |
3055 | Output = 3a74c1f904c563bdab90b0f5b5de4a444f0da7395df6fed82352af9233060904640d98dbad43dae0a99483d588d68ef0 | |
3056 | ||
3057 | KDF = TLS13-KDF | |
3058 | Ctrl.mode = mode:EXTRACT_ONLY | |
3059 | Ctrl.digest = digest:SHA2-384 | |
3060 | Ctrl.salt = hexsalt:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0 | |
3061 | Ctrl.prefix = hexprefix:746c73313320 | |
3062 | Ctrl.label = hexlabel:64657269766564 | |
3063 | Output = 4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 | |
3064 | ||
3065 | KDF = TLS13-KDF | |
3066 | Ctrl.mode = mode:EXPAND_ONLY | |
3067 | Ctrl.digest = digest:SHA2-384 | |
3068 | Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 | |
3069 | Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d | |
3070 | Ctrl.prefix = hexprefix:746c73313320 | |
3071 | Ctrl.label = hexlabel:632061702074726166666963 | |
3072 | Output = b4b6d860927ac8b40e25fe6b813c7ea70ef4568528cad8ab1ebdd4854bcc0fe3b28786592dfd964e67eba564b1c554ea | |
3073 | ||
3074 | KDF = TLS13-KDF | |
3075 | Ctrl.mode = mode:EXPAND_ONLY | |
3076 | Ctrl.digest = digest:SHA2-384 | |
3077 | Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 | |
3078 | Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d | |
3079 | Ctrl.prefix = hexprefix:746c73313320 | |
3080 | Ctrl.label = hexlabel:732061702074726166666963 | |
3081 | Output = 8cf769bed70425785e28d1e78129cd9eabef64327ebbd96ebaca547b0d28580f1db20ac110eef29d82ac40813f9a044b | |
3082 | ||
3083 | KDF = TLS13-KDF | |
3084 | Ctrl.mode = mode:EXPAND_ONLY | |
3085 | Ctrl.digest = digest:SHA2-384 | |
3086 | Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 | |
3087 | Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d | |
3088 | Ctrl.prefix = hexprefix:746c73313320 | |
3089 | Ctrl.label = hexlabel:657870206d6173746572 | |
3090 | Output = 0aff8ca80517eb3391f25ad81a5eb9307637d352d07b5047190fc384ed1b536b52b0b25a8349d7c8bab3923cbe10f63c | |
3091 | ||
3092 | KDF = TLS13-KDF | |
3093 | Ctrl.mode = mode:EXPAND_ONLY | |
3094 | Ctrl.digest = digest:SHA2-384 | |
3095 | Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7 | |
3096 | Ctrl.data = hexdata:5ac100d7b27ab146f0eb4766005ce1b1b49ffc087991ccc06552c23076b009be34ec0523ed3c33836c6e4007de3e592d | |
3097 | Ctrl.prefix = hexprefix:746c73313320 | |
3098 | Ctrl.label = hexlabel:726573206d6173746572 | |
3099 | Output = c68a76b70f6664359aed4a054ea30ce1f2e4a91b0fd99b1effc6969fd1d9be98a09f685e2aae7558a136185ab36e5e4f | |
3100 | ||
3101 | # New TLS 1.3 session starts here | |
3102 | ||
3103 | KDF = TLS13-KDF | |
3104 | Ctrl.mode = mode:EXTRACT_ONLY | |
3105 | Ctrl.digest = digest:SHA2-384 | |
3106 | Ctrl.key = hexkey:2ebcb08306728f71249a9c9ca9d53115ba0fd2cc0b63bf690f9236b2516a47d0696d | |
3107 | Output = 38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 | |
3108 | ||
3109 | KDF = TLS13-KDF | |
3110 | Ctrl.mode = mode:EXPAND_ONLY | |
3111 | Ctrl.digest = digest:SHA2-384 | |
3112 | Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 | |
3113 | Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d | |
3114 | Ctrl.prefix = hexprefix:746c73313320 | |
3115 | Ctrl.label = hexlabel:6320652074726166666963 | |
3116 | Output = f440521d6595c7177d167bb3516f896bf47d362ab140f55306b7da7a9df1fd936e0f619d0eb6806fc6d04437f1e86747 | |
3117 | ||
3118 | KDF = TLS13-KDF | |
3119 | Ctrl.mode = mode:EXPAND_ONLY | |
3120 | Ctrl.digest = digest:SHA2-384 | |
3121 | Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 | |
3122 | Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d | |
3123 | Ctrl.prefix = hexprefix:746c73313320 | |
3124 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3125 | Output = cc9a09d1f6e7479fc48ac997d83f1a9af0d5301d10d8fab41bf0b29c1e464118e58dd7100f7633c0a59eeff50a5773ab | |
3126 | ||
3127 | KDF = TLS13-KDF | |
3128 | Ctrl.mode = mode:EXTRACT_ONLY | |
3129 | Ctrl.digest = digest:SHA2-384 | |
3130 | Ctrl.salt = hexsalt:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465 | |
3131 | Ctrl.prefix = hexprefix:746c73313320 | |
3132 | Ctrl.label = hexlabel:64657269766564 | |
3133 | Output = 383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 | |
3134 | ||
3135 | KDF = TLS13-KDF | |
3136 | Ctrl.mode = mode:EXPAND_ONLY | |
3137 | Ctrl.digest = digest:SHA2-384 | |
3138 | Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 | |
3139 | Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1 | |
3140 | Ctrl.prefix = hexprefix:746c73313320 | |
3141 | Ctrl.label = hexlabel:632068732074726166666963 | |
3142 | Output = 86c7556537dad08499e20f9a424e0e1683af4a53617acb763881482b3f3cc78336246f81a1e5cc62cd699920eff0a9cb | |
3143 | ||
3144 | KDF = TLS13-KDF | |
3145 | Ctrl.mode = mode:EXPAND_ONLY | |
3146 | Ctrl.digest = digest:SHA2-384 | |
3147 | Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 | |
3148 | Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1 | |
3149 | Ctrl.prefix = hexprefix:746c73313320 | |
3150 | Ctrl.label = hexlabel:732068732074726166666963 | |
3151 | Output = 67391f7c78f569458c5216784af513f5ea049e3d2b3a120fda04ec5d79b659067fc1f8bac821bfa65b8585c1d974919e | |
3152 | ||
3153 | KDF = TLS13-KDF | |
3154 | Ctrl.mode = mode:EXTRACT_ONLY | |
3155 | Ctrl.digest = digest:SHA2-384 | |
3156 | Ctrl.salt = hexsalt:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7 | |
3157 | Ctrl.prefix = hexprefix:746c73313320 | |
3158 | Ctrl.label = hexlabel:64657269766564 | |
3159 | Output = 841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 | |
3160 | ||
3161 | KDF = TLS13-KDF | |
3162 | Ctrl.mode = mode:EXPAND_ONLY | |
3163 | Ctrl.digest = digest:SHA2-384 | |
3164 | Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 | |
3165 | Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 | |
3166 | Ctrl.prefix = hexprefix:746c73313320 | |
3167 | Ctrl.label = hexlabel:632061702074726166666963 | |
3168 | Output = 96a17b111ac35dbb36ef4e581c96b4c6cae7e881adaf234c2455c1d8ad16089df1ad2e52141ef755b0476ccd618770fb | |
3169 | ||
3170 | KDF = TLS13-KDF | |
3171 | Ctrl.mode = mode:EXPAND_ONLY | |
3172 | Ctrl.digest = digest:SHA2-384 | |
3173 | Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 | |
3174 | Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 | |
3175 | Ctrl.prefix = hexprefix:746c73313320 | |
3176 | Ctrl.label = hexlabel:732061702074726166666963 | |
3177 | Output = 98b00bc80a58a985dd722ee096df34e1be84f0bda2d57abe2b9f9c6852439805d0400e0f1b1647f38fdbe65f148ab708 | |
3178 | ||
3179 | KDF = TLS13-KDF | |
3180 | Ctrl.mode = mode:EXPAND_ONLY | |
3181 | Ctrl.digest = digest:SHA2-384 | |
3182 | Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 | |
3183 | Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544 | |
3184 | Ctrl.prefix = hexprefix:746c73313320 | |
3185 | Ctrl.label = hexlabel:657870206d6173746572 | |
3186 | Output = 8b1a1cbae365cbb11dc43033954694ed7d380c6ebb2e7be69a6919f89e0508769f8ef8428a86b0448e5e89f07a7f2337 | |
3187 | ||
3188 | KDF = TLS13-KDF | |
3189 | Ctrl.mode = mode:EXPAND_ONLY | |
3190 | Ctrl.digest = digest:SHA2-384 | |
3191 | Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5 | |
3192 | Ctrl.data = hexdata:7e9a0c28e3f74322aba45bd272aaa50dc6b980ac6df6264673123bbacd366cf4c34b4f21d9c4175f88ca66e00b51ed4e | |
3193 | Ctrl.prefix = hexprefix:746c73313320 | |
3194 | Ctrl.label = hexlabel:726573206d6173746572 | |
3195 | Output = 656905d7ea03b8b0d4b3205f8d6f8a0a94a38fb502f6cbd656856ea39ac1e56f6092a8cd4146bfccc34694cf933ccf5a | |
3196 | ||
3197 | # New TLS 1.3 session starts here | |
3198 | ||
3199 | KDF = TLS13-KDF | |
3200 | Ctrl.mode = mode:EXTRACT_ONLY | |
3201 | Ctrl.digest = digest:SHA2-384 | |
3202 | Ctrl.key = hexkey:f83d4d1b185c8048bf809417aff978f5a11e273f85f32b5d300023862311fb3d065c | |
3203 | Output = 34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 | |
3204 | ||
3205 | KDF = TLS13-KDF | |
3206 | Ctrl.mode = mode:EXPAND_ONLY | |
3207 | Ctrl.digest = digest:SHA2-384 | |
3208 | Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 | |
3209 | Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60 | |
3210 | Ctrl.prefix = hexprefix:746c73313320 | |
3211 | Ctrl.label = hexlabel:6320652074726166666963 | |
3212 | Output = b1f6485f84452614abbc9747e660e6b55ecf118fce063aad511840adeb91c5f5fedc08098f5a74e41b6e5cf0ce23652a | |
3213 | ||
3214 | KDF = TLS13-KDF | |
3215 | Ctrl.mode = mode:EXPAND_ONLY | |
3216 | Ctrl.digest = digest:SHA2-384 | |
3217 | Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 | |
3218 | Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60 | |
3219 | Ctrl.prefix = hexprefix:746c73313320 | |
3220 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3221 | Output = 12025b376c8629f261864e978feeff98ab1a1212e84c88248159bea4187210c012059fad3758651b37861bc550f3c0be | |
3222 | ||
3223 | KDF = TLS13-KDF | |
3224 | Ctrl.mode = mode:EXTRACT_ONLY | |
3225 | Ctrl.digest = digest:SHA2-384 | |
3226 | Ctrl.salt = hexsalt:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358 | |
3227 | Ctrl.prefix = hexprefix:746c73313320 | |
3228 | Ctrl.label = hexlabel:64657269766564 | |
3229 | Output = b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 | |
3230 | ||
3231 | KDF = TLS13-KDF | |
3232 | Ctrl.mode = mode:EXPAND_ONLY | |
3233 | Ctrl.digest = digest:SHA2-384 | |
3234 | Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 | |
3235 | Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04 | |
3236 | Ctrl.prefix = hexprefix:746c73313320 | |
3237 | Ctrl.label = hexlabel:632068732074726166666963 | |
3238 | Output = 6aabce40a3acc0e953db1cb8b21e47d4644e108324aa4058f9ca2703da1c4500f78ad47287a441d13dbe1f5a98a97887 | |
3239 | ||
3240 | KDF = TLS13-KDF | |
3241 | Ctrl.mode = mode:EXPAND_ONLY | |
3242 | Ctrl.digest = digest:SHA2-384 | |
3243 | Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 | |
3244 | Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04 | |
3245 | Ctrl.prefix = hexprefix:746c73313320 | |
3246 | Ctrl.label = hexlabel:732068732074726166666963 | |
3247 | Output = 4d0f32ce9a86530a1f9cad218be9f38ecbd50f1deb30bf42b450e93bce059a98d25c1be9d918f6b1ca9ddcacdd9b4db8 | |
3248 | ||
3249 | KDF = TLS13-KDF | |
3250 | Ctrl.mode = mode:EXTRACT_ONLY | |
3251 | Ctrl.digest = digest:SHA2-384 | |
3252 | Ctrl.salt = hexsalt:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564 | |
3253 | Ctrl.prefix = hexprefix:746c73313320 | |
3254 | Ctrl.label = hexlabel:64657269766564 | |
3255 | Output = 979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 | |
3256 | ||
3257 | KDF = TLS13-KDF | |
3258 | Ctrl.mode = mode:EXPAND_ONLY | |
3259 | Ctrl.digest = digest:SHA2-384 | |
3260 | Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 | |
3261 | Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 | |
3262 | Ctrl.prefix = hexprefix:746c73313320 | |
3263 | Ctrl.label = hexlabel:632061702074726166666963 | |
3264 | Output = cf3a30ab60be054d04ff82fd94bb296403a1f51b630ba13df261acea3a648f19f32777b2ad568c084c317401af7e6201 | |
3265 | ||
3266 | KDF = TLS13-KDF | |
3267 | Ctrl.mode = mode:EXPAND_ONLY | |
3268 | Ctrl.digest = digest:SHA2-384 | |
3269 | Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 | |
3270 | Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 | |
3271 | Ctrl.prefix = hexprefix:746c73313320 | |
3272 | Ctrl.label = hexlabel:732061702074726166666963 | |
3273 | Output = 86b6f7a7a937a30a1ef165da03141270f40f9b8bdb84bed8ca200984b7415e2f5ab2eb663a8ea4f70d4c5613318c4d7c | |
3274 | ||
3275 | KDF = TLS13-KDF | |
3276 | Ctrl.mode = mode:EXPAND_ONLY | |
3277 | Ctrl.digest = digest:SHA2-384 | |
3278 | Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 | |
3279 | Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714 | |
3280 | Ctrl.prefix = hexprefix:746c73313320 | |
3281 | Ctrl.label = hexlabel:657870206d6173746572 | |
3282 | Output = cf6b0c13f121942acd855da7f2658dfdc59c816290664f7e8c8750d38d961a87e663e6c59f5b89b8477738eeaa76dc40 | |
3283 | ||
3284 | KDF = TLS13-KDF | |
3285 | Ctrl.mode = mode:EXPAND_ONLY | |
3286 | Ctrl.digest = digest:SHA2-384 | |
3287 | Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68 | |
3288 | Ctrl.data = hexdata:8b958cce832b7cb2381a90cf82ebd72ee8a89cd804ffde338e707603ce544db3a11cd9afa317751b48d959c750047d88 | |
3289 | Ctrl.prefix = hexprefix:746c73313320 | |
3290 | Ctrl.label = hexlabel:726573206d6173746572 | |
3291 | Output = c947b9b68f77e4aef96ab3fe06f9214fecc7f6344b3558bfdd40dd3e6bbfcfe69cf0420f7a24998d8d387b6f85683038 | |
3292 | ||
3293 | # New TLS 1.3 session starts here | |
3294 | ||
3295 | KDF = TLS13-KDF | |
3296 | Ctrl.mode = mode:EXTRACT_ONLY | |
3297 | Ctrl.digest = digest:SHA2-384 | |
3298 | Ctrl.key = hexkey:042e669b52a5e563597e050b84755a685dfc62dba6a393af0aa1cb4047c2ae7442ee | |
3299 | Output = 4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa | |
3300 | ||
3301 | KDF = TLS13-KDF | |
3302 | Ctrl.mode = mode:EXPAND_ONLY | |
3303 | Ctrl.digest = digest:SHA2-384 | |
3304 | Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa | |
3305 | Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020 | |
3306 | Ctrl.prefix = hexprefix:746c73313320 | |
3307 | Ctrl.label = hexlabel:6320652074726166666963 | |
3308 | Output = 1779cfae5a472401c6df4971092f9e915b97d6dcf29e142dfbacff9c1781a8b8626d38296d7599a0de57593f3a7f7572 | |
3309 | ||
3310 | KDF = TLS13-KDF | |
3311 | Ctrl.mode = mode:EXPAND_ONLY | |
3312 | Ctrl.digest = digest:SHA2-384 | |
3313 | Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa | |
3314 | Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020 | |
3315 | Ctrl.prefix = hexprefix:746c73313320 | |
3316 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3317 | Output = 337022f95da2b5ced71d41e35fd4d63c44270af18c51df8abd54943ec5a583a95b218fcce741384b826e3c0f3b34cb45 | |
3318 | ||
3319 | KDF = TLS13-KDF | |
3320 | Ctrl.mode = mode:EXTRACT_ONLY | |
3321 | Ctrl.digest = digest:SHA2-384 | |
3322 | Ctrl.salt = hexsalt:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa | |
3323 | Ctrl.prefix = hexprefix:746c73313320 | |
3324 | Ctrl.label = hexlabel:64657269766564 | |
3325 | Output = 3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 | |
3326 | ||
3327 | KDF = TLS13-KDF | |
3328 | Ctrl.mode = mode:EXPAND_ONLY | |
3329 | Ctrl.digest = digest:SHA2-384 | |
3330 | Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 | |
3331 | Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4 | |
3332 | Ctrl.prefix = hexprefix:746c73313320 | |
3333 | Ctrl.label = hexlabel:632068732074726166666963 | |
3334 | Output = 83272868aa2517b5163422b3b93b0f97a34541b27ce5a771f702b9ae088fd73eab282db646f23d5ce499de0f0503b95d | |
3335 | ||
3336 | KDF = TLS13-KDF | |
3337 | Ctrl.mode = mode:EXPAND_ONLY | |
3338 | Ctrl.digest = digest:SHA2-384 | |
3339 | Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 | |
3340 | Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4 | |
3341 | Ctrl.prefix = hexprefix:746c73313320 | |
3342 | Ctrl.label = hexlabel:732068732074726166666963 | |
3343 | Output = d4a42d79131a720358da9f9a8a4b56684f127f8e2cd0bb03b4fd23e519924696062d1288fb416ec0fa90530fef576dc4 | |
3344 | ||
3345 | KDF = TLS13-KDF | |
3346 | Ctrl.mode = mode:EXTRACT_ONLY | |
3347 | Ctrl.digest = digest:SHA2-384 | |
3348 | Ctrl.salt = hexsalt:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510 | |
3349 | Ctrl.prefix = hexprefix:746c73313320 | |
3350 | Ctrl.label = hexlabel:64657269766564 | |
3351 | Output = fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 | |
3352 | ||
3353 | KDF = TLS13-KDF | |
3354 | Ctrl.mode = mode:EXPAND_ONLY | |
3355 | Ctrl.digest = digest:SHA2-384 | |
3356 | Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 | |
3357 | Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 | |
3358 | Ctrl.prefix = hexprefix:746c73313320 | |
3359 | Ctrl.label = hexlabel:632061702074726166666963 | |
3360 | Output = b85370eea397bbff07af997282e64d95d16bab298a884b0e076174f2c1731371100e219c9ebe0395786c7571bdb1250f | |
3361 | ||
3362 | KDF = TLS13-KDF | |
3363 | Ctrl.mode = mode:EXPAND_ONLY | |
3364 | Ctrl.digest = digest:SHA2-384 | |
3365 | Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 | |
3366 | Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 | |
3367 | Ctrl.prefix = hexprefix:746c73313320 | |
3368 | Ctrl.label = hexlabel:732061702074726166666963 | |
3369 | Output = 058fcbc86aee05c1611daa116d823e4cbc90806048bc7c06818dc93f5a7cb88ffc556107da7cfdfd36322bdb46bac809 | |
3370 | ||
3371 | KDF = TLS13-KDF | |
3372 | Ctrl.mode = mode:EXPAND_ONLY | |
3373 | Ctrl.digest = digest:SHA2-384 | |
3374 | Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 | |
3375 | Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97 | |
3376 | Ctrl.prefix = hexprefix:746c73313320 | |
3377 | Ctrl.label = hexlabel:657870206d6173746572 | |
3378 | Output = 8ed866879bdaa4df92512530bc5ae51fee9fa014a128296cc4fc160650ac76977f2a8c2f9531e0ad492fec186c980ef9 | |
3379 | ||
3380 | KDF = TLS13-KDF | |
3381 | Ctrl.mode = mode:EXPAND_ONLY | |
3382 | Ctrl.digest = digest:SHA2-384 | |
3383 | Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570 | |
3384 | Ctrl.data = hexdata:57551aa889d3bd4633864a9975afbd649baffaa5608d3d3cdd7cb594f72de6af9b08f9b8fe0eb961275b07701a5dfef7 | |
3385 | Ctrl.prefix = hexprefix:746c73313320 | |
3386 | Ctrl.label = hexlabel:726573206d6173746572 | |
3387 | Output = 6d74d0e7f3add328e3197f3e3b0fb77db4557347aaf8cc0eb826ad3cf31aa2144f52d15008c6d40dc077ab8a50557757 | |
3388 | ||
3389 | # New TLS 1.3 session starts here | |
3390 | ||
3391 | KDF = TLS13-KDF | |
3392 | Ctrl.mode = mode:EXTRACT_ONLY | |
3393 | Ctrl.digest = digest:SHA2-384 | |
3394 | Ctrl.key = hexkey:902e0cb930aa412f9ed919bb03ce94ffca2c0f59f0ab5e66695f65497162c41dfc2f | |
3395 | Output = a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a | |
3396 | ||
3397 | KDF = TLS13-KDF | |
3398 | Ctrl.mode = mode:EXPAND_ONLY | |
3399 | Ctrl.digest = digest:SHA2-384 | |
3400 | Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a | |
3401 | Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728 | |
3402 | Ctrl.prefix = hexprefix:746c73313320 | |
3403 | Ctrl.label = hexlabel:6320652074726166666963 | |
3404 | Output = bd808dca2c7c0412abd5a747fb5fe5a1c644b43d8a8826fe11d48703448b38b9b6fe43f11241aef154fbd5e5e83e302d | |
3405 | ||
3406 | KDF = TLS13-KDF | |
3407 | Ctrl.mode = mode:EXPAND_ONLY | |
3408 | Ctrl.digest = digest:SHA2-384 | |
3409 | Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a | |
3410 | Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728 | |
3411 | Ctrl.prefix = hexprefix:746c73313320 | |
3412 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3413 | Output = 19d1b4c9130572d7d4c5a8a81bfdde492455b63b2124f01c16d3b92a41467b2a58a63e1df7eeb85642dcb1591ae6c697 | |
3414 | ||
3415 | KDF = TLS13-KDF | |
3416 | Ctrl.mode = mode:EXTRACT_ONLY | |
3417 | Ctrl.digest = digest:SHA2-384 | |
3418 | Ctrl.salt = hexsalt:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a | |
3419 | Ctrl.prefix = hexprefix:746c73313320 | |
3420 | Ctrl.label = hexlabel:64657269766564 | |
3421 | Output = b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 | |
3422 | ||
3423 | KDF = TLS13-KDF | |
3424 | Ctrl.mode = mode:EXPAND_ONLY | |
3425 | Ctrl.digest = digest:SHA2-384 | |
3426 | Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 | |
3427 | Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc | |
3428 | Ctrl.prefix = hexprefix:746c73313320 | |
3429 | Ctrl.label = hexlabel:632068732074726166666963 | |
3430 | Output = 0a64d745563e72ffe3e5f7d1ad095cff283c0febc529ae317ae67ef0b5ed763f2749a1ccf932966eb13c7ea8916441f4 | |
3431 | ||
3432 | KDF = TLS13-KDF | |
3433 | Ctrl.mode = mode:EXPAND_ONLY | |
3434 | Ctrl.digest = digest:SHA2-384 | |
3435 | Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 | |
3436 | Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc | |
3437 | Ctrl.prefix = hexprefix:746c73313320 | |
3438 | Ctrl.label = hexlabel:732068732074726166666963 | |
3439 | Output = 83136fc401f35789959110b7263dd754353aa97c8b9a0072f415220d86b92e9ab2d1020c18f605a9b367ac4940bebc9c | |
3440 | ||
3441 | KDF = TLS13-KDF | |
3442 | Ctrl.mode = mode:EXTRACT_ONLY | |
3443 | Ctrl.digest = digest:SHA2-384 | |
3444 | Ctrl.salt = hexsalt:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2 | |
3445 | Ctrl.prefix = hexprefix:746c73313320 | |
3446 | Ctrl.label = hexlabel:64657269766564 | |
3447 | Output = 4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 | |
3448 | ||
3449 | KDF = TLS13-KDF | |
3450 | Ctrl.mode = mode:EXPAND_ONLY | |
3451 | Ctrl.digest = digest:SHA2-384 | |
3452 | Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 | |
3453 | Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 | |
3454 | Ctrl.prefix = hexprefix:746c73313320 | |
3455 | Ctrl.label = hexlabel:632061702074726166666963 | |
3456 | Output = bf77e676173422a783ffde07e076541385aee04b82a6e3f26ea7249587b3596f68262e4c3ed4e6d56dfd75ed39512989 | |
3457 | ||
3458 | KDF = TLS13-KDF | |
3459 | Ctrl.mode = mode:EXPAND_ONLY | |
3460 | Ctrl.digest = digest:SHA2-384 | |
3461 | Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 | |
3462 | Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 | |
3463 | Ctrl.prefix = hexprefix:746c73313320 | |
3464 | Ctrl.label = hexlabel:732061702074726166666963 | |
3465 | Output = 31f8accd9f0f923c8b9f413840bd5f4a60b5693773022b78a25802e0e68f7ae33314dfc25ff2b1a1f32490df80c9e185 | |
3466 | ||
3467 | KDF = TLS13-KDF | |
3468 | Ctrl.mode = mode:EXPAND_ONLY | |
3469 | Ctrl.digest = digest:SHA2-384 | |
3470 | Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 | |
3471 | Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36 | |
3472 | Ctrl.prefix = hexprefix:746c73313320 | |
3473 | Ctrl.label = hexlabel:657870206d6173746572 | |
3474 | Output = 488b7e09c0565137f22008362e7a4505f23ff1b24b0565322a11b6f4d3e1af7f06b8efdae18d74a7adee4e1e9753185c | |
3475 | ||
3476 | KDF = TLS13-KDF | |
3477 | Ctrl.mode = mode:EXPAND_ONLY | |
3478 | Ctrl.digest = digest:SHA2-384 | |
3479 | Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860 | |
3480 | Ctrl.data = hexdata:b8e14051b4e84bc66bd65601ed6b2e57e469e167e277e8c30c93bc52a6e836abad9b7ac6a81ecbd47ee9917a14154a2b | |
3481 | Ctrl.prefix = hexprefix:746c73313320 | |
3482 | Ctrl.label = hexlabel:726573206d6173746572 | |
3483 | Output = e1f85e642615ceef410c6112339627607d3d1920ba168f5b10fed1a13a468401253df07323b826f156f0997bc584a937 | |
3484 | ||
3485 | # New TLS 1.3 session starts here | |
3486 | ||
3487 | KDF = TLS13-KDF | |
3488 | Ctrl.mode = mode:EXTRACT_ONLY | |
3489 | Ctrl.digest = digest:SHA2-384 | |
3490 | Ctrl.key = hexkey:ce2820a53357bc83ebd26b54d8ad48f4137f914034368dc705bfe852c2d87553 | |
3491 | Output = 1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec | |
3492 | ||
3493 | KDF = TLS13-KDF | |
3494 | Ctrl.mode = mode:EXPAND_ONLY | |
3495 | Ctrl.digest = digest:SHA2-384 | |
3496 | Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec | |
3497 | Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d | |
3498 | Ctrl.prefix = hexprefix:746c73313320 | |
3499 | Ctrl.label = hexlabel:6320652074726166666963 | |
3500 | Output = 53e8283806255b6eb3d1958fcf2b50d68e3226aab14b0fbd88529d6bfc6dcc88f90767aed25ba81baffa94e199ce8124 | |
3501 | ||
3502 | KDF = TLS13-KDF | |
3503 | Ctrl.mode = mode:EXPAND_ONLY | |
3504 | Ctrl.digest = digest:SHA2-384 | |
3505 | Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec | |
3506 | Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d | |
3507 | Ctrl.prefix = hexprefix:746c73313320 | |
3508 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3509 | Output = dcc274d12f153c7c23e02e5dfbafe90a65021a8100e09c891b790ea36092d6f694569fa5522ca823a7a6a026d25dd9b2 | |
3510 | ||
3511 | KDF = TLS13-KDF | |
3512 | Ctrl.mode = mode:EXTRACT_ONLY | |
3513 | Ctrl.digest = digest:SHA2-384 | |
3514 | Ctrl.key = hexkey:a65f8b90963feda2e77ac0d6c33dc068a9f7eb4ec9878de9a002fbb90ca7d23c | |
3515 | Ctrl.salt = hexsalt:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec | |
3516 | Ctrl.prefix = hexprefix:746c73313320 | |
3517 | Ctrl.label = hexlabel:64657269766564 | |
3518 | Output = c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a | |
3519 | ||
3520 | KDF = TLS13-KDF | |
3521 | Ctrl.mode = mode:EXPAND_ONLY | |
3522 | Ctrl.digest = digest:SHA2-384 | |
3523 | Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a | |
3524 | Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b | |
3525 | Ctrl.prefix = hexprefix:746c73313320 | |
3526 | Ctrl.label = hexlabel:632068732074726166666963 | |
3527 | Output = 5e9bf5910954eabc3a4c659be466cd4b66252685a8f4daf2afc414568420613f0bc4d0269e0edf266aa9faa70761840b | |
3528 | ||
3529 | KDF = TLS13-KDF | |
3530 | Ctrl.mode = mode:EXPAND_ONLY | |
3531 | Ctrl.digest = digest:SHA2-384 | |
3532 | Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a | |
3533 | Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b | |
3534 | Ctrl.prefix = hexprefix:746c73313320 | |
3535 | Ctrl.label = hexlabel:732068732074726166666963 | |
3536 | Output = d296e0b7ba4f6eb7257cdfe9ed87618cc116a192f24cc8a5226edb2cd9cde893f7478c94e8d0dba9d9326dd674955bf4 | |
3537 | ||
3538 | KDF = TLS13-KDF | |
3539 | Ctrl.mode = mode:EXTRACT_ONLY | |
3540 | Ctrl.digest = digest:SHA2-384 | |
3541 | Ctrl.salt = hexsalt:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a | |
3542 | Ctrl.prefix = hexprefix:746c73313320 | |
3543 | Ctrl.label = hexlabel:64657269766564 | |
3544 | Output = cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae | |
3545 | ||
3546 | KDF = TLS13-KDF | |
3547 | Ctrl.mode = mode:EXPAND_ONLY | |
3548 | Ctrl.digest = digest:SHA2-384 | |
3549 | Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae | |
3550 | Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 | |
3551 | Ctrl.prefix = hexprefix:746c73313320 | |
3552 | Ctrl.label = hexlabel:632061702074726166666963 | |
3553 | Output = 0e3cfd61b1e5ce95dc37b01c872d90855ccebb98bd56702b1ec337163e63e3b133a9a6c7847a1d421776ccbdcae6a01f | |
3554 | ||
3555 | KDF = TLS13-KDF | |
3556 | Ctrl.mode = mode:EXPAND_ONLY | |
3557 | Ctrl.digest = digest:SHA2-384 | |
3558 | Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae | |
3559 | Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 | |
3560 | Ctrl.prefix = hexprefix:746c73313320 | |
3561 | Ctrl.label = hexlabel:732061702074726166666963 | |
3562 | Output = d113ea4f795fd94788b782922c31c3dd1195287564a073590e17a61599da729c7f3a01aa777b1071f6cff7b69cadcf32 | |
3563 | ||
3564 | KDF = TLS13-KDF | |
3565 | Ctrl.mode = mode:EXPAND_ONLY | |
3566 | Ctrl.digest = digest:SHA2-384 | |
3567 | Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae | |
3568 | Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397 | |
3569 | Ctrl.prefix = hexprefix:746c73313320 | |
3570 | Ctrl.label = hexlabel:657870206d6173746572 | |
3571 | Output = 43943f7395babfbe3b327d5e9784e2082936189226af39b21b030e3e8c8244ee6aa4cc1e047df7a329793421c3006bc1 | |
3572 | ||
3573 | KDF = TLS13-KDF | |
3574 | Ctrl.mode = mode:EXPAND_ONLY | |
3575 | Ctrl.digest = digest:SHA2-384 | |
3576 | Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae | |
3577 | Ctrl.data = hexdata:755c319f41259c93dd83f3a3003f8d5c6e56e3cc486bfff5f636b5f97fadc8470271ef3e209501ec48a872f3ca16f84e | |
3578 | Ctrl.prefix = hexprefix:746c73313320 | |
3579 | Ctrl.label = hexlabel:726573206d6173746572 | |
3580 | Output = 6ad0e35cbf134d62e1ae57ba07288d0ce4774c0d2ca6faf06d8f18b3f2c290c6225be4f4a8df2016de2c0ccf63525ed3 | |
3581 | ||
3582 | # New TLS 1.3 session starts here | |
3583 | ||
3584 | KDF = TLS13-KDF | |
3585 | Ctrl.mode = mode:EXTRACT_ONLY | |
3586 | Ctrl.digest = digest:SHA2-384 | |
3587 | Ctrl.key = hexkey:8bb4a1a37dcb14ff5b57c922a13dc730a745392240ce43df80b23e67aae5bc86 | |
3588 | Output = d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 | |
3589 | ||
3590 | KDF = TLS13-KDF | |
3591 | Ctrl.mode = mode:EXPAND_ONLY | |
3592 | Ctrl.digest = digest:SHA2-384 | |
3593 | Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 | |
3594 | Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3 | |
3595 | Ctrl.prefix = hexprefix:746c73313320 | |
3596 | Ctrl.label = hexlabel:6320652074726166666963 | |
3597 | Output = 7115918823a35c8ee8985966dfddc5be483db4029047296b3ddeb5c884712b5ddf27152a7f71e82a91e1420c7e4c25e8 | |
3598 | ||
3599 | KDF = TLS13-KDF | |
3600 | Ctrl.mode = mode:EXPAND_ONLY | |
3601 | Ctrl.digest = digest:SHA2-384 | |
3602 | Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 | |
3603 | Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3 | |
3604 | Ctrl.prefix = hexprefix:746c73313320 | |
3605 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3606 | Output = 3122eaea9244f61a733e2370e0689a47491e28ce3a2062224f0a8021f05eb5da22a5558dd7edcaf04821e483f84b5ba1 | |
3607 | ||
3608 | KDF = TLS13-KDF | |
3609 | Ctrl.mode = mode:EXTRACT_ONLY | |
3610 | Ctrl.digest = digest:SHA2-384 | |
3611 | Ctrl.key = hexkey:3edd347353ab8965bdb38e823004df6824a653329946620417a1857d56900efc | |
3612 | Ctrl.salt = hexsalt:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8 | |
3613 | Ctrl.prefix = hexprefix:746c73313320 | |
3614 | Ctrl.label = hexlabel:64657269766564 | |
3615 | Output = 1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff | |
3616 | ||
3617 | KDF = TLS13-KDF | |
3618 | Ctrl.mode = mode:EXPAND_ONLY | |
3619 | Ctrl.digest = digest:SHA2-384 | |
3620 | Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff | |
3621 | Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa | |
3622 | Ctrl.prefix = hexprefix:746c73313320 | |
3623 | Ctrl.label = hexlabel:632068732074726166666963 | |
3624 | Output = 2a795383e320e478b78f195b5f5b7477dfea13bb23da34eebae22dd12857ed33757486a9fc237d8a37ac1c09feb07bd9 | |
3625 | ||
3626 | KDF = TLS13-KDF | |
3627 | Ctrl.mode = mode:EXPAND_ONLY | |
3628 | Ctrl.digest = digest:SHA2-384 | |
3629 | Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff | |
3630 | Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa | |
3631 | Ctrl.prefix = hexprefix:746c73313320 | |
3632 | Ctrl.label = hexlabel:732068732074726166666963 | |
3633 | Output = a51643b6c42b43f517e002decaf41823a10b717d525d55ed6996ef1ccff055c75218dec36815473fa5289c85bb301019 | |
3634 | ||
3635 | KDF = TLS13-KDF | |
3636 | Ctrl.mode = mode:EXTRACT_ONLY | |
3637 | Ctrl.digest = digest:SHA2-384 | |
3638 | Ctrl.salt = hexsalt:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff | |
3639 | Ctrl.prefix = hexprefix:746c73313320 | |
3640 | Ctrl.label = hexlabel:64657269766564 | |
3641 | Output = 3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e | |
3642 | ||
3643 | KDF = TLS13-KDF | |
3644 | Ctrl.mode = mode:EXPAND_ONLY | |
3645 | Ctrl.digest = digest:SHA2-384 | |
3646 | Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e | |
3647 | Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 | |
3648 | Ctrl.prefix = hexprefix:746c73313320 | |
3649 | Ctrl.label = hexlabel:632061702074726166666963 | |
3650 | Output = 3ac8206a7f9e819c76ddd72bcd07397f64d9f698c4d75ec1d8ef610e9027c462d2cadf55d227a8c7b4eb63ab2012e827 | |
3651 | ||
3652 | KDF = TLS13-KDF | |
3653 | Ctrl.mode = mode:EXPAND_ONLY | |
3654 | Ctrl.digest = digest:SHA2-384 | |
3655 | Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e | |
3656 | Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 | |
3657 | Ctrl.prefix = hexprefix:746c73313320 | |
3658 | Ctrl.label = hexlabel:732061702074726166666963 | |
3659 | Output = 691e1db0137f5a54d4f51a8d6c2a89ebbbb0000cf81ddd5d08682416db9f48309d6b19819ba07e1860e34edecee4e23d | |
3660 | ||
3661 | KDF = TLS13-KDF | |
3662 | Ctrl.mode = mode:EXPAND_ONLY | |
3663 | Ctrl.digest = digest:SHA2-384 | |
3664 | Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e | |
3665 | Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568 | |
3666 | Ctrl.prefix = hexprefix:746c73313320 | |
3667 | Ctrl.label = hexlabel:657870206d6173746572 | |
3668 | Output = 5c32c8fcb2e90cdfd5d86cef427b828fc162371236b3e39c4812deda4038cdbbb4bde6859a502f54acfb482666fd4295 | |
3669 | ||
3670 | KDF = TLS13-KDF | |
3671 | Ctrl.mode = mode:EXPAND_ONLY | |
3672 | Ctrl.digest = digest:SHA2-384 | |
3673 | Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e | |
3674 | Ctrl.data = hexdata:b21112193c9c5604a544f95c0325d94041ec595f46a9a4cbba0a8c72501ac72ad8ed1d8fb17f82e0b288144d6f0f1d53 | |
3675 | Ctrl.prefix = hexprefix:746c73313320 | |
3676 | Ctrl.label = hexlabel:726573206d6173746572 | |
3677 | Output = 77538d76ba22a23215ee93ef07f542f7a7bc43f77af5da3395688f8b8d81afa2c47952db8a0f2da2435d3e340411b0f7 | |
3678 | ||
3679 | # New TLS 1.3 session starts here | |
3680 | ||
3681 | KDF = TLS13-KDF | |
3682 | Ctrl.mode = mode:EXTRACT_ONLY | |
3683 | Ctrl.digest = digest:SHA2-384 | |
3684 | Ctrl.key = hexkey:def2b619233e04b1dfe39ef92ae061791a84974c71921819697f86a255342b38 | |
3685 | Output = de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 | |
3686 | ||
3687 | KDF = TLS13-KDF | |
3688 | Ctrl.mode = mode:EXPAND_ONLY | |
3689 | Ctrl.digest = digest:SHA2-384 | |
3690 | Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 | |
3691 | Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37 | |
3692 | Ctrl.prefix = hexprefix:746c73313320 | |
3693 | Ctrl.label = hexlabel:6320652074726166666963 | |
3694 | Output = e539e7e8b3a065a4a40ffc7e8c8c70eedaccf7fa14a28b18503865805f7590ae7e9c550fae2d493d932a85e9fbe18f22 | |
3695 | ||
3696 | KDF = TLS13-KDF | |
3697 | Ctrl.mode = mode:EXPAND_ONLY | |
3698 | Ctrl.digest = digest:SHA2-384 | |
3699 | Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 | |
3700 | Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37 | |
3701 | Ctrl.prefix = hexprefix:746c73313320 | |
3702 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3703 | Output = 418e41f54f7fead42d623e9f40be68812fefa50c19b4cf4268b2dd4bd206414597d0af720242f1667cf4cdce325bb3f6 | |
3704 | ||
3705 | KDF = TLS13-KDF | |
3706 | Ctrl.mode = mode:EXTRACT_ONLY | |
3707 | Ctrl.digest = digest:SHA2-384 | |
3708 | Ctrl.key = hexkey:63505c479ea4544899a17a09ac19abc706d3ac60126d3239d19710926184a6d9 | |
3709 | Ctrl.salt = hexsalt:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0 | |
3710 | Ctrl.prefix = hexprefix:746c73313320 | |
3711 | Ctrl.label = hexlabel:64657269766564 | |
3712 | Output = f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 | |
3713 | ||
3714 | KDF = TLS13-KDF | |
3715 | Ctrl.mode = mode:EXPAND_ONLY | |
3716 | Ctrl.digest = digest:SHA2-384 | |
3717 | Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 | |
3718 | Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab | |
3719 | Ctrl.prefix = hexprefix:746c73313320 | |
3720 | Ctrl.label = hexlabel:632068732074726166666963 | |
3721 | Output = f0f2c238ef72dff22e63bc018c41a1061fb8ca7755ac416ba3df5e8280faa21c84c07a8f0ac9f1ee6e50a6e56fa39377 | |
3722 | ||
3723 | KDF = TLS13-KDF | |
3724 | Ctrl.mode = mode:EXPAND_ONLY | |
3725 | Ctrl.digest = digest:SHA2-384 | |
3726 | Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 | |
3727 | Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab | |
3728 | Ctrl.prefix = hexprefix:746c73313320 | |
3729 | Ctrl.label = hexlabel:732068732074726166666963 | |
3730 | Output = 718cf52c40760e4ec4455b42ba829b7decbe1d6e89e36e74b86e09df090ad2a2f9ad7cf896317cb4803e332a828c9aa9 | |
3731 | ||
3732 | KDF = TLS13-KDF | |
3733 | Ctrl.mode = mode:EXTRACT_ONLY | |
3734 | Ctrl.digest = digest:SHA2-384 | |
3735 | Ctrl.salt = hexsalt:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06 | |
3736 | Ctrl.prefix = hexprefix:746c73313320 | |
3737 | Ctrl.label = hexlabel:64657269766564 | |
3738 | Output = 613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 | |
3739 | ||
3740 | KDF = TLS13-KDF | |
3741 | Ctrl.mode = mode:EXPAND_ONLY | |
3742 | Ctrl.digest = digest:SHA2-384 | |
3743 | Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 | |
3744 | Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 | |
3745 | Ctrl.prefix = hexprefix:746c73313320 | |
3746 | Ctrl.label = hexlabel:632061702074726166666963 | |
3747 | Output = 333d43099efea0bb1c294fe4a34660bf4534f0af983c31723044363b6bbecccdba09d9702234db04534dee31a4ed0ab1 | |
3748 | ||
3749 | KDF = TLS13-KDF | |
3750 | Ctrl.mode = mode:EXPAND_ONLY | |
3751 | Ctrl.digest = digest:SHA2-384 | |
3752 | Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 | |
3753 | Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 | |
3754 | Ctrl.prefix = hexprefix:746c73313320 | |
3755 | Ctrl.label = hexlabel:732061702074726166666963 | |
3756 | Output = 68f85f1e025f9d3924be5327ce57b9abc4b7a078c20fa0ea513e7996af69723cece7ffa748f6034a66be7eae5e18068d | |
3757 | ||
3758 | KDF = TLS13-KDF | |
3759 | Ctrl.mode = mode:EXPAND_ONLY | |
3760 | Ctrl.digest = digest:SHA2-384 | |
3761 | Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 | |
3762 | Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575 | |
3763 | Ctrl.prefix = hexprefix:746c73313320 | |
3764 | Ctrl.label = hexlabel:657870206d6173746572 | |
3765 | Output = 2f71d6f423bd523b8a94e2ccc9f653a63594dfa030fdaa3796540075035f73bbe2d89f85af2de61462c22104c03ffa87 | |
3766 | ||
3767 | KDF = TLS13-KDF | |
3768 | Ctrl.mode = mode:EXPAND_ONLY | |
3769 | Ctrl.digest = digest:SHA2-384 | |
3770 | Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059 | |
3771 | Ctrl.data = hexdata:ba106fffdb82b75330da7132de828b1b032fad4878c7ab70acdffa4a76163ecdec8d25202715b78901e87a910f7e3b34 | |
3772 | Ctrl.prefix = hexprefix:746c73313320 | |
3773 | Ctrl.label = hexlabel:726573206d6173746572 | |
3774 | Output = 202803c8237412f20263b428932afcb5d8a7dcdd7fa147ea2af95a7dd091bf0d79686a6710f572bc868d2f533a488a6f | |
3775 | ||
3776 | # New TLS 1.3 session starts here | |
3777 | ||
3778 | KDF = TLS13-KDF | |
3779 | Ctrl.mode = mode:EXTRACT_ONLY | |
3780 | Ctrl.digest = digest:SHA2-384 | |
3781 | Ctrl.key = hexkey:a357ab62ad6eaf90426fe7a2cee0659583acbe423a17771690895b26aefd62a8 | |
3782 | Output = c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d | |
3783 | ||
3784 | KDF = TLS13-KDF | |
3785 | Ctrl.mode = mode:EXPAND_ONLY | |
3786 | Ctrl.digest = digest:SHA2-384 | |
3787 | Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d | |
3788 | Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549 | |
3789 | Ctrl.prefix = hexprefix:746c73313320 | |
3790 | Ctrl.label = hexlabel:6320652074726166666963 | |
3791 | Output = 40093dc6b48667da9b412bf718217bf25b4405a4d1c759af797c78ae25443def12be155d1954edd4216cf62a422fa4cf | |
3792 | ||
3793 | KDF = TLS13-KDF | |
3794 | Ctrl.mode = mode:EXPAND_ONLY | |
3795 | Ctrl.digest = digest:SHA2-384 | |
3796 | Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d | |
3797 | Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549 | |
3798 | Ctrl.prefix = hexprefix:746c73313320 | |
3799 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3800 | Output = 0b4f7ee9c8801b7cdbfbe064322d4879272b730e395b9c7e2bf8a07f99b101dc37687b993e4519d0d0ec607823c2a118 | |
3801 | ||
3802 | KDF = TLS13-KDF | |
3803 | Ctrl.mode = mode:EXTRACT_ONLY | |
3804 | Ctrl.digest = digest:SHA2-384 | |
3805 | Ctrl.key = hexkey:6b2ddbec771dbaf2c1de74c1de6f4ca391de63011ef8a5bd05c7fa716ee02cd1 | |
3806 | Ctrl.salt = hexsalt:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d | |
3807 | Ctrl.prefix = hexprefix:746c73313320 | |
3808 | Ctrl.label = hexlabel:64657269766564 | |
3809 | Output = 58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 | |
3810 | ||
3811 | KDF = TLS13-KDF | |
3812 | Ctrl.mode = mode:EXPAND_ONLY | |
3813 | Ctrl.digest = digest:SHA2-384 | |
3814 | Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 | |
3815 | Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d | |
3816 | Ctrl.prefix = hexprefix:746c73313320 | |
3817 | Ctrl.label = hexlabel:632068732074726166666963 | |
3818 | Output = dd489530beb209f2562b86413baabdbc052b2024ab7fb70a31e5e0e65f9c959034a6889f8b042c005ac132c879c40dc7 | |
3819 | ||
3820 | KDF = TLS13-KDF | |
3821 | Ctrl.mode = mode:EXPAND_ONLY | |
3822 | Ctrl.digest = digest:SHA2-384 | |
3823 | Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 | |
3824 | Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d | |
3825 | Ctrl.prefix = hexprefix:746c73313320 | |
3826 | Ctrl.label = hexlabel:732068732074726166666963 | |
3827 | Output = 973c20837584cb79bd35bcfbe34d3eafd36e5280f7547d92b794c446bf578be38688f734eed942ae8c1de6864af496e4 | |
3828 | ||
3829 | KDF = TLS13-KDF | |
3830 | Ctrl.mode = mode:EXTRACT_ONLY | |
3831 | Ctrl.digest = digest:SHA2-384 | |
3832 | Ctrl.salt = hexsalt:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8 | |
3833 | Ctrl.prefix = hexprefix:746c73313320 | |
3834 | Ctrl.label = hexlabel:64657269766564 | |
3835 | Output = b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 | |
3836 | ||
3837 | KDF = TLS13-KDF | |
3838 | Ctrl.mode = mode:EXPAND_ONLY | |
3839 | Ctrl.digest = digest:SHA2-384 | |
3840 | Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 | |
3841 | Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 | |
3842 | Ctrl.prefix = hexprefix:746c73313320 | |
3843 | Ctrl.label = hexlabel:632061702074726166666963 | |
3844 | Output = 763af37257c1d8fc3620127669c779ec2cb8433e4108ff797f71fec1e90364a0ee0ad9c272308ea8951866c44cb7ac0a | |
3845 | ||
3846 | KDF = TLS13-KDF | |
3847 | Ctrl.mode = mode:EXPAND_ONLY | |
3848 | Ctrl.digest = digest:SHA2-384 | |
3849 | Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 | |
3850 | Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 | |
3851 | Ctrl.prefix = hexprefix:746c73313320 | |
3852 | Ctrl.label = hexlabel:732061702074726166666963 | |
3853 | Output = 3f1f4aaf11b3b30b5d76fcd077900a5dabdad92980bed0f3f0de6495c9ccf2c58aea08f7745b7b6c0cc3829b048c89de | |
3854 | ||
3855 | KDF = TLS13-KDF | |
3856 | Ctrl.mode = mode:EXPAND_ONLY | |
3857 | Ctrl.digest = digest:SHA2-384 | |
3858 | Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 | |
3859 | Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5 | |
3860 | Ctrl.prefix = hexprefix:746c73313320 | |
3861 | Ctrl.label = hexlabel:657870206d6173746572 | |
3862 | Output = f5fb64671edfb74aa85a061cd845945a93281d09badfcdca81a3f29bce743fa784536c8a259b9c7af667f783554a9700 | |
3863 | ||
3864 | KDF = TLS13-KDF | |
3865 | Ctrl.mode = mode:EXPAND_ONLY | |
3866 | Ctrl.digest = digest:SHA2-384 | |
3867 | Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971 | |
3868 | Ctrl.data = hexdata:629e6112e7d0812e590a7b0dabc0a72b5a8539df1ca809a5f6ea8fe3ff35caf5a2bf0761232d97f0331e65f8ef2f28f5 | |
3869 | Ctrl.prefix = hexprefix:746c73313320 | |
3870 | Ctrl.label = hexlabel:726573206d6173746572 | |
3871 | Output = 984e97a983945c49ac2f6482855771f514688d8dafe4e8a4d4438f90aa3a76dae0fa027ffb189d736ce13a9bd64c9d7f | |
3872 | ||
3873 | # New TLS 1.3 session starts here | |
3874 | ||
3875 | KDF = TLS13-KDF | |
3876 | Ctrl.mode = mode:EXTRACT_ONLY | |
3877 | Ctrl.digest = digest:SHA2-384 | |
3878 | Ctrl.key = hexkey:02a241afe7072dc28fddc66987e22a710a5f2c3460766d55d5af58d549bd8f21 | |
3879 | Output = ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 | |
3880 | ||
3881 | KDF = TLS13-KDF | |
3882 | Ctrl.mode = mode:EXPAND_ONLY | |
3883 | Ctrl.digest = digest:SHA2-384 | |
3884 | Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 | |
3885 | Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d | |
3886 | Ctrl.prefix = hexprefix:746c73313320 | |
3887 | Ctrl.label = hexlabel:6320652074726166666963 | |
3888 | Output = 93c085d9eb42edcb69274adc8c04fd4ee074672c99c1e44ff7ce4f0b3c3c0d56875845d2b148ebd1558547141cd35200 | |
3889 | ||
3890 | KDF = TLS13-KDF | |
3891 | Ctrl.mode = mode:EXPAND_ONLY | |
3892 | Ctrl.digest = digest:SHA2-384 | |
3893 | Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 | |
3894 | Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d | |
3895 | Ctrl.prefix = hexprefix:746c73313320 | |
3896 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3897 | Output = 0a5265d6097424d190572a4c7110f43097ea10056af875f74be4f02b82adf1de4dc7b90423e550bb0f0100ca2f0fcda5 | |
3898 | ||
3899 | KDF = TLS13-KDF | |
3900 | Ctrl.mode = mode:EXTRACT_ONLY | |
3901 | Ctrl.digest = digest:SHA2-384 | |
3902 | Ctrl.key = hexkey:1426c851a7872eb25a197b7e58410871f0760e81345e67a1ffb6459f7b621f05 | |
3903 | Ctrl.salt = hexsalt:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894 | |
3904 | Ctrl.prefix = hexprefix:746c73313320 | |
3905 | Ctrl.label = hexlabel:64657269766564 | |
3906 | Output = 8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 | |
3907 | ||
3908 | KDF = TLS13-KDF | |
3909 | Ctrl.mode = mode:EXPAND_ONLY | |
3910 | Ctrl.digest = digest:SHA2-384 | |
3911 | Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 | |
3912 | Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186 | |
3913 | Ctrl.prefix = hexprefix:746c73313320 | |
3914 | Ctrl.label = hexlabel:632068732074726166666963 | |
3915 | Output = 13d2a5aa1e375e769e4062d829c0df66a8138357e460adbfe859fcd09252dec37e93076a225b9aa51569f0a60960f425 | |
3916 | ||
3917 | KDF = TLS13-KDF | |
3918 | Ctrl.mode = mode:EXPAND_ONLY | |
3919 | Ctrl.digest = digest:SHA2-384 | |
3920 | Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 | |
3921 | Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186 | |
3922 | Ctrl.prefix = hexprefix:746c73313320 | |
3923 | Ctrl.label = hexlabel:732068732074726166666963 | |
3924 | Output = 3c05d6e0733946fbb7fbbec7cfc6a1a647d8313c14ee7f3d0de15c29ad56cda0cdfa171a5b312cc7318c12a8fac80206 | |
3925 | ||
3926 | KDF = TLS13-KDF | |
3927 | Ctrl.mode = mode:EXTRACT_ONLY | |
3928 | Ctrl.digest = digest:SHA2-384 | |
3929 | Ctrl.salt = hexsalt:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910 | |
3930 | Ctrl.prefix = hexprefix:746c73313320 | |
3931 | Ctrl.label = hexlabel:64657269766564 | |
3932 | Output = dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc | |
3933 | ||
3934 | KDF = TLS13-KDF | |
3935 | Ctrl.mode = mode:EXPAND_ONLY | |
3936 | Ctrl.digest = digest:SHA2-384 | |
3937 | Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc | |
3938 | Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f | |
3939 | Ctrl.prefix = hexprefix:746c73313320 | |
3940 | Ctrl.label = hexlabel:632061702074726166666963 | |
3941 | Output = bfa7282e1e5e7396743994a1b7708bed617b20a2d1f8514e28e9322187e7afce7ea133881ecf305e0aeacbe972835ce1 | |
3942 | ||
3943 | KDF = TLS13-KDF | |
3944 | Ctrl.mode = mode:EXPAND_ONLY | |
3945 | Ctrl.digest = digest:SHA2-384 | |
3946 | Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc | |
3947 | Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f | |
3948 | Ctrl.prefix = hexprefix:746c73313320 | |
3949 | Ctrl.label = hexlabel:732061702074726166666963 | |
3950 | Output = 91eca687ecf6db1613aab6b8bc60b118a4e6e98b94afb48638efa00717451310cefa5a533867281b7624ecbdd7614deb | |
3951 | ||
3952 | KDF = TLS13-KDF | |
3953 | Ctrl.mode = mode:EXPAND_ONLY | |
3954 | Ctrl.digest = digest:SHA2-384 | |
3955 | Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc | |
3956 | Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f | |
3957 | Ctrl.prefix = hexprefix:746c73313320 | |
3958 | Ctrl.label = hexlabel:657870206d6173746572 | |
3959 | Output = 1b1e6b3a2e33d3616a5a41368993d80a7ff4ebfbd3973fa6bb6582a13bceb21f3085dd7b0a731bc03ea931dd668549f8 | |
3960 | ||
3961 | KDF = TLS13-KDF | |
3962 | Ctrl.mode = mode:EXPAND_ONLY | |
3963 | Ctrl.digest = digest:SHA2-384 | |
3964 | Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc | |
3965 | Ctrl.data = hexdata:4e14e5e218a29c7d70a83bb39b782d2c9ba5a2ba856e8963bacb4fc1aaa7d376e16175cbeb17634f90225a2f8483b2ed | |
3966 | Ctrl.prefix = hexprefix:746c73313320 | |
3967 | Ctrl.label = hexlabel:726573206d6173746572 | |
3968 | Output = 50ceeded13db2c364b44c976d708b7fee57eec0998c85eacc05c2b0a3b4cafeda1642751f78530c433f689ee4a23d4e3 | |
3969 | ||
3970 | # New TLS 1.3 session starts here | |
3971 | ||
3972 | KDF = TLS13-KDF | |
3973 | Ctrl.mode = mode:EXTRACT_ONLY | |
3974 | Ctrl.digest = digest:SHA2-384 | |
3975 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
3976 | ||
3977 | KDF = TLS13-KDF | |
3978 | Ctrl.mode = mode:EXPAND_ONLY | |
3979 | Ctrl.digest = digest:SHA2-384 | |
3980 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
3981 | Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104 | |
3982 | Ctrl.prefix = hexprefix:746c73313320 | |
3983 | Ctrl.label = hexlabel:6320652074726166666963 | |
3984 | Output = 9bd2371a1c4e8850f6d52eadfd088cc380c8f76612fcde4ac4a6605a6ae5117820ebe108273f6533cdeea942bcb3ab6a | |
3985 | ||
3986 | KDF = TLS13-KDF | |
3987 | Ctrl.mode = mode:EXPAND_ONLY | |
3988 | Ctrl.digest = digest:SHA2-384 | |
3989 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
3990 | Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104 | |
3991 | Ctrl.prefix = hexprefix:746c73313320 | |
3992 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
3993 | Output = 71b365f40805bd7a810d704512c6f17110589d9585580324d9cfceff6f81f4eceb2128fa295f9b236fe5fee4629e1859 | |
3994 | ||
3995 | KDF = TLS13-KDF | |
3996 | Ctrl.mode = mode:EXTRACT_ONLY | |
3997 | Ctrl.digest = digest:SHA2-384 | |
3998 | Ctrl.key = hexkey:83945a53ffb26b51f21f69d75c414309e5155fa030723c1c38cffe89cb04edb6 | |
3999 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4000 | Ctrl.prefix = hexprefix:746c73313320 | |
4001 | Ctrl.label = hexlabel:64657269766564 | |
4002 | Output = 12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 | |
4003 | ||
4004 | KDF = TLS13-KDF | |
4005 | Ctrl.mode = mode:EXPAND_ONLY | |
4006 | Ctrl.digest = digest:SHA2-384 | |
4007 | Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 | |
4008 | Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e | |
4009 | Ctrl.prefix = hexprefix:746c73313320 | |
4010 | Ctrl.label = hexlabel:632068732074726166666963 | |
4011 | Output = 20832548d9ca0fa619833e866639df7412ac7c3906e8076c6e4553a2e56fa8703b1727d64015cb6aad020e8b5d889a6b | |
4012 | ||
4013 | KDF = TLS13-KDF | |
4014 | Ctrl.mode = mode:EXPAND_ONLY | |
4015 | Ctrl.digest = digest:SHA2-384 | |
4016 | Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 | |
4017 | Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e | |
4018 | Ctrl.prefix = hexprefix:746c73313320 | |
4019 | Ctrl.label = hexlabel:732068732074726166666963 | |
4020 | Output = ab2f7ea9aaf2573370c6b46e929910cab6da6a0aebb236b337e5241e9c5226be3b423bfde3f06b34a7560d98885c8c54 | |
4021 | ||
4022 | KDF = TLS13-KDF | |
4023 | Ctrl.mode = mode:EXTRACT_ONLY | |
4024 | Ctrl.digest = digest:SHA2-384 | |
4025 | Ctrl.salt = hexsalt:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1 | |
4026 | Ctrl.prefix = hexprefix:746c73313320 | |
4027 | Ctrl.label = hexlabel:64657269766564 | |
4028 | Output = 2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d | |
4029 | ||
4030 | KDF = TLS13-KDF | |
4031 | Ctrl.mode = mode:EXPAND_ONLY | |
4032 | Ctrl.digest = digest:SHA2-384 | |
4033 | Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d | |
4034 | Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 | |
4035 | Ctrl.prefix = hexprefix:746c73313320 | |
4036 | Ctrl.label = hexlabel:632061702074726166666963 | |
4037 | Output = 2217a5a433ed108d3fda94ed78632222806baa2c3f16b0b95534760ae0bd7403d8f9d95f47888b2f2b0b080b3b046d5c | |
4038 | ||
4039 | KDF = TLS13-KDF | |
4040 | Ctrl.mode = mode:EXPAND_ONLY | |
4041 | Ctrl.digest = digest:SHA2-384 | |
4042 | Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d | |
4043 | Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 | |
4044 | Ctrl.prefix = hexprefix:746c73313320 | |
4045 | Ctrl.label = hexlabel:732061702074726166666963 | |
4046 | Output = 3c32294e5dafebf41e4b45f2ff7f70b925c2ea78d1ab0d31f8cf813d7ac47b766809519cac70c5b3bba389e33a04e6f4 | |
4047 | ||
4048 | KDF = TLS13-KDF | |
4049 | Ctrl.mode = mode:EXPAND_ONLY | |
4050 | Ctrl.digest = digest:SHA2-384 | |
4051 | Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d | |
4052 | Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9 | |
4053 | Ctrl.prefix = hexprefix:746c73313320 | |
4054 | Ctrl.label = hexlabel:657870206d6173746572 | |
4055 | Output = f92f95ee85dadda7467b4a402c877c746d170a986a18ffe13a7263f11a74e4322d567ecca89d0e5dda4f624aac0101ba | |
4056 | ||
4057 | KDF = TLS13-KDF | |
4058 | Ctrl.mode = mode:EXPAND_ONLY | |
4059 | Ctrl.digest = digest:SHA2-384 | |
4060 | Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d | |
4061 | Ctrl.data = hexdata:4ad8bec778fc2c32c98470e27d4151126e2a215a32cdd2a688e47717e5fa7490b586d2c4fb54e0996417ccdf189fbe73 | |
4062 | Ctrl.prefix = hexprefix:746c73313320 | |
4063 | Ctrl.label = hexlabel:726573206d6173746572 | |
4064 | Output = 517a3f7ef3d51098512ba68b0066deed4a6f3f016d78949e79dadb1ab730beb84d556b31c8c1eb7d741cccfd12313049 | |
4065 | ||
4066 | # New TLS 1.3 session starts here | |
4067 | ||
4068 | KDF = TLS13-KDF | |
4069 | Ctrl.mode = mode:EXTRACT_ONLY | |
4070 | Ctrl.digest = digest:SHA2-384 | |
4071 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4072 | ||
4073 | KDF = TLS13-KDF | |
4074 | Ctrl.mode = mode:EXPAND_ONLY | |
4075 | Ctrl.digest = digest:SHA2-384 | |
4076 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4077 | Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9 | |
4078 | Ctrl.prefix = hexprefix:746c73313320 | |
4079 | Ctrl.label = hexlabel:6320652074726166666963 | |
4080 | Output = d3fc95dacd1c4ed05b0d0f11ea7128f309c7dc81ab7d732b7333d4e6347189923e44ee2a0b4047fcd502f7e74edef55d | |
4081 | ||
4082 | KDF = TLS13-KDF | |
4083 | Ctrl.mode = mode:EXPAND_ONLY | |
4084 | Ctrl.digest = digest:SHA2-384 | |
4085 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4086 | Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9 | |
4087 | Ctrl.prefix = hexprefix:746c73313320 | |
4088 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4089 | Output = fa6c3df3027a0711fe712c3e43886eb56b0f26894a8203c5a1a3a7813977ccf6668ff1e2d94bca987e6fb169e6f47b85 | |
4090 | ||
4091 | KDF = TLS13-KDF | |
4092 | Ctrl.mode = mode:EXTRACT_ONLY | |
4093 | Ctrl.digest = digest:SHA2-384 | |
4094 | Ctrl.key = hexkey:d57947df07774b69399f726359860d5f20ab3b23c64446386c2370defcdc915e | |
4095 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4096 | Ctrl.prefix = hexprefix:746c73313320 | |
4097 | Ctrl.label = hexlabel:64657269766564 | |
4098 | Output = e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 | |
4099 | ||
4100 | KDF = TLS13-KDF | |
4101 | Ctrl.mode = mode:EXPAND_ONLY | |
4102 | Ctrl.digest = digest:SHA2-384 | |
4103 | Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 | |
4104 | Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8 | |
4105 | Ctrl.prefix = hexprefix:746c73313320 | |
4106 | Ctrl.label = hexlabel:632068732074726166666963 | |
4107 | Output = bfc1f429408ebc49b9ae80a36e1f354e695351c24c002fd96059763b06ac6db3c2169b4af955ac03dd431cd4aa5269f9 | |
4108 | ||
4109 | KDF = TLS13-KDF | |
4110 | Ctrl.mode = mode:EXPAND_ONLY | |
4111 | Ctrl.digest = digest:SHA2-384 | |
4112 | Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 | |
4113 | Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8 | |
4114 | Ctrl.prefix = hexprefix:746c73313320 | |
4115 | Ctrl.label = hexlabel:732068732074726166666963 | |
4116 | Output = 3ae6b72885417b225a3c4f92ebf8e3f7d33f968f44ec51edbdd628d867432adbdc672579d857bcc5a575a646e3622904 | |
4117 | ||
4118 | KDF = TLS13-KDF | |
4119 | Ctrl.mode = mode:EXTRACT_ONLY | |
4120 | Ctrl.digest = digest:SHA2-384 | |
4121 | Ctrl.salt = hexsalt:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138 | |
4122 | Ctrl.prefix = hexprefix:746c73313320 | |
4123 | Ctrl.label = hexlabel:64657269766564 | |
4124 | Output = a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab | |
4125 | ||
4126 | KDF = TLS13-KDF | |
4127 | Ctrl.mode = mode:EXPAND_ONLY | |
4128 | Ctrl.digest = digest:SHA2-384 | |
4129 | Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab | |
4130 | Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db | |
4131 | Ctrl.prefix = hexprefix:746c73313320 | |
4132 | Ctrl.label = hexlabel:632061702074726166666963 | |
4133 | Output = b48a4caac858a953f1b5f9019484fb4fea955b533865db740fbaf945392d3bac0d0f4038d2283e00838dcdbdbdf2d9b0 | |
4134 | ||
4135 | KDF = TLS13-KDF | |
4136 | Ctrl.mode = mode:EXPAND_ONLY | |
4137 | Ctrl.digest = digest:SHA2-384 | |
4138 | Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab | |
4139 | Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db | |
4140 | Ctrl.prefix = hexprefix:746c73313320 | |
4141 | Ctrl.label = hexlabel:732061702074726166666963 | |
4142 | Output = f54b230bd2fb82bdb0eefde4368177383e5d104ec4e6ab71ff129e356807737ed9d522d6014ac56bad4ae23cad76e8b7 | |
4143 | ||
4144 | KDF = TLS13-KDF | |
4145 | Ctrl.mode = mode:EXPAND_ONLY | |
4146 | Ctrl.digest = digest:SHA2-384 | |
4147 | Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab | |
4148 | Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db | |
4149 | Ctrl.prefix = hexprefix:746c73313320 | |
4150 | Ctrl.label = hexlabel:657870206d6173746572 | |
4151 | Output = e9c305cafa53d3bb189013492fc6e40f01fd194304aea30fe73b8322161edf4a39e6530c3904cb5bd8fa8644ece55a2a | |
4152 | ||
4153 | KDF = TLS13-KDF | |
4154 | Ctrl.mode = mode:EXPAND_ONLY | |
4155 | Ctrl.digest = digest:SHA2-384 | |
4156 | Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab | |
4157 | Ctrl.data = hexdata:5e28ee7474db3de8996894fb8285af4469349a0cc7cca47544b0b7c7663dd3ea7399ad26f054a75f4f0a9260447f4030 | |
4158 | Ctrl.prefix = hexprefix:746c73313320 | |
4159 | Ctrl.label = hexlabel:726573206d6173746572 | |
4160 | Output = be0b885a296f266b0f50dc53f78b27ebac7292f627b3658bc4a95607529f5864d47e25c848363c0ab5dcd83193fd62cc | |
4161 | ||
4162 | # New TLS 1.3 session starts here | |
4163 | ||
4164 | KDF = TLS13-KDF | |
4165 | Ctrl.mode = mode:EXTRACT_ONLY | |
4166 | Ctrl.digest = digest:SHA2-384 | |
4167 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4168 | ||
4169 | KDF = TLS13-KDF | |
4170 | Ctrl.mode = mode:EXPAND_ONLY | |
4171 | Ctrl.digest = digest:SHA2-384 | |
4172 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4173 | Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce | |
4174 | Ctrl.prefix = hexprefix:746c73313320 | |
4175 | Ctrl.label = hexlabel:6320652074726166666963 | |
4176 | Output = 3e67e81d98d6a17439294130cb14383aeca788251a609bb97e7c2b81f53c195fb5f95a6133d014083b5e2c3a9d04c1e2 | |
4177 | ||
4178 | KDF = TLS13-KDF | |
4179 | Ctrl.mode = mode:EXPAND_ONLY | |
4180 | Ctrl.digest = digest:SHA2-384 | |
4181 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4182 | Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce | |
4183 | Ctrl.prefix = hexprefix:746c73313320 | |
4184 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4185 | Output = d02ae01d3bb7e72d99f32ff7561e1243576bd37ea06b3c8a31e991c92b169f647541fa5eba74086891b6436489dae045 | |
4186 | ||
4187 | KDF = TLS13-KDF | |
4188 | Ctrl.mode = mode:EXTRACT_ONLY | |
4189 | Ctrl.digest = digest:SHA2-384 | |
4190 | Ctrl.key = hexkey:eaef8daa591f860e4e4693a39a01a246790c3e26c6545a9831a69550bbb87b91 | |
4191 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4192 | Ctrl.prefix = hexprefix:746c73313320 | |
4193 | Ctrl.label = hexlabel:64657269766564 | |
4194 | Output = 6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a | |
4195 | ||
4196 | KDF = TLS13-KDF | |
4197 | Ctrl.mode = mode:EXPAND_ONLY | |
4198 | Ctrl.digest = digest:SHA2-384 | |
4199 | Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a | |
4200 | Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c | |
4201 | Ctrl.prefix = hexprefix:746c73313320 | |
4202 | Ctrl.label = hexlabel:632068732074726166666963 | |
4203 | Output = e1f668956b8f85ffc5516b300c29f26d0af9a3403982dc75e3994a6a5cf105e891567737dcee9cfd48457c948059e411 | |
4204 | ||
4205 | KDF = TLS13-KDF | |
4206 | Ctrl.mode = mode:EXPAND_ONLY | |
4207 | Ctrl.digest = digest:SHA2-384 | |
4208 | Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a | |
4209 | Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c | |
4210 | Ctrl.prefix = hexprefix:746c73313320 | |
4211 | Ctrl.label = hexlabel:732068732074726166666963 | |
4212 | Output = 852e3d5b12fadfbbf3defe048a14ac51401299d39c92e0c359b8ff9a3c34335d1d0bb6881b2c30435248c4fa341033e3 | |
4213 | ||
4214 | KDF = TLS13-KDF | |
4215 | Ctrl.mode = mode:EXTRACT_ONLY | |
4216 | Ctrl.digest = digest:SHA2-384 | |
4217 | Ctrl.salt = hexsalt:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a | |
4218 | Ctrl.prefix = hexprefix:746c73313320 | |
4219 | Ctrl.label = hexlabel:64657269766564 | |
4220 | Output = 566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f | |
4221 | ||
4222 | KDF = TLS13-KDF | |
4223 | Ctrl.mode = mode:EXPAND_ONLY | |
4224 | Ctrl.digest = digest:SHA2-384 | |
4225 | Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f | |
4226 | Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 | |
4227 | Ctrl.prefix = hexprefix:746c73313320 | |
4228 | Ctrl.label = hexlabel:632061702074726166666963 | |
4229 | Output = 307f12a3c070fb00f706a4bf6d7492d5b3c1e4eea713d14ab5d52324237eeb75f585b6b278df896614f64a9119e750fe | |
4230 | ||
4231 | KDF = TLS13-KDF | |
4232 | Ctrl.mode = mode:EXPAND_ONLY | |
4233 | Ctrl.digest = digest:SHA2-384 | |
4234 | Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f | |
4235 | Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 | |
4236 | Ctrl.prefix = hexprefix:746c73313320 | |
4237 | Ctrl.label = hexlabel:732061702074726166666963 | |
4238 | Output = cf098b49f302e84c11aec463638b22ada6083de98e319903a934d114613084d6c162e4c8d26522ef8cdd45c515a7c74b | |
4239 | ||
4240 | KDF = TLS13-KDF | |
4241 | Ctrl.mode = mode:EXPAND_ONLY | |
4242 | Ctrl.digest = digest:SHA2-384 | |
4243 | Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f | |
4244 | Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1 | |
4245 | Ctrl.prefix = hexprefix:746c73313320 | |
4246 | Ctrl.label = hexlabel:657870206d6173746572 | |
4247 | Output = 9def86f445a25c8458ab71af0030fa4b1aa44858adb4875702ea521bd6cb2272fb6938b52bb3842963755bb0658ccad7 | |
4248 | ||
4249 | KDF = TLS13-KDF | |
4250 | Ctrl.mode = mode:EXPAND_ONLY | |
4251 | Ctrl.digest = digest:SHA2-384 | |
4252 | Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f | |
4253 | Ctrl.data = hexdata:80c10c6944df45bb77135b12af17738a5625802faf9c3fc22600f18969f147a141e94e131eca654ad86c491d1d98a9ec | |
4254 | Ctrl.prefix = hexprefix:746c73313320 | |
4255 | Ctrl.label = hexlabel:726573206d6173746572 | |
4256 | Output = 7931cc9028395f8b1392e398358dffa95f2cea2804ddd3d1c0c477d6373fbd48be6c5e4d971d5707e0674a97c512cdba | |
4257 | ||
4258 | # New TLS 1.3 session starts here | |
4259 | ||
4260 | KDF = TLS13-KDF | |
4261 | Ctrl.mode = mode:EXTRACT_ONLY | |
4262 | Ctrl.digest = digest:SHA2-384 | |
4263 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4264 | ||
4265 | KDF = TLS13-KDF | |
4266 | Ctrl.mode = mode:EXPAND_ONLY | |
4267 | Ctrl.digest = digest:SHA2-384 | |
4268 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4269 | Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b | |
4270 | Ctrl.prefix = hexprefix:746c73313320 | |
4271 | Ctrl.label = hexlabel:6320652074726166666963 | |
4272 | Output = 2571b9bc3d01f14a1e509764092de227e2ab28b5faf70661bfcd79de6374367d4bf90ad6f3bc0f01e12b61ed4943f042 | |
4273 | ||
4274 | KDF = TLS13-KDF | |
4275 | Ctrl.mode = mode:EXPAND_ONLY | |
4276 | Ctrl.digest = digest:SHA2-384 | |
4277 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4278 | Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b | |
4279 | Ctrl.prefix = hexprefix:746c73313320 | |
4280 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4281 | Output = 09cd4219de326e48bdf79d2d88689877cff7941715bd37aa992e638eb8998a9b79dc689e11215c7681809205ed1eabff | |
4282 | ||
4283 | KDF = TLS13-KDF | |
4284 | Ctrl.mode = mode:EXTRACT_ONLY | |
4285 | Ctrl.digest = digest:SHA2-384 | |
4286 | Ctrl.key = hexkey:aadfb50d4a29c09e7058dbaba4a90ea3a0aa37de17275c9b89176f442d6e4b06 | |
4287 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4288 | Ctrl.prefix = hexprefix:746c73313320 | |
4289 | Ctrl.label = hexlabel:64657269766564 | |
4290 | Output = 45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 | |
4291 | ||
4292 | KDF = TLS13-KDF | |
4293 | Ctrl.mode = mode:EXPAND_ONLY | |
4294 | Ctrl.digest = digest:SHA2-384 | |
4295 | Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 | |
4296 | Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291 | |
4297 | Ctrl.prefix = hexprefix:746c73313320 | |
4298 | Ctrl.label = hexlabel:632068732074726166666963 | |
4299 | Output = 21456e5662e2067c7beb09079a7e12e4b27a3721e3047571a87d2da45267dafd1c6af9d62d212d802ed69cd69ed63067 | |
4300 | ||
4301 | KDF = TLS13-KDF | |
4302 | Ctrl.mode = mode:EXPAND_ONLY | |
4303 | Ctrl.digest = digest:SHA2-384 | |
4304 | Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 | |
4305 | Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291 | |
4306 | Ctrl.prefix = hexprefix:746c73313320 | |
4307 | Ctrl.label = hexlabel:732068732074726166666963 | |
4308 | Output = b2e69b45e4a926ce6895f59af91efd9b2edd0e5338452bd772247f432ca294380b6e494fd4e5321f013787036225b9ac | |
4309 | ||
4310 | KDF = TLS13-KDF | |
4311 | Ctrl.mode = mode:EXTRACT_ONLY | |
4312 | Ctrl.digest = digest:SHA2-384 | |
4313 | Ctrl.salt = hexsalt:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448 | |
4314 | Ctrl.prefix = hexprefix:746c73313320 | |
4315 | Ctrl.label = hexlabel:64657269766564 | |
4316 | Output = 06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 | |
4317 | ||
4318 | KDF = TLS13-KDF | |
4319 | Ctrl.mode = mode:EXPAND_ONLY | |
4320 | Ctrl.digest = digest:SHA2-384 | |
4321 | Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 | |
4322 | Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd | |
4323 | Ctrl.prefix = hexprefix:746c73313320 | |
4324 | Ctrl.label = hexlabel:632061702074726166666963 | |
4325 | Output = 3b6af39d0f782e9e14102c259584a84e22b8f01cb8bcc474b7682d03f896905bb5080db4818fb2f5e036d48f8ff9f829 | |
4326 | ||
4327 | KDF = TLS13-KDF | |
4328 | Ctrl.mode = mode:EXPAND_ONLY | |
4329 | Ctrl.digest = digest:SHA2-384 | |
4330 | Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 | |
4331 | Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd | |
4332 | Ctrl.prefix = hexprefix:746c73313320 | |
4333 | Ctrl.label = hexlabel:732061702074726166666963 | |
4334 | Output = cf0d58f7bfc58fc46eb87dd8201b1ec59da4fe4fde9e864e295d5c1ca11a1c80cbda554637c8b244df0dde1f171408b1 | |
4335 | ||
4336 | KDF = TLS13-KDF | |
4337 | Ctrl.mode = mode:EXPAND_ONLY | |
4338 | Ctrl.digest = digest:SHA2-384 | |
4339 | Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 | |
4340 | Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd | |
4341 | Ctrl.prefix = hexprefix:746c73313320 | |
4342 | Ctrl.label = hexlabel:657870206d6173746572 | |
4343 | Output = 0585f4818b8203525986415b4a253901f80040cbd62bd081009b14788a01f71aa05ef9b38b2cc15eb09cdbba82e4381b | |
4344 | ||
4345 | KDF = TLS13-KDF | |
4346 | Ctrl.mode = mode:EXPAND_ONLY | |
4347 | Ctrl.digest = digest:SHA2-384 | |
4348 | Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00 | |
4349 | Ctrl.data = hexdata:8fbf37769af8301a6d6067348b7b4d30b2da212dba16cd83f4bfd9da83964053c37eec6954ad77259ba77d69a074e13e | |
4350 | Ctrl.prefix = hexprefix:746c73313320 | |
4351 | Ctrl.label = hexlabel:726573206d6173746572 | |
4352 | Output = 74075af4eef3b6d0bd14ebcc1a30aa4800c426b197945dac99d359bf655e3f60facf22dc20bd7b835d9fce8054d5dbad | |
4353 | ||
4354 | # New TLS 1.3 session starts here | |
4355 | ||
4356 | KDF = TLS13-KDF | |
4357 | Ctrl.mode = mode:EXTRACT_ONLY | |
4358 | Ctrl.digest = digest:SHA2-384 | |
4359 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4360 | ||
4361 | KDF = TLS13-KDF | |
4362 | Ctrl.mode = mode:EXPAND_ONLY | |
4363 | Ctrl.digest = digest:SHA2-384 | |
4364 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4365 | Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e | |
4366 | Ctrl.prefix = hexprefix:746c73313320 | |
4367 | Ctrl.label = hexlabel:6320652074726166666963 | |
4368 | Output = 0f76f5af5ab1ce245943313fdc5f78aca0277e27fae95fb12b57469d485bb6612b35b9795cfb8bbda734c8b5291dc35e | |
4369 | ||
4370 | KDF = TLS13-KDF | |
4371 | Ctrl.mode = mode:EXPAND_ONLY | |
4372 | Ctrl.digest = digest:SHA2-384 | |
4373 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4374 | Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e | |
4375 | Ctrl.prefix = hexprefix:746c73313320 | |
4376 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4377 | Output = 7d40656445a89b8a03a7ccaca413d9438d8a7b434812b6d141b2089464953accbc4cace5c124c3038a558d0b59e7915d | |
4378 | ||
4379 | KDF = TLS13-KDF | |
4380 | Ctrl.mode = mode:EXTRACT_ONLY | |
4381 | Ctrl.digest = digest:SHA2-384 | |
4382 | Ctrl.key = hexkey:ad2cfa585abc0d2ca5db71c0d1a765e78b59cda0cf3b5eab80731a99a951072b | |
4383 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4384 | Ctrl.prefix = hexprefix:746c73313320 | |
4385 | Ctrl.label = hexlabel:64657269766564 | |
4386 | Output = c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 | |
4387 | ||
4388 | KDF = TLS13-KDF | |
4389 | Ctrl.mode = mode:EXPAND_ONLY | |
4390 | Ctrl.digest = digest:SHA2-384 | |
4391 | Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 | |
4392 | Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690 | |
4393 | Ctrl.prefix = hexprefix:746c73313320 | |
4394 | Ctrl.label = hexlabel:632068732074726166666963 | |
4395 | Output = ac3b6e92e1f973f82b29e283bfaccce9c5f4c16e2d885b49fbde0e537cdee5718377ea7117e0add2ab997a7c12357858 | |
4396 | ||
4397 | KDF = TLS13-KDF | |
4398 | Ctrl.mode = mode:EXPAND_ONLY | |
4399 | Ctrl.digest = digest:SHA2-384 | |
4400 | Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 | |
4401 | Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690 | |
4402 | Ctrl.prefix = hexprefix:746c73313320 | |
4403 | Ctrl.label = hexlabel:732068732074726166666963 | |
4404 | Output = 35127fae2fdfcfc744578ac51994e1d6140cb215cecc1172f052c2626a03edfc9c0b270326313272b1a7a82a45495cbf | |
4405 | ||
4406 | KDF = TLS13-KDF | |
4407 | Ctrl.mode = mode:EXTRACT_ONLY | |
4408 | Ctrl.digest = digest:SHA2-384 | |
4409 | Ctrl.salt = hexsalt:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31 | |
4410 | Ctrl.prefix = hexprefix:746c73313320 | |
4411 | Ctrl.label = hexlabel:64657269766564 | |
4412 | Output = f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 | |
4413 | ||
4414 | KDF = TLS13-KDF | |
4415 | Ctrl.mode = mode:EXPAND_ONLY | |
4416 | Ctrl.digest = digest:SHA2-384 | |
4417 | Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 | |
4418 | Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 | |
4419 | Ctrl.prefix = hexprefix:746c73313320 | |
4420 | Ctrl.label = hexlabel:632061702074726166666963 | |
4421 | Output = 006523da7c759a9664b0a29c6d4d6c3f24a5f1f0642874f6f260b3617514dc933703f8e21be3d79246511d6eb0602fa8 | |
4422 | ||
4423 | KDF = TLS13-KDF | |
4424 | Ctrl.mode = mode:EXPAND_ONLY | |
4425 | Ctrl.digest = digest:SHA2-384 | |
4426 | Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 | |
4427 | Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 | |
4428 | Ctrl.prefix = hexprefix:746c73313320 | |
4429 | Ctrl.label = hexlabel:732061702074726166666963 | |
4430 | Output = 56c42d1105ac8073316e6be3efd459539bf8c9fe8b55f24895d643f2d5a6e882a9334e7a3e8e7092072e62d6c67ba038 | |
4431 | ||
4432 | KDF = TLS13-KDF | |
4433 | Ctrl.mode = mode:EXPAND_ONLY | |
4434 | Ctrl.digest = digest:SHA2-384 | |
4435 | Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 | |
4436 | Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75 | |
4437 | Ctrl.prefix = hexprefix:746c73313320 | |
4438 | Ctrl.label = hexlabel:657870206d6173746572 | |
4439 | Output = 40c01edda9d1bb545623f56ddd05fd9c788b7eacd667bbb3916ae0d71c1235f3b8943fbedae9447b1c9492e2d5806f07 | |
4440 | ||
4441 | KDF = TLS13-KDF | |
4442 | Ctrl.mode = mode:EXPAND_ONLY | |
4443 | Ctrl.digest = digest:SHA2-384 | |
4444 | Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65 | |
4445 | Ctrl.data = hexdata:f782fce708c7fb5bf48303d42e38c4c3598b4c82e186b424cd2e6a4514a58da02a6e472e04981d9235a996fa82de748e | |
4446 | Ctrl.prefix = hexprefix:746c73313320 | |
4447 | Ctrl.label = hexlabel:726573206d6173746572 | |
4448 | Output = 6d2a9e1c4f7a07f51af877f2e301ddf37c2c7deae30947c53c076e7b20dd20dd137724f62706b35ba3dd02fe1bbc6771 | |
4449 | ||
4450 | # New TLS 1.3 session starts here | |
4451 | ||
4452 | KDF = TLS13-KDF | |
4453 | Ctrl.mode = mode:EXTRACT_ONLY | |
4454 | Ctrl.digest = digest:SHA2-384 | |
4455 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4456 | ||
4457 | KDF = TLS13-KDF | |
4458 | Ctrl.mode = mode:EXPAND_ONLY | |
4459 | Ctrl.digest = digest:SHA2-384 | |
4460 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4461 | Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb | |
4462 | Ctrl.prefix = hexprefix:746c73313320 | |
4463 | Ctrl.label = hexlabel:6320652074726166666963 | |
4464 | Output = 0930f5fe2f1a7651534350db7cbf81a30d90d6acf11ee7054fb1fe03ba6f1657a5452f1e0c8aec106e682bf3ce319d9d | |
4465 | ||
4466 | KDF = TLS13-KDF | |
4467 | Ctrl.mode = mode:EXPAND_ONLY | |
4468 | Ctrl.digest = digest:SHA2-384 | |
4469 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4470 | Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb | |
4471 | Ctrl.prefix = hexprefix:746c73313320 | |
4472 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4473 | Output = 9a64292070a6ea9704cd7117bfcbe7c6378c9c63ed0c0f997cfb518db5f87ca1006e1eb374a3b9515138e9b39774218f | |
4474 | ||
4475 | KDF = TLS13-KDF | |
4476 | Ctrl.mode = mode:EXTRACT_ONLY | |
4477 | Ctrl.digest = digest:SHA2-384 | |
4478 | Ctrl.key = hexkey:371954308edaeefb9e4abddcfc514a9c812bb34dfbcfcb6cea1d2246a62427d5 | |
4479 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4480 | Ctrl.prefix = hexprefix:746c73313320 | |
4481 | Ctrl.label = hexlabel:64657269766564 | |
4482 | Output = 0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c | |
4483 | ||
4484 | KDF = TLS13-KDF | |
4485 | Ctrl.mode = mode:EXPAND_ONLY | |
4486 | Ctrl.digest = digest:SHA2-384 | |
4487 | Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c | |
4488 | Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2 | |
4489 | Ctrl.prefix = hexprefix:746c73313320 | |
4490 | Ctrl.label = hexlabel:632068732074726166666963 | |
4491 | Output = 43d49b8255b120ed5e58ec8a6e8af25a9744bcf09f49385df6fc1568165241349fc546d4f0fb5c8024453b96df6dd2e1 | |
4492 | ||
4493 | KDF = TLS13-KDF | |
4494 | Ctrl.mode = mode:EXPAND_ONLY | |
4495 | Ctrl.digest = digest:SHA2-384 | |
4496 | Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c | |
4497 | Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2 | |
4498 | Ctrl.prefix = hexprefix:746c73313320 | |
4499 | Ctrl.label = hexlabel:732068732074726166666963 | |
4500 | Output = 3d9858bf41c9e22fc524227a645f3782fbee662c900b2fb1888427a72117ac0fb1e013162bff6bbaa3f5f1547eec7be2 | |
4501 | ||
4502 | KDF = TLS13-KDF | |
4503 | Ctrl.mode = mode:EXTRACT_ONLY | |
4504 | Ctrl.digest = digest:SHA2-384 | |
4505 | Ctrl.salt = hexsalt:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c | |
4506 | Ctrl.prefix = hexprefix:746c73313320 | |
4507 | Ctrl.label = hexlabel:64657269766564 | |
4508 | Output = 9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 | |
4509 | ||
4510 | KDF = TLS13-KDF | |
4511 | Ctrl.mode = mode:EXPAND_ONLY | |
4512 | Ctrl.digest = digest:SHA2-384 | |
4513 | Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 | |
4514 | Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 | |
4515 | Ctrl.prefix = hexprefix:746c73313320 | |
4516 | Ctrl.label = hexlabel:632061702074726166666963 | |
4517 | Output = 64477d25734889a7062ccd36d73e3ae3ce4a416efc4ca6e625b79052a1db24c285e34c8cdf31656c8323ab9ce44ad4df | |
4518 | ||
4519 | KDF = TLS13-KDF | |
4520 | Ctrl.mode = mode:EXPAND_ONLY | |
4521 | Ctrl.digest = digest:SHA2-384 | |
4522 | Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 | |
4523 | Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 | |
4524 | Ctrl.prefix = hexprefix:746c73313320 | |
4525 | Ctrl.label = hexlabel:732061702074726166666963 | |
4526 | Output = e0036e688f3a556a15ffe19fe2795913d9f499ffd3919d9107ae062066b53f5395486bee26e8f9892616e2c99cced28d | |
4527 | ||
4528 | KDF = TLS13-KDF | |
4529 | Ctrl.mode = mode:EXPAND_ONLY | |
4530 | Ctrl.digest = digest:SHA2-384 | |
4531 | Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 | |
4532 | Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1 | |
4533 | Ctrl.prefix = hexprefix:746c73313320 | |
4534 | Ctrl.label = hexlabel:657870206d6173746572 | |
4535 | Output = 2c1f8cd1719ce51ff646c6fc92a5763ec5ff6902400dd012bf880087370033b00650ba4ae3b3681881d6cc591ed5641c | |
4536 | ||
4537 | KDF = TLS13-KDF | |
4538 | Ctrl.mode = mode:EXPAND_ONLY | |
4539 | Ctrl.digest = digest:SHA2-384 | |
4540 | Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474 | |
4541 | Ctrl.data = hexdata:43fbbfe6d001f7ac624624c609ba92441e04aa4c0fef40654b82e01b72a791e80618e175d22fe6b5ab5c178f7667e867 | |
4542 | Ctrl.prefix = hexprefix:746c73313320 | |
4543 | Ctrl.label = hexlabel:726573206d6173746572 | |
4544 | Output = a2495c69d4cc3b35dbfee989ae9455415705935a77651a37385b67908eaed40c071208755018bec80a6c34bd64406710 | |
4545 | ||
4546 | # New TLS 1.3 session starts here | |
4547 | ||
4548 | KDF = TLS13-KDF | |
4549 | Ctrl.mode = mode:EXTRACT_ONLY | |
4550 | Ctrl.digest = digest:SHA2-384 | |
4551 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4552 | ||
4553 | KDF = TLS13-KDF | |
4554 | Ctrl.mode = mode:EXPAND_ONLY | |
4555 | Ctrl.digest = digest:SHA2-384 | |
4556 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4557 | Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5 | |
4558 | Ctrl.prefix = hexprefix:746c73313320 | |
4559 | Ctrl.label = hexlabel:6320652074726166666963 | |
4560 | Output = ad0645846c685bc37094123403a2a7f7caec78e687b185e1496f655d254f3bcffd04bc29e2b2dc04d8ec8e9f11ddfcf4 | |
4561 | ||
4562 | KDF = TLS13-KDF | |
4563 | Ctrl.mode = mode:EXPAND_ONLY | |
4564 | Ctrl.digest = digest:SHA2-384 | |
4565 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4566 | Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5 | |
4567 | Ctrl.prefix = hexprefix:746c73313320 | |
4568 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4569 | Output = ba83f794ed25e29fe7aeff5b542457fc3e90e4c3acc980110ba95a2e4652afedb25787b265972892002369b894516231 | |
4570 | ||
4571 | KDF = TLS13-KDF | |
4572 | Ctrl.mode = mode:EXTRACT_ONLY | |
4573 | Ctrl.digest = digest:SHA2-384 | |
4574 | Ctrl.key = hexkey:0b8a848caaab3159494881a4dd372009485dafc170fc11648bfe829f9001dc63 | |
4575 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4576 | Ctrl.prefix = hexprefix:746c73313320 | |
4577 | Ctrl.label = hexlabel:64657269766564 | |
4578 | Output = f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 | |
4579 | ||
4580 | KDF = TLS13-KDF | |
4581 | Ctrl.mode = mode:EXPAND_ONLY | |
4582 | Ctrl.digest = digest:SHA2-384 | |
4583 | Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 | |
4584 | Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755 | |
4585 | Ctrl.prefix = hexprefix:746c73313320 | |
4586 | Ctrl.label = hexlabel:632068732074726166666963 | |
4587 | Output = 3a3c7ba28192268cb293a348092bcda2d8b60428b3c3a0bb4317d0ed5a1111a3054f4aa514beb79e31121e91965e9e80 | |
4588 | ||
4589 | KDF = TLS13-KDF | |
4590 | Ctrl.mode = mode:EXPAND_ONLY | |
4591 | Ctrl.digest = digest:SHA2-384 | |
4592 | Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 | |
4593 | Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755 | |
4594 | Ctrl.prefix = hexprefix:746c73313320 | |
4595 | Ctrl.label = hexlabel:732068732074726166666963 | |
4596 | Output = 731e40db136f53384be606574f940d789c5be823c28727d46817b628ee9b836696d50d064298f89ee80d2adfc092ce72 | |
4597 | ||
4598 | KDF = TLS13-KDF | |
4599 | Ctrl.mode = mode:EXTRACT_ONLY | |
4600 | Ctrl.digest = digest:SHA2-384 | |
4601 | Ctrl.salt = hexsalt:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18 | |
4602 | Ctrl.prefix = hexprefix:746c73313320 | |
4603 | Ctrl.label = hexlabel:64657269766564 | |
4604 | Output = 509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 | |
4605 | ||
4606 | KDF = TLS13-KDF | |
4607 | Ctrl.mode = mode:EXPAND_ONLY | |
4608 | Ctrl.digest = digest:SHA2-384 | |
4609 | Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 | |
4610 | Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 | |
4611 | Ctrl.prefix = hexprefix:746c73313320 | |
4612 | Ctrl.label = hexlabel:632061702074726166666963 | |
4613 | Output = cd593873f98049f9729edb4562ca7cc434142f633a098c0119be0931cdb78d084d3daa01d7a46526d1d2fc1b04b918b2 | |
4614 | ||
4615 | KDF = TLS13-KDF | |
4616 | Ctrl.mode = mode:EXPAND_ONLY | |
4617 | Ctrl.digest = digest:SHA2-384 | |
4618 | Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 | |
4619 | Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 | |
4620 | Ctrl.prefix = hexprefix:746c73313320 | |
4621 | Ctrl.label = hexlabel:732061702074726166666963 | |
4622 | Output = 38b5ff48b24cfd296919ecb290f774f02a56d247430c8cdb4615d1a4d9c80ae08fef8a4f5c06d1d566ce34dcbbd8f9c4 | |
4623 | ||
4624 | KDF = TLS13-KDF | |
4625 | Ctrl.mode = mode:EXPAND_ONLY | |
4626 | Ctrl.digest = digest:SHA2-384 | |
4627 | Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 | |
4628 | Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90 | |
4629 | Ctrl.prefix = hexprefix:746c73313320 | |
4630 | Ctrl.label = hexlabel:657870206d6173746572 | |
4631 | Output = 6a25ad33e7a00d1fd2336d16c00068e0ac0bdb155b2035248cd9c10c4d8f7806adc26a34fcefe4cf958351d8af04454e | |
4632 | ||
4633 | KDF = TLS13-KDF | |
4634 | Ctrl.mode = mode:EXPAND_ONLY | |
4635 | Ctrl.digest = digest:SHA2-384 | |
4636 | Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071 | |
4637 | Ctrl.data = hexdata:377bd75f1a7f42975c10046c29884917dc101db1b42d0b56ae55f3fe64b19ad9b4538fb70d99cf4e48d23787538f1542 | |
4638 | Ctrl.prefix = hexprefix:746c73313320 | |
4639 | Ctrl.label = hexlabel:726573206d6173746572 | |
4640 | Output = 73b00fb31a4c8f1e2db8ae1dcab522b0db44b1cbee4c2bb79cf59df1818c516dbbc5f060c3235a2baab8b285c5947cfe | |
4641 | ||
4642 | # New TLS 1.3 session starts here | |
4643 | ||
4644 | KDF = TLS13-KDF | |
4645 | Ctrl.mode = mode:EXTRACT_ONLY | |
4646 | Ctrl.digest = digest:SHA2-384 | |
4647 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4648 | ||
4649 | KDF = TLS13-KDF | |
4650 | Ctrl.mode = mode:EXPAND_ONLY | |
4651 | Ctrl.digest = digest:SHA2-384 | |
4652 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4653 | Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a | |
4654 | Ctrl.prefix = hexprefix:746c73313320 | |
4655 | Ctrl.label = hexlabel:6320652074726166666963 | |
4656 | Output = bb79c15599851619e575397c9e10951c49c840f30ec15e3320f600be6eac5d899bc1236f170254ce292765e853cc0459 | |
4657 | ||
4658 | KDF = TLS13-KDF | |
4659 | Ctrl.mode = mode:EXPAND_ONLY | |
4660 | Ctrl.digest = digest:SHA2-384 | |
4661 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4662 | Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a | |
4663 | Ctrl.prefix = hexprefix:746c73313320 | |
4664 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4665 | Output = 9acbe9f41e06ae8f628277e9bf5f3cc8bb35586ccc1be1e0ab73199c674e156a3d72940e77f6df3c8e07728bc9c75ff6 | |
4666 | ||
4667 | KDF = TLS13-KDF | |
4668 | Ctrl.mode = mode:EXTRACT_ONLY | |
4669 | Ctrl.digest = digest:SHA2-384 | |
4670 | Ctrl.key = hexkey:7ed65de5e19dae7c8ecbcfe1c85cedda4c0e0320bbfa863cf8f7123a45b7454b | |
4671 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4672 | Ctrl.prefix = hexprefix:746c73313320 | |
4673 | Ctrl.label = hexlabel:64657269766564 | |
4674 | Output = 2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f | |
4675 | ||
4676 | KDF = TLS13-KDF | |
4677 | Ctrl.mode = mode:EXPAND_ONLY | |
4678 | Ctrl.digest = digest:SHA2-384 | |
4679 | Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f | |
4680 | Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174 | |
4681 | Ctrl.prefix = hexprefix:746c73313320 | |
4682 | Ctrl.label = hexlabel:632068732074726166666963 | |
4683 | Output = 8097220d31a4dd82ceefcf40e805b314f9b7f25b246da9397a1417379e8ee08ee9f41dda7081945a7c1a6eb4a6a09296 | |
4684 | ||
4685 | KDF = TLS13-KDF | |
4686 | Ctrl.mode = mode:EXPAND_ONLY | |
4687 | Ctrl.digest = digest:SHA2-384 | |
4688 | Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f | |
4689 | Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174 | |
4690 | Ctrl.prefix = hexprefix:746c73313320 | |
4691 | Ctrl.label = hexlabel:732068732074726166666963 | |
4692 | Output = 1fc2a842d11076c62432ddbc065a73c7a022d65cc382aefc74ebc07b95cff1dba2422cbd5ddf7e47ce9f9738c8deb5d1 | |
4693 | ||
4694 | KDF = TLS13-KDF | |
4695 | Ctrl.mode = mode:EXTRACT_ONLY | |
4696 | Ctrl.digest = digest:SHA2-384 | |
4697 | Ctrl.salt = hexsalt:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f | |
4698 | Ctrl.prefix = hexprefix:746c73313320 | |
4699 | Ctrl.label = hexlabel:64657269766564 | |
4700 | Output = 60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 | |
4701 | ||
4702 | KDF = TLS13-KDF | |
4703 | Ctrl.mode = mode:EXPAND_ONLY | |
4704 | Ctrl.digest = digest:SHA2-384 | |
4705 | Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 | |
4706 | Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 | |
4707 | Ctrl.prefix = hexprefix:746c73313320 | |
4708 | Ctrl.label = hexlabel:632061702074726166666963 | |
4709 | Output = 0eaef4e848bbd1927ff4263a9a6cf67ea1dd0c00af88cc00e31714387fe5706a2415fdc939a6167cbdc89fd9133ccca1 | |
4710 | ||
4711 | KDF = TLS13-KDF | |
4712 | Ctrl.mode = mode:EXPAND_ONLY | |
4713 | Ctrl.digest = digest:SHA2-384 | |
4714 | Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 | |
4715 | Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 | |
4716 | Ctrl.prefix = hexprefix:746c73313320 | |
4717 | Ctrl.label = hexlabel:732061702074726166666963 | |
4718 | Output = ed0cce2c375b1690d5940de879205a6c859cc81904c1f9da882ba559bfb8fbcd7b24b3a6f58947d21a8023aced8ae156 | |
4719 | ||
4720 | KDF = TLS13-KDF | |
4721 | Ctrl.mode = mode:EXPAND_ONLY | |
4722 | Ctrl.digest = digest:SHA2-384 | |
4723 | Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 | |
4724 | Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6 | |
4725 | Ctrl.prefix = hexprefix:746c73313320 | |
4726 | Ctrl.label = hexlabel:657870206d6173746572 | |
4727 | Output = 03f29110d0c506ff9306ef46b3ef76366fa5fc9e28f6aff85272bba972ba93590326b11677a4b9e5c320db84888a2b5d | |
4728 | ||
4729 | KDF = TLS13-KDF | |
4730 | Ctrl.mode = mode:EXPAND_ONLY | |
4731 | Ctrl.digest = digest:SHA2-384 | |
4732 | Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1 | |
4733 | Ctrl.data = hexdata:6c6c915c1256ed57209751aa4850daa7454819858a0fedb12c373a7037abc50c7b547cdfd32c33cb8f6138c088165e61 | |
4734 | Ctrl.prefix = hexprefix:746c73313320 | |
4735 | Ctrl.label = hexlabel:726573206d6173746572 | |
4736 | Output = 52abe73f22784e9e5af068f7f3ded581bc5950c1a0923a0ea47a3357f8bfcf7f071b3178ec320a91f82286a81bfa3c43 | |
4737 | ||
4738 | # New TLS 1.3 session starts here | |
4739 | ||
4740 | KDF = TLS13-KDF | |
4741 | Ctrl.mode = mode:EXTRACT_ONLY | |
4742 | Ctrl.digest = digest:SHA2-384 | |
4743 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4744 | ||
4745 | KDF = TLS13-KDF | |
4746 | Ctrl.mode = mode:EXPAND_ONLY | |
4747 | Ctrl.digest = digest:SHA2-384 | |
4748 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4749 | Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7 | |
4750 | Ctrl.prefix = hexprefix:746c73313320 | |
4751 | Ctrl.label = hexlabel:6320652074726166666963 | |
4752 | Output = 40bff2dcbdee9a8b61f55017319943a546398712bb8a966ce898169d5802f49db9e5358a41ad2f2aef4897853267e92d | |
4753 | ||
4754 | KDF = TLS13-KDF | |
4755 | Ctrl.mode = mode:EXPAND_ONLY | |
4756 | Ctrl.digest = digest:SHA2-384 | |
4757 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4758 | Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7 | |
4759 | Ctrl.prefix = hexprefix:746c73313320 | |
4760 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4761 | Output = 954fb227097f71dcbd9acea908bcefab365bafeb4f0fbe1185511c75fa9d5cf935e2d9e3f0ac3a4327931a6cf0e142b5 | |
4762 | ||
4763 | KDF = TLS13-KDF | |
4764 | Ctrl.mode = mode:EXTRACT_ONLY | |
4765 | Ctrl.digest = digest:SHA2-384 | |
4766 | Ctrl.key = hexkey:1bfc5d5773f74aa53facc022cd186a00cabb76e156d2ea1abfb0f4889f4c129d | |
4767 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4768 | Ctrl.prefix = hexprefix:746c73313320 | |
4769 | Ctrl.label = hexlabel:64657269766564 | |
4770 | Output = f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 | |
4771 | ||
4772 | KDF = TLS13-KDF | |
4773 | Ctrl.mode = mode:EXPAND_ONLY | |
4774 | Ctrl.digest = digest:SHA2-384 | |
4775 | Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 | |
4776 | Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e | |
4777 | Ctrl.prefix = hexprefix:746c73313320 | |
4778 | Ctrl.label = hexlabel:632068732074726166666963 | |
4779 | Output = 31d469f1dc7fe92aa00eae4bc9ce3f625b00add7194bd40ed1e2ea8fc1ea653b458002ad4f7644e80c2dd9ad2c4930e3 | |
4780 | ||
4781 | KDF = TLS13-KDF | |
4782 | Ctrl.mode = mode:EXPAND_ONLY | |
4783 | Ctrl.digest = digest:SHA2-384 | |
4784 | Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 | |
4785 | Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e | |
4786 | Ctrl.prefix = hexprefix:746c73313320 | |
4787 | Ctrl.label = hexlabel:732068732074726166666963 | |
4788 | Output = 50a9866eff7c6875dff61dba25eab5d6fa4f73b4be5dd257fa6697f987c5fd2cd7e45c539939611f9255e99708a8763c | |
4789 | ||
4790 | KDF = TLS13-KDF | |
4791 | Ctrl.mode = mode:EXTRACT_ONLY | |
4792 | Ctrl.digest = digest:SHA2-384 | |
4793 | Ctrl.salt = hexsalt:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7 | |
4794 | Ctrl.prefix = hexprefix:746c73313320 | |
4795 | Ctrl.label = hexlabel:64657269766564 | |
4796 | Output = 4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 | |
4797 | ||
4798 | KDF = TLS13-KDF | |
4799 | Ctrl.mode = mode:EXPAND_ONLY | |
4800 | Ctrl.digest = digest:SHA2-384 | |
4801 | Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 | |
4802 | Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 | |
4803 | Ctrl.prefix = hexprefix:746c73313320 | |
4804 | Ctrl.label = hexlabel:632061702074726166666963 | |
4805 | Output = 4e48ccc5baf9fef7faca6b6488554afecdfe95aafe1735ad7132dfca679a398cb292072a20b3d654e77d4f4088c3c442 | |
4806 | ||
4807 | KDF = TLS13-KDF | |
4808 | Ctrl.mode = mode:EXPAND_ONLY | |
4809 | Ctrl.digest = digest:SHA2-384 | |
4810 | Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 | |
4811 | Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 | |
4812 | Ctrl.prefix = hexprefix:746c73313320 | |
4813 | Ctrl.label = hexlabel:732061702074726166666963 | |
4814 | Output = b6216139c37365152a9212fd9c1c196722aed27e18f9e3d7b1e85b4a4c1138a1b1067b232047bb64b87b3f929678e920 | |
4815 | ||
4816 | KDF = TLS13-KDF | |
4817 | Ctrl.mode = mode:EXPAND_ONLY | |
4818 | Ctrl.digest = digest:SHA2-384 | |
4819 | Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 | |
4820 | Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5 | |
4821 | Ctrl.prefix = hexprefix:746c73313320 | |
4822 | Ctrl.label = hexlabel:657870206d6173746572 | |
4823 | Output = e6613af88be1d9293810ab50aad497da17e5225f7b8a164101220eb6550a244400b4da5b452e9b9e1a23d97c0af675bd | |
4824 | ||
4825 | KDF = TLS13-KDF | |
4826 | Ctrl.mode = mode:EXPAND_ONLY | |
4827 | Ctrl.digest = digest:SHA2-384 | |
4828 | Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93 | |
4829 | Ctrl.data = hexdata:f3344607473544b81c603c2e454a746a8a4be1c160de9e179d3a18d7992e8e81b26e614915194a49559a5af162266469 | |
4830 | Ctrl.prefix = hexprefix:746c73313320 | |
4831 | Ctrl.label = hexlabel:726573206d6173746572 | |
4832 | Output = f736aaa47bf602b96fa971f98110c76919b88e460cb9e0dc6ed39135e204638b3c00ed9bc5e7e4f66c90339a515cc76e | |
4833 | ||
4834 | # New TLS 1.3 session starts here | |
4835 | ||
4836 | KDF = TLS13-KDF | |
4837 | Ctrl.mode = mode:EXTRACT_ONLY | |
4838 | Ctrl.digest = digest:SHA2-384 | |
4839 | Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4840 | ||
4841 | KDF = TLS13-KDF | |
4842 | Ctrl.mode = mode:EXPAND_ONLY | |
4843 | Ctrl.digest = digest:SHA2-384 | |
4844 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4845 | Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe | |
4846 | Ctrl.prefix = hexprefix:746c73313320 | |
4847 | Ctrl.label = hexlabel:6320652074726166666963 | |
4848 | Output = 9c5f3f76bd2ec1e2cce62de12f6502c3588e52585d1cb2d35d4b4ca80cb98acd77b545275fd1021118c41b13ec14faca | |
4849 | ||
4850 | KDF = TLS13-KDF | |
4851 | Ctrl.mode = mode:EXPAND_ONLY | |
4852 | Ctrl.digest = digest:SHA2-384 | |
4853 | Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4854 | Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe | |
4855 | Ctrl.prefix = hexprefix:746c73313320 | |
4856 | Ctrl.label = hexlabel:6520657870206d6173746572 | |
4857 | Output = a4a4fe8b35f44a35be31b532937514de2f79a7fa0db63241463ec04be6eb2e56288d579af1160c12d5218e42c921cfb3 | |
4858 | ||
4859 | KDF = TLS13-KDF | |
4860 | Ctrl.mode = mode:EXTRACT_ONLY | |
4861 | Ctrl.digest = digest:SHA2-384 | |
4862 | Ctrl.key = hexkey:219eb41da6bbbe2f14de92589983c15c6b84119ce6c515f32d1850835d73e8d6 | |
4863 | Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5 | |
4864 | Ctrl.prefix = hexprefix:746c73313320 | |
4865 | Ctrl.label = hexlabel:64657269766564 | |
4866 | Output = 431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 | |
4867 | ||
4868 | KDF = TLS13-KDF | |
4869 | Ctrl.mode = mode:EXPAND_ONLY | |
4870 | Ctrl.digest = digest:SHA2-384 | |
4871 | Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 | |
4872 | Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d | |
4873 | Ctrl.prefix = hexprefix:746c73313320 | |
4874 | Ctrl.label = hexlabel:632068732074726166666963 | |
4875 | Output = 9cd9027a2964c3b088f7f7b870b1fe8a490f08951228e28dbddd6fcece8871d4f76d087caf4eea780707d4094f7c6d3c | |
4876 | ||
4877 | KDF = TLS13-KDF | |
4878 | Ctrl.mode = mode:EXPAND_ONLY | |
4879 | Ctrl.digest = digest:SHA2-384 | |
4880 | Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 | |
4881 | Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d | |
4882 | Ctrl.prefix = hexprefix:746c73313320 | |
4883 | Ctrl.label = hexlabel:732068732074726166666963 | |
4884 | Output = 77e5a6b8b7f8ecd805953b2fe7a0e71ede9216d09a6d7f82aecc9bf30c60039c7571164d192f5a1df0a4960afe8cc0d8 | |
4885 | ||
4886 | KDF = TLS13-KDF | |
4887 | Ctrl.mode = mode:EXTRACT_ONLY | |
4888 | Ctrl.digest = digest:SHA2-384 | |
4889 | Ctrl.salt = hexsalt:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717 | |
4890 | Ctrl.prefix = hexprefix:746c73313320 | |
4891 | Ctrl.label = hexlabel:64657269766564 | |
4892 | Output = 6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 | |
4893 | ||
4894 | KDF = TLS13-KDF | |
4895 | Ctrl.mode = mode:EXPAND_ONLY | |
4896 | Ctrl.digest = digest:SHA2-384 | |
4897 | Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 | |
4898 | Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 | |
4899 | Ctrl.prefix = hexprefix:746c73313320 | |
4900 | Ctrl.label = hexlabel:632061702074726166666963 | |
4901 | Output = be7f1f64963b74fff1aaecb5c9983692d1f2bb3dd71feeddd9f890eeda29d311793ded08b7bd9c4399e5bc20c5ec7d81 | |
4902 | ||
4903 | KDF = TLS13-KDF | |
4904 | Ctrl.mode = mode:EXPAND_ONLY | |
4905 | Ctrl.digest = digest:SHA2-384 | |
4906 | Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 | |
4907 | Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 | |
4908 | Ctrl.prefix = hexprefix:746c73313320 | |
4909 | Ctrl.label = hexlabel:732061702074726166666963 | |
4910 | Output = eec520009350bd7c53c88bc30bb65e94bdb5a883dd386a454a557c457db49eb3d2725daaa7152fd893fd6367bff5c533 | |
4911 | ||
4912 | KDF = TLS13-KDF | |
4913 | Ctrl.mode = mode:EXPAND_ONLY | |
4914 | Ctrl.digest = digest:SHA2-384 | |
4915 | Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 | |
4916 | Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7 | |
4917 | Ctrl.prefix = hexprefix:746c73313320 | |
4918 | Ctrl.label = hexlabel:657870206d6173746572 | |
4919 | Output = 0c529fb71c21986c91c4f2d47b5502065ba9ac2ac65559f1db6e1a09b9b36b6f4cbed7bb347a690b5b23c76f77afc6b5 | |
4920 | ||
4921 | KDF = TLS13-KDF | |
4922 | Ctrl.mode = mode:EXPAND_ONLY | |
4923 | Ctrl.digest = digest:SHA2-384 | |
4924 | Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907 | |
4925 | Ctrl.data = hexdata:5371106674e76ed37b98539d231b84a663abe1818125034e91b2debc4280ba942381c0426e338d43951e5206a09f30d2 | |
4926 | Ctrl.prefix = hexprefix:746c73313320 | |
4927 | Ctrl.label = hexlabel:726573206d6173746572 | |
4928 | Output = 7eacca12e407d32a062bc0aabbcbc9d32953cd50b131fcc63d34e5a4b200347098001b6e43c28a68705edac3c967285b | |
4929 | ||
4930 | Title = TLS13-KDF bad mode test | |
4931 | ||
4932 | KDF = TLS13-KDF | |
4933 | Ctrl.mode = mode:EXTRACT_AND_EXPAND | |
4934 | Ctrl.digest = digest:SHA256 | |
4935 | Result = KDF_CTRL_ERROR | |
4936 |
0 | 0 | # |
1 | # Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
56 | 56 | PKEYKDF = scrypt |
57 | 57 | Ctrl.pass = pass:pleaseletmein |
58 | 58 | Ctrl.salt = salt:SodiumChloride |
59 | Ctrl.N = N:1048576 | |
59 | Ctrl.N = n:2097152 | |
60 | 60 | Ctrl.r = r:8 |
61 | 61 | Ctrl.p = p:1 |
62 | Result = INTERNAL_ERROR | |
62 | Result = KDF_DERIVE_ERROR |
52 | 52 | Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 |
53 | 53 | Output = "The floofy bunnies hop at midnight" |
54 | 54 | |
55 | # Test with an C1y value < 32 bytes in length (self generated) | |
56 | Availablein = default | |
57 | Decrypt = SM2_key1 | |
58 | Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6 | |
59 | Output = "Hello World" | |
60 | ||
61 | # Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated) | |
62 | Availablein = default | |
63 | Decrypt = SM2_key1 | |
64 | Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 | |
65 | Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah." | |
66 | ||
55 | 67 | # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface |
56 | 68 | # is capable of creating a signature without failing, but it does not say |
57 | 69 | # anything about the generated signature being valid, nor does it test the |
0 | #! /usr/bin/env perl | |
1 | # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # | |
3 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
7 | ||
8 | ||
9 | use OpenSSL::Test::Simple; | |
10 | use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir/; | |
11 | use OpenSSL::Test::Utils; | |
12 | ||
13 | BEGIN { | |
14 | setup("test_prov_config"); | |
15 | } | |
16 | ||
17 | use lib srctop_dir('Configurations'); | |
18 | use lib bldtop_dir('.'); | |
19 | ||
20 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); | |
21 | ||
22 | plan tests => 2; | |
23 | ||
24 | ok(run(test(["prov_config_test", srctop_file("test", "default.cnf")])), | |
25 | "running prov_config_test default.cnf"); | |
26 | SKIP: { | |
27 | skip "Skipping FIPS test in this build", 1 if $no_fips; | |
28 | ||
29 | ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf")])), | |
30 | "running prov_config_test fips.cnf"); | |
31 | } |
0 | #! /usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | # |
2 | # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | # |
4 | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | # this file except in compliance with the License. You can obtain a copy |
0 | #! /usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | # |
2 | # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | # |
4 | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | # this file except in compliance with the License. You can obtain a copy |
0 | #! /usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | # |
2 | # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | # Copyright 2017 BaishanCloud. All rights reserved. |
4 | 4 | # |
5 | 5 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
0 | 0 | /* |
1 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
103 | 103 | return ret; |
104 | 104 | } |
105 | 105 | |
106 | /* Check that small rsa exponents are allowed in non FIPS mode */ | |
106 | 107 | static int test_check_public_exponent(void) |
107 | 108 | { |
108 | 109 | int ret = 0; |
109 | 110 | BIGNUM *e = NULL; |
110 | 111 | |
111 | 112 | ret = TEST_ptr(e = BN_new()) |
112 | /* e is too small */ | |
113 | && TEST_true(BN_set_word(e, 65535)) | |
113 | /* e is too small will fail */ | |
114 | && TEST_true(BN_set_word(e, 1)) | |
114 | 115 | && TEST_false(ossl_rsa_check_public_exponent(e)) |
115 | 116 | /* e is even will fail */ |
116 | 117 | && TEST_true(BN_set_word(e, 65536)) |
117 | 118 | && TEST_false(ossl_rsa_check_public_exponent(e)) |
118 | 119 | /* e is ok */ |
120 | && TEST_true(BN_set_word(e, 3)) | |
121 | && TEST_true(ossl_rsa_check_public_exponent(e)) | |
122 | && TEST_true(BN_set_word(e, 17)) | |
123 | && TEST_true(ossl_rsa_check_public_exponent(e)) | |
119 | 124 | && TEST_true(BN_set_word(e, 65537)) |
120 | 125 | && TEST_true(ossl_rsa_check_public_exponent(e)) |
121 | /* e = 2^256 is too big */ | |
126 | /* e = 2^256 + 1 is ok */ | |
122 | 127 | && TEST_true(BN_lshift(e, BN_value_one(), 256)) |
123 | && TEST_false(ossl_rsa_check_public_exponent(e)) | |
124 | /* e = 2^256-1 is odd and in range */ | |
125 | && TEST_true(BN_sub(e, e, BN_value_one())) | |
128 | && TEST_true(BN_add(e, e, BN_value_one())) | |
126 | 129 | && TEST_true(ossl_rsa_check_public_exponent(e)); |
127 | 130 | BN_free(e); |
128 | 131 | return ret; |
182 | 182 | if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) |
183 | 183 | goto done; |
184 | 184 | |
185 | if (!TEST_true(ossl_sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) | |
185 | if (!TEST_true(ossl_sm2_plaintext_size(ctext, ctext_len, &ptext_len)) | |
186 | 186 | || !TEST_int_eq(ptext_len, msg_len)) |
187 | 187 | goto done; |
188 | 188 |
0 | 0 | # |
1 | 1 | # OpenSSL example configuration file for automated certificate creation. |
2 | 2 | # |
3 | ||
4 | # Comment out the next line to ignore configuration errors | |
5 | config_diagnostics = 1 | |
3 | 6 | |
4 | 7 | # This definition stops the following lines choking if HOME or CN |
5 | 8 | # is undefined. |
6904 | 6904 | } info_cb_states[][60] = { |
6905 | 6905 | { |
6906 | 6906 | /* TLSv1.2 server followed by resumption */ |
6907 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6908 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6907 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6908 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6909 | 6909 | {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"}, |
6910 | 6910 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"}, |
6911 | 6911 | {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"}, |
6912 | 6912 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, |
6913 | 6913 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, |
6914 | 6914 | {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, |
6915 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, | |
6915 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, | |
6916 | 6916 | {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, |
6917 | 6917 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"}, |
6918 | 6918 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, |
6919 | 6919 | {SSL_CB_EXIT, NULL}, {0, NULL}, |
6920 | 6920 | }, { |
6921 | 6921 | /* TLSv1.2 client followed by resumption */ |
6922 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6922 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6923 | 6923 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, |
6924 | 6924 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"}, |
6925 | 6925 | {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"}, |
6926 | 6926 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, |
6927 | 6927 | {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, |
6928 | 6928 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, |
6929 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6929 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6930 | 6930 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, |
6931 | 6931 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, |
6932 | 6932 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, |
6933 | 6933 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, |
6934 | 6934 | }, { |
6935 | 6935 | /* TLSv1.3 server followed by resumption */ |
6936 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6937 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6936 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6937 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6938 | 6938 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, |
6939 | {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, | |
6939 | {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, | |
6940 | 6940 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, |
6941 | 6941 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"}, |
6942 | 6942 | {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, |
6943 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6944 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6943 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6944 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6945 | 6945 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, |
6946 | 6946 | {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, |
6947 | 6947 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, |
6948 | 6948 | {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, |
6949 | 6949 | }, { |
6950 | 6950 | /* TLSv1.3 client followed by resumption */ |
6951 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6951 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6952 | 6952 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, |
6953 | 6953 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, |
6954 | 6954 | {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, |
6955 | 6955 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, |
6956 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, | |
6957 | {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, | |
6958 | {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, | |
6956 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, | |
6957 | {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, | |
6958 | {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, | |
6959 | 6959 | {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, |
6960 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, | |
6960 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, | |
6961 | 6961 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, |
6962 | 6962 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, |
6963 | 6963 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, |
6964 | {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, | |
6964 | {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, | |
6965 | 6965 | {SSL_CB_EXIT, NULL}, {0, NULL}, |
6966 | 6966 | }, { |
6967 | 6967 | /* TLSv1.3 server, early_data */ |
6968 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6969 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6968 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6969 | {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
6970 | 6970 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, |
6971 | 6971 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, |
6972 | 6972 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, |
6975 | 6975 | {SSL_CB_EXIT, NULL}, {0, NULL}, |
6976 | 6976 | }, { |
6977 | 6977 | /* TLSv1.3 client, early_data */ |
6978 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
6978 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"}, | |
6979 | 6979 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"}, |
6980 | 6980 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, |
6981 | 6981 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, |
6982 | 6982 | {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, |
6983 | 6983 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, |
6984 | 6984 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, |
6985 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, | |
6985 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, | |
6986 | 6986 | {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL}, |
6987 | 6987 | }, { |
6988 | 6988 | {0, NULL}, |
0 | 0 | # Configuration file to test system default SSL configuration |
1 | ||
2 | # Comment out the next line to ignore configuration errors | |
3 | config_diagnostics = 1 | |
1 | 4 | |
2 | 5 | openssl_conf = default_conf |
3 | 6 | |
4 | 7 | [ default_conf ] |
5 | 8 | |
6 | 9 | ssl_conf = ssl_sect |
10 | oid_section = oid_sect | |
11 | ||
12 | [oid_sect] | |
13 | new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 | |
7 | 14 | |
8 | 15 | [ssl_sect] |
9 | 16 |
0 | 0 | /* |
1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
47 | 47 | return good; |
48 | 48 | } |
49 | 49 | |
50 | typedef struct { | |
51 | const char *ipasc; | |
52 | const char *data; | |
53 | int length; | |
54 | } IP_TESTDATA; | |
55 | ||
56 | static IP_TESTDATA a2i_ipaddress_tests[] = { | |
57 | {"127.0.0.1", "\x7f\x00\x00\x01", 4}, | |
58 | {"1.2.3.4", "\x01\x02\x03\x04", 4}, | |
59 | {"1.2.3.255", "\x01\x02\x03\xff", 4}, | |
60 | {"1.2.3", NULL, 0}, | |
61 | {"1.2.3 .4", NULL, 0}, | |
62 | ||
63 | {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16}, | |
64 | {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16}, | |
65 | {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16}, | |
66 | {"1:1:1:1:1:1:1:1.test", NULL, 0}, | |
67 | {":::1", NULL, 0}, | |
68 | {"2001::123g", NULL, 0}, | |
69 | ||
70 | {"example.test", NULL, 0}, | |
71 | {"", NULL, 0}, | |
72 | ||
73 | {"1.2.3.4 ", "\x01\x02\x03\x04", 4}, | |
74 | {" 1.2.3.4", "\x01\x02\x03\x04", 4}, | |
75 | {" 1.2.3.4 ", "\x01\x02\x03\x04", 4}, | |
76 | {"1.2.3.4.example.test", NULL, 0}, | |
77 | }; | |
78 | ||
79 | ||
80 | static int test_a2i_ipaddress(int idx) | |
81 | { | |
82 | int good = 1; | |
83 | ASN1_OCTET_STRING *ip; | |
84 | int len = a2i_ipaddress_tests[idx].length; | |
85 | ||
86 | ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc); | |
87 | if (len == 0) { | |
88 | if (!TEST_ptr_null(ip)) { | |
89 | good = 0; | |
90 | TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc); | |
91 | } | |
92 | } else { | |
93 | if (!TEST_ptr(ip) | |
94 | || !TEST_int_eq(ASN1_STRING_length(ip), len) | |
95 | || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len, | |
96 | a2i_ipaddress_tests[idx].data, len)) { | |
97 | good = 0; | |
98 | } | |
99 | } | |
100 | ASN1_OCTET_STRING_free(ip); | |
101 | return good; | |
102 | } | |
103 | ||
50 | 104 | int setup_tests(void) |
51 | 105 | { |
52 | 106 | ADD_TEST(test_standard_exts); |
107 | ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests)); | |
53 | 108 | return 1; |
54 | 109 | } |
381 | 381 | |
382 | 382 | /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ |
383 | 383 | if (t != NULL && x509_format_tests[idx].expected_string) { |
384 | if (!TEST_str_eq((const char *)t->data, | |
385 | x509_format_tests[idx].expected_string)) { | |
386 | TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", | |
387 | idx, x509_format_tests[idx].expected_string, t->data); | |
384 | if (!TEST_mem_eq((const char *)t->data, t->length, | |
385 | x509_format_tests[idx].expected_string, | |
386 | strlen(x509_format_tests[idx].expected_string))) { | |
387 | TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", | |
388 | idx, x509_format_tests[idx].expected_string, t->length, | |
389 | t->data); | |
388 | 390 | goto out; |
389 | 391 | } |
390 | 392 | } |
22 | 22 | my $debug = $ENV{ADD_DEPENDS_DEBUG}; |
23 | 23 | my $buildfile = $config{build_file}; |
24 | 24 | my $build_mtime = (stat($buildfile))[9]; |
25 | my $configdata_mtime = (stat('configdata.pm'))[9]; | |
25 | 26 | my $rebuild = 0; |
26 | 27 | my $depext = $target{dep_extension} || ".d"; |
27 | 28 | my @depfiles = |
29 | 30 | grep { |
30 | 31 | # This grep has side effects. Not only does if check the existence |
31 | 32 | # of the dependency file given in $_, but it also checks if it's |
32 | # newer than the build file, and if it is, sets $rebuild. | |
33 | # newer than the build file or older than configdata.pm, and if it | |
34 | # is, sets $rebuild. | |
33 | 35 | my @st = stat($_); |
34 | $rebuild = 1 if @st && $st[9] > $build_mtime; | |
36 | $rebuild = 1 | |
37 | if @st && ($st[9] > $build_mtime || $st[9] < $configdata_mtime); | |
35 | 38 | scalar @st > 0; # Determines the grep result |
36 | 39 | } |
37 | 40 | map { (my $x = $_) =~ s|\.o$|$depext|; $x; } |
68 | 71 | keys %{$unified_info{generate}}; |
69 | 72 | |
70 | 73 | my %procedures = ( |
71 | 'gcc' => undef, # gcc style dependency files needs no mods | |
74 | 'gcc' => | |
75 | sub { | |
76 | (my $objfile = shift) =~ s|\.d$|.o|i; | |
77 | my $line = shift; | |
78 | ||
79 | # Remove the original object file | |
80 | $line =~ s|^.*\.o: | |; | |
81 | # All we got now is a dependency, shave off surrounding spaces | |
82 | $line =~ s/^\s+//; | |
83 | $line =~ s/\s+$//; | |
84 | # Also, shave off any continuation | |
85 | $line =~ s/\s*\\$//; | |
86 | ||
87 | # Split the line into individual header files, and keep those | |
88 | # that exist in some form | |
89 | my @headers; | |
90 | for (split(/\s+/, $line)) { | |
91 | my $x = rel2abs($_); | |
92 | ||
93 | if (!$depconv_cache{$x}) { | |
94 | if (-f $x) { | |
95 | $depconv_cache{$x} = $_; | |
96 | } | |
97 | } | |
98 | ||
99 | if ($depconv_cache{$x}) { | |
100 | push @headers, $_; | |
101 | } else { | |
102 | print STDERR "DEBUG[$producer]: ignoring $objfile <- $line\n" | |
103 | if $debug; | |
104 | } | |
105 | } | |
106 | return ($objfile, join(' ', @headers)) if @headers; | |
107 | return undef; | |
108 | }, | |
72 | 109 | 'makedepend' => |
73 | 110 | sub { |
74 | 111 | # makedepend, in its infinite wisdom, wants to have the object file |
148 | 185 | # mappings for generated headers, we only need to deal |
149 | 186 | # with the source tree. |
150 | 187 | if ($dep =~ s|^\Q$abs_srcdir_shaved\E([\.>\]])?|$srcdir_shaved$1|i) { |
151 | $depconv_cache{$line} = $dep; | |
188 | # Also check that the header actually exists | |
189 | if (-f $line) { | |
190 | $depconv_cache{$line} = $dep; | |
191 | } | |
152 | 192 | } |
153 | 193 | } |
154 | 194 | return ($objfile, $depconv_cache{$line}) |
200 | 240 | # mappings for generated headers, we only need to deal |
201 | 241 | # with the source tree. |
202 | 242 | if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) { |
203 | $depconv_cache{$tail} = $dep; | |
243 | # Also check that the header actually exists | |
244 | if (-f $line) { | |
245 | $depconv_cache{$tail} = $dep; | |
246 | } | |
204 | 247 | } |
205 | 248 | } |
206 | 249 | return ($objfile, '"'.$depconv_cache{$tail}.'"') |
246 | 289 | # mappings for generated headers, we only need to deal |
247 | 290 | # with the source tree. |
248 | 291 | if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) { |
249 | $depconv_cache{$tail} = $dep; | |
292 | # Also check that the header actually exists | |
293 | if (-f $line) { | |
294 | $depconv_cache{$tail} = $dep; | |
295 | } | |
250 | 296 | } |
251 | 297 | } |
252 | 298 | return ($objfile, '"'.$depconv_cache{$tail}.'"') |
259 | 305 | }, |
260 | 306 | ); |
261 | 307 | my %continuations = ( |
262 | 'gcc' => undef, | |
308 | 'gcc' => "\\", | |
263 | 309 | 'makedepend' => "\\", |
264 | 310 | 'VMS C' => "-", |
265 | 311 | 'VC' => "\\", |
275 | 321 | my $buildfile_new = "$buildfile-$$"; |
276 | 322 | |
277 | 323 | my %collect = (); |
278 | if (defined $procedure) { | |
279 | foreach my $depfile (@depfiles) { | |
280 | open IDEP,$depfile or die "Trying to read $depfile: $!\n"; | |
281 | while (<IDEP>) { | |
282 | s|\R$||; # The better chomp | |
283 | my ($target, $deps) = $procedure->($depfile, $_); | |
284 | $collect{$target}->{$deps} = 1 if defined $target; | |
285 | } | |
286 | close IDEP; | |
324 | foreach my $depfile (@depfiles) { | |
325 | open IDEP,$depfile or die "Trying to read $depfile: $!\n"; | |
326 | while (<IDEP>) { | |
327 | s|\R$||; # The better chomp | |
328 | my ($target, $deps) = $procedure->($depfile, $_); | |
329 | $collect{$target}->{$deps} = 1 if defined $target; | |
287 | 330 | } |
331 | close IDEP; | |
288 | 332 | } |
289 | 333 | |
290 | 334 | open IBF, $buildfile or die "Trying to read $buildfile: $!\n"; |
297 | 341 | |
298 | 342 | print OBF "# DO NOT DELETE THIS LINE -- make depend depends on it.\n"; |
299 | 343 | |
300 | if (defined $procedure) { | |
301 | foreach my $target (sort keys %collect) { | |
302 | my $prefix = $target . ' :'; | |
303 | my @deps = sort keys %{$collect{$target}}; | |
304 | ||
305 | while (@deps) { | |
306 | my $buf = $prefix; | |
307 | $prefix = ''; | |
308 | ||
309 | while (@deps && ($buf eq '' | |
310 | || length($buf) + length($deps[0]) <= 77)) { | |
311 | $buf .= ' ' . shift @deps; | |
312 | } | |
313 | $buf .= ' '.$continuation if @deps; | |
314 | ||
315 | print OBF $buf,"\n" or die "Trying to print: $!\n" | |
344 | foreach my $target (sort keys %collect) { | |
345 | my $prefix = $target . ' :'; | |
346 | my @deps = sort keys %{$collect{$target}}; | |
347 | ||
348 | while (@deps) { | |
349 | my $buf = $prefix; | |
350 | $prefix = ''; | |
351 | ||
352 | while (@deps && ($buf eq '' | |
353 | || length($buf) + length($deps[0]) <= 77)) { | |
354 | $buf .= ' ' . shift @deps; | |
316 | 355 | } |
317 | } | |
318 | } else { | |
319 | foreach my $depfile (@depfiles) { | |
320 | open IDEP,$depfile or die "Trying to read $depfile: $!\n"; | |
321 | while (<IDEP>) { | |
322 | print OBF or die "Trying to print: $!\n"; | |
323 | } | |
324 | close IDEP; | |
356 | $buf .= ' '.$continuation if @deps; | |
357 | ||
358 | print OBF $buf,"\n" or die "Trying to print: $!\n" | |
325 | 359 | } |
326 | 360 | } |
327 | 361 |
0 | #!/usr/bin/perl | |
0 | #! /usr/bin/env perl | |
1 | 1 | # |
2 | 2 | # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | 3 | # Copyright Siemens AG 2019-2020 |
14 | 14 | | openssl sha256 -r \ |
15 | 15 | | sed -e "s| \\*stdin| $f|" |
16 | 16 | ;; |
17 | *.pl ) | |
17 | *.pl ) | |
18 | 18 | cat "$f" \ |
19 | 19 | | $HERE/lang-compress.pl 'perl' \ |
20 | 20 | | openssl sha256 -r \ |
21 | 21 | | sed -e "s| \\*stdin| $f|" |
22 | 22 | ;; |
23 | *.S ) | |
23 | *.S ) | |
24 | 24 | cat "$f" \ |
25 | 25 | | $HERE/lang-compress.pl 'S' \ |
26 | 26 | | openssl sha256 -r \ |
21 | 21 | |
22 | 22 | =over 4 |
23 | 23 | |
24 | =item - | |
24 | =item * | |
25 | 25 | |
26 | 26 | The template perl code delimiters (given with the C<DELIMITER> option) |
27 | 27 | are set to C<{-> and C<-}> by default. |
28 | 28 | |
29 | =item - | |
29 | =item * | |
30 | 30 | |
31 | 31 | A few extra functions are offered to be used by the template perl code, see |
32 | 32 | L</Functions>. |
21 | 21 | # These control our behavior. |
22 | 22 | my $DRYRUN; |
23 | 23 | my $VERBOSE; |
24 | my $WHERE = dirname($0); | |
24 | 25 | my $WAIT = 1; |
25 | my $WHERE = dirname($0); | |
26 | 26 | |
27 | 27 | # Machine type, etc., used to determine the platform |
28 | 28 | my $MACHINE; |
451 | 451 | [ 'ppc-apple-rhapsody', { target => "rhapsody-ppc" } ], |
452 | 452 | [ 'ppc-apple-darwin.*', |
453 | 453 | sub { |
454 | my $KERNEL_BITS = $ENV{KERNEL_BITS}; | |
454 | my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; | |
455 | 455 | my $ISA64 = `sysctl -n hw.optional.64bitops 2>/dev/null`; |
456 | 456 | if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) { |
457 | 457 | print <<EOF; |
467 | 467 | ], |
468 | 468 | [ 'i.86-apple-darwin.*', |
469 | 469 | sub { |
470 | my $KERNEL_BITS = $ENV{KERNEL_BITS}; | |
470 | my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; | |
471 | 471 | my $ISA64 = `sysctl -n hw.optional.x86_64 2>/dev/null`; |
472 | 472 | if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) { |
473 | 473 | print <<EOF; |
483 | 483 | ], |
484 | 484 | [ 'x86_64-apple-darwin.*', |
485 | 485 | sub { |
486 | my $KERNEL_BITS = $ENV{KERNEL_BITS}; | |
486 | my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; | |
487 | 487 | return { target => "darwin-i386" } if $KERNEL_BITS eq '32'; |
488 | 488 | |
489 | 489 | print <<EOF; |
531 | 531 | ], |
532 | 532 | [ 'ppc64-.*-linux2', |
533 | 533 | sub { |
534 | my $KERNEL_BITS = $ENV{KERNEL_BITS}; | |
534 | my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; | |
535 | 535 | if ( $KERNEL_BITS eq '' ) { |
536 | 536 | print <<EOF; |
537 | 537 | WARNING! To build 64-bit package, do this: |