Codebase list openssl / 6b08c2f
New upstream version 3.0.0 Sebastian Andrzej Siewior 2 years ago
216 changed file(s) with 9225 addition(s) and 1815 deletion(s). Raw diff Collapse all Expand all
+0
-1
ACKNOWLEDGEMENTS.md less more
33 Please see our [Thanks!][] page for the current acknowledgements.
44
55 [Thanks!]: https://www.openssl.org/community/thanks.html
6
+184
-12
CHANGES.md less more
2727
2828 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
2929
30 ### Changes between 1.1.1 and 3.0 beta 2 [29 Jul 2021]
30 ### Changes between 1.1.1 and 3.0.0 [7 sep 2021]
31
32 * TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now
33 deprecated.
34
35 *Matt Caswell*
36
37 * The `OPENSSL_s390xcap` environment variable can be used to set bits in the
38 S390X capability vector to zero. This simplifies testing of different code
39 paths on S390X architecture.
40
41 *Patrick Steuer*
42
43 * Encrypting more than 2^64 TLS records with AES-GCM is disallowed
44 as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from
45 SP 800-38D". The communication will fail at this point.
46
47 *Paul Dale*
48
49 * The EC_GROUP_clear_free() function is deprecated as there is nothing
50 confidential in EC_GROUP data.
51
52 *Nicola Tuveri*
53
54 * The byte order mark (BOM) character is ignored if encountered at the
55 beginning of a PEM-formatted file.
56
57 *Dmitry Belyavskiy*
58
59 * Added CMS support for the Russian GOST algorithms.
60
61 *Dmitry Belyavskiy*
62
63 * Due to move of the implementation of cryptographic operations
64 to the providers, validation of various operation parameters can
65 be postponed until the actual operation is executed where previously
66 it happened immediately when an operation parameter was set.
67
68 For example when setting an unsupported curve with
69 EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not
70 fail but later keygen operations with the EVP_PKEY_CTX will fail.
71
72 *OpenSSL team members and many third party contributors*
73
74 * The EVP_get_cipherbyname() function will return NULL for algorithms such as
75 "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
76 previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
77 instead to retrieve these algorithms from a provider.
78
79 *Shane Lontis*
80
81 * On build targets where the multilib postfix is set in the build
82 configuration the libdir directory was changing based on whether
83 the lib directory with the multilib postfix exists on the system
84 or not. This unpredictable behavior was removed and eventual
85 multilib postfix is now always added to the default libdir. Use
86 `--libdir=lib` to override the libdir if adding the postfix is
87 undesirable.
88
89 *Jan Lána*
90
91 * The triple DES key wrap functionality now conforms to RFC 3217 but is
92 no longer interoperable with OpenSSL 1.1.1.
93
94 *Paul Dale*
3195
3296 * The ERR_GET_FUNC() function was removed. With the loss of meaningful
3397 function codes, this function can only cause problems for calling
479543
480544 *Richard Levitte*
481545
546 * Added various `_ex` functions to the OpenSSL API that support using
547 a non-default `OSSL_LIB_CTX`.
548
549 *OpenSSL team*
550
482551 * Handshake now fails if Extended Master Secret extension is dropped
483552 on renegotiation.
484553
771840
772841 *Rich Salz*
773842
774 * Introduced a new method type and API, OSSL_ENCODER, to
775 represent generic encoders.
843 * Introduced a new method type and API, OSSL_ENCODER, to represent
844 generic encoders. These do the same sort of job that PEM writers
845 and d2i functions do, but with support for methods supplied by
846 providers, and the possibility for providers to support other
847 formats as well.
848
849 *Richard Levitte*
850
851 * Introduced a new method type and API, OSSL_DECODER, to represent
852 generic decoders. These do the same sort of job that PEM readers
853 and i2d functions do, but with support for methods supplied by
854 providers, and the possibility for providers to support other
855 formats as well.
776856
777857 *Richard Levitte*
778858
11811261
11821262 *Richard Levitte*
11831263
1184 * Add Single Step KDF (EVP_KDF_SS) to EVP_KDF.
1264 * Added KB KDF (EVP_KDF_KB) to EVP_KDF.
1265
1266 *Robbie Harwood*
1267
1268 * Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF.
1269
1270 *Simo Sorce*
1271
1272 * Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF.
11851273
11861274 *Shane Lontis*
11871275
1188 * Add KMAC to EVP_MAC.
1276 * Added KMAC to EVP_MAC.
11891277
11901278 *Shane Lontis*
11911279
13441432
13451433 *Raja Ashok*
13461434
1435 * Added a new concept for OpenSSL plugability: providers. This
1436 functionality is designed to replace the ENGINE API and ENGINE
1437 implementations, and to be much more dynamic, allowing provider
1438 authors to introduce new algorithms among other things, as long as
1439 there's an API that supports the algorithm type.
1440
1441 With this concept comes a new core API for interaction between
1442 libcrypto and provider implementations. Public libcrypto functions
1443 that want to use providers do so through this core API.
1444
1445 The main documentation for this core API is found in
1446 doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn
1447 refer to other manuals describing the API specific for supported
1448 algorithm types (also called operations).
1449
1450 *The OpenSSL team*
1451
13471452 OpenSSL 1.1.1
13481453 -------------
13491454
1350 ### Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]
1455 ### Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
1456
1457 * Fixed an SM2 Decryption Buffer Overflow.
1458
1459 In order to decrypt SM2 encrypted data an application is expected to
1460 call the API function EVP_PKEY_decrypt(). Typically an application will
1461 call this function twice. The first time, on entry, the "out" parameter
1462 can be NULL and, on exit, the "outlen" parameter is populated with the
1463 buffer size required to hold the decrypted plaintext. The application
1464 can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt()
1465 again, but this time passing a non-NULL value for the "out" parameter.
1466
1467 A bug in the implementation of the SM2 decryption code means that the
1468 calculation of the buffer size required to hold the plaintext returned
1469 by the first call to EVP_PKEY_decrypt() can be smaller than the actual
1470 size required by the second call. This can lead to a buffer overflow
1471 when EVP_PKEY_decrypt() is called by the application a second time with
1472 a buffer that is too small.
1473
1474 A malicious attacker who is able present SM2 content for decryption to
1475 an application could cause attacker chosen data to overflow the buffer
1476 by up to a maximum of 62 bytes altering the contents of other data held
1477 after the buffer, possibly changing application behaviour or causing
1478 the application to crash. The location of the buffer is application
1479 dependent but is typically heap allocated.
1480 ([CVE-2021-3711])
1481
1482 *Matt Caswell*
1483
1484 * Fixed various read buffer overruns processing ASN.1 strings
1485
1486 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
1487 structure which contains a buffer holding the string data and a field
1488 holding the buffer length. This contrasts with normal C strings which
1489 are repesented as a buffer for the string data which is terminated
1490 with a NUL (0) byte.
1491
1492 Although not a strict requirement, ASN.1 strings that are parsed using
1493 OpenSSL's own "d2i" functions (and other similar parsing functions) as
1494 well as any string whose value has been set with the ASN1_STRING_set()
1495 function will additionally NUL terminate the byte array in the
1496 ASN1_STRING structure.
1497
1498 However, it is possible for applications to directly construct valid
1499 ASN1_STRING structures which do not NUL terminate the byte array by
1500 directly setting the "data" and "length" fields in the ASN1_STRING
1501 array. This can also happen by using the ASN1_STRING_set0() function.
1502
1503 Numerous OpenSSL functions that print ASN.1 data have been found to
1504 assume that the ASN1_STRING byte array will be NUL terminated, even
1505 though this is not guaranteed for strings that have been directly
1506 constructed. Where an application requests an ASN.1 structure to be
1507 printed, and where that ASN.1 structure contains ASN1_STRINGs that have
1508 been directly constructed by the application without NUL terminating
1509 the "data" field, then a read buffer overrun can occur.
1510
1511 The same thing can also occur during name constraints processing
1512 of certificates (for example if a certificate has been directly
1513 constructed by the application instead of loading it via the OpenSSL
1514 parsing functions, and the certificate contains non NUL terminated
1515 ASN1_STRING structures). It can also occur in the X509_get1_email(),
1516 X509_REQ_get1_email() and X509_get1_ocsp() functions.
1517
1518 If a malicious actor can cause an application to directly construct an
1519 ASN1_STRING and then process it through one of the affected OpenSSL
1520 functions then this issue could be hit. This might result in a crash
1521 (causing a Denial of Service attack). It could also result in the
1522 disclosure of private memory contents (such as private keys, or
1523 sensitive plaintext).
1524 ([CVE-2021-3712])
1525
1526 *Matt Caswell*
1527
1528 ### Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
13511529
13521530 * Fixed a problem with verifying a certificate chain when using the
13531531 X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of
15641742 The presence of this system service is determined at run-time.
15651743
15661744 *Richard Levitte*
1567
1568 * Added newline escaping functionality to a filename when using openssl dgst.
1569 This output format is to replicate the output format found in the `*sum`
1570 checksum programs. This aims to preserve backward compatibility.
1571
1572 *Matt Eaton, Richard Levitte, and Paul Dale*
15731745
15741746 * Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
15751747 the first value.
+11
-1
Configurations/50-nonstop.conf less more
202202 'nonstop-ilp32',
203203 'nonstop-efloat-x86_64',
204204 'nonstop-model-put' ],
205 multilib => '-put',
205206 },
206207 'nonstop-nsx_64' => {
207208 inherit_from => [ 'nonstop-common',
208209 'nonstop-archenv-x86_64-oss',
209210 'nonstop-lp64-x86_64',
210211 'nonstop-efloat-x86_64' ],
212 multilib => '64',
211213 disable => ['threads'],
212214 },
213215 'nonstop-nsx_64_put' => {
216218 'nonstop-lp64-x86_64',
217219 'nonstop-efloat-x86_64',
218220 'nonstop-model-put' ],
221 multilib => '64-put',
219222 },
220223 'nonstop-nsx_spt' => {
221224 inherit_from => [ 'nonstop-common',
222 'nonstop-archenv-x86_64-oss',
225 'nonstop-archenv-x86_64-oss',
223226 'nonstop-ilp32',
224227 'nonstop-efloat-x86_64',
225228 'nonstop-model-spt' ],
229 multilib => '-spt',
226230 },
227231 'nonstop-nsx_spt_floss' => {
228232 inherit_from => [ 'nonstop-common',
231235 'nonstop-efloat-x86_64',
232236 'nonstop-model-floss',
233237 'nonstop-model-spt'],
238 multilib => '-spt',
234239 },
235240 'nonstop-nsx_g' => {
236241 inherit_from => [ 'nonstop-common',
260265 'nonstop-ilp32',
261266 'nonstop-efloat-itanium',
262267 'nonstop-model-put' ],
268 multilib => '-put',
263269 },
264270 'nonstop-nse_64' => {
265271 inherit_from => [ 'nonstop-common',
266272 'nonstop-archenv-itanium-oss',
267273 'nonstop-lp64-itanium',
268274 'nonstop-efloat-itanium' ],
275 multilib => '64',
269276 disable => ['threads'],
270277 },
271278 'nonstop-nse_64_put' => {
274281 'nonstop-lp64-itanium',
275282 'nonstop-efloat-itanium',
276283 'nonstop-model-put' ],
284 multilib => '64-put',
277285 },
278286 'nonstop-nse_spt' => {
279287 inherit_from => [ 'nonstop-common',
281289 'nonstop-ilp32',
282290 'nonstop-efloat-itanium',
283291 'nonstop-model-spt' ],
292 multilib => '-spt',
284293 },
285294 'nonstop-nse_spt_floss' => {
286295 inherit_from => [ 'nonstop-common',
288297 'nonstop-ilp32',
289298 'nonstop-efloat-itanium',
290299 'nonstop-model-floss', 'nonstop-model-spt' ],
300 multilib => '-spt',
291301 },
292302 'nonstop-nse_g' => {
293303 inherit_from => [ 'nonstop-common',
+20
-0
Configurations/50-vms-x86_64.conf less more
0 ## -*- mode: perl; -*-
1
2 # OpenVMS for x86_64 is currently out on a field test. A native C compiler
3 # is currently not available, but there are cross-compilation tools for
4 # OpenVMS for Itanium. This configuration file holds the necessary target(s)
5 # to make that useful.
6 #
7 # The assumption is that *building* is done on Itanium, and then the source
8 # tree and build tree are transferred to x86_64, where tests can be performed,
9 # and installation can be done.
10
11 (
12 'vms-x86_64' => {
13 inherit_from => [ 'vms-generic' ],
14 CC => 'XCC',
15 bn_ops => 'SIXTY_FOUR_BIT',
16 pointer_size => '',
17 setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
18 }
19 );
+10
-7
Configurations/descrip.mms.tmpl less more
390390 # .FIRST and .LAST are special targets with MMS and MMK.
391391 NODEBUG=@
392392 .FIRST :
393 {- join( "\n \$(NODEBUG) ", @{ $target{setup_commands} // [] },
394 '!' ) -}
393395 $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]"
394396 $(NODEBUG) DEFINE ossl_sourceroot 'sourcetop'
395397 $(NODEBUG) !
499501 @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options"
500502 @ ! {- output_on() if !$disabled{tests}; "" -}
501503
502 install : install_sw install_ssldirs install_docs install_msg
504 install : install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} install_msg
503505
504506 install_msg :
505507 @ WRITE SYS$OUTPUT ""
515517 check_install :
516518 spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com
517519
518 uninstall : uninstall_docs uninstall_sw
520 uninstall : uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
519521
520522 # Because VMS wants the generation number (or *) to delete files, we can't
521523 # use $(LIBS), $(PROGRAMS), $(GENERATED) and $(MODULES) directly.
564566 uninstall_docs : uninstall_html_docs
565567
566568 {- output_off() if $disabled{fips}; "" -}
567 install_fips : install_sw $(INSTALL_FIPSMODULECONF)
569 install_fips : build_sw $(INSTALL_FIPSMODULECONF)
568570 @ WRITE SYS$OUTPUT "*** Installing FIPS module"
569571 COPY/PROT=W:RE $(INSTALL_FIPSMODULES) -
570572 ossl_installroot:[MODULES{- $sover_dirname.$target{pointer_size} -}.'arch']$(FIPSMODULENAME)
571573 @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration"
572 COPY/PROT=W:RE $(INSTALL_FIPSMODULESCONF) OSSL_DATAROOT:[000000]
573
574 uninstall_fips : uninstall_sw
574 COPY/PROT=W:RE $(INSTALL_FIPSMODULECONF) OSSL_DATAROOT:[000000]
575
576 uninstall_fips :
575577 @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration"
576578 DELETE OSSL_DATAROOT:[000000]fipsmodule.cnf;*
577579 @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module"
885887 my $title = basename($args{src}, ".html");
886888 my $pod = $gen0;
887889 my $mkpod2html = sourcefile('util', 'mkpod2html.pl');
890 my $srcdoc = sourcedir('doc');
888891 return <<"EOF";
889892 $args{src} : $pod
890 \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "\$(SRCDIR)/doc"
893 \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "$srcdoc"
891894 EOF
892895 } elsif ($args{src} =~ /\.(\d)$/) {
893896 #
+2
-2
Configurations/shared-info.pl less more
00 #! /usr/bin/env perl
11 # -*- mode: perl; -*-
2 # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
33 #
44 # Licensed under the Apache License 2.0 (the "License"). You may not use
55 # this file except in compliance with the License. You can obtain a copy
4242 'darwin-shared' => {
4343 module_ldflags => '-bundle',
4444 shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
45 shared_sonameflag => '-install_name $(INSTALLTOP)/$(LIBDIR)/',
45 shared_sonameflag => '-install_name $(libdir)/',
4646 },
4747 'cygwin-shared' => {
4848 shared_ldflag => '-shared -Wl,--enable-auto-image-base',
+1
-1
Configurations/unix-checker.pm less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 use Config;
33
+1
-1
Configurations/windows-checker.pm less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 use Config;
33
+6
-8
Configurations/windows-makefile.tmpl less more
451451 @$(ECHO) "Tests are not supported with your chosen Configure options"
452452 @{- output_on() if !$disabled{tests}; "\@rem" -}
453453
454 install: install_sw install_ssldirs install_docs
455
456 uninstall: uninstall_docs uninstall_sw
454 install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -}
455
456 uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -}
457457
458458 libclean:
459459 "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS)
495495 uninstall_docs: uninstall_html_docs
496496
497497 {- output_off() if $disabled{fips}; "" -}
498 install_fips: build_sw providers\fipsmodule.cnf
498 install_fips: build_sw $(INSTALL_FIPSMODULECONF)
499499 # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
500500 @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
501501 @$(ECHO) "*** Installing FIPS module"
502502 @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)"
503 @copy "$(INSTALL_FIPSMODULE)" $(MODULESDIR)\$(FIPSMODULENAME).new
504 @move /Y $(MODULESDIR)\$(FIPSMODULENAME).new \
505 $(MODULESDIR)\$(FIPSMODULENAME)
503 @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)"
506504 @$(ECHO) "*** Installing FIPS module configuration"
507505 @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(OPENSSLDIR)\fipsmodule.cnf"
508 @copy $(INSTALL_FIPSMODULECONF) "$(OPENSSLDIR)\fipsmodule.cnf"
506 @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULECONF)" "$(OPENSSLDIR)"
509507
510508 uninstall_fips:
511509 @$(ECHO) "*** Uninstalling FIPS module configuration"
+3
-1
Configure less more
6161 # This becomes the value of OPENSSLDIR in Makefile and in C.
6262 # (Default: PREFIX/ssl)
6363 # --banner=".." Output specified text instead of default completion banner
64 #
65 # -w Don't wait after showing a Configure warning
6466 #
6567 # --cross-compile-prefix Add specified prefix to binutils components.
6668 #
897899 {
898900 $guess_opts{verbose} = 1;
899901 }
900 elsif (/^-w$/) # From older 'config'
902 elsif (/^-w$/)
901903 {
902904 $guess_opts{nowait} = 1;
903905 }
+31
-17
INSTALL.md less more
295295 Build the OpenSSL libraries to support the API for the specified version.
296296 If [no-deprecated](#no-deprecated) is also given, don't build with support
297297 for deprecated APIs in or below the specified version number. For example,
298 addding
298 adding
299299
300300 --api=1.1.0 no-deprecated
301301
349349
350350 The name of the directory under the top of the installation directory tree
351351 (see the `--prefix` option) where libraries will be installed. By default
352 this is `lib/`. Note that on Windows only static libraries (`*.lib`) will
352 this is `lib`. Note that on Windows only static libraries (`*.lib`) will
353353 be stored in this location. Shared libraries (`*.dll`) will always be
354 installed to the `bin/` directory.
354 installed to the `bin` directory.
355
356 Some build targets have a multilib postfix set in the build configuration.
357 For these targets the default libdir is `lib<multilib-postfix>`. Please use
358 `--libdir=lib` to override the libdir if adding the postfix is undesirable.
355359
356360 ### openssldir
357361
581585
582586 Use the specified text instead of the default banner at the end of
583587 configuration.
588
589 ### --w
590
591 On platforms where the choice of 32-bit or 64-bit architecture
592 is not explicitly specified, `Configure` will print a warning
593 message and wait for a few seconds to let you interrupt the
594 configuration. Using this flag skips the wait.
584595
585596 ### no-bulk
586597
11371148
11381149 ### Automatic Configuration
11391150
1140 On some platform a `config` script is available which attempts to guess
1141 your operating system (and compiler, if necessary) and calls the `Configure`
1142 Perl script with appropriate target based on its guess. Further options can
1143 be supplied to the `config` script, which will be passed on to the `Configure`
1144 script.
1151 In previous version, the `config` script determined the platform type and
1152 compiler and then called `Configure`. Starting with this release, they are
1153 the same.
11451154
11461155 #### Unix / Linux / macOS
11471156
14051414 This environment variable has the same meaning as for the
14061415 "--cross-compile-prefix" Configure flag described above. If both
14071416 are set then the Configure flag takes precedence.
1417
1418 HASHBANGPERL
1419 The command string for the Perl executable to insert in the
1420 #! line of perl scripts that will be publicly installed.
1421 Default: /usr/bin/env perl
1422 Note: the value of this variable is added to the same scripts
1423 on all platforms, but it's only relevant on Unix-like platforms.
1424
1425 KERNEL_BITS
1426 This can be the value `32` or `64` to specify the architecture
1427 when it is not "obvious" to the configuration. It should generally
1428 not be necessary to specify this environment variable.
14081429
14091430 NM
14101431 The name of the nm executable to use.
14301451 Only needed if builing should use a different Perl executable
14311452 than what is used to run the Configure script.
14321453
1433 HASHBANGPERL
1434 The command string for the Perl executable to insert in the
1435 #! line of perl scripts that will be publicly installed.
1436 Default: /usr/bin/env perl
1437 Note: the value of this variable is added to the same scripts
1438 on all platforms, but it's only relevant on Unix-like platforms.
1454 RANLIB
1455 The name of the ranlib executable to use.
14391456
14401457 RC
14411458 The name of the rc executable to use. The default will be as
14431460 defined then "windres" will be used. The WINDRES environment
14441461 variable is synonymous to this. If both are defined then RC
14451462 takes precedence.
1446
1447 RANLIB
1448 The name of the ranlib executable to use.
14491463
14501464 WINDRES
14511465 See RC.
+17
-6
NEWS.md less more
1717 OpenSSL 3.0
1818 -----------
1919
20 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 beta 2 [in pre-release]
21
22 * Added migration guide to man7
23 * Implemented support for fully "pluggable" TLSv1.3 groups
24 * Added suport for Kernel TLS (KTLS)
20 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [7 sep 2021]
21
22 * Enhanced 'openssl list' with many new options.
23 * Added migration guide to man7.
24 * Implemented support for fully "pluggable" TLSv1.3 groups.
25 * Added suport for Kernel TLS (KTLS).
2526 * Changed the license to the Apache License v2.0.
2627 * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
2728 RC4, RC5, and DES to the legacy provider.
3738 * Remove the `RAND_DRBG` API.
3839 * Deprecated the `ENGINE` API.
3940 * Added `OSSL_LIB_CTX`, a libcrypto library context.
41 * Added various `_ex` functions to the OpenSSL API that support using
42 a non-default `OSSL_LIB_CTX`.
4043 * Interactive mode is removed from the 'openssl' program.
4144 * The X25519, X448, Ed25519, Ed448, SHAKE128 and SHAKE256 algorithms are
4245 included in the FIPS provider.
5659 BIOs (allowing implicit connections), and timeout checks.
5760 * Added util/check-format.pl for checking adherence to the coding guidelines.
5861 * Added OSSL_ENCODER, a generic encoder API.
62 * Added OSSL_DECODER, a generic decoder API.
5963 * Added OSSL_PARAM_BLD, an easier to use API to OSSL_PARAM.
6064 * Added error raising macros, ERR_raise() and ERR_raise_data().
6165 * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
8488 * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
8589 have been deprecated.
8690 * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
91 * Added providers, a new pluggability concept that will replace the
92 ENGINE API and ENGINE implementations.
8793
8894 OpenSSL 1.1.1
8995 -------------
9096
91 ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [under development]
97 ### Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
98
99 * Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711])
100 * Fixed various read buffer overruns processing ASN.1 strings ([CVE-2021-3712])
101
102 ### Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
92103
93104 * Fixed a problem with verifying a certificate chain when using the
94105 X509_V_FLAG_X509_STRICT flag ([CVE-2021-3450])
+7
-1
NOTES-NONSTOP.md less more
5555
5656 * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
5757 * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
58
59 As of 3.0, the NonStop configurations use the multilib attribute to distinguish
60 between different models:
61
5862 * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
59 * For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl`
63
64 The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
65 `${prefix}/lib64-put` for 64-bit models.
6066
6167 Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
6268 directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
+1
-0
NOTES-UNIX.md less more
4848 OpenSSL's configuration scripts recognise all these options and pass
4949 them to the Makefile that they build. (In fact, all arguments starting
5050 with `-Wl,` are recognised as linker options.)
51 Please note that 'l' in '-Wl' is lowercase L and not 1.
5152
5253 Please do not use verbatim directories in your runtime shared library
5354 search path! Some OpenSSL config targets add an extra directory level
+2
-2
VERSION.dat less more
00 MAJOR=3
11 MINOR=0
22 PATCH=0
3 PRE_RELEASE_TAG=beta2
3 PRE_RELEASE_TAG=
44 BUILD_METADATA=
5 RELEASE_DATE="29 Jul 2021"
5 RELEASE_DATE="7 sep 2021"
66 SHLIB_VERSION=3
+1
-0
apps/ciphers.c less more
182182 if (convert != NULL) {
183183 BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
184184 OPENSSL_cipher_name(convert));
185 ret = 0;
185186 goto end;
186187 }
187188
+2
-5
apps/cmp.c less more
870870 if (X509_STORE_set1_param(ts, vpm /* may be NULL */)
871871 && (for_new_cert || truststore_set_host_etc(ts, NULL)))
872872 return ts;
873 BIO_printf(bio_err, "error setting verification parameters\n");
873 BIO_printf(bio_err, "error setting verification parameters for %s\n", desc);
874874 OSSL_CMP_CTX_print_errors(cmp_ctx);
875875 X509_STORE_free(ts);
876876 return NULL;
11921192 return NULL;
11931193
11941194 if (opt_tls_trusted != NULL) {
1195 trust_store = load_certstore(opt_tls_trusted, opt_otherpass,
1196 "trusted TLS certificates", vpm);
1195 trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs");
11971196 if (trust_store == NULL)
11981197 goto err;
11991198 SSL_CTX_set_cert_store(ssl_ctx, trust_store);
1200 /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */
1201 X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb);
12021199 }
12031200
12041201 if (opt_tls_cert != NULL && opt_tls_key != NULL) {
+5
-36
apps/cms.c less more
269269 err:
270270 CMS_ContentInfo_free(ret);
271271 return NULL;
272 }
273
274 static void warn_binary(const char *file)
275 {
276 BIO *bio;
277 unsigned char linebuf[1024], *cur, *end;
278 int len;
279
280 if ((bio = bio_open_default(file, 'r', FORMAT_BINARY)) == NULL)
281 return; /* cannot give a proper warning since there is an error */
282 while ((len = BIO_read(bio, linebuf, sizeof(linebuf))) > 0) {
283 end = linebuf + len;
284 for (cur = linebuf; cur < end; cur++) {
285 if (*cur == '\0' || *cur >= 0x80) {
286 BIO_printf(bio_err, "Warning: input file '%s' contains %s"
287 " character; better use -binary option\n",
288 file, *cur == '\0' ? "NUL" : "8-bit");
289 goto end;
290 }
291 }
292 }
293 end:
294 BIO_free(bio);
295272 }
296273
297274 int cms_main(int argc, char **argv)
481458 rr_allorfirst = 1;
482459 break;
483460 case OPT_RCTFORM:
484 if (rctformat == FORMAT_ASN1) {
485 if (!opt_format(opt_arg(),
486 OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
487 goto opthelp;
488 } else {
489 rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
490 }
461 if (!opt_format(opt_arg(),
462 OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
463 goto opthelp;
491464 break;
492465 case OPT_CERTFILE:
493466 certfile = opt_arg();
706679 goto end;
707680 break;
708681 case OPT_WRAP:
709 wrapname = opt_unknown();
682 wrapname = opt_arg();
710683 break;
711684 case OPT_AES128_WRAP:
712685 case OPT_AES192_WRAP:
912885 goto end;
913886 }
914887
915 if ((flags & CMS_BINARY) == 0)
916 warn_binary(infile);
917888 in = bio_open_default(infile, 'r',
918889 binary_files ? FORMAT_BINARY : informat);
919890 if (in == NULL)
925896 goto end;
926897 if (contfile != NULL) {
927898 BIO_free(indata);
928 if ((flags & CMS_BINARY) == 0)
929 warn_binary(contfile);
930899 if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
931900 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
932901 goto end;
953922 goto end;
954923 }
955924
956 rcms = load_content_info(rctformat, rctin, 0, NULL, "recipient");
925 rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt");
957926 if (rcms == NULL)
958927 goto end;
959928 }
+1
-1
apps/genpkey.c less more
3636 #endif
3737 {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
3838 {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
39 {"quiet", OPT_QUIET, 's', "Do not output status while generating keys"},
39 {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"},
4040 {"pkeyopt", OPT_PKEYOPT, 's',
4141 "Set the public key algorithm option as opt:value"},
4242 OPT_CONFIG_OPTION,
+1
-1
apps/include/apps.h less more
9393 int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
9494
9595 int chopup_args(ARGS *arg, char *buf);
96 int dump_cert_text(BIO *out, X509 *x);
96 void dump_cert_text(BIO *out, X509 *x);
9797 void print_name(BIO *out, const char *title, const X509_NAME *nm);
9898 void print_bignum_var(BIO *, const BIGNUM *, const char*,
9999 int, unsigned char *);
+3
-5
apps/lib/apps.c less more
199199 return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
200200 }
201201
202 int dump_cert_text(BIO *out, X509 *x)
202 void dump_cert_text(BIO *out, X509 *x)
203203 {
204204 print_name(out, "subject=", X509_get_subject_name(x));
205 BIO_puts(out, "\n");
206205 print_name(out, "issuer=", X509_get_issuer_name(x));
207 BIO_puts(out, "\n");
208
209 return 0;
210206 }
211207
212208 int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
12881284 int indent = 0;
12891285 unsigned long lflags = get_nameopt();
12901286
1287 if (out == NULL)
1288 return;
12911289 if (title != NULL)
12921290 BIO_puts(out, title);
12931291 if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+2
-1
apps/lib/s_cb.c less more
822822 size_t temp = 0;
823823 int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
824824
825 *cookie_len = (unsigned int)temp;
825 if (res != 0)
826 *cookie_len = (unsigned int)temp;
826827 return res;
827828 }
828829
+5
-5
apps/lib/s_socket.c less more
2626 #endif
2727
2828 #ifdef _WIN32
29 /*
30 * With MSVC, certain POSIX functions have been renamed to have an underscore
31 * prefix.
32 */
3329 # include <process.h>
34 # define getpid _getpid
30
31 /* MSVC renamed some POSIX functions to have an underscore prefix. */
32 # ifdef _MSC_VER
33 # define getpid _getpid
34 # endif
3535 #endif
3636
3737 #ifndef OPENSSL_NO_SOCK
+9
-2
apps/openssl-vms.cnf less more
1515 # Use this in order to automatically load providers.
1616 openssl_conf = openssl_init
1717
18 # Comment this out if you deliberately want to ignore
19 # configuration errors
18 # Comment out the next line to ignore configuration errors
2019 config_diagnostics = 1
2120
2221 # Extra OBJECT IDENTIFIER info:
6059 # included fipsmodule.cnf.
6160 # fips = fips_sect
6261
62 # If no providers are activated explicitly, the default one is activated implicitly.
63 # See man 7 OSSL_PROVIDER-default for more details.
64 #
65 # If you add a section explicitly activating any other provider(s), you most
66 # probably need to explicitly activate the default provider, otherwise it
67 # becomes unavailable in openssl. As a consequence applications depending on
68 # OpenSSL may not work correctly which could lead to significant system
69 # problems including inability to remotely access the system.
6370 [default_sect]
6471 # activate = 1
6572
+9
-2
apps/openssl.cnf less more
1515 # Use this in order to automatically load providers.
1616 openssl_conf = openssl_init
1717
18 # Comment this out if you deliberately want to ignore
19 # configuration errors
18 # Comment out the next line to ignore configuration errors
2019 config_diagnostics = 1
2120
2221 # Extra OBJECT IDENTIFIER info:
6059 # included fipsmodule.cnf.
6160 # fips = fips_sect
6261
62 # If no providers are activated explicitly, the default one is activated implicitly.
63 # See man 7 OSSL_PROVIDER-default for more details.
64 #
65 # If you add a section explicitly activating any other provider(s), you most
66 # probably need to explicitly activate the default provider, otherwise it
67 # becomes unavailable in openssl. As a consequence applications depending on
68 # OpenSSL may not work correctly which could lead to significant system
69 # problems including inability to remotely access the system.
6370 [default_sect]
6471 # activate = 1
6572
+2
-1
apps/pkcs12.c less more
11411141 break;
11421142
11431143 case V_ASN1_UTF8STRING:
1144 BIO_printf(out, "%s\n", av->value.utf8string->data);
1144 BIO_printf(out, "%.*s\n", av->value.utf8string->length,
1145 av->value.utf8string->data);
11451146 break;
11461147
11471148 case V_ASN1_OCTET_STRING:
+4
-9
apps/pkeyutl.c less more
306306 mctx, digestname, libctx, app_get0_propq());
307307 if (ctx == NULL) {
308308 BIO_printf(bio_err, "%s: Error initializing context\n", prog);
309 ERR_print_errors(bio_err);
310309 goto end;
311310 }
312311 if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
313312 BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
314 ERR_print_errors(bio_err);
315313 goto end;
316314 }
317315 if (pkeyopts != NULL) {
324322 if (pkey_ctrl_string(ctx, opt) <= 0) {
325323 BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
326324 prog, opt);
327 ERR_print_errors(bio_err);
328325 goto end;
329326 }
330327 }
491488 } else {
492489 BIO_puts(bio_err, "Key derivation failed\n");
493490 }
494 ERR_print_errors(bio_err);
495491 goto end;
496492 }
497493 ret = 0;
498494
499495 if (asn1parse) {
500496 if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
501 ERR_print_errors(bio_err);
497 ERR_print_errors(bio_err); /* but still return success */
502498 } else if (hexdump) {
503499 BIO_dump(out, (char *)buf_out, buf_outlen);
504500 } else {
506502 }
507503
508504 end:
505 if (ret != 0)
506 ERR_print_errors(bio_err);
509507 EVP_MD_CTX_free(mctx);
510508 EVP_PKEY_CTX_free(ctx);
511509 EVP_MD_free(md);
670668 peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
671669 if (peer == NULL) {
672670 BIO_printf(bio_err, "Error reading peer key %s\n", file);
673 ERR_print_errors(bio_err);
674671 return 0;
675672 }
676673
677 ret = EVP_PKEY_derive_set_peer(ctx, peer);
674 ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0;
678675
679676 EVP_PKEY_free(peer);
680 if (ret <= 0)
681 ERR_print_errors(bio_err);
682677 return ret;
683678 }
684679
+26
-31
apps/req.c less more
115115 {"reqopt", OPT_REQOPT, 's', "Various request text options"},
116116 {"text", OPT_TEXT, '-', "Text form of request"},
117117 {"x509", OPT_X509, '-',
118 "Output an x509 structure instead of a cert request"},
119 {"CA", OPT_CA, '<', "Issuer certificate to use with -x509"},
118 "Output an X.509 certificate structure instead of a cert request"},
119 {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"},
120120 {"CAkey", OPT_CAKEY, 's',
121 "Issuer private key to use with -x509; default is -CA arg"},
121 "Issuer private key to use with -CA; default is -CA arg"},
122122 {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
123123 {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"},
124124 {"subject", OPT_SUBJECT, '-',
138138 {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
139139
140140 OPT_SECTION("Keys and Signing"),
141 {"key", OPT_KEY, 's', "Private key to use"},
141 {"key", OPT_KEY, 's', "Key to include and to use for self-signature"},
142142 {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
143143 {"pubkey", OPT_PUBKEY, '-', "Output public key"},
144144 {"keyout", OPT_KEYOUT, '>', "File to write private key to"},
405405 break;
406406 case OPT_CA:
407407 CAfile = opt_arg();
408 gen_x509 = 1;
408409 break;
409410 case OPT_CAKEY:
410411 CAkeyfile = opt_arg();
629630 goto end;
630631 app_RAND_load_conf(req_conf, section);
631632 }
632
633633 if (newreq && pkey == NULL) {
634634 app_RAND_load_conf(req_conf, section);
635635
685685 EVP_PKEY_CTX_free(genctx);
686686 genctx = NULL;
687687 }
688 if (keyout == NULL) {
688 if (keyout == NULL && keyfile == NULL) {
689689 keyout = NCONF_get_string(req_conf, section, KEYFILE);
690690 if (keyout == NULL)
691691 ERR_clear_error();
754754 "Ignoring -CAkey option since no -CA option is given\n");
755755 } else {
756756 if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF,
757 0, passin, e, "issuer private key")) == NULL)
757 0, passin, e,
758 CAkeyfile != CAfile
759 ? "issuer private key from -CAkey arg"
760 : "issuer private key from -CA arg")) == NULL)
758761 goto end;
759762 }
760763 }
761764 if (CAfile != NULL) {
762 if (!gen_x509) {
765 if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
766 "issuer cert from -CA arg")) == NULL)
767 goto end;
768 if (!X509_check_private_key(CAcert, CAkey)) {
763769 BIO_printf(bio_err,
764 "Warning: Ignoring -CA option without -x509\n");
765 } else {
766 if (CAkeyfile == NULL) {
767 BIO_printf(bio_err,
768 "Need to give the -CAkey option if using -CA\n");
769 goto end;
770 }
771 if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin,
772 "issuer certificate")) == NULL)
773 goto end;
774 if (!X509_check_private_key(CAcert, CAkey)) {
775 BIO_printf(bio_err,
776 "Issuer certificate and key do not match\n");
777 goto end;
778 }
770 "Issuer CA certificate and key do not match\n");
771 goto end;
779772 }
780773 }
781774 if (newreq || gen_x509) {
797790 }
798791 if (gen_x509) {
799792 EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req);
793 EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey;
800794 X509V3_CTX ext_ctx;
801795 X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) :
802796 X509_REQ_get_subject_name(req);
827821 if (!pub_key || !X509_set_pubkey(new_x509, pub_key))
828822 goto end;
829823 if (ext_copy == EXT_COPY_UNSET) {
830 BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
824 if (infile != NULL)
825 BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n");
831826 } else if (!copy_extensions(new_x509, req, ext_copy)) {
832827 BIO_printf(bio_err, "Error copying extensions from request\n");
833828 goto end;
836831 /* Set up V3 context struct */
837832 X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509,
838833 new_x509, NULL, NULL, X509V3_CTX_REPLACE);
839 if (CAcert == NULL) { /* self-issued, possibly self-signed */
840 if (!X509V3_set_issuer_pkey(&ext_ctx, pkey)) /* prepare right AKID */
834 /* prepare fallback for AKID, but only if issuer cert == new_x509 */
835 if (CAcert == NULL) {
836 if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key))
841837 goto end;
842838 ERR_set_mark();
843 if (!X509_check_private_key(new_x509, pkey))
839 if (!X509_check_private_key(new_x509, issuer_key))
844840 BIO_printf(bio_err,
845841 "Warning: Signature key and public key of cert do not match\n");
846842 ERR_pop_to_mark();
871867 }
872868 }
873869
874 i = do_X509_sign(new_x509, CAcert != NULL ? CAkey : pkey,
875 digest, sigopts, &ext_ctx);
870 i = do_X509_sign(new_x509, issuer_key, digest, sigopts, &ext_ctx);
876871 if (!i)
877872 goto end;
878873 } else {
995990 if (EVP_PKEY_is_a(tpubkey, "RSA")) {
996991 BIGNUM *n = NULL;
997992
998 /* Every RSA key has an 'n' */
999 EVP_PKEY_get_bn_param(pkey, "n", &n);
993 if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))
994 goto end;
1000995 BN_print(out, n);
1001996 BN_free(n);
1002997 } else {
+38
-1
apps/rsa.c less more
55 * in the file LICENSE in the source distribution or at
66 * https://www.openssl.org/source/license.html
77 */
8
9 /* Necessary for legacy RSA public key export */
10 #define OPENSSL_SUPPRESS_DEPRECATED
811
912 #include <openssl/opensslconf.h>
1013
8487 OPT_PROV_OPTIONS,
8588 {NULL}
8689 };
90
91 static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout,
92 BIO *out)
93 {
94 int ret = 0;
95 #ifndef OPENSSL_NO_DEPRECATED_3_0
96 const RSA *rsa = EVP_PKEY_get0_RSA(pkey);
97
98 if (rsa == NULL)
99 return 0;
100
101 if (outformat == FORMAT_ASN1) {
102 if (pubout == 2)
103 ret = i2d_RSAPublicKey_bio(out, rsa) > 0;
104 else
105 ret = i2d_RSA_PUBKEY_bio(out, rsa) > 0;
106 } else if (outformat == FORMAT_PEM) {
107 if (pubout == 2)
108 ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0;
109 else
110 ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0;
111 # ifndef OPENSSL_NO_DSA
112 } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
113 ret = i2b_PublicKey_bio(out, pkey) > 0;
114 # endif
115 }
116 #endif
117
118 return ret;
119 }
87120
88121 int rsa_main(int argc, char **argv)
89122 {
330363 output_type, output_structure,
331364 NULL);
332365 if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) {
333 BIO_printf(bio_err, "%s format not supported\n", output_type);
366 if ((!pubout && !pubin)
367 || !try_legacy_encoding(pkey, outformat, pubout, out))
368 BIO_printf(bio_err, "%s format not supported\n", output_type);
369 else
370 ret = 0;
334371 goto end;
335372 }
336373
+13
-8
apps/x509.c less more
189189 sn);
190190 }
191191
192 static X509_REQ *x509_to_req(X509 *cert, EVP_PKEY *pkey, const char *digest,
193 STACK_OF(OPENSSL_STRING) *sigopts,
194 int ext_copy, const char *names)
192 static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names)
195193 {
196194 const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert);
197195 int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */);
227225 goto err;
228226 }
229227 }
230 if (!do_X509_REQ_sign(req, pkey, digest, sigopts))
231 goto err;
232228 sk_X509_EXTENSION_free(exts);
233229 return req;
234230
803799 }
804800
805801 X509V3_set_ctx(&ext_ctx, issuer_cert, x, req, NULL, X509V3_CTX_REPLACE);
806 if (extconf != NULL) {
802 if (extconf != NULL && !x509toreq) {
807803 X509V3_set_nconf(&ext_ctx, extconf);
808804 if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) {
809805 BIO_printf(bio_err,
829825 BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n");
830826 goto end;
831827 }
832 if ((rq = x509_to_req(x, privkey, digest, sigopts,
833 ext_copy, ext_names)) == NULL)
828 if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
829 goto end;
830 if (extconf != NULL) {
831 X509V3_set_nconf(&ext_ctx, extconf);
832 if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
833 BIO_printf(bio_err,
834 "Error adding request extensions from section %s\n", extsect);
835 goto end;
836 }
837 }
838 if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
834839 goto end;
835840 if (!noout) {
836841 if (outformat == FORMAT_ASN1) {
+5
-4
crypto/asn1/a_print.c less more
00 /*
1 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
1717 int ia5 = 0;
1818 int t61 = 0;
1919
20 if (len <= 0)
21 len = -1;
2220 if (s == NULL)
2321 return V_ASN1_PRINTABLESTRING;
2422
25 while ((*s) && (len-- != 0)) {
23 if (len < 0)
24 len = strlen((const char *)s);
25
26 while (len-- > 0) {
2627 c = *(s++);
2728 if (!ossl_isasn1print(c))
2829 ia5 = 1;
+17
-2
crypto/asn1/asn1_lib.c less more
300300 }
301301 if ((size_t)str->length <= len || str->data == NULL) {
302302 c = str->data;
303 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
304 /* No NUL terminator in fuzzing builds */
305 str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
306 #else
303307 str->data = OPENSSL_realloc(c, len + 1);
308 #endif
304309 if (str->data == NULL) {
305310 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
306311 str->data = c;
310315 str->length = len;
311316 if (data != NULL) {
312317 memcpy(str->data, data, len);
313 /* an allowance for strings :-) */
318 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
319 /* Set the unused byte to something non NUL and printable. */
320 if (len == 0)
321 str->data[len] = '~';
322 #else
323 /*
324 * Add a NUL terminator. This should not be necessary - but we add it as
325 * a safety precaution
326 */
314327 str->data[len] = '\0';
328 #endif
315329 }
316330 return 1;
317331 }
373387
374388 i = (a->length - b->length);
375389 if (i == 0) {
376 i = memcmp(a->data, b->data, a->length);
390 if (a->length != 0)
391 i = memcmp(a->data, b->data, a->length);
377392 if (i == 0)
378393 return a->type - b->type;
379394 else
+6
-2
crypto/asn1/evp_asn1.c less more
2626 return 1;
2727 }
2828
29 /* int max_len: for returned value */
29 /* int max_len: for returned value
30 * if passing NULL in data, nothing is copied but the necessary length
31 * for it is returned.
32 */
3033 int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
3134 {
3235 int ret, num;
4245 num = ret;
4346 else
4447 num = max_len;
45 memcpy(data, p, num);
48 if (num > 0 && data != NULL)
49 memcpy(data, p, num);
4650 return ret;
4751 }
4852
+2
-2
crypto/asn1/t_spki.c less more
00 /*
1 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
3737 }
3838 chal = spki->spkac->challenge;
3939 if (chal->length)
40 BIO_printf(out, " Challenge String: %s\n", chal->data);
40 BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
4141 i = OBJ_obj2nid(spki->sig_algor.algorithm);
4242 BIO_printf(out, " Signature Algorithm: %s",
4343 (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+4
-0
crypto/bio/bss_dgram.c less more
55 * in the file LICENSE in the source distribution or at
66 * https://www.openssl.org/source/license.html
77 */
8
9 #ifndef _GNU_SOURCE
10 # define _GNU_SOURCE
11 #endif
812
913 #include <stdio.h>
1014 #include <errno.h>
+2
-1
crypto/cmp/cmp_hdr.c less more
180180 return 0;
181181
182182 return
183 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data);
183 ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data,
184 text->length);
184185 }
185186
186187 int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr,
+1
-1
crypto/cmp/cmp_local.h less more
743743 int only_self_issued);
744744 STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store);
745745 int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk,
746 const char *text);
746 const char *text, int len);
747747 int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
748748 const ASN1_OCTET_STRING *src);
749749 int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt,
+3
-3
crypto/cmp/cmp_msg.c less more
757757 goto err;
758758 msg->body->value.error->errorDetails = ft;
759759 if (lib != NULL && *lib != '\0'
760 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib))
760 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1))
761761 goto err;
762762 if (reason != NULL && *reason != '\0'
763 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason))
763 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1))
764764 goto err;
765765 if (details != NULL
766 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details))
766 && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1))
767767 goto err;
768768 }
769769
+3
-2
crypto/cmp/cmp_status.c less more
00 /*
1 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright Nokia 2007-2019
33 * Copyright Siemens AG 2015-2019
44 *
219219 ADVANCE_BUFFER;
220220 for (i = 0; i < n_status_strings; i++) {
221221 text = sk_ASN1_UTF8STRING_value(status_strings, i);
222 printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%s\"%s",
222 printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s",
223 ASN1_STRING_length(text),
223224 ASN1_STRING_get0_data(text),
224225 i < n_status_strings - 1 ? ", " : "");
225226 ADVANCE_BUFFER;
+2
-2
crypto/cmp/cmp_util.c less more
220220 }
221221
222222 int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk,
223 const char *text)
223 const char *text, int len)
224224 {
225225 ASN1_UTF8STRING *utf8string;
226226
228228 return 0;
229229 if ((utf8string = ASN1_UTF8STRING_new()) == NULL)
230230 return 0;
231 if (!ASN1_STRING_set(utf8string, text, -1))
231 if (!ASN1_STRING_set(utf8string, text, len))
232232 goto err;
233233 if (!sk_ASN1_UTF8STRING_push(sk, utf8string))
234234 goto err;
+1
-0
crypto/cms/cms_env.c less more
950950 }
951951 ukeylen += outlen;
952952
953 OPENSSL_clear_free(ec->key, ec->keylen);
953954 ec->key = ukey;
954955 ec->keylen = ukeylen;
955956
+3
-2
crypto/ec/ec_asn1.c less more
484484 ECPARAMETERS_free(ret->value.parameters);
485485 }
486486
487 if (EC_GROUP_get_asn1_flag(group)) {
487 if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
488488 /*
489489 * use the asn1 OID to describe the elliptic curve parameters
490490 */
698698
699699 if (params->order == NULL
700700 || params->base == NULL
701 || params->base->data == NULL) {
701 || params->base->data == NULL
702 || params->base->length == 0) {
702703 ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR);
703704 goto err;
704705 }
+37
-0
crypto/ec/ec_curve.c less more
32223222 goto err;
32233223 }
32243224 }
3225
3226 #ifndef FIPS_MODULE
3227 if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
3228 /*
3229 * Some curves don't have an associated OID: for those we should not
3230 * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and
3231 * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
3232 *
3233 * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on
3234 * `EC_GROUP_new()`, when we don't have enough elements to determine if
3235 * an OID for the curve name actually exists.
3236 * We could implement this check on `EC_GROUP_set_curve_name()` but
3237 * overloading the simple setter with this lookup could have a negative
3238 * performance impact and unexpected consequences.
3239 */
3240 ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid);
3241
3242 if (asn1obj == NULL) {
3243 ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB);
3244 goto err;
3245 }
3246 if (OBJ_length(asn1obj) == 0)
3247 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
3248
3249 ASN1_OBJECT_free(asn1obj);
3250 }
3251 #else
3252 /*
3253 * Inside the FIPS module we do not support explicit curves anyway
3254 * so the above check is not necessary.
3255 *
3256 * Skipping it is also necessary because `OBJ_length()` and
3257 * `ASN1_OBJECT_free()` are not available within the FIPS module
3258 * boundaries.
3259 */
3260 #endif
3261
32253262 ok = 1;
32263263 err:
32273264 if (!ok) {
+23
-0
crypto/encode_decode/decoder_lib.c less more
3737 */
3838 unsigned int flag_next_level_called : 1;
3939 unsigned int flag_construct_called : 1;
40 unsigned int flag_input_structure_checked : 1;
4041 };
4142
4243 static int decoder_process(const OSSL_PARAM params[], void *arg);
904905 }
905906
906907 /*
908 * If the decoder we're currently considering specifies a structure,
909 * and this check hasn't already been done earlier in this chain of
910 * decoder_process() calls, check that it matches the user provided
911 * input structure, if one is given.
912 */
913 if (!data->flag_input_structure_checked
914 && ctx->input_structure != NULL
915 && new_input_structure != NULL) {
916 data->flag_input_structure_checked = 1;
917 if (strcasecmp(new_input_structure, ctx->input_structure) != 0) {
918 OSSL_TRACE_BEGIN(DECODER) {
919 BIO_printf(trc_out,
920 "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n",
921 (void *)new_data.ctx, LEVEL, (unsigned int)i);
922 } OSSL_TRACE_END(DECODER);
923 continue;
924 }
925 }
926
927 /*
907928 * Checking the return value of BIO_reset() or BIO_seek() is unsafe.
908929 * Furthermore, BIO_reset() is unsafe to use if the source BIO happens
909930 * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero
932953 ERR_set_mark();
933954
934955 new_data.current_decoder_inst_index = i;
956 new_data.flag_input_structure_checked
957 = data->flag_input_structure_checked;
935958 ok = new_decoder->decode(new_decoderctx, cbio,
936959 new_data.ctx->selection,
937960 decoder_process, &new_data,
+0
-35
crypto/encode_decode/decoder_pkey.c less more
214214 }
215215 }
216216
217 /*
218 * The input structure check is only done on the initial decoder
219 * implementations.
220 */
221 static int decoder_check_input_structure(OSSL_DECODER_CTX *ctx,
222 OSSL_DECODER_INSTANCE *di)
223 {
224 int di_is_was_set = 0;
225 const char *di_is =
226 OSSL_DECODER_INSTANCE_get_input_structure(di, &di_is_was_set);
227
228 /*
229 * If caller didn't give an input structure name, the decoder is accepted
230 * unconditionally with regards to the input structure.
231 */
232 if (ctx->input_structure == NULL)
233 return 1;
234 /*
235 * If the caller did give an input structure name, the decoder must have
236 * a matching input structure to be accepted.
237 */
238 if (di_is != NULL && strcasecmp(ctx->input_structure, di_is) == 0)
239 return 1;
240 return 0;
241 }
242
243217 struct collect_decoder_data_st {
244218 STACK_OF(OPENSSL_CSTRING) *names;
245219 OSSL_DECODER_CTX *ctx;
309283 OSSL_DECODER_get0_properties(decoder));
310284 } OSSL_TRACE_END(DECODER);
311285
312 if (!decoder_check_input_structure(data->ctx, di)) {
313 OSSL_TRACE_BEGIN(DECODER) {
314 BIO_printf(trc_out,
315 " REJECTED: not the desired input structure\n");
316 } OSSL_TRACE_END(DECODER);
317 ossl_decoder_instance_free(di);
318 /* Not a fatal error. Just return */
319 return;
320 }
321286 if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) {
322287 ossl_decoder_instance_free(di);
323288 data->error_occurred = 1;
+1
-0
crypto/err/openssl.txt less more
991991 PROV_R_INVALID_DIGEST:122:invalid digest
992992 PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
993993 PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size
994 PROV_R_INVALID_INPUT_LENGTH:230:invalid input length
994995 PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
995996 PROV_R_INVALID_IV_LENGTH:109:invalid iv length
996997 PROV_R_INVALID_KEY:158:invalid key
+19
-6
crypto/evp/ctrl_params_translate.c less more
653653 } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY)
654654 && ctx->action_type == GET) {
655655 /* For the POST state, only getting needs some work to be done */
656
656 unsigned int param_data_type = translation->param_data_type;
657 size_t size = (size_t)ctx->p1;
658
659 if (state == PKEY)
660 size = ctx->sz;
661 if (param_data_type == 0) {
662 /* we must have a fixup_args function to work */
663 if (!ossl_assert(translation->fixup_args != NULL)) {
664 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
665 return 0;
666 }
667 param_data_type = ctx->params->data_type;
668 }
657669 /* When getting, we populate |*params| from |p1| and |p2| */
658 switch (translation->param_data_type) {
670 switch (param_data_type) {
659671 case OSSL_PARAM_INTEGER:
660672 return OSSL_PARAM_set_int(ctx->params, ctx->p1);
661673 case OSSL_PARAM_UNSIGNED_INTEGER:
672684 return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2);
673685 case OSSL_PARAM_OCTET_STRING:
674686 return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2,
675 (size_t)ctx->p1);
687 size);
676688 case OSSL_PARAM_OCTET_PTR:
677689 return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2,
678 (size_t)ctx->p1);
690 size);
679691 default:
680692 ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
681693 "[action:%d, state:%d] "
15511563 ctx->p2 = NULL;
15521564 switch (EVP_PKEY_get_base_id(pkey)) {
15531565 #ifndef OPENSSL_NO_DH
1566 case EVP_PKEY_DHX:
15541567 case EVP_PKEY_DH:
15551568 switch (ctx->params->data_type) {
15561569 case OSSL_PARAM_OCTET_STRING:
22202233 EVP_PKEY_CTRL_CIPHER, NULL, NULL,
22212234 OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher },
22222235 { SET, -1, -1, EVP_PKEY_OP_KEYGEN,
2223 EVP_PKEY_CTRL_SET_MAC_KEY, NULL, NULL,
2236 EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey",
22242237 OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL },
22252238
22262239 { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
22482261 get_payload_private_key },
22492262 { GET, -1, -1, -1, 0, NULL, NULL,
22502263 OSSL_PKEY_PARAM_PUB_KEY,
2251 0 /* no data type, let get_payload_pub_key() handle that */,
2264 0 /* no data type, let get_payload_public_key() handle that */,
22522265 get_payload_public_key },
22532266
22542267 /* DH and DSA */
+13
-1
crypto/evp/e_aes.c less more
10091009 const unsigned char *in, size_t len)
10101010 {
10111011 S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
1012 const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1013 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
10121014 int n = cctx->res;
10131015 int rem;
10141016
1017 memcpy(cctx->kmo.param.cv, iv, ivlen);
10151018 while (n && len) {
10161019 *out = *in ^ cctx->kmo.param.cv[n];
10171020 n = (n + 1) & 0xf;
10401043 }
10411044 }
10421045
1046 memcpy(iv, cctx->kmo.param.cv, ivlen);
10431047 cctx->res = n;
10441048 return 1;
10451049 }
10701074 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
10711075 const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
10721076 const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
1077 const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1078 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
10731079 int n = cctx->res;
10741080 int rem;
10751081 unsigned char tmp;
10761082
1083 memcpy(cctx->kmf.param.cv, iv, ivlen);
10771084 while (n && len) {
10781085 tmp = *in;
10791086 *out = cctx->kmf.param.cv[n] ^ tmp;
11061113 }
11071114 }
11081115
1116 memcpy(iv, cctx->kmf.param.cv, ivlen);
11091117 cctx->res = n;
11101118 return 1;
11111119 }
11331141 const unsigned char *in, size_t len)
11341142 {
11351143 S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1136
1144 const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
1145 unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1146
1147 memcpy(cctx->kmf.param.cv, iv, ivlen);
11371148 s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
1149 memcpy(iv, cctx->kmf.param.cv, ivlen);
11381150 return 1;
11391151 }
11401152
+4
-2
crypto/evp/evp_enc.c less more
985985
986986 /* Check the cipher actually understands this parameter */
987987 if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
988 OSSL_CIPHER_PARAM_KEYLEN) == NULL)
989 return 0;
988 OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
989 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
990 return 0;
991 }
990992
991993 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
992994 ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
+27
-8
crypto/evp/m_sigver.c less more
399399 size_t *siglen)
400400 {
401401 int sctx = 0, r = 0;
402 EVP_PKEY_CTX *pctx = ctx->pctx;
402 EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
403403
404404 if (pctx == NULL
405405 || pctx->operation != EVP_PKEY_OP_SIGNCTX
407407 || pctx->op.sig.signature == NULL)
408408 goto legacy;
409409
410 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
411 sigret, siglen, SIZE_MAX);
410 if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
411 return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
412 sigret, siglen,
413 SIZE_MAX);
414 dctx = EVP_PKEY_CTX_dup(pctx);
415 if (dctx == NULL)
416 return 0;
417
418 r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
419 sigret, siglen,
420 SIZE_MAX);
421 EVP_PKEY_CTX_free(dctx);
422 return r;
412423
413424 legacy:
414425 if (pctx == NULL || pctx->pmeth == NULL) {
428439 if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
429440 r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
430441 else {
431 EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(pctx);
432
442 dctx = EVP_PKEY_CTX_dup(pctx);
433443 if (dctx == NULL)
434444 return 0;
435445 r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
515525 int r = 0;
516526 unsigned int mdlen = 0;
517527 int vctx = 0;
518 EVP_PKEY_CTX *pctx = ctx->pctx;
528 EVP_PKEY_CTX *dctx, *pctx = ctx->pctx;
519529
520530 if (pctx == NULL
521531 || pctx->operation != EVP_PKEY_OP_VERIFYCTX
523533 || pctx->op.sig.signature == NULL)
524534 goto legacy;
525535
526 return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
527 sig, siglen);
536 if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
537 return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
538 sig, siglen);
539 dctx = EVP_PKEY_CTX_dup(pctx);
540 if (dctx == NULL)
541 return 0;
542
543 r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx,
544 sig, siglen);
545 EVP_PKEY_CTX_free(dctx);
546 return r;
528547
529548 legacy:
530549 if (pctx == NULL || pctx->pmeth == NULL) {
+14
-6
crypto/evp/p_lib.c less more
21442144
21452145 int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
21462146 unsigned char *buf, size_t max_buf_sz,
2147 size_t *out_sz)
2147 size_t *out_len)
21482148 {
21492149 OSSL_PARAM params[2];
21502150 int ret1 = 0, ret2 = 0;
21562156 params[1] = OSSL_PARAM_construct_end();
21572157 if ((ret1 = EVP_PKEY_get_params(pkey, params)))
21582158 ret2 = OSSL_PARAM_modified(params);
2159 if (ret2 && out_sz != NULL)
2160 *out_sz = params[0].return_size;
2159 if (ret2 && out_len != NULL)
2160 *out_len = params[0].return_size;
21612161 return ret1 && ret2;
21622162 }
21632163
21642164 int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
21652165 char *str, size_t max_buf_sz,
2166 size_t *out_sz)
2166 size_t *out_len)
21672167 {
21682168 OSSL_PARAM params[2];
21692169 int ret1 = 0, ret2 = 0;
21752175 params[1] = OSSL_PARAM_construct_end();
21762176 if ((ret1 = EVP_PKEY_get_params(pkey, params)))
21772177 ret2 = OSSL_PARAM_modified(params);
2178 if (ret2 && out_sz != NULL)
2179 *out_sz = params[0].return_size;
2178 if (ret2 && out_len != NULL)
2179 *out_len = params[0].return_size;
2180
2181 if (ret2 && params[0].return_size == max_buf_sz)
2182 /* There was no space for a NUL byte */
2183 return 0;
2184 /* Add a terminating NUL byte for good measure */
2185 if (ret2 && str != NULL)
2186 str[params[0].return_size] = '\0';
2187
21802188 return ret1 && ret2;
21812189 }
21822190
+4
-0
crypto/evp/pmeth_lib.c less more
499499 = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
500500 if (rctx->op.kex.algctx == NULL) {
501501 EVP_KEYEXCH_free(rctx->op.kex.exchange);
502 rctx->op.kex.exchange = NULL;
502503 goto err;
503504 }
504505 return rctx;
516517 = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
517518 if (rctx->op.sig.algctx == NULL) {
518519 EVP_SIGNATURE_free(rctx->op.sig.signature);
520 rctx->op.sig.signature = NULL;
519521 goto err;
520522 }
521523 return rctx;
533535 = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
534536 if (rctx->op.ciph.algctx == NULL) {
535537 EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
538 rctx->op.ciph.cipher = NULL;
536539 goto err;
537540 }
538541 return rctx;
550553 = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
551554 if (rctx->op.encap.algctx == NULL) {
552555 EVP_KEM_free(rctx->op.encap.kem);
556 rctx->op.encap.kem = NULL;
553557 goto err;
554558 }
555559 return rctx;
+8
-4
crypto/ffc/ffc_params_generate.c less more
10461046 int type, size_t L, size_t N,
10471047 int *res, BN_GENCB *cb)
10481048 {
1049 return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
1050 FFC_PARAM_MODE_GENERATE,
1051 type, L, N, res, cb);
1052 }
1049 if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params,
1050 FFC_PARAM_MODE_GENERATE,
1051 type, L, N, res, cb))
1052 return 0;
1053
1054 ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1);
1055 return 1;
1056 }
+28
-15
crypto/init.c less more
4343
4444 static OPENSSL_INIT_STOP *stop_handlers = NULL;
4545 static CRYPTO_RWLOCK *init_lock = NULL;
46 static CRYPTO_THREAD_LOCAL in_init_config_local;
4647
4748 static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
4849 static int base_inited = 0;
6061 OPENSSL_cpuid_setup();
6162
6263 if (!ossl_init_thread())
63 return 0;
64 goto err;
65
66 if (!CRYPTO_THREAD_init_local(&in_init_config_local, NULL))
67 goto err;
6468
6569 base_inited = 1;
6670 return 1;
364368
365369 CRYPTO_THREAD_lock_free(init_lock);
366370 init_lock = NULL;
371
372 CRYPTO_THREAD_cleanup_local(&in_init_config_local);
367373
368374 /*
369375 * We assume we are single-threaded for this function, i.e. no race
565571 return 0;
566572
567573 if (opts & OPENSSL_INIT_LOAD_CONFIG) {
568 int ret;
569
570 if (settings == NULL) {
571 ret = RUN_ONCE(&config, ossl_init_config);
572 } else {
573 if (!CRYPTO_THREAD_write_lock(init_lock))
574 int loading = CRYPTO_THREAD_get_local(&in_init_config_local) != NULL;
575
576 /* If called recursively from OBJ_ calls, just skip it. */
577 if (!loading) {
578 int ret;
579
580 if (!CRYPTO_THREAD_set_local(&in_init_config_local, (void *)-1))
574581 return 0;
575 conf_settings = settings;
576 ret = RUN_ONCE_ALT(&config, ossl_init_config_settings,
577 ossl_init_config);
578 conf_settings = NULL;
579 CRYPTO_THREAD_unlock(init_lock);
582 if (settings == NULL) {
583 ret = RUN_ONCE(&config, ossl_init_config);
584 } else {
585 if (!CRYPTO_THREAD_write_lock(init_lock))
586 return 0;
587 conf_settings = settings;
588 ret = RUN_ONCE_ALT(&config, ossl_init_config_settings,
589 ossl_init_config);
590 conf_settings = NULL;
591 CRYPTO_THREAD_unlock(init_lock);
592 }
593
594 if (ret <= 0)
595 return 0;
580596 }
581
582 if (ret <= 0)
583 return 0;
584597 }
585598
586599 if ((opts & OPENSSL_INIT_ASYNC)
+75
-37
crypto/provider_conf.c less more
1111 #include <openssl/err.h>
1212 #include <openssl/conf.h>
1313 #include <openssl/safestack.h>
14 #include <openssl/provider.h>
1415 #include "internal/provider.h"
1516 #include "internal/cryptlib.h"
1617 #include "provider_local.h"
2021 /* PROVIDER config module */
2122
2223 typedef struct {
24 CRYPTO_RWLOCK *lock;
2325 STACK_OF(OSSL_PROVIDER) *activated_providers;
2426 } PROVIDER_CONF_GLOBAL;
2527
3032 if (pcgbl == NULL)
3133 return NULL;
3234
35 pcgbl->lock = CRYPTO_THREAD_lock_new();
36 if (pcgbl->lock == NULL) {
37 OPENSSL_free(pcgbl);
38 return NULL;
39 }
40
3341 return pcgbl;
3442 }
3543
4149 ossl_provider_free);
4250
4351 OSSL_TRACE(CONF, "Cleaned up providers\n");
52 CRYPTO_THREAD_lock_free(pcgbl->lock);
4453 OPENSSL_free(pcgbl);
4554 }
4655
104113 }
105114
106115 return ok;
116 }
117
118 static int prov_already_activated(const char *name,
119 STACK_OF(OSSL_PROVIDER) *activated)
120 {
121 int i, max;
122
123 if (activated == NULL)
124 return 0;
125
126 max = sk_OSSL_PROVIDER_num(activated);
127 for (i = 0; i < max; i++) {
128 OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i);
129
130 if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) {
131 return 1;
132 }
133 }
134
135 return 0;
107136 }
108137
109138 static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
155184 }
156185
157186 if (activate) {
158 /*
159 * There is an attempt to activate a provider, so we should disable
160 * loading of fallbacks. Otherwise a misconfiguration could mean the
161 * intended provider does not get loaded. Subsequent fetches could then
162 * fallback to the default provider - which may be the wrong thing.
163 */
164 if (!ossl_provider_disable_fallback_loading(libctx)) {
187 if (!CRYPTO_THREAD_write_lock(pcgbl->lock)) {
165188 ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
166189 return 0;
167190 }
168 prov = ossl_provider_find(libctx, name, 1);
169 if (prov == NULL)
170 prov = ossl_provider_new(libctx, name, NULL, 1);
171 if (prov == NULL) {
172 if (soft)
173 ERR_clear_error();
174 return 0;
175 }
176
177 if (path != NULL)
178 ossl_provider_set_module_path(prov, path);
179
180 ok = provider_conf_params(prov, NULL, NULL, value, cnf);
181
182 if (ok) {
183 if (!ossl_provider_activate(prov, 1, 0)) {
184 ok = 0;
185 } else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
186 ossl_provider_deactivate(prov);
187 ok = 0;
188 } else {
189 if (pcgbl->activated_providers == NULL)
190 pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
191 sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual);
192 ok = 1;
193 }
194 }
195
196 if (!ok)
197 ossl_provider_free(prov);
191 if (!prov_already_activated(name, pcgbl->activated_providers)) {
192 /*
193 * There is an attempt to activate a provider, so we should disable
194 * loading of fallbacks. Otherwise a misconfiguration could mean the
195 * intended provider does not get loaded. Subsequent fetches could
196 * then fallback to the default provider - which may be the wrong
197 * thing.
198 */
199 if (!ossl_provider_disable_fallback_loading(libctx)) {
200 CRYPTO_THREAD_unlock(pcgbl->lock);
201 ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
202 return 0;
203 }
204 prov = ossl_provider_find(libctx, name, 1);
205 if (prov == NULL)
206 prov = ossl_provider_new(libctx, name, NULL, 1);
207 if (prov == NULL) {
208 CRYPTO_THREAD_unlock(pcgbl->lock);
209 if (soft)
210 ERR_clear_error();
211 return 0;
212 }
213
214 if (path != NULL)
215 ossl_provider_set_module_path(prov, path);
216
217 ok = provider_conf_params(prov, NULL, NULL, value, cnf);
218
219 if (ok) {
220 if (!ossl_provider_activate(prov, 1, 0)) {
221 ok = 0;
222 } else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
223 ossl_provider_deactivate(prov);
224 ok = 0;
225 } else {
226 if (pcgbl->activated_providers == NULL)
227 pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
228 sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual);
229 ok = 1;
230 }
231 }
232 if (!ok)
233 ossl_provider_free(prov);
234 }
235 CRYPTO_THREAD_unlock(pcgbl->lock);
198236 } else {
199237 OSSL_PROVIDER_INFO entry;
200238
+188
-57
crypto/provider_core.c less more
2727 # include <openssl/self_test.h>
2828 #endif
2929
30 /*
31 * This file defines and uses a number of different structures:
32 *
33 * OSSL_PROVIDER (provider_st): Used to represent all information related to a
34 * single instance of a provider.
35 *
36 * provider_store_st: Holds information about the collection of providers that
37 * are available within the current library context (OSSL_LIB_CTX). It also
38 * holds configuration information about providers that could be loaded at some
39 * future point.
40 *
41 * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks
42 * that have been registered for a child library context and the associated
43 * provider that registered those callbacks.
44 *
45 * Where a child library context exists then it has its own instance of the
46 * provider store. Each provider that exists in the parent provider store, has
47 * an associated child provider in the child library context's provider store.
48 * As providers get activated or deactivated this needs to be mirrored in the
49 * associated child providers.
50 *
51 * LOCKING
52 * =======
53 *
54 * There are a number of different locks used in this file and it is important
55 * to understand how they should be used in order to avoid deadlocks.
56 *
57 * Fields within a structure can often be "write once" on creation, and then
58 * "read many". Creation of a structure is done by a single thread, and
59 * therefore no lock is required for the "write once/read many" fields. It is
60 * safe for multiple threads to read these fields without a lock, because they
61 * will never be changed.
62 *
63 * However some fields may be changed after a structure has been created and
64 * shared between multiple threads. Where this is the case a lock is required.
65 *
66 * The locks available are:
67 *
68 * The provider flag_lock: Used to control updates to the various provider
69 * "flags" (flag_initialized, flag_activated, flag_fallback) and associated
70 * "counts" (activatecnt).
71 *
72 * The provider refcnt_lock: Only ever used to control updates to the provider
73 * refcnt value.
74 *
75 * The provider optbits_lock: Used to control access to the provider's
76 * operation_bits and operation_bits_sz fields.
77 *
78 * The store default_path_lock: Used to control access to the provider store's
79 * default search path value (default_path)
80 *
81 * The store lock: Used to control the stack of provider's held within the
82 * provider store, as well as the stack of registered child provider callbacks.
83 *
84 * As a general rule-of-thumb it is best to:
85 * - keep the scope of the code that is protected by a lock to the absolute
86 * minimum possible;
87 * - try to keep the scope of the lock to within a single function (i.e. avoid
88 * making calls to other functions while holding a lock);
89 * - try to only ever hold one lock at a time.
90 *
91 * Unfortunately, it is not always possible to stick to the above guidelines.
92 * Where they are not adhered to there is always a danger of inadvertently
93 * introducing the possibility of deadlock. The following rules MUST be adhered
94 * to in order to avoid that:
95 * - Holding multiple locks at the same time is only allowed for the
96 * provider store lock, the provider flag_lock and the provider refcnt_lock.
97 * - When holding multiple locks they must be acquired in the following order of
98 * precedence:
99 * 1) provider store lock
100 * 2) provider flag_lock
101 * 3) provider refcnt_lock
102 * - When releasing locks they must be released in the reverse order to which
103 * they were acquired
104 * - No locks may be held when making an upcall. NOTE: Some common functions
105 * can make upcalls as part of their normal operation. If you need to call
106 * some other function while holding a lock make sure you know whether it
107 * will make any upcalls or not. For example ossl_provider_up_ref() can call
108 * ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall.
109 * - It is permissible to hold the store lock when calling child provider
110 * callbacks. No other locks may be held during such callbacks.
111 */
112
30113 static OSSL_PROVIDER *provider_new(const char *name,
31114 OSSL_provider_init_fn *init_function,
32115 STACK_OF(INFOPAIR) *parameters);
342425 tmpl.name = (char *)name;
343426 if (!CRYPTO_THREAD_read_lock(store->lock))
344427 return NULL;
345 if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
346 || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
347 || !ossl_provider_up_ref(prov))
428 if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1)
429 prov = sk_OSSL_PROVIDER_value(store->providers, i);
430 CRYPTO_THREAD_unlock(store->lock);
431 if (prov != NULL && !ossl_provider_up_ref(prov))
348432 prov = NULL;
349 CRYPTO_THREAD_unlock(store->lock);
350433 }
351434
352435 return prov;
531614 else
532615 actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx);
533616
534 if (actualprov != NULL) {
535 if (!ossl_provider_up_ref(actualtmp)) {
536 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
537 actualtmp = NULL;
538 goto err;
539 }
540 *actualprov = actualtmp;
541 }
542
543617 if (idx == -1) {
544618 if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0)
545619 goto err;
554628
555629 CRYPTO_THREAD_unlock(store->lock);
556630
557 if (actualtmp != prov) {
631 if (actualprov != NULL) {
632 if (!ossl_provider_up_ref(actualtmp)) {
633 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
634 actualtmp = NULL;
635 goto err;
636 }
637 *actualprov = actualtmp;
638 }
639
640 if (idx >= 0) {
558641 /*
559642 * The provider is already in the store. Probably two threads
560643 * independently initialised their own provider objects with the same
9221005 * Deactivate a provider.
9231006 * Return -1 on failure and the activation count on success
9241007 */
925 static int provider_deactivate(OSSL_PROVIDER *prov)
1008 static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls)
9261009 {
9271010 int count;
9281011 struct provider_store_st *store;
1012 #ifndef FIPS_MODULE
1013 int freeparent = 0, removechildren = 0;
1014 #endif
9291015
9301016 if (!ossl_assert(prov != NULL))
9311017 return -1;
9421028 }
9431029
9441030 #ifndef FIPS_MODULE
945 if (prov->activatecnt == 2 && prov->ischild) {
1031 if (prov->activatecnt >= 2 && prov->ischild && upcalls) {
9461032 /*
9471033 * We have had a direct activation in this child libctx so we need to
948 * now down the ref count in the parent provider.
1034 * now down the ref count in the parent provider. We do the actual down
1035 * ref outside of the flag_lock, since it could involve getting other
1036 * locks.
9491037 */
950 ossl_provider_free_parent(prov, 1);
1038 freeparent = 1;
9511039 }
9521040 #endif
9531041
9541042 if ((count = --prov->activatecnt) < 1) {
9551043 prov->flag_activated = 0;
9561044 #ifndef FIPS_MODULE
957 {
958 int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
959 OSSL_PROVIDER_CHILD_CB *child_cb;
960
961 for (i = 0; i < max; i++) {
962 child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
963 child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata);
964 }
965 }
1045 removechildren = 1;
9661046 #endif
9671047 }
9681048
9691049 CRYPTO_THREAD_unlock(prov->flag_lock);
1050
1051 #ifndef FIPS_MODULE
1052 if (removechildren) {
1053 int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs);
1054 OSSL_PROVIDER_CHILD_CB *child_cb;
1055
1056 for (i = 0; i < max; i++) {
1057 child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i);
1058 child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata);
1059 }
1060 }
1061 #endif
9701062 CRYPTO_THREAD_unlock(store->lock);
1063 #ifndef FIPS_MODULE
1064 if (freeparent)
1065 ossl_provider_free_parent(prov, 1);
1066 #endif
9711067
9721068 /* We don't deinit here, that's done in ossl_provider_free() */
9731069 return count;
9811077 {
9821078 int count = -1;
9831079 struct provider_store_st *store;
984 int ret = 1;
1080 int ret = 1, createchildren = 0;
9851081
9861082 store = prov->store;
9871083 /*
9941090 return -1;
9951091 }
9961092
997 if (lock && !CRYPTO_THREAD_read_lock(store->lock))
1093 #ifndef FIPS_MODULE
1094 if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1))
9981095 return -1;
1096 #endif
1097
1098 if (lock && !CRYPTO_THREAD_read_lock(store->lock)) {
1099 #ifndef FIPS_MODULE
1100 if (prov->ischild && upcalls)
1101 ossl_provider_free_parent(prov, 1);
1102 #endif
1103 return -1;
1104 }
9991105
10001106 if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) {
10011107 CRYPTO_THREAD_unlock(store->lock);
1108 #ifndef FIPS_MODULE
1109 if (prov->ischild && upcalls)
1110 ossl_provider_free_parent(prov, 1);
1111 #endif
10021112 return -1;
10031113 }
10041114
1005 #ifndef FIPS_MODULE
1006 if (prov->ischild && upcalls)
1007 ret = ossl_provider_up_ref_parent(prov, 1);
1008 #endif
1009
1010 if (ret) {
1011 count = ++prov->activatecnt;
1012 prov->flag_activated = 1;
1013
1014 if (prov->activatecnt == 1 && store != NULL)
1015 ret = create_provider_children(prov);
1016 }
1017
1018 if (lock) {
1115 count = ++prov->activatecnt;
1116 prov->flag_activated = 1;
1117
1118 if (prov->activatecnt == 1 && store != NULL)
1119 createchildren = 1;
1120
1121 if (lock)
10191122 CRYPTO_THREAD_unlock(prov->flag_lock);
1123 if (createchildren)
1124 ret = create_provider_children(prov);
1125 if (lock)
10201126 CRYPTO_THREAD_unlock(store->lock);
1021 }
1127
10221128 if (!ret)
10231129 return -1;
10241130
10671173 {
10681174 int count;
10691175
1070 if (prov == NULL || (count = provider_deactivate(prov)) < 0)
1176 if (prov == NULL || (count = provider_deactivate(prov, 1)) < 0)
10711177 return 0;
10721178 return count == 0 ? provider_flush_store_cache(prov) : 1;
10731179 }
11541260 void *cbdata),
11551261 void *cbdata)
11561262 {
1157 int ret = 0, curr, max;
1263 int ret = 0, curr, max, ref = 0;
11581264 struct provider_store_st *store = get_provider_store(ctx);
11591265 STACK_OF(OSSL_PROVIDER) *provs = NULL;
11601266
11941300 if (!CRYPTO_THREAD_write_lock(prov->flag_lock))
11951301 goto err_unlock;
11961302 if (prov->flag_activated) {
1197 if (!ossl_provider_up_ref(prov)){
1303 /*
1304 * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref
1305 * to avoid upping the ref count on the parent provider, which we
1306 * must not do while holding locks.
1307 */
1308 if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) {
11981309 CRYPTO_THREAD_unlock(prov->flag_lock);
11991310 goto err_unlock;
12001311 }
12011312 /*
12021313 * It's already activated, but we up the activated count to ensure
12031314 * it remains activated until after we've called the user callback.
1315 * We do this with no locking (because we already hold the locks)
1316 * and no upcalls (which must not be called when locks are held). In
1317 * theory this could mean the parent provider goes inactive, whilst
1318 * still activated in the child for a short period. That's ok.
12041319 */
1205 if (provider_activate(prov, 0, 1) < 0) {
1206 ossl_provider_free(prov);
1320 if (provider_activate(prov, 0, 0) < 0) {
1321 CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock);
12071322 CRYPTO_THREAD_unlock(prov->flag_lock);
12081323 goto err_unlock;
12091324 }
12401355 for (curr++; curr < max; curr++) {
12411356 OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
12421357
1243 provider_deactivate(prov);
1244 ossl_provider_free(prov);
1358 provider_deactivate(prov, 0);
1359 /*
1360 * As above where we did the up-ref, we don't call ossl_provider_free
1361 * to avoid making upcalls. There should always be at least one ref
1362 * to the provider in the store, so this should never drop to 0.
1363 */
1364 CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock);
1365 /*
1366 * Not much we can do if this assert ever fails. So we don't use
1367 * ossl_assert here.
1368 */
1369 assert(ref > 0);
12451370 }
12461371 sk_OSSL_PROVIDER_free(provs);
12471372 return ret;
15611686 }
15621687 max = sk_OSSL_PROVIDER_num(store->providers);
15631688 for (i = 0; i < max; i++) {
1689 int activated;
1690
15641691 prov = sk_OSSL_PROVIDER_value(store->providers, i);
15651692
15661693 if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
15671694 break;
1695 activated = prov->flag_activated;
1696 CRYPTO_THREAD_unlock(prov->flag_lock);
15681697 /*
1569 * We hold the lock while calling the user callback. This means that the
1570 * user callback must be short and simple and not do anything likely to
1571 * cause a deadlock.
1698 * We hold the store lock while calling the user callback. This means
1699 * that the user callback must be short and simple and not do anything
1700 * likely to cause a deadlock. We don't hold the flag_lock during this
1701 * call. In theory this means that another thread could deactivate it
1702 * while we are calling create. This is ok because the other thread
1703 * will also call remove_cb, but won't be able to do so until we release
1704 * the store lock.
15721705 */
1573 if (prov->flag_activated
1574 && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata))
1706 if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata))
15751707 break;
1576 CRYPTO_THREAD_unlock(prov->flag_lock);
15771708 }
15781709 if (i == max) {
15791710 /* Success */
+9
-18
crypto/rsa/rsa_sp800_56b_check.c less more
217217 return ret;
218218 }
219219
220 #ifndef FIPS_MODULE
221 static int bn_is_three(const BIGNUM *bn)
222 {
223 BIGNUM *num = BN_dup(bn);
224 int ret = (num != NULL && BN_sub_word(num, 3) && BN_is_zero(num));
225
226 BN_free(num);
227 return ret;
228 }
229 #endif /* FIPS_MODULE */
230
231 /* Check exponent is odd, and has a bitlen ranging from [17..256] */
220 /*
221 * Check exponent is odd.
222 * For FIPS also check the bit length is in the range [17..256]
223 */
232224 int ossl_rsa_check_public_exponent(const BIGNUM *e)
233225 {
226 #ifdef FIPS_MODULE
234227 int bitlen;
235
236 /* For legacy purposes RSA_3 is allowed in non fips mode */
237 #ifndef FIPS_MODULE
238 if (bn_is_three(e))
239 return 1;
240 #endif /* FIPS_MODULE */
241228
242229 bitlen = BN_num_bits(e);
243230 return (BN_is_odd(e) && bitlen > 16 && bitlen < 257);
231 #else
232 /* Allow small exponents larger than 1 for legacy purposes */
233 return BN_is_odd(e) && BN_cmp(e, BN_value_one()) > 0;
234 #endif /* FIPS_MODULE */
244235 }
245236
246237 /*
+14
-18
crypto/sm2/sm2_crypt.c less more
6666 return field_size;
6767 }
6868
69 int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest,
70 size_t msg_len, size_t *pt_size)
69 int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
70 size_t *pt_size)
7171 {
72 const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
73 const int md_size = EVP_MD_get_size(digest);
74 size_t overhead;
75
76 if (md_size < 0) {
77 ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_DIGEST);
78 return 0;
79 }
80 if (field_size == 0) {
81 ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_FIELD);
82 return 0;
83 }
84
85 overhead = 10 + 2 * field_size + (size_t)md_size;
86 if (msg_len <= overhead) {
72 struct SM2_Ciphertext_st *sm2_ctext = NULL;
73
74 sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
75
76 if (sm2_ctext == NULL) {
8777 ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING);
8878 return 0;
8979 }
9080
91 *pt_size = msg_len - overhead;
81 *pt_size = sm2_ctext->C2->length;
82 SM2_Ciphertext_free(sm2_ctext);
83
9284 return 1;
9385 }
9486
319311 C2 = sm2_ctext->C2->data;
320312 C3 = sm2_ctext->C3->data;
321313 msg_len = sm2_ctext->C2->length;
314 if (*ptext_len < (size_t)msg_len) {
315 ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL);
316 goto done;
317 }
322318
323319 ctx = BN_CTX_new_ex(libctx);
324320 if (ctx == NULL) {
+1
-0
crypto/ts/ts_verify_ctx.c less more
6969 unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
7070 unsigned char *hexstr, long len)
7171 {
72 OPENSSL_free(ctx->imprint);
7273 ctx->imprint = hexstr;
7374 ctx->imprint_len = len;
7475 return ctx->imprint;
+1
-1
crypto/uid.c less more
1616 return 0;
1717 }
1818
19 #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__)
19 #elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__))
2020
2121 # include <unistd.h>
2222
+27
-8
crypto/x509/v3_akid.c less more
3939 STACK_OF(CONF_VALUE)
4040 *extlist)
4141 {
42 char *tmp;
42 char *tmp = NULL;
43 STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;
44
4345 if (akeyid->keyid) {
4446 tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
4547 if (tmp == NULL) {
4648 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
4749 return NULL;
4850 }
49 X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL,
50 tmp, &extlist);
51 if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL,
52 tmp, &extlist)) {
53 OPENSSL_free(tmp);
54 ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB);
55 goto err;
56 }
5157 OPENSSL_free(tmp);
5258 }
53 if (akeyid->issuer)
54 extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
59 if (akeyid->issuer) {
60 tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
61 if (tmpextlist == NULL) {
62 ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB);
63 goto err;
64 }
65 extlist = tmpextlist;
66 }
5567 if (akeyid->serial) {
5668 tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
5769 if (tmp == NULL) {
5870 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
59 return NULL;
60 }
61 X509V3_add_value("serial", tmp, &extlist);
71 goto err;
72 }
73 if (!X509V3_add_value("serial", tmp, &extlist)) {
74 OPENSSL_free(tmp);
75 goto err;
76 }
6277 OPENSSL_free(tmp);
6378 }
6479 return extlist;
80 err:
81 if (origextlist == NULL)
82 sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
83 return NULL;
6584 }
6685
6786 /*-
+5
-0
crypto/x509/v3_conf.c less more
486486 return NULL;
487487 CONF_set_nconf(ctmp, conf);
488488 ret = X509V3_EXT_nconf(ctmp, ctx, name, value);
489 CONF_set_nconf(ctmp, NULL);
489490 NCONF_free(ctmp);
490491 return ret;
491492 }
500501 return NULL;
501502 CONF_set_nconf(ctmp, conf);
502503 ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value);
504 CONF_set_nconf(ctmp, NULL);
503505 NCONF_free(ctmp);
504506 return ret;
505507 }
541543 return 0;
542544 CONF_set_nconf(ctmp, conf);
543545 ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert);
546 CONF_set_nconf(ctmp, NULL);
544547 NCONF_free(ctmp);
545548 return ret;
546549 }
557560 return 0;
558561 CONF_set_nconf(ctmp, conf);
559562 ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl);
563 CONF_set_nconf(ctmp, NULL);
560564 NCONF_free(ctmp);
561565 return ret;
562566 }
573577 return 0;
574578 CONF_set_nconf(ctmp, conf);
575579 ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req);
580 CONF_set_nconf(ctmp, NULL);
576581 NCONF_free(ctmp);
577582 return ret;
578583 }
+6
-3
crypto/x509/v3_cpols.c less more
425425 qualinfo = sk_POLICYQUALINFO_value(quals, i);
426426 switch (OBJ_obj2nid(qualinfo->pqualid)) {
427427 case NID_id_qt_cps:
428 BIO_printf(out, "%*sCPS: %s", indent, "",
428 BIO_printf(out, "%*sCPS: %.*s", indent, "",
429 qualinfo->d.cpsuri->length,
429430 qualinfo->d.cpsuri->data);
430431 break;
431432
449450 if (notice->noticeref) {
450451 NOTICEREF *ref;
451452 ref = notice->noticeref;
452 BIO_printf(out, "%*sOrganization: %s\n", indent, "",
453 BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
454 ref->organization->length,
453455 ref->organization->data);
454456 BIO_printf(out, "%*sNumber%s: ", indent, "",
455457 sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
473475 BIO_puts(out, "\n");
474476 }
475477 if (notice->exptext)
476 BIO_printf(out, "%*sExplicit Text: %s", indent, "",
478 BIO_printf(out, "%*sExplicit Text: %.*s", indent, "",
479 notice->exptext->length,
477480 notice->exptext->data);
478481 }
479482
+100
-49
crypto/x509/v3_ncons.c less more
6565 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
6666 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
6767
68
69 #define IA5_OFFSET_LEN(ia5base, offset) \
70 ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
71
72 /* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
73 * starting point to search from
74 */
75 # define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
76
77 /* Like memrrchr but for ASN1_IA5STRING */
78 static char *ia5memrchr(ASN1_IA5STRING *str, int c)
79 {
80 int i;
81
82 for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
83
84 if (i == 0)
85 return NULL;
86
87 return (char *)&str->data[i - 1];
88 }
89
6890 /*
69 * We cannot use strncasecmp here because that applies locale specific rules.
91 * We cannot use strncasecmp here because that applies locale specific rules. It
92 * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
7093 * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
7194 * do a simple ASCII case comparison ignoring the locale (that is why we use
7295 * numeric constants below).
91114
92115 /* c1 > c2 */
93116 return 1;
94 } else if (*s1 == 0) {
95 /* If we get here we know that *s2 == 0 too */
96 return 0;
97117 }
98118 }
99119
100120 return 0;
101 }
102
103 static int ia5casecmp(const char *s1, const char *s2)
104 {
105 return ia5ncasecmp(s1, s2, SIZE_MAX);
106121 }
107122
108123 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
333348 --utf8_length;
334349
335350 /* Reject *embedded* NULs */
336 if ((size_t)utf8_length != strlen((char *)utf8_value)) {
351 if (memchr(utf8_value, 0, utf8_length) != NULL) {
337352 OPENSSL_free(utf8_value);
338353 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
339354 }
570585 char *dnsptr = (char *)dns->data;
571586
572587 /* Empty matches everything */
573 if (*baseptr == '\0')
588 if (base->length == 0)
574589 return X509_V_OK;
590
591 if (dns->length < base->length)
592 return X509_V_ERR_PERMITTED_VIOLATION;
593
575594 /*
576595 * Otherwise can add zero or more components on the left so compare RHS
577596 * and if dns is longer and expect '.' as preceding character.
582601 return X509_V_ERR_PERMITTED_VIOLATION;
583602 }
584603
585 if (ia5casecmp(baseptr, dnsptr))
604 if (ia5ncasecmp(baseptr, dnsptr, base->length))
586605 return X509_V_ERR_PERMITTED_VIOLATION;
587606
588607 return X509_V_OK;
599618 static int nc_email_eai(ASN1_TYPE *emltype, ASN1_IA5STRING *base)
600619 {
601620 ASN1_UTF8STRING *eml;
602 const char *baseptr = (char *)base->data;
621 char *baseptr = NULL;
603622 const char *emlptr;
604623 const char *emlat;
605624 char ulabel[256];
606625 size_t size = sizeof(ulabel) - 1;
607
608 if (emltype->type != V_ASN1_UTF8STRING)
626 int ret = X509_V_OK;
627 size_t emlhostlen;
628
629 /* We do not accept embedded NUL characters */
630 if (base->length > 0 && memchr(base->data, 0, base->length) != NULL)
609631 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
632
633 /* 'base' may not be NUL terminated. Create a copy that is */
634 baseptr = OPENSSL_strndup((char *)base->data, base->length);
635 if (baseptr == NULL)
636 return X509_V_ERR_OUT_OF_MEM;
637
638 if (emltype->type != V_ASN1_UTF8STRING) {
639 ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
640 goto end;
641 }
610642
611643 eml = emltype->value.utf8string;
612644 emlptr = (char *)eml->data;
613 emlat = strrchr(emlptr, '@');
614
615 if (emlat == NULL)
616 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
645 emlat = ia5memrchr(eml, '@');
646
647 if (emlat == NULL) {
648 ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
649 goto end;
650 }
617651
618652 memset(ulabel, 0, sizeof(ulabel));
619653 /* Special case: initial '.' is RHS match */
620654 if (*baseptr == '.') {
621655 ulabel[0] = '.';
622656 size -= 1;
623 if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0)
624 return X509_V_ERR_UNSPECIFIED;
625
626 if ((size_t)eml->length > size + 1) {
627 emlptr += eml->length - (size + 1);
628 if (ia5casecmp(ulabel, emlptr) == 0)
629 return X509_V_OK;
657 if (ossl_a2ulabel(baseptr, ulabel + 1, &size) <= 0) {
658 ret = X509_V_ERR_UNSPECIFIED;
659 goto end;
630660 }
631 return X509_V_ERR_PERMITTED_VIOLATION;
632 }
633
661
662 if ((size_t)eml->length > strlen(ulabel)) {
663 emlptr += eml->length - (strlen(ulabel));
664 /* X509_V_OK */
665 if (ia5ncasecmp(ulabel, emlptr, strlen(ulabel)) == 0)
666 goto end;
667 }
668 ret = X509_V_ERR_PERMITTED_VIOLATION;
669 goto end;
670 }
671
672 if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0) {
673 ret = X509_V_ERR_UNSPECIFIED;
674 goto end;
675 }
676 /* Just have hostname left to match: case insensitive */
634677 emlptr = emlat + 1;
635 if (ossl_a2ulabel(baseptr, ulabel, &size) <= 0)
636 return X509_V_ERR_UNSPECIFIED;
637 /* Just have hostname left to match: case insensitive */
638 if (ia5casecmp(ulabel, emlptr))
639 return X509_V_ERR_PERMITTED_VIOLATION;
640
641 return X509_V_OK;
642
678 emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
679 if (emlhostlen != strlen(ulabel)
680 || ia5ncasecmp(ulabel, emlptr, emlhostlen) != 0) {
681 ret = X509_V_ERR_PERMITTED_VIOLATION;
682 goto end;
683 }
684
685 end:
686 OPENSSL_free(baseptr);
687 return ret;
643688 }
644689
645690 static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
646691 {
647692 const char *baseptr = (char *)base->data;
648693 const char *emlptr = (char *)eml->data;
649
650 const char *baseat = strrchr(baseptr, '@');
651 const char *emlat = strrchr(emlptr, '@');
694 const char *baseat = ia5memrchr(base, '@');
695 const char *emlat = ia5memrchr(eml, '@');
696 size_t basehostlen, emlhostlen;
697
652698 if (!emlat)
653699 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
654700 /* Special case: initial '.' is RHS match */
655 if (!baseat && (*baseptr == '.')) {
701 if (!baseat && base->length > 0 && (*baseptr == '.')) {
656702 if (eml->length > base->length) {
657703 emlptr += eml->length - base->length;
658 if (ia5casecmp(baseptr, emlptr) == 0)
704 if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
659705 return X509_V_OK;
660706 }
661707 return X509_V_ERR_PERMITTED_VIOLATION;
675721 baseptr = baseat + 1;
676722 }
677723 emlptr = emlat + 1;
724 basehostlen = IA5_OFFSET_LEN(base, baseptr);
725 emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
678726 /* Just have hostname left to match: case insensitive */
679 if (ia5casecmp(baseptr, emlptr))
727 if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
680728 return X509_V_ERR_PERMITTED_VIOLATION;
681729
682730 return X509_V_OK;
687735 {
688736 const char *baseptr = (char *)base->data;
689737 const char *hostptr = (char *)uri->data;
690 const char *p = strchr(hostptr, ':');
738 const char *p = ia5memchr(uri, (char *)uri->data, ':');
691739 int hostlen;
692740
693741 /* Check for foo:// and skip past it */
694 if (p == NULL || p[1] != '/' || p[2] != '/')
742 if (p == NULL
743 || IA5_OFFSET_LEN(uri, p) < 3
744 || p[1] != '/'
745 || p[2] != '/')
695746 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
696747 hostptr = p + 3;
697748
699750
700751 /* Look for a port indicator as end of hostname first */
701752
702 p = strchr(hostptr, ':');
753 p = ia5memchr(uri, hostptr, ':');
703754 /* Otherwise look for trailing slash */
704755 if (p == NULL)
705 p = strchr(hostptr, '/');
756 p = ia5memchr(uri, hostptr, '/');
706757
707758 if (p == NULL)
708 hostlen = strlen(hostptr);
759 hostlen = IA5_OFFSET_LEN(uri, hostptr);
709760 else
710761 hostlen = p - hostptr;
711762
713764 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
714765
715766 /* Special case: initial '.' is RHS match */
716 if (*baseptr == '.') {
767 if (base->length > 0 && *baseptr == '.') {
717768 if (hostlen > base->length) {
718769 p = hostptr + hostlen - base->length;
719770 if (ia5ncasecmp(p, baseptr, base->length) == 0)
+2
-1
crypto/x509/v3_pci.c less more
7575 BIO_printf(out, "%*sPolicy Language: ", indent, "");
7676 i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
7777 if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
78 BIO_printf(out, "\n%*sPolicy Text: %s", indent, "",
78 BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "",
79 pci->proxyPolicy->policy->length,
7980 pci->proxyPolicy->policy->data);
8081 return 1;
8182 }
+31
-15
crypto/x509/v3_san.c less more
88
99 #include <stdio.h>
1010 #include "internal/cryptlib.h"
11 #include "crypto/x509.h"
1112 #include <openssl/conf.h>
1213 #include <openssl/x509v3.h>
1314 #include <openssl/bio.h>
8687 switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
8788 case NID_id_on_SmtpUTF8Mailbox:
8889 if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
89 || !X509V3_add_value_uchar("othername: SmtpUTF8Mailbox:",
90 || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:",
9091 gen->d.otherName->value->value.utf8string->data,
92 gen->d.otherName->value->value.utf8string->length,
9193 &ret))
9294 return NULL;
9395 break;
9496 case NID_XmppAddr:
9597 if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
96 || !X509V3_add_value_uchar("othername: XmppAddr:",
98 || !x509v3_add_len_value_uchar("othername: XmppAddr:",
9799 gen->d.otherName->value->value.utf8string->data,
100 gen->d.otherName->value->value.utf8string->length,
98101 &ret))
99102 return NULL;
100103 break;
101104 case NID_SRVName:
102105 if (gen->d.otherName->value->type != V_ASN1_IA5STRING
103 || !X509V3_add_value_uchar("othername: SRVName:",
106 || !x509v3_add_len_value_uchar("othername: SRVName:",
104107 gen->d.otherName->value->value.ia5string->data,
108 gen->d.otherName->value->value.ia5string->length,
105109 &ret))
106110 return NULL;
107111 break;
108112 case NID_ms_upn:
109113 if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
110 || !X509V3_add_value_uchar("othername: UPN:",
114 || !x509v3_add_len_value_uchar("othername: UPN:",
111115 gen->d.otherName->value->value.utf8string->data,
116 gen->d.otherName->value->value.utf8string->length,
112117 &ret))
113118 return NULL;
114119 break;
115120 case NID_NAIRealm:
116121 if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
117 || !X509V3_add_value_uchar("othername: NAIRealm:",
122 || !x509v3_add_len_value_uchar("othername: NAIRealm:",
118123 gen->d.otherName->value->value.utf8string->data,
124 gen->d.otherName->value->value.utf8string->length,
119125 &ret))
120126 return NULL;
121127 break;
128134
129135 /* check if the value is something printable */
130136 if (gen->d.otherName->value->type == V_ASN1_IA5STRING) {
131 if (X509V3_add_value_uchar(othername,
137 if (x509v3_add_len_value_uchar(othername,
132138 gen->d.otherName->value->value.ia5string->data,
139 gen->d.otherName->value->value.ia5string->length,
133140 &ret))
134141 return ret;
135142 }
136143 if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
137 if (X509V3_add_value_uchar(othername,
144 if (x509v3_add_len_value_uchar(othername,
138145 gen->d.otherName->value->value.utf8string->data,
146 gen->d.otherName->value->value.utf8string->length,
139147 &ret))
140148 return ret;
141149 }
156164 break;
157165
158166 case GEN_EMAIL:
159 if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
167 if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
168 gen->d.ia5->length, &ret))
160169 return NULL;
161170 break;
162171
163172 case GEN_DNS:
164 if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
173 if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
174 gen->d.ia5->length, &ret))
165175 return NULL;
166176 break;
167177
168178 case GEN_URI:
169 if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
179 if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
180 gen->d.ia5->length, &ret))
170181 return NULL;
171182 break;
172183
211222
212223 switch (nid) {
213224 case NID_id_on_SmtpUTF8Mailbox:
214 BIO_printf(out, "othername:SmtpUTF8Mailbox:%s",
225 BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s",
226 gen->d.otherName->value->value.utf8string->length,
215227 gen->d.otherName->value->value.utf8string->data);
216228 break;
217229 case NID_XmppAddr:
218 BIO_printf(out, "othername:XmppAddr:%s",
230 BIO_printf(out, "othername:XmppAddr:%.*s",
231 gen->d.otherName->value->value.utf8string->length,
219232 gen->d.otherName->value->value.utf8string->data);
220233 break;
221234 case NID_SRVName:
222 BIO_printf(out, "othername:SRVName:%s",
235 BIO_printf(out, "othername:SRVName:%.*s",
236 gen->d.otherName->value->value.ia5string->length,
223237 gen->d.otherName->value->value.ia5string->data);
224238 break;
225239 case NID_ms_upn:
226 BIO_printf(out, "othername:UPN:%s",
240 BIO_printf(out, "othername:UPN:%.*s",
241 gen->d.otherName->value->value.utf8string->length,
227242 gen->d.otherName->value->value.utf8string->data);
228243 break;
229244 case NID_NAIRealm:
230 BIO_printf(out, "othername:NAIRealm:%s",
245 BIO_printf(out, "othername:NAIRealm:%.*s",
246 gen->d.otherName->value->value.utf8string->length,
231247 gen->d.otherName->value->value.utf8string->data);
232248 break;
233249 default:
+61
-19
crypto/x509/v3_utl.c less more
1111 #include "e_os.h"
1212 #include "internal/cryptlib.h"
1313 #include <stdio.h>
14 #include <string.h>
1415 #include "crypto/ctype.h"
1516 #include <openssl/conf.h>
1617 #include <openssl/crypto.h>
3536
3637 /* Add a CONF_VALUE name value pair to stack */
3738
38 int X509V3_add_value(const char *name, const char *value,
39 STACK_OF(CONF_VALUE) **extlist)
39 static int x509v3_add_len_value(const char *name, const char *value,
40 size_t vallen, STACK_OF(CONF_VALUE) **extlist)
4041 {
4142 CONF_VALUE *vtmp = NULL;
4243 char *tname = NULL, *tvalue = NULL;
4344 int sk_allocated = (*extlist == NULL);
4445
45 if (name && (tname = OPENSSL_strdup(name)) == NULL)
46 if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
4647 goto err;
47 if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
48 goto err;
48 if (value != NULL) {
49 /* We don't allow embeded NUL characters */
50 if (memchr(value, 0, vallen) != NULL)
51 goto err;
52 tvalue = OPENSSL_strndup(value, vallen);
53 if (tvalue == NULL)
54 goto err;
55 }
4956 if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
5057 goto err;
5158 if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
6875 return 0;
6976 }
7077
78 int X509V3_add_value(const char *name, const char *value,
79 STACK_OF(CONF_VALUE) **extlist)
80 {
81 return x509v3_add_len_value(name, value,
82 value != NULL ? strlen((const char *)value) : 0,
83 extlist);
84 }
85
7186 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
7287 STACK_OF(CONF_VALUE) **extlist)
7388 {
74 return X509V3_add_value(name, (const char *)value, extlist);
89 return x509v3_add_len_value(name, (const char *)value,
90 value != NULL ? strlen((const char *)value) : 0,
91 extlist);
92 }
93
94 int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
95 size_t vallen, STACK_OF(CONF_VALUE) **extlist)
96 {
97 return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
7598 }
7699
77100 /* Free function for STACK_OF(CONF_VALUE) */
505528 /* First some sanity checks */
506529 if (email->type != V_ASN1_IA5STRING)
507530 return 1;
508 if (!email->data || !email->length)
531 if (email->data == NULL || email->length == 0)
532 return 1;
533 if (memchr(email->data, 0, email->length) != NULL)
509534 return 1;
510535 if (*sk == NULL)
511536 *sk = sk_OPENSSL_STRING_new(sk_strcmp);
512537 if (*sk == NULL)
513538 return 0;
539
540 emtmp = OPENSSL_strndup((char *)email->data, email->length);
541 if (emtmp == NULL)
542 return 0;
543
514544 /* Don't add duplicates */
515 if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
545 if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
546 OPENSSL_free(emtmp);
516547 return 1;
517 emtmp = OPENSSL_strdup((char *)email->data);
518 if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
548 }
549 if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
519550 OPENSSL_free(emtmp); /* free on push failure */
520551 X509_email_free(*sk);
521552 *sk = NULL;
869900 if (OBJ_obj2nid(gen->d.otherName->type_id) ==
870901 NID_id_on_SmtpUTF8Mailbox) {
871902 san_present = 1;
872 cstr = gen->d.otherName->value->value.utf8string;
873
874 /* Positive on success, negative on error! */
875 if ((rv = do_check_string(cstr, 0, equal, flags,
876 chk, chklen, peername)) != 0)
877 break;
903
904 /*
905 * If it is not a UTF8String then that is unexpected and we
906 * treat it as no match
907 */
908 if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
909 cstr = gen->d.otherName->value->value.utf8string;
910
911 /* Positive on success, negative on error! */
912 if ((rv = do_check_string(cstr, 0, equal, flags,
913 chk, chklen, peername)) != 0)
914 break;
915 }
878916 } else
879917 continue;
880918 } else {
10951133
10961134 static int ipv4_from_asc(unsigned char *v4, const char *in)
10971135 {
1098 int a0, a1, a2, a3;
1099
1100 if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
1136 const char *p;
1137 int a0, a1, a2, a3, n;
1138
1139 if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4)
11011140 return 0;
11021141 if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
11031142 || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
1143 return 0;
1144 p = in + n;
1145 if (!(*p == '\0' || ossl_isspace(*p)))
11041146 return 0;
11051147 v4[0] = a0;
11061148 v4[1] = a1;
+3
-0
demos/README.txt less more
2222 pbkdf2.c Demonstration of PBKDF2 password based key derivation
2323 scrypt.c Demonstration of SCRYPT password based key derivation
2424
25 mac:
26 gmac.c Demonstration of GMAC message authentication
27
2528 pkey:
2629 EVP_PKEY_EC_keygen.c Generate an EC key.
2730
+6
-0
demos/bio/accept.cnf less more
00 # Example configuration file
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
4
15 # Port to listen on
26 Port = 4433
7
38 # Disable TLS v1.2 for test.
49 # Protocol = ALL, -TLSv1.2
510 # Only support 3 curves
611 Curves = P-521:P-384:P-256
12
713 # Restricted signature algorithms
814 SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
915 Certificate=server.pem
+3
-0
demos/bio/cmod.cnf less more
22 # Name supplied by application to CONF_modules_load_file
33 # and section containing configuration
44 testapp = test_sect
5
6 # Comment out the next line to ignore configuration errors
7 config_diagnostics = 1
58
69 [test_sect]
710 # list of configuration modules
+6
-0
demos/bio/connect.cnf less more
00 # Example configuration file
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
4
15 # Connects to the default port of s_server
26 Connect = localhost:4433
7
38 # Disable TLS v1.2 for test.
49 # Protocol = ALL, -TLSv1.2
510 # Only support 3 curves
611 Curves = P-521:P-384:P-256
12
713 # Restricted signature algorithms
814 SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512
+4
-0
demos/certs/apps/apps.cnf less more
55 # is undefined.
66 HOME = .
77 CN = "Not Defined"
8
9 # Comment out the next line to ignore configuration errors
10 config_diagnostics = 1
11
812
913 ####################################################################
1014 [ req ]
+3
-0
demos/certs/ca.cnf less more
66 HOME = .
77 CN = "Not Defined"
88 default_ca = ca
9
10 # Comment out the next line to ignore configuration errors
11 config_diagnostics = 1
912
1013 ####################################################################
1114 [ req ]
+145
-0
demos/mac/gmac.c less more
0 /*
1 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 #include <stdio.h>
10 #include <stdlib.h>
11 #include <openssl/core_names.h>
12 #include <openssl/evp.h>
13 #include <openssl/params.h>
14 #include <openssl/err.h>
15
16 /*
17 * Taken from NIST's GCM Test Vectors
18 * http://csrc.nist.gov/groups/STM/cavp/
19 */
20
21 /*
22 * Hard coding the key into an application is very bad.
23 * It is done here solely for educational purposes.
24 */
25 static unsigned char key[] = {
26 0x77, 0xbe, 0x63, 0x70, 0x89, 0x71, 0xc4, 0xe2,
27 0x40, 0xd1, 0xcb, 0x79, 0xe8, 0xd7, 0x7f, 0xeb
28 };
29
30 /*
31 * The initialisation vector (IV) is better not being hard coded too.
32 * Repeating password/IV pairs compromises the integrity of GMAC.
33 * The IV is not considered secret information and is safe to store with
34 * an encrypted password.
35 */
36 static unsigned char iv[] = {
37 0xe0, 0xe0, 0x0f, 0x19, 0xfe, 0xd7, 0xba,
38 0x01, 0x36, 0xa7, 0x97, 0xf3
39 };
40
41 static unsigned char data[] = {
42 0x7a, 0x43, 0xec, 0x1d, 0x9c, 0x0a, 0x5a, 0x78,
43 0xa0, 0xb1, 0x65, 0x33, 0xa6, 0x21, 0x3c, 0xab
44 };
45
46 static const unsigned char expected_output[] = {
47 0x20, 0x9f, 0xcc, 0x8d, 0x36, 0x75, 0xed, 0x93,
48 0x8e, 0x9c, 0x71, 0x66, 0x70, 0x9d, 0xd9, 0x46
49 };
50
51 /*
52 * A property query used for selecting the GMAC implementation and the
53 * underlying GCM mode cipher.
54 */
55 static char *propq = NULL;
56
57 int main(int argc, char **argv)
58 {
59 int rv = EXIT_FAILURE;
60 EVP_MAC *mac = NULL;
61 EVP_MAC_CTX *mctx = NULL;
62 unsigned char out[16];
63 OSSL_PARAM params[4], *p = params;
64 OSSL_LIB_CTX *library_context = NULL;
65 size_t out_len = 0;
66
67 library_context = OSSL_LIB_CTX_new();
68 if (library_context == NULL) {
69 fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
70 goto end;
71 }
72
73 /* Fetch the GMAC implementation */
74 mac = EVP_MAC_fetch(library_context, "GMAC", propq);
75 if (mac == NULL) {
76 fprintf(stderr, "EVP_MAC_fetch() returned NULL\n");
77 goto end;
78 }
79
80 /* Create a context for the GMAC operation */
81 mctx = EVP_MAC_CTX_new(mac);
82 if (mctx == NULL) {
83 fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n");
84 goto end;
85 }
86
87 /* GMAC requries a GCM mode cipher to be specified */
88 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
89 "AES-128-GCM", 0);
90
91 /*
92 * If a non-default property query is required when fetching the GCM mode
93 * cipher, it needs to be specified too.
94 */
95 if (propq != NULL)
96 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
97 propq, 0);
98
99 /* Set the initialisation vector (IV) */
100 *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
101 iv, sizeof(iv));
102 *p = OSSL_PARAM_construct_end();
103
104 /* Initialise the GMAC operation */
105 if (!EVP_MAC_init(mctx, key, sizeof(key), params)) {
106 fprintf(stderr, "EVP_MAC_init() failed\n");
107 goto end;
108 }
109
110 /* Make one or more calls to process the data to be authenticated */
111 if (!EVP_MAC_update(mctx, data, sizeof(data))) {
112 fprintf(stderr, "EVP_MAC_update() failed\n");
113 goto end;
114 }
115
116 /* Make one call to the final to get the MAC */
117 if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) {
118 fprintf(stderr, "EVP_MAC_final() failed\n");
119 goto end;
120 }
121
122 printf("Generated MAC:\n");
123 BIO_dump_indent_fp(stdout, out, out_len, 2);
124 putchar('\n');
125
126 if (out_len != sizeof(expected_output)) {
127 fprintf(stderr, "Generated MAC has an unexpected length\n");
128 goto end;
129 }
130
131 if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) {
132 fprintf(stderr, "Generated MAC does not match expected value\n");
133 goto end;
134 }
135
136 rv = EXIT_SUCCESS;
137 end:
138 EVP_MAC_CTX_free(mctx);
139 EVP_MAC_free(mac);
140 OSSL_LIB_CTX_free(library_context);
141 if (rv != EXIT_SUCCESS)
142 ERR_print_errors_fp(stderr);
143 return rv;
144 }
+6
-0
doc/build.info less more
41304130 GENERATE[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod
41314131 DEPEND[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod
41324132 GENERATE[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod
4133 DEPEND[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod
4134 GENERATE[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod
4135 DEPEND[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod
4136 GENERATE[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod
41334137 DEPEND[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod
41344138 GENERATE[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod
41354139 DEPEND[man/man7/EVP_KDF-TLS1_PRF.7]=man7/EVP_KDF-TLS1_PRF.pod
45574561 html/man7/EVP_KDF-SCRYPT.html \
45584562 html/man7/EVP_KDF-SS.html \
45594563 html/man7/EVP_KDF-SSHKDF.html \
4564 html/man7/EVP_KDF-TLS13_KDF.html \
45604565 html/man7/EVP_KDF-TLS1_PRF.html \
45614566 html/man7/EVP_KDF-X942-ASN1.html \
45624567 html/man7/EVP_KDF-X942-CONCAT.html \
46794684 man/man7/EVP_KDF-SCRYPT.7 \
46804685 man/man7/EVP_KDF-SS.7 \
46814686 man/man7/EVP_KDF-SSHKDF.7 \
4687 man/man7/EVP_KDF-TLS13_KDF.7 \
46824688 man/man7/EVP_KDF-TLS1_PRF.7 \
46834689 man/man7/EVP_KDF-X942-ASN1.7 \
46844690 man/man7/EVP_KDF-X942-CONCAT.7 \
+6
-8
doc/internal/man3/ossl_method_construct.pod less more
99 #include "internal/core.h"
1010
1111 struct ossl_method_construct_method_st {
12 /* Create store */
13 void *(*alloc_tmp_store)(OSSL_LIB_CTX *ctx);
14 /* Remove a store */
15 void (*dealloc_tmp_store)(void *store);
12 /* Get a temporary store */
13 void *(*get_tmp_store)(void *data);
1614 /* Get an already existing method from a store */
17 void *(*get)(OSSL_LIB_CTX *libctx, void *store, void *data);
15 void *(*get)(void *store, void *data);
1816 /* Store a method in a store */
19 int (*put)(OSSL_LIB_CTX *libctx, void *store, void *method,
20 const OSSL_PROVIDER *prov, int operation_id, const char *name,
17 int (*put)(void *store, void *method,
18 const OSSL_PROVIDER *prov, const char *name,
2119 const char *propdef, void *data);
2220 /* Construct a new method */
2321 void *(*construct)(const char *name, const OSSL_DISPATCH *fns,
148146
149147 =head1 COPYRIGHT
150148
151 Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
149 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
152150
153151 Licensed under the Apache License 2.0 (the "License"). You may not use this
154152 file except in compliance with the License. You can obtain a copy in the file
+3
-3
doc/internal/man7/deprecation.pod less more
2020 explicitly removes the symbol from public view.
2121
2222 OpenSSL configuration supports deprecation as well as simulating removal of
23 symbols from public view (with the configuration option `no-deprecated`, or
23 symbols from public view (with the configuration option C<no-deprecated>, or
2424 if the user chooses to do so, with L<OPENSSL_NO_DEPRECATED(7)>), and also
2525 supports doing this in terms of a specified OpenSSL version (with the
26 configuration option `--api`, or if the user chooses to do so, with
26 configuration option C<--api>, or if the user chooses to do so, with
2727 L<OPENSSL_API_COMPAT(7)>).
2828
2929 Deprecation is done using attribute macros named
129129
130130 =head1 COPYRIGHT
131131
132 Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
132 Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
133133
134134 Licensed under the Apache License 2.0 (the "License"). You may not use
135135 this file except in compliance with the License. You can obtain a copy
+1
-1
doc/man1/openssl-ocsp.pod.in less more
370370
371371 Port to listen for OCSP requests on. The port may also be specified
372372 using the B<url> option.
373 A `0` argument indicates that any available port shall be chosen automatically.
373 A C<0> argument indicates that any available port shall be chosen automatically.
374374
375375 =item B<-ignore_err>
376376
+10
-0
doc/man1/openssl-pkeyutl.pod.in less more
261261 For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
262262 explicitly set in PSS mode then the signing digest is used.
263263
264 =item B<rsa_oaep_md:>I<digest>
265
266 Sets the digest used for the OAEP hash function. If not explicitly set then
267 SHA1 is used.
268
264269 =back
265270
266271 =head1 RSA-PSS ALGORITHM
389394
390395 openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \
391396 -rawin -digest sm3 -pkeyopt distid:someid
397
398 Decrypt some data using a private key with OAEP padding using SHA256:
399
400 openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
401 -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
392402
393403 =head1 SEE ALSO
394404
+22
-19
doc/man1/openssl-req.pod.in less more
102102
103103 =item B<-passin> I<arg>
104104
105 The password source for the request input file and the certificate input.
105 The password source for private key and certificate input.
106106 For more information about the format of B<arg>
107107 see L<openssl-passphrase-options(1)>.
108108
123123 =item B<-subject>
124124
125125 Prints out the certificate request subject
126 (or certificate subject if B<-x509> is specified).
126 (or certificate subject if B<-x509> is in use).
127127
128128 =item B<-pubkey>
129129
192192
193193 =item B<-key> I<filename>|I<uri>
194194
195 This specifies the private key to use for request self-signature
196 and signing certificates produced using the B<-x509> option.
195 This specifies the key to include and to use for request self-signature
196 and for self-signing certificates produced with the B<-x509> option.
197197 It also accepts PKCS#8 format private keys for PEM format files.
198198
199199 =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
204204 =item B<-keyout> I<filename>
205205
206206 This gives the filename to write any private key to that has been newly created
207 or read from B<-key>.
208 If the B<-keyout> option is not given the filename specified in the
209 configuration file with the B<default_keyfile> option is used, if present.
210 If a new key is generated and no filename is specified
211 the key is written to standard output.
207 or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option
208 are given then the filename specified in the configuration file with the
209 B<default_keyfile> option is used, if present. Thus, if you want to write the
210 private key and the B<-key> option is provided, you should provide the
211 B<-keyout> option explicitly. If a new key is generated and no filename is
212 specified the key is written to standard output.
212213
213214 =item B<-noenc>
214215
264265
265266 This option outputs a certificate instead of a certificate request.
266267 This is typically used to generate test certificates.
268 It is implied by the B<-CA> option.
267269
268270 If an existing request is specified with the B<-in> option, it is converted
269271 to the a certificate; otherwise a request is created from scratch.
279281
280282 =item B<-CA> I<filename>|I<uri>
281283
282 Specifies the "CA" certificate to be used for signing with the B<-x509> option.
284 Specifies the "CA" certificate to be used for signing a new certificate
285 and implies use of B<-x509>.
283286 When present, this behaves like a "micro CA" as follows:
284287 The subject name of the "CA" certificate is placed as issuer name in the new
285288 certificate, which is then signed using the "CA" key given as specified below.
292295
293296 =item B<-days> I<n>
294297
295 When the B<-x509> option is being used this specifies the number of
298 When B<-x509> is in use this specifies the number of
296299 days to certify the certificate for, otherwise it is ignored. I<n> should
297300 be a positive integer. The default is 30 days.
298301
305308 =item B<-copy_extensions> I<arg>
306309
307310 Determines how X.509 extensions in certificate requests should be handled
308 when B<-x509> is given.
311 when B<-x509> is in use.
309312 If I<arg> is B<none> or this option is not present then extensions are ignored.
310313 If I<arg> is B<copy> or B<copyall> then
311314 all extensions in the request are copied to the certificate.
315318
316319 =item B<-addext> I<ext>
317320
318 Add a specific extension to the certificate (if the B<-x509> option is
319 present) or certificate request. The argument must have the form of
321 Add a specific extension to the certificate (if B<-x509> is in use)
322 or certificate request. The argument must have the form of
320323 a key=value pair as it would appear in a config file.
321324
322325 This option can be given multiple times.
326329 =item B<-reqexts> I<section>
327330
328331 These options specify alternative sections to include certificate
329 extensions (if the B<-x509> option is present) or certificate
330 request extensions. This allows several different sections to
332 extensions (if B<-x509> is in use) or certificate request extensions.
333 This allows several different sections to
331334 be used in the same configuration file to specify requests for
332335 a variety of purposes.
333336
397400
398401 =over 4
399402
400 =item B<input_password output_password>
403 =item B<input_password>, B<output_password>
401404
402405 The passwords for the input private key file (if present) and
403406 the output private key file (if one will be created). The
477480 =item B<x509_extensions>
478481
479482 This specifies the configuration file section containing a list of
480 extensions to add to certificate generated when the B<-x509> switch
481 is used. It can be overridden by the B<-extensions> command line switch.
483 extensions to add to certificate generated when B<-x509> is in use.
484 It can be overridden by the B<-extensions> command line switch.
482485
483486 =item B<prompt>
484487
+13
-13
doc/man1/openssl-verification-options.pod less more
2020 and depending on numerous options.
2121 The most important of them are detailed in the following sections.
2222
23 In a nutshell, a valid chain of certifciates needs to be built up and verified
23 In a nutshell, a valid chain of certificates needs to be built up and verified
2424 starting from the I<target certificate> that is to be verified
2525 and ending in a certificate that due to some policy is trusted.
2626 Verification is done relative to the given I<purpose>, which is the intended use
129129 number, and issuer field of the candidate issuer certificate,
130130 as far as the respective fields are present in both certificates.
131131
132 item *
132 =item *
133133
134134 The certificate signature algorithm used to sign the subject certificate
135135 is supported and
273273
274274 =over 4
275275
276 =item -
276 =item *
277277
278278 The basicConstraints of CA certificates must be marked critical.
279279
280 =item -
280 =item *
281281
282282 CA certificates must explicitly include the keyUsage extension.
283283
284 =item -
284 =item *
285285
286286 If a pathlenConstraint is given the key usage keyCertSign must be allowed.
287287
288 =item -
288 =item *
289289
290290 The pathlenConstraint must not be given for non-CA certificates.
291291
292 =item -
292 =item *
293293
294294 The issuer name of any certificate must not be empty.
295295
296 =item -
296 =item *
297297
298298 The subject name of CA certs, certs with keyUsage crlSign, and certs
299299 without subjectAlternativeName must not be empty.
300300
301 =item -
301 =item *
302302
303303 If a subjectAlternativeName extension is given it must not be empty.
304304
305 =item -
305 =item *
306306
307307 The signatureAlgorithm field and the cert signature must be consistent.
308308
309 =item -
309 =item *
310310
311311 Any given authorityKeyIdentifier and any given subjectKeyIdentifier
312312 must not be marked critical.
313313
314 =item -
314 =item *
315315
316316 The authorityKeyIdentifier must be given for X.509v3 certs unless they
317317 are self-signed.
318318
319 =item -
319 =item *
320320
321321 The subjectKeyIdentifier must be given for all X.509v3 CA certs.
322322
+23
-18
doc/man3/BN_cmp.pod less more
11
22 =head1 NAME
33
4 BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
4 BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions
55
66 =head1 SYNOPSIS
77
88 #include <openssl/bn.h>
99
10 int BN_cmp(BIGNUM *a, BIGNUM *b);
11 int BN_ucmp(BIGNUM *a, BIGNUM *b);
10 int BN_cmp(const BIGNUM *a, const BIGNUM *b);
11 int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
1212
13 int BN_is_zero(BIGNUM *a);
14 int BN_is_one(BIGNUM *a);
15 int BN_is_word(BIGNUM *a, BN_ULONG w);
16 int BN_is_odd(BIGNUM *a);
13 int BN_is_zero(const BIGNUM *a);
14 int BN_is_one(const BIGNUM *a);
15 int BN_is_word(const BIGNUM *a, const BN_ULONG w);
16 int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
17 int BN_is_odd(const BIGNUM *a);
1718
1819 =head1 DESCRIPTION
1920
20 BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
21 BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their
2122 absolute values.
2223
23 BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
24 or B<w> respectively. BN_is_odd() tests if a is odd.
25
26 BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
24 BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if
25 I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively.
26 BN_is_odd() tests if I<a> is odd.
2727
2828 =head1 RETURN VALUES
2929
30 BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
31 B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
32 of B<a> and B<b>.
30 BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if
31 I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values
32 of I<a> and I<b>.
3333
34 BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
35 the condition is true, 0 otherwise.
34 BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and
35 BN_is_odd() return 1 if the condition is true, 0 otherwise.
36
37 =head1 HISTORY
38
39 Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(),
40 BN_abs_is_word() and BN_is_odd() were macros.
3641
3742 =head1 COPYRIGHT
3843
39 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
44 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
4045
4146 Licensed under the Apache License 2.0 (the "License"). You may not use
4247 this file except in compliance with the License. You can obtain a copy
+6
-7
doc/man3/ERR_GET_LIB.pod less more
1717 =head1 DESCRIPTION
1818
1919 The error code returned by ERR_get_error() consists of a library
20 number, function code and reason code. ERR_GET_LIB()
20 number and reason code. ERR_GET_LIB()
2121 and ERR_GET_REASON() can be used to extract these.
2222
2323 ERR_FATAL_ERROR() indicates whether a given error code is a fatal error.
2424
25 The library number and function code describe where the error
25 The library number describes where the error
2626 occurred, the reason code is the information about what went wrong.
2727
28 Each sub-library of OpenSSL has a unique library number; function and
29 reason codes are unique within each sub-library. Note that different
30 libraries may use the same value to signal different functions and
31 reasons.
28 Each sub-library of OpenSSL has a unique library number; the
29 reason code is unique within each sub-library. Note that different
30 libraries may use the same value to signal different reasons.
3231
3332 B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
3433 unique. However, when checking for sub-library specific reason codes,
3837
3938 =head1 RETURN VALUES
4039
41 The library number, function code, reason code, and whether the error
40 The library number, reason code, and whether the error
4241 is fatal, respectively.
4342 Starting with OpenSSL 3.0.0, the function code is always set to zero.
4443
+17
-8
doc/man3/EVP_EncryptInit.pod less more
446446 Return an EVP_CIPHER structure when passed a cipher name, a NID or an
447447 ASN1_OBJECT structure.
448448
449 EVP_get_cipherbyname() will return NULL for algorithms such as "AES-128-SIV",
450 "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only
451 accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve
452 these algorithms from a provider.
453
449454 =item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
450455
451456 Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
737742 =item "cts_mode" (B<OSSL_CIPHER_PARAM_CTS_MODE>) <UTF8 string>
738743
739744 Gets or sets the cipher text stealing mode. For all modes the output size is the
740 same as the input size.
745 same as the input size. The input length must be greater than or equal to the
746 block size. (The block size for AES and CAMELLIA is 16 bytes).
741747
742748 Valid values for the mode are:
743749
746752 =item "CS1"
747753
748754 The NIST variant of cipher text stealing.
749 For message lengths that are multiples of the block size it is equivalent to
750 using a "AES-CBC" cipher otherwise the second last cipher text block is a
751 partial block.
755 For input lengths that are multiples of the block size it is equivalent to
756 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher otherwise the second last
757 cipher text block is a partial block.
752758
753759 =item "CS2"
754760
755 For message lengths that are multiples of the block size it is equivalent to
756 using a "AES-CBC" cipher, otherwise it is the same as "CS3".
761 For input lengths that are multiples of the block size it is equivalent to
762 using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher, otherwise it is the same as
763 "CS3" mode.
757764
758765 =item "CS3"
759766
760767 The Kerberos5 variant of cipher text stealing which always swaps the last
761768 cipher text block with the previous block (which may be a partial or full block
762 depending on the input length).
769 depending on the input length). If the input length is exactly one full block
770 then this is equivalent to using a "AES-XXX-CBC" or "CAMELLIA-XXX-CBC" cipher.
763771
764772 =back
765773
766774 The default is "CS1".
767 This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
775 This is only supported for "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
776 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
768777
769778 =item "tls1multi_interleave" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE>) <unsigned integer>
770779
+1
-1
doc/man3/EVP_PKEY_fromdata.pod less more
160160 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
161161 };
162162 const OSSL_PARAM params[] = {
163 OSSL_PARAM_utf8_string("group", "prime256v1"),
163 OSSL_PARAM_utf8_string("group", "prime256v1", 10),
164164 OSSL_PARAM_BN("priv", priv, sizeof(priv)),
165165 OSSL_PARAM_BN("pub", pub, sizeof(pub)),
166166 OSSL_PARAM_END
+2
-2
doc/man3/EVP_PKEY_get_group_name.pod less more
1414
1515 EVP_PKEY_get_group_name() fills in the group name of the I<pkey> into
1616 I<gname>, up to at most I<gname_sz> bytes including the ending NUL byte
17 and assigns I<*gname_len> the actual size of the name, if I<pkey>'s key type
18 supports it.
17 and assigns I<*gname_len> the actual length of the name not including
18 the NUL byte, if I<pkey>'s key type supports it.
1919 I<gname> as well as I<gname_len> may individually be NULL, and won't be
2020 filled in or assigned in that case.
2121
+12
-9
doc/man3/EVP_PKEY_gettable_params.pod less more
2121 BIGNUM **bn);
2222 int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name,
2323 char *str, size_t max_buf_sz,
24 size_t *out_sz);
24 size_t *out_len);
2525 int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
2626 unsigned char *buf, size_t max_buf_sz,
27 size_t *out_sz);
27 size_t *out_len);
2828
2929 =head1 DESCRIPTION
3030
4646 associated with a name of I<key_name>. If I<*bn> is NULL then the BIGNUM
4747 is allocated by the method.
4848
49 EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value int a buffer
50 I<str> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
51 I<*out_sz> is the returned size of the string if it is not NULL.
49 EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a
50 buffer I<str> of maximum size I<max_buf_sz> associated with a name of
51 I<key_name>. The maximum size must be large enough to accomodate the string
52 value including a terminating NUL byte, or this function will fail.
53 If I<out_len> is not NULL, I<*out_len> is set to the length of the string
54 not including the terminating NUL byte.
5255
53 EVP_PKEY_get_octet_string_param() copy a I<pkey>'s octet string value into a buffer
54 I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
55 I<*out_sz> is the returned size of the buffer if it is not NULL.
56 EVP_PKEY_get_octet_string_param() get a key I<pkey>'s octet string value into a
57 buffer I<buf> of maximum size I<max_buf_sz> associated with a name of I<key_name>.
58 If I<out_len> is not NULL, I<*out_len> is set to the length of the contents.
5659
5760 =head1 NOTES
5861
6669 successfully returned, or 0 if there was an error.
6770 An error may be returned by methods EVP_PKEY_get_utf8_string_param() and
6871 EVP_PKEY_get_octet_string_param() if I<max_buf_sz> is not big enough to hold the
69 value. If I<out_sz> is not NULL, I<*out_sz> will be assigned the required
72 value. If I<out_len> is not NULL, I<*out_len> will be assigned the required
7073 buffer size to hold the value.
7174
7275 =head1 EXAMPLES
+4
-4
doc/man3/OSSL_PARAM.pod less more
305305 #include <openssl/core.h>
306306
307307 const char *foo = "some string";
308 size_t foo_l = strlen(foo) + 1;
308 size_t foo_l = strlen(foo);
309309 const char bar[] = "some other string";
310310 OSSL_PARAM set[] = {
311311 { "foo", OSSL_PARAM_UTF8_STRING_PTR, &foo, foo_l, 0 },
312 { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar), 0 },
312 { "bar", OSSL_PARAM_UTF8_STRING, &bar, sizeof(bar) - 1, 0 },
313313 { NULL, 0, NULL, 0, 0 }
314314 };
315315
337337 for (i = 0; params[i].key != NULL; i++) {
338338 if (strcmp(params[i].key, "foo") == 0) {
339339 *(char **)params[i].data = "foo value";
340 params[i].return_size = 10; /* size of "foo value" */
340 params[i].return_size = 9; /* length of "foo value" string */
341341 } else if (strcmp(params[i].key, "bar") == 0) {
342342 memcpy(params[i].data, "bar value", 10);
343 params[i].return_size = 10; /* size of "bar value" */
343 params[i].return_size = 9; /* length of "bar value" string */
344344 }
345345 /* Ignore stuff we don't know */
346346 }
+4
-2
doc/man3/OSSL_PARAM_BLD.pod less more
9090
9191 OSSL_PARAM_BLD_push_utf8_string() is a function that will create an OSSL_PARAM
9292 object that references the UTF8 string specified by I<buf>.
93 If the length of the string, I<bsize>, is zero then it will be calculated.
93 The length of the string I<bsize> should not include the terminating NUL byte.
94 If it is zero then it will be calculated.
9495 The string that I<buf> points to is stored by reference and must remain in
9596 scope until after OSSL_PARAM_BLD_to_param() has been called.
9697
101102
102103 OSSL_PARAM_BLD_push_utf8_ptr() is a function that will create an OSSL_PARAM
103104 object that references the UTF8 string specified by I<buf>.
104 If the length of the string, I<bsize>, is zero then it will be calculated.
105 The length of the string I<bsize> should not include the terminating NUL byte.
106 If it is zero then it will be calculated.
105107 The string I<buf> points to is stored by reference and must remain in
106108 scope until the OSSL_PARAM array is freed.
107109
+10
-4
doc/man3/OSSL_PARAM_int.pod less more
199199 string B<OSSL_PARAM> structure.
200200 A parameter with name I<key>, storage I<buf> and size I<bsize> is created.
201201
202 OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF string
202 OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF8 string
203203 pointer B<OSSL_PARAM> structure.
204204 A parameter with name I<key>, storage pointer I<*buf> and size I<bsize>
205205 is created.
242242 The string is stored into I<*val> with a size limit of I<max_len>,
243243 which must be large enough to accomodate a terminating NUL byte,
244244 otherwise this function will fail.
245 If I<*val> is NULL, memory is allocated for the string and I<max_len>
246 is ignored.
245 If I<*val> is NULL, memory is allocated for the string (including the
246 terminating NUL byte) and I<max_len> is ignored.
247247 If memory is allocated by this function, it must be freed by the caller.
248248
249249 OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to
250250 by I<p> to the value referenced by I<val>.
251 If the parameter's I<data> field isn't NULL, its I<data_size> must indicate
252 that the buffer is large enough to accomodate the string that I<val> points at,
253 not including the terminating NUL byte, or this function will fail.
254 A terminating NUL byte is added only if the parameter's I<data_size> indicates
255 the buffer is longer than the string length, otherwise the string will not be
256 NUL terminated.
251257 If the parameter's I<data> field is NULL, then only its I<return_size> field
252258 will be assigned the minimum size the parameter's I<data> buffer should have
253 to accomodate the string, including a terminating NUL byte.
259 to accomodate the string, not including a terminating NUL byte.
254260
255261 OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter
256262 pointed to by I<p>.
+1
-1
doc/man3/OSSL_STORE_INFO.pod less more
107107 create a B<OSSL_STORE_INFO> object to hold the given input object.
108108 On success the input object is consumed.
109109
110 Additionally, for B<OSSL_STORE_INFO_NAME>` objects,
110 Additionally, for B<OSSL_STORE_INFO_NAME> objects,
111111 OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra
112112 description.
113113 This description is meant to be human readable and should be used for
+4
-4
doc/man3/OSSL_STORE_LOADER.pod less more
4444 int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader,
4545 const char *scheme);
4646 void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx,
47 void (*fn)(OSSL_STORE_LOADER *loader,
47 void (*user_fn)(OSSL_STORE_LOADER *loader,
4848 void *arg),
49 void *arg);
49 void *user_arg);
5050 int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader,
5151 void (*fn)(const char *name, void *data),
5252 void *data);
141141
142142 OSSL_STORE_LOADER_do_all_provided() traverses all store implementations
143143 by all activated providers in the library context I<libctx>, and for each
144 of the implementations, calls I<fn> with the implementation method and
145 I<data> as arguments.
144 of the implementations, calls I<user_fn> with the implementation method and
145 I<user_arg> as arguments.
146146
147147 OSSL_STORE_LOADER_names_do_all() traverses all names for the given
148148 I<loader>, and calls I<fn> with each name and I<data>.
+163
-146
doc/man3/SSL_CTX_set_options.pod less more
6161
6262 =over 4
6363
64 =item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
65
66 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
67 OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
68
69 =item SSL_OP_DISABLE_TLSEXT_CA_NAMES
70
71 Disable TLS Extension CA Names. You may want to disable it for security reasons
72 or for compatibility with some Windows TLS implementations crashing when this
73 extension is larger than 1024 bytes.
64 =item SSL_OP_CRYPTOPRO_TLSEXT_BUG
65
66 Add server-hello extension from the early version of cryptopro draft
67 when GOST ciphersuite is negotiated. Required for interoperability with CryptoPro
68 CSP 3.x.
7469
7570 =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
7671
7974 broken SSL implementations. This option has no effect for connections
8075 using other ciphers.
8176
77 =item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
78
79 Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
80 OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
81
8282 =item SSL_OP_TLSEXT_PADDING
8383
8484 Adds a padding extension to ensure the ClientHello size is never between
9999
100100 =over 4
101101
102 =item SSL_OP_TLS_ROLLBACK_BUG
103
104 Disable version rollback attack detection.
105
106 During the client key exchange, the client must send the same information
107 about acceptable SSL/TLS protocol levels as during the first hello. Some
108 clients violate this rule by adapting to the server's answer. (Example:
109 the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
110 only understands up to SSLv3. In this case the client must still use the
111 same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
112 to the server's answer and violate the version rollback protection.)
102 =item SSL_OP_ALLOW_CLIENT_RENEGOTIATION
103
104 Client-initiated renegotiation is disabled by default. Use
105 this option to enable it.
106
107 =item SSL_OP_ALLOW_NO_DHE_KEX
108
109 In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
110 that there will be no forward secrecy for the resumed session.
111
112 =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
113
114 Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
115 servers. See the B<SECURE RENEGOTIATION> section for more details.
113116
114117 =item SSL_OP_CIPHER_SERVER_PREFERENCE
115118
117120 preferences. When not set, the SSL server will always follow the clients
118121 preferences. When set, the SSL/TLS server will choose following its
119122 own preferences.
123
124 =item SSL_OP_CISCO_ANYCONNECT
125
126 Use Cisco's version identifier of DTLS_BAD_VER when establishing a DTLSv1
127 connection. Only available when using the deprecated DTLSv1_client_method() API.
128
129 =item SSL_OP_CLEANSE_PLAINTEXT
130
131 By default TLS connections keep a copy of received plaintext
132 application data in a static buffer until it is overwritten by the
133 next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT
134 deciphered application data is cleansed by calling OPENSSL_cleanse(3)
135 after passing data to the application. Data is also cleansed when
136 releasing the connection (e.g. L<SSL_free(3)>).
137
138 Since OpenSSL only cleanses internal buffers, the application is still
139 responsible for cleansing all other buffers. Most notably, this
140 applies to buffers passed to functions like L<SSL_read(3)>,
141 L<SSL_peek(3)> but also like L<SSL_write(3)>.
142
143 =item SSL_OP_COOKIE_EXCHANGE
144
145 Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects
146 DTLS connections.
147
148 =item SSL_OP_DISABLE_TLSEXT_CA_NAMES
149
150 Disable TLS Extension CA Names. You may want to disable it for security reasons
151 or for compatibility with some Windows TLS implementations crashing when this
152 extension is larger than 1024 bytes.
153
154 =item SSL_OP_ENABLE_KTLS
155
156 Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must
157 have been compiled with support for it, and it must be supported by the
158 negotiated ciphersuites and extensions. The specific ciphersuites and extensions
159 that are supported may vary by platform and kernel version.
160
161 The kernel TLS data-path implements the record layer, and the encryption
162 algorithm. The kernel will utilize the best hardware
163 available for encryption. Using the kernel data-path should reduce the memory
164 footprint of OpenSSL because no buffering is required. Also, the throughput
165 should improve because data copy is avoided when user data is encrypted into
166 kernel memory instead of the usual encrypt then copy to kernel.
167
168 Kernel TLS might not support all the features of OpenSSL. For instance,
169 renegotiation, and setting the maximum fragment size is not possible as of
170 Linux 4.20.
171
172 Note that with kernel TLS enabled some cryptographic operations are performed
173 by the kernel directly and not via any available OpenSSL Providers. This might
174 be undesirable if, for example, the application requires all cryptographic
175 operations to be performed by the FIPS provider.
176
177 =item SSL_OP_ENABLE_MIDDLEBOX_COMPAT
178
179 If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This
180 has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that
181 do not understand TLSv1.3 will not drop the connection. Regardless of whether
182 this option is set or not CCS messages received from the peer will always be
183 ignored in TLSv1.3. This option is set by default. To switch it off use
184 SSL_clear_options(). A future version of OpenSSL may not set this by default.
185
186 =item SSL_OP_IGNORE_UNEXPECTED_EOF
187
188 Some TLS implementations do not send the mandatory close_notify alert on
189 shutdown. If the application tries to wait for the close_notify alert but the
190 peer closes the connection without sending it, an error is generated. When this
191 option is enabled the peer does not need to send the close_notify alert and a
192 closed connection will be treated as if the close_notify alert was received.
193
194 You should only enable this option if the protocol running over TLS
195 can detect a truncation attack itself, and that the application is checking for
196 that truncation attack.
197
198 For more information on shutting down a connection, see L<SSL_shutdown(3)>.
199
200 =item SSL_OP_LEGACY_SERVER_CONNECT
201
202 Allow legacy insecure renegotiation between OpenSSL and unpatched servers
203 B<only>. See the B<SECURE RENEGOTIATION> section for more details.
204
205 =item SSL_OP_NO_ANTI_REPLAY
206
207 By default, when a server is configured for early data (i.e., max_early_data > 0),
208 OpenSSL will switch on replay protection. See L<SSL_read_early_data(3)> for a
209 description of the replay protection feature. Anti-replay measures are required
210 to comply with the TLSv1.3 specification. Some applications may be able to
211 mitigate the replay risks in other ways and in such cases the built in OpenSSL
212 functionality is not required. Those applications can turn this feature off by
213 setting this option. This is a server-side opton only. It is ignored by
214 clients.
215
216 =item SSL_OP_NO_COMPRESSION
217
218 Do not use compression even if it is supported. This option is set by default.
219 To switch it off use SSL_clear_options().
220
221 =item SSL_OP_NO_ENCRYPT_THEN_MAC
222
223 Normally clients and servers will transparently attempt to negotiate the
224 RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
225
226 If this option is set, Encrypt-then-MAC is disabled. Clients will not
227 propose, and servers will not accept the extension.
228
229 =item SSL_OP_NO_EXTENDED_MASTER_SECRET
230
231 Normally clients and servers will transparently attempt to negotiate the
232 RFC7627 Extended Master Secret option on TLS and DTLS connection.
233
234 If this option is set, Extended Master Secret is disabled. Clients will
235 not propose, and servers will not accept the extension.
236
237 =item SSL_OP_NO_QUERY_MTU
238
239 Do not query the MTU. Only affects DTLS connections.
240
241 =item SSL_OP_NO_RENEGOTIATION
242
243 Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
244 messages, and ignore renegotiation requests via ClientHello.
245
246 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
247
248 When performing renegotiation as a server, always start a new session
249 (i.e., session resumption requests are only accepted in the initial
250 handshake). This option is not needed for clients.
120251
121252 =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
122253 SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
127258 As of OpenSSL 1.1.0, these options are deprecated, use
128259 L<SSL_CTX_set_min_proto_version(3)> and
129260 L<SSL_CTX_set_max_proto_version(3)> instead.
130
131 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
132
133 When performing renegotiation as a server, always start a new session
134 (i.e., session resumption requests are only accepted in the initial
135 handshake). This option is not needed for clients.
136
137 =item SSL_OP_NO_COMPRESSION
138
139 Do not use compression even if it is supported.
140
141 =item SSL_OP_NO_QUERY_MTU
142
143 Do not query the MTU. Only affects DTLS connections.
144
145 =item SSL_OP_COOKIE_EXCHANGE
146
147 Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects
148 DTLS connections.
149261
150262 =item SSL_OP_NO_TICKET
151263
183295 being sent by calling L<SSL_CTX_set_num_tickets(3)> or
184296 L<SSL_set_num_tickets(3)>.
185297
186 =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
187
188 Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
189 servers. See the B<SECURE RENEGOTIATION> section for more details.
190
191 =item SSL_OP_LEGACY_SERVER_CONNECT
192
193 Allow legacy insecure renegotiation between OpenSSL and unpatched servers
194 B<only>. See the B<SECURE RENEGOTIATION> section for more details.
195
196 =item SSL_OP_NO_ENCRYPT_THEN_MAC
197
198 Normally clients and servers will transparently attempt to negotiate the
199 RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
200
201 If this option is set, Encrypt-then-MAC is disabled. Clients will not
202 propose, and servers will not accept the extension.
203
204 =item SSL_OP_NO_EXTENDED_MASTER_SECRET
205
206 Normally clients and servers will transparently attempt to negotiate the
207 RFC7627 Extended Master Secret option on TLS and DTLS connection.
208
209 If this option is set, Extended Master Secret is disabled. Clients will
210 not propose, and servers will not accept the extension.
211
212 =item SSL_OP_NO_RENEGOTIATION
213
214 Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
215 messages, and ignore renegotiation requests via ClientHello.
216
217 =item SSL_OP_IGNORE_UNEXPECTED_EOF
218
219 Some TLS implementations do not send the mandatory close_notify alert on
220 shutdown. If the application tries to wait for the close_notify alert but the
221 peer closes the connection without sending it, an error is generated. When this
222 option is enabled the peer does not need to send the close_notify alert and a
223 closed connection will be treated as if the close_notify alert was received.
224
225 You should only enable this option if the protocol running over TLS
226 can detect a truncation attack itself, and that the application is checking for
227 that truncation attack.
228
229 For more information on shutting down a connection, see L<SSL_shutdown(3)>.
230
231 =item SSL_OP_ALLOW_NO_DHE_KEX
232
233 In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
234 that there will be no forward secrecy for the resumed session.
235
236298 =item SSL_OP_PRIORITIZE_CHACHA
237299
238300 When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize
242304 in the server cipher list; but still allows other clients to use AES and other
243305 ciphers. Requires B<SSL_OP_CIPHER_SERVER_PREFERENCE>.
244306
245 =item SSL_OP_ENABLE_MIDDLEBOX_COMPAT
246
247 If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This
248 has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that
249 do not understand TLSv1.3 will not drop the connection. Regardless of whether
250 this option is set or not CCS messages received from the peer will always be
251 ignored in TLSv1.3. This option is set by default. To switch it off use
252 SSL_clear_options(). A future version of OpenSSL may not set this by default.
253
254 =item SSL_OP_NO_ANTI_REPLAY
255
256 By default, when a server is configured for early data (i.e., max_early_data > 0),
257 OpenSSL will switch on replay protection. See L<SSL_read_early_data(3)> for a
258 description of the replay protection feature. Anti-replay measures are required
259 to comply with the TLSv1.3 specification. Some applications may be able to
260 mitigate the replay risks in other ways and in such cases the built in OpenSSL
261 functionality is not required. Those applications can turn this feature off by
262 setting this option. This is a server-side opton only. It is ignored by
263 clients.
264
265 =item SSL_OP_CLEANSE_PLAINTEXT
266
267 By default TLS connections keep a copy of received plaintext
268 application data in a static buffer until it is overwritten by the
269 next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT
270 deciphered application data is cleansed by calling OPENSSL_cleanse(3)
271 after passing data to the application. Data is also cleansed when
272 releasing the connection (e.g. L<SSL_free(3)>).
273
274 Since OpenSSL only cleanses internal buffers, the application is still
275 responsible for cleansing all other buffers. Most notably, this
276 applies to buffers passed to functions like L<SSL_read(3)>,
277 L<SSL_peek(3)> but also like L<SSL_write(3)>.
278
279 =item SSL_OP_ENABLE_KTLS
280
281 Enable the use of kernel TLS. In order to benefit from kernel TLS OpenSSL must
282 have been compiled with support for it, and it must be supported by the
283 negotiated ciphersuites and extensions. The specific ciphersuites and extensions
284 that are supported may vary by platform and kernel version.
285
286 The kernel TLS data-path implements the record layer, and the encryption
287 algorithm. The kernel will utilize the best hardware
288 available for encryption. Using the kernel data-path should reduce the memory
289 footprint of OpenSSL because no buffering is required. Also, the throughput
290 should improve because data copy is avoided when user data is encrypted into
291 kernel memory instead of the usual encrypt then copy to kernel.
292
293 Kernel TLS might not support all the features of OpenSSL. For instance,
294 renegotiation, and setting the maximum fragment size is not possible as of
295 Linux 4.20.
296
297 Note that with kernel TLS enabled some cryptographic operations are performed
298 by the kernel directly and not via any available OpenSSL Providers. This might
299 be undesirable if, for example, the application requires all cryptographic
300 operations to be performed by the FIPS provider.
307 =item SSL_OP_TLS_ROLLBACK_BUG
308
309 Disable version rollback attack detection.
310
311 During the client key exchange, the client must send the same information
312 about acceptable SSL/TLS protocol levels as during the first hello. Some
313 clients violate this rule by adapting to the server's answer. (Example:
314 the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
315 only understands up to SSLv3. In this case the client must still use the
316 same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
317 to the server's answer and violate the version rollback protection.)
301318
302319 =back
303320
+4
-4
doc/man3/SSL_state_string.pod less more
1212
1313 =head1 DESCRIPTION
1414
15 SSL_state_string() returns a 6 letter string indicating the current state
16 of the SSL object B<ssl>.
15 SSL_state_string() returns an abbreviated string indicating the current state
16 of the SSL object B<ssl>. The returned NUL-terminated string contains 6 or fewer characters.
1717
18 SSL_state_string_long() returns a string indicating the current state of
18 SSL_state_string_long() returns a descriptive string indicating the current state of
1919 the SSL object B<ssl>.
2020
2121 =head1 NOTES
4343
4444 =head1 COPYRIGHT
4545
46 Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
46 Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
4747
4848 Licensed under the Apache License 2.0 (the "License"). You may not use
4949 this file except in compliance with the License. You can obtain a copy
+0
-1
doc/man3/TS_RESP_CTX_new.pod less more
33
44 TS_RESP_CTX_new_ex, TS_RESP_CTX_new,
55 TS_RESP_CTX_free - Timestamp response context object creation
6
76
87 =head1 SYNOPSIS
98
+3
-6
doc/man3/X509_STORE_CTX_get_error.pod less more
141141
142142 =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
143143
144 The signature of the certificate is invalid.
144 The signature of the CRL is invalid.
145145
146146 =item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
147147
249249 The current candidate issuer certificate was rejected because its subject key
250250 identifier was present and did not match the authority key identifier current
251251 certificate.
252 Not used as of OpenSSL 1.1.0.
253252
254253 =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
255254 authority and issuer serial number mismatch>
257256 The current candidate issuer certificate was rejected because its issuer name
258257 and serial number was present and did not match the authority key identifier of
259258 the current certificate.
260 Not used as of OpenSSL 1.1.0.
261259
262260 =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
263261 key usage does not include certificate signing>
264262
265263 The current candidate issuer certificate was rejected because its C<keyUsage>
266264 extension does not permit certificate signing.
267 Not used as of OpenSSL 1.1.0.
268265
269266 =item B<X509_V_ERR_INVALID_EXTENSION:
270267 invalid or inconsistent certificate extension>
434431 Returned by the verify callback to indicate that the certificate is not
435432 recognized by the OCSP responder.
436433
437 =item B<509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key>
434 =item B<X509_V_ERR_NO_ISSUER_PUBLIC_KEY: issuer certificate doesn't have a public key>
438435
439436 The issuer certificate does not have a public key.
440437
441 =item B<X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algorithm mismatch>
438 =item B<X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: subject signature algorithm and issuer public key algorithm mismatch>
442439
443440 The issuer's public key is not of the type required by the signature in
444441 the subject's certificate.
+1
-1
doc/man3/X509_digest.pod less more
6666
6767 =head1 RETURN VALUES
6868
69 X509_digest_sig() returns an ASN1_OCTET_STRING on success, else NULL.
69 X509_digest_sig() returns an ASN1_OCTET_STRING pointer on success, else NULL.
7070
7171 All other functions described here return 1 for success and 0 for failure.
7272
+17
-4
doc/man5/config.pod less more
168168 OpenSSL also looks up the value of B<config_diagnostics>.
169169 If this exists and has a nonzero numeric value, any error suppressing flags
170170 passed to CONF_modules_load() will be ignored.
171 This is useful for diagnosing misconfigurations and should not be used in
172 production.
173
174 # This must be in the default section
171 This is useful for diagnosing misconfigurations but its use in
172 production requires additional consideration. With this option enabled,
173 a configuration error will completely prevent access to a service.
174 Without this option and in the presence of a configuration error, access
175 will be allowed but the desired configuration will B<not> be used.
176
177 # These must be in the default section
178 config_diagnostics = 1
175179 openssl_conf = openssl_init
176180
177181 [openssl_init]
267271
268272 All parameters in the section as well as sub-sections are made
269273 available to the provider.
274
275 =head3 Default provider and its activation
276
277 If no providers are activated explicitly, the default one is activated implicitly.
278 See L<OSSL_PROVIDER-default(7)> for more details.
279
280 If you add a section explicitly activating any other provider(s),
281 you most probably need to explicitly activate the default provider,
282 otherwise it becomes unavailable in openssl. It may make the system remotely unavailable.
270283
271284 =head2 EVP Configuration
272285
+7
-0
doc/man5/fips_config.pod less more
9494 install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
9595 install-status = INSTALL_SELF_TEST_KATS_RUN
9696
97 =head1 NOTES
98
99 When using the FIPS provider, it is recommended that the
100 B<config_diagnostics> option is enabled to prevent accidental use of
101 non-FIPS validated algorithms via broken or mistaken configuration.
102 See L<config(5)>.
103
97104 =head1 SEE ALSO
98105
99106 L<config(5)>
+2
-0
doc/man7/EVP_CIPHER-CAMELLIA.pod less more
1414 =over 4
1515
1616 =item "CAMELLIA-128-CBC", "CAMELLIA-192-CBC" and "CAMELLIA-256-CBC"
17
18 =item "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS"
1719
1820 =item "CAMELLIA-128-CFB", "CAMELLIA-192-CFB", "CAMELLIA-256-CFB",
1921 "CAMELLIA-128-CFB1", "CAMELLIA-192-CFB1", "CAMELLIA-256-CFB1",
+5
-4
doc/man7/EVP_KDF-HKDF.pod less more
4848
4949 =over 4
5050
51 =item B<EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND> "EXTRACT_AND_EXPAND"
51 =item "EXTRACT_AND_EXPAND" or B<EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND>
5252
5353 This is the default mode. Calling L<EVP_KDF_derive(3)> on an EVP_KDF_CTX set
5454 up for HKDF will perform an extract followed by an expand operation in one go.
5858 In this mode the digest, key, salt and info values must be set before a key is
5959 derived otherwise an error will occur.
6060
61 =item B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY> "EXTRACT_ONLY"
61 =item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
6262
6363 In this mode calling L<EVP_KDF_derive(3)> will just perform the extract
6464 operation. The value returned will be the intermediate fixed-length pseudorandom
6868 The digest, key and salt values must be set before a key is derived otherwise
6969 an error will occur.
7070
71 =item B<EVP_KDF_HKDF_MODE_EXPAND_ONLY> "EXPAND_ONLY"
71 =item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY>
7272
7373 In this mode calling L<EVP_KDF_derive(3)> will just perform the expand
7474 operation. The input key should be set to the intermediate fixed-length
136136 L<EVP_KDF_CTX_get_kdf_size(3)>,
137137 L<EVP_KDF_CTX_set_params(3)>,
138138 L<EVP_KDF_derive(3)>,
139 L<EVP_KDF(3)/PARAMETERS>
139 L<EVP_KDF(3)/PARAMETERS>,
140 L<EVP_KDF-TLS13_KDF(7)>
140141
141142 =head1 COPYRIGHT
142143
+128
-0
doc/man7/EVP_KDF-TLS13_KDF.pod less more
0 =pod
1
2 =head1 NAME
3
4 EVP_KDF-TLS13_KDF - The TLS 1.3 EVP_KDF implementation
5
6 =head1 DESCRIPTION
7
8 Support for computing the TLS 1.3 version of the B<HKDF> KDF through
9 the B<EVP_KDF> API.
10
11 The EVP_KDF-TLS13_KDF algorithm implements the HKDF key derivation function
12 as used by TLS 1.3.
13
14 =head2 Identity
15
16 "TLS13-KDF" is the name for this implementation; it
17 can be used with the EVP_KDF_fetch() function.
18
19 =head2 Supported parameters
20
21 The supported parameters are:
22
23 =over 4
24
25 =item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
26
27 =item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
28
29 =item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
30
31 =item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string>
32
33 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
34
35 =item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string>
36
37 This parameter sets the label prefix on the specified TLS 1.3 KDF context.
38 For TLS 1.3 this should be set to the ASCII string "tls13 " without a
39 trailing zero byte. Refer to RFC 8446 section 7.1 "Key Schedule" for details.
40
41 =item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string>
42
43 This parameter sets the label on the specified TLS 1.3 KDF context.
44 Refer to RFC 8446 section 7.1 "Key Schedule" for details.
45
46 =item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string>
47
48 This parameter sets the context data on the specified TLS 1.3 KDF context.
49 Refer to RFC 8446 section 7.1 "Key Schedule" for details.
50
51 =item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string> or <integer>
52
53 This parameter sets the mode for the TLS 1.3 KDF operation.
54 There are two modes that are currently defined:
55
56 =over 4
57
58 =item "EXTRACT_ONLY" or B<EVP_KDF_HKDF_MODE_EXTRACT_ONLY>
59
60 In this mode calling L<EVP_KDF_derive(3)> will just perform the extract
61 operation. The value returned will be the intermediate fixed-length pseudorandom
62 key K. The I<keylen> parameter must match the size of K, which can be looked
63 up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest.
64
65 The digest, key and salt values must be set before a key is derived otherwise
66 an error will occur.
67
68 =item "EXPAND_ONLY" or B<EVP_KDF_HKDF_MODE_EXPAND_ONLY>
69
70 In this mode calling L<EVP_KDF_derive(3)> will just perform the expand
71 operation. The input key should be set to the intermediate fixed-length
72 pseudorandom key K returned from a previous extract operation.
73
74 The digest, key and info values must be set before a key is derived otherwise
75 an error will occur.
76
77 =back
78
79 =back
80
81 =head1 NOTES
82
83 This KDF is intended for use by the TLS 1.3 implementation in libssl.
84 It does not support all the options and capabilities that HKDF does.
85
86 The I<OSSL_PARAM> array passed to L<EVP_KDF_derive(3)> or
87 L<EVP_KDF_CTX_set_params(3)> must specify all of the parameters required.
88 This KDF does not support a piecemeal approach to providing these.
89
90 A context for a TLS 1.3 KDF can be obtained by calling:
91
92 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13-KDF", NULL);
93 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
94
95 The output length of a TLS 1.3 KDF expand operation is specified via the
96 I<keylen> parameter to the L<EVP_KDF_derive(3)> function. When using
97 EVP_KDF_HKDF_MODE_EXTRACT_ONLY the I<keylen> parameter must equal the size of
98 the intermediate fixed-length pseudorandom key otherwise an error will occur.
99 For that mode, the fixed output size can be looked up by calling
100 EVP_KDF_CTX_get_kdf_size() after setting the mode and digest on the
101 B<EVP_KDF_CTX>.
102
103 =head1 CONFORMING TO
104
105 RFC 8446
106
107 =head1 SEE ALSO
108
109 L<EVP_KDF(3)>,
110 L<EVP_KDF_CTX_new(3)>,
111 L<EVP_KDF_CTX_free(3)>,
112 L<EVP_KDF_CTX_get_kdf_size(3)>,
113 L<EVP_KDF_CTX_set_params(3)>,
114 L<EVP_KDF_derive(3)>,
115 L<EVP_KDF(3)/PARAMETERS>,
116 L<EVP_KDF-HKDF(7)>
117
118 =head1 COPYRIGHT
119
120 Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
121
122 Licensed under the Apache License 2.0 (the "License"). You may not use
123 this file except in compliance with the License. You can obtain a copy
124 in the file LICENSE in the source distribution or at
125 L<https://www.openssl.org/source/license.html>.
126
127 =cut
+2
-2
doc/man7/EVP_KDF-X942-CONCAT.pod less more
1616
1717 This is an alias for "X963KDF".
1818
19 See <EVP_KDF-X963(7)> for a list of supported parameters and examples.
19 See L<EVP_KDF-X963(7)> for a list of supported parameters and examples.
2020
2121 =head1 HISTORY
2222
2424
2525 =head1 COPYRIGHT
2626
27 Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
27 Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
2828
2929 Licensed under the Apache License 2.0 (the "License"). You may not use
3030 this file except in compliance with the License. You can obtain a copy
+0
-2
doc/man7/EVP_PKEY-X25519.pod less more
1212 support the associated key, containing the public key I<pub> and the
1313 private key I<priv>.
1414
15 In the FIPS provider they are non-approved algorithms and do not have the
16 "fips=yes" property set.
1715 No additional parameters can be set during key generation.
1816
1917
+16
-6
doc/man7/OSSL_PROVIDER-FIPS.pod less more
8585
8686 =item HKDF, see L<EVP_KDF-HKDF(7)>
8787
88 =item TLS13-KDF, see L<EVP_KDF-TLS13_KDF(7)>
89
8890 =item SSKDF, see L<EVP_KDF-SSKDF(7)>
8991
9092 =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
9193
9294 =item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
9395
94 =item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)>
96 =item TLS1-PRF, see L<EVP_KDF-TLS1_PRF(7)>
9597
9698 =item KBKDF, see L<EVP_KDF-KBKDF(7)>
9799
113115
114116 =item X25519, see L<EVP_KEYEXCH-X25519(7)>
115117
116 This has the property "provider=fips,fips=no"
117
118118 =item X448, see L<EVP_KEYEXCH-X448(7)>
119119
120 This has the property "provider=fips,fips=no"
121
122120 =back
123121
124122 =head2 Asymmetric Signature
128126 =item DSA, see L<EVP_KEYEXCH-DSA(7)>
129127
130128 =item RSA, see L<EVP_SIGNATURE-RSA(7)>
129
130 =item X25519, see L<EVP_SIGNATURE-ED25519(7)>
131
132 =item X448, see L<EVP_SIGNATURE-ED448(7)>
131133
132134 =item HMAC, see L<EVP_SIGNATURE-HMAC(7)>
133135
211213
212214 Known answer test for a signature.
213215
216 =item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>)
217
218 Pairwise Consistency check for a signature.
219
214220 =item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>)
215221
216222 Known answer test for a key derivation function.
223229
224230 Known answer test for a Deterministic Random Bit Generator.
225231
226 =item "Pairwise_Consistency_Test" (B<OSSL_SELF_TEST_TYPE_PCT>)
232 =item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>)
227233
228234 Conditional test that is run during the generation of key pairs.
229235
297303 Key agreement tests used with the "KAT_KA" type.
298304
299305 =item "HKDF" (B<OSSL_SELF_TEST_DESC_KDF_HKDF>)
306
307 =item "TLS13_KDF_EXTRACT" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT>)
308
309 =item "TLS13_KDF_EXPAND" (B<OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND>)
300310
301311 =item "SSKDF" (B<OSSL_SELF_TEST_DESC_KDF_SSKDF>)
302312
+1
-13
doc/man7/OSSL_PROVIDER-default.pod less more
8080
8181 =item CAMELLIA, see L<EVP_CIPHER-CAMELLIA(7)>
8282
83 =item DES, see L<EVP_CIPHER-DES(7)>
84
85 =item BF, see L<EVP_CIPHER-BLOWFISH(7)>
86
87 =item IDEA, see L<EVP_CIPHER-IDEA(7)>
88
89 =item CAST5, see L<EVP_CIPHER-CAST(7)>
83 =item 3DES, see L<EVP_CIPHER-DES(7)>
9084
9185 =item SEED, see L<EVP_CIPHER-SEED(7)>
9286
9387 =item SM4, see L<EVP_CIPHER-SM4(7)>
94
95 =item RC2, see L<EVP_CIPHER-RC2(7)>
96
97 =item RC4, see L<EVP_CIPHER-RC4(7)>
98
99 =item RC5, see L<EVP_CIPHER-RC5(7)>
10088
10189 =item ChaCha20, see L<EVP_CIPHER-CHACHA(7)>
10290
+13
-7
doc/man7/fips_module.pod less more
2121
2222 =over 4
2323
24 =item -
24 =item *
2525
2626 Low level cryptographic APIs (use the high level APIs, such as EVP, instead)
2727
28 =item -
28 =item *
2929
3030 Engines
3131
32 =item -
32 =item *
3333
3434 Any functions that create or modify custom "METHODS" (for example
3535 EVP_MD_meth_new(), EVP_CIPHER_meth_new(), EVP_PKEY_meth_new(), RSA_meth_new(),
7272
7373 Edit the config file to add the following lines near the beginning:
7474
75 config_diagnostics = 1
7576 openssl_conf = openssl_init
7677
7778 .include /usr/local/ssl/fipsmodule.cnf
8990 Obviously the include file location above should match the path and name of the
9091 FIPS module config file that you installed earlier.
9192 See L<https://github.com/openssl/openssl/blob/master/README-FIPS.md>.
93
94 For FIPS usage, it is recommened that the B<config_diagnostics> option is
95 enabled to prevent accidental use of non-FIPS validated algorithms via broken
96 or mistaken configuration. See L<config(5)>.
9297
9398 Any applications that use OpenSSL 3.0 and are started after these changes are
9499 made will start using only the FIPS module unless those applications take
104109
105110 =over 4
106111
107 =item -
112 =item *
108113
109114 You may not want all applications to use the FIPS module.
110115
111116 It may be the case that some applications should and some should not use the
112117 FIPS module.
113118
114 =item -
119 =item *
115120
116121 If applications take explicit steps to not load the default config file or
117122 set different settings.
118123
119124 This method will not work for these cases.
120125
121 =item -
126 =item *
122127
123128 The algorithms available in the FIPS module are a subset of the algorithms
124129 that are available in the default OpenSSL Provider.
126131 If any applications attempt to use any algorithms that are not present,
127132 then they will fail.
128133
129 =item -
134 =item *
130135
131136 Usage of certain deprecated APIs avoids the use of the FIPS module.
132137
272277 does not load the "base" provider. All supporting algorithms that are in "base"
273278 are also in "default", so it is unnecessary in this case:
274279
280 config_diagnostics = 1
275281 openssl_conf = openssl_init
276282
277283 .include /usr/local/ssl/fipsmodule.cnf
+288
-247
doc/man7/migration_guide.pod less more
183183
184184 =over 4
185185
186 =item -
186 =item *
187187
188188 KDF algorithms "SINGLE STEP" and "SSH"
189189
190190 See L<EVP_KDF-SS(7)> and L<EVP_KDF-SSHKDF(7)>
191191
192 =item -
192 =item *
193193
194194 MAC Algorithms "GMAC" and "KMAC"
195195
196196 See L<EVP_MAC-GMAC(7)> and L<EVP_MAC-KMAC(7)>.
197197
198 =item -
198 =item *
199199
200200 KEM Algorithm "RSASVE"
201201
202202 See L<EVP_KEM-RSA(7)>.
203203
204 =item -
204 =item *
205205
206206 Cipher Algorithm "AES-SIV"
207207
208208 See L<EVP_EncryptInit(3)/SIV Mode>.
209209
210 =item -
210 =item *
211211
212212 AES Key Wrap inverse ciphers supported by EVP layer.
213213
216216 "AES-256-WRAP-INV", "AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and
217217 "AES-256-WRAP-PAD-INV".
218218
219 =item AES CTS cipher added to EVP layer.
220
221 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS".
219 =item *
220
221 CTS ciphers added to EVP layer.
222
223 The algorithms are "AES-128-CBC-CTS", "AES-192-CBC-CTS", "AES-256-CBC-CTS",
224 "CAMELLIA-128-CBC-CTS", "CAMELLIA-192-CBC-CTS" and "CAMELLIA-256-CBC-CTS".
222225 CS1, CS2 and CS3 variants are supported.
223226
224227 =back
227230
228231 =over 4
229232
230 =item -
233 =item *
231234
232235 Added CAdES-BES signature verification support.
233236
234 =item -
237 =item *
235238
236239 Added CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
237240
238 =item -
241 =item *
239242
240243 Added AuthEnvelopedData content type structure (RFC 5083) using AES_GCM
241244
243246 Its purpose is to support encryption and decryption of a digital envelope that
244247 is both authenticated and encrypted using AES GCM mode.
245248
246 =item -
249 =item *
247250
248251 L<PKCS7_get_octet_string(3)> and L<PKCS7_type_is_other(3)> were made public.
249252
366369 Validation of SM2 keys has been separated from the validation of regular EC
367370 keys, allowing to improve the SM2 validation process to reject loaded private
368371 keys that are not conforming to the SM2 ISO standard.
369 In particular, a private scalar `k` outside the range `1 <= k < n-1` is now
370 correctly rejected.
372 In particular, a private scalar I<k> outside the range I<< 1 <= k < n-1 >> is
373 now correctly rejected.
371374
372375 =head4 EVP_PKEY_set_alias_type() method has been removed
373376
436439 be set B<after> the cipher has been assigned to the cipher context.
437440 See L<EVP_EncryptInit(3)/FLAGS> for more information.
438441
442 =head4 Validation of operation context parameters
443
444 Due to move of the implementation of cryptographic operations to the
445 providers, validation of various operation parameters can be postponed until
446 the actual operation is executed where previously it happened immediately
447 when an operation parameter was set.
448
449 For example when setting an unsupported curve with
450 EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail
451 but later keygen operations with the EVP_PKEY_CTX will fail.
452
453
439454 =head2 Installation and Compilation
440455
441456 Please refer to the INSTALL.md file in the top of the distribution for
452467
453468 =over 4
454469
455 =item 1)
470 =item 1.
456471
457472 Ignore the warnings. They are just warnings. The deprecated functions are still present and you may still use them. However be aware that they may be removed from a future version of OpenSSL.
458473
459 =item 2)
474 =item 2.
460475
461476 Suppress the warnings. Refer to your compiler documentation on how to do this.
462477
463 =item 3)
478 =item 3.
464479
465480 Remove your usage of the low level APIs. In this case you will need to rewrite your code to use the high level APIs instead
466481
467482 =back
483
484 =head3 Error code changes
485
486 As OpenSSL 3.0 provides a brand new Encoder/Decoder mechanism for working with
487 widely used file formats, application code that checks for particular error
488 reason codes on key loading failures might need an update.
489
490 Password-protected keys may deserve special attention. If only some errors
491 are treated as an indicator that the user should be asked about the password again,
492 it's worth testing these scenarios and processing the newly relevant codes.
493
494 There may be more cases to treat specially, depending on the calling application code.
468495
469496 =head2 Upgrading from OpenSSL 1.0.2
470497
474501
475502 =over 4
476503
477 =item 1)
504 =item 1.
478505
479506 The build and installation procedure has changed significantly.
480507
482509 to build and install OpenSSL for your platform. Also read the various NOTES
483510 files in the same directory, as applicable for your platform.
484511
485 =item 2)
512 =item 2.
486513
487514 Many structures have been made opaque in OpenSSL 3.0.
488515
500527 /* This line will now generate compiler errors */
501528 EVP_MD_CTX_init(&md_ctx);
502529
503 The code needs to be amended to look like this:
530 The code needs to be amended to look like this:
531
504532 EVP_MD_CTX *md_ctx;
505533
506534 md_ctx = EVP_MD_CTX_new();
508536 ...
509537 EVP_MD_CTX_free(md_ctx);
510538
511 =item 3)
539 =item 3.
512540
513541 Support for TLSv1.3 has been added.
514542
581609
582610 =over 4
583611
584 =item -
612 =item *
585613
586614 L<ASN1_item_new(3)>, L<ASN1_item_d2i(3)>, L<ASN1_item_d2i_fp(3)>,
587615 L<ASN1_item_d2i_bio(3)>, L<ASN1_item_sign(3)> and L<ASN1_item_verify(3)>
588616
589 =item -
617 =item *
590618
591619 L<BIO_new(3)>
592620
593 =item -
621 =item *
594622
595623 b2i_RSA_PVK_bio() and i2b_PVK_bio()
596624
597 =item -
625 =item *
598626
599627 L<BN_CTX_new(3)> and L<BN_CTX_secure_new(3)>
600628
601 =item -
629 =item *
602630
603631 L<CMS_AuthEnvelopedData_create(3)>, L<CMS_ContentInfo_new(3)>, L<CMS_data_create(3)>,
604632 L<CMS_digest_create(3)>, L<CMS_EncryptedData_encrypt(3)>, L<CMS_encrypt(3)>,
605633 L<CMS_EnvelopedData_create(3)>, L<CMS_ReceiptRequest_create0(3)> and L<CMS_sign(3)>
606634
607 =item -
635 =item *
608636
609637 L<CONF_modules_load_file(3)>
610638
611 =item -
639 =item *
612640
613641 L<CTLOG_new(3)>, L<CTLOG_new_from_base64(3)> and L<CTLOG_STORE_new(3)>
614642
615 =item -
643 =item *
616644
617645 L<CT_POLICY_EVAL_CTX_new(3)>
618646
619 =item -
647 =item *
620648
621649 L<d2i_AutoPrivateKey(3)>, L<d2i_PrivateKey(3)> and L<d2i_PUBKEY(3)>
622650
623 =item -
651 =item *
624652
625653 L<d2i_PrivateKey_bio(3)> and L<d2i_PrivateKey_fp(3)>
626654
627655 Use L<d2i_PrivateKey_ex_bio(3)> and L<d2i_PrivateKey_ex_fp(3)>
628656
629 =item -
657 =item *
630658
631659 L<EC_GROUP_new(3)>
632660
633661 Use L<EC_GROUP_new_by_curve_name_ex(3)> or L<EC_GROUP_new_from_params(3)>.
634662
635 =item -
663 =item *
636664
637665 L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>
638666
639 =item -
667 =item *
640668
641669 L<EVP_PBE_CipherInit(3)>, L<EVP_PBE_find(3)> and L<EVP_PBE_scrypt(3)>
642670
643 =item -
671 =item *
644672
645673 L<PKCS5_PBE_keyivgen(3)>
646674
647 =item -
675 =item *
648676
649677 L<EVP_PKCS82PKEY(3)>
650678
651 =item -
679 =item *
652680
653681 L<EVP_PKEY_CTX_new_id(3)>
654682
655683 Use L<EVP_PKEY_CTX_new_from_name(3)>
656684
657 =item -
685 =item *
658686
659687 L<EVP_PKEY_derive_set_peer(3)>, L<EVP_PKEY_new_raw_private_key(3)>
660688 and L<EVP_PKEY_new_raw_public_key(3)>
661689
662 =item -
690 =item *
663691
664692 L<EVP_SignFinal(3)> and L<EVP_VerifyFinal(3)>
665693
666 =item -
694 =item *
667695
668696 L<NCONF_new(3)>
669697
670 =item -
698 =item *
671699
672700 L<OCSP_RESPID_match(3)> and L<OCSP_RESPID_set_by_key(3)>
673701
674 =item -
702 =item *
675703
676704 L<OPENSSL_thread_stop(3)>
677705
678 =item -
706 =item *
679707
680708 L<OSSL_STORE_open(3)>
681709
682 =item -
710 =item *
683711
684712 L<PEM_read_bio_Parameters(3)>, L<PEM_read_bio_PrivateKey(3)>, L<PEM_read_bio_PUBKEY(3)>,
685713 L<PEM_read_PrivateKey(3)> and L<PEM_read_PUBKEY(3)>
686714
687 =item -
715 =item *
688716
689717 L<PEM_write_bio_PrivateKey(3)>, L<PEM_write_bio_PUBKEY(3)>, L<PEM_write_PrivateKey(3)>
690718 and L<PEM_write_PUBKEY(3)>
691719
692 =item -
720 =item *
693721
694722 L<PEM_X509_INFO_read_bio(3)> and L<PEM_X509_INFO_read(3)>
695723
696 =item -
724 =item *
697725
698726 L<PKCS12_add_key(3)>, L<PKCS12_add_safe(3)>, L<PKCS12_add_safes(3)>,
699727 L<PKCS12_create(3)>, L<PKCS12_decrypt_skey(3)>, L<PKCS12_init(3)>, L<PKCS12_item_decrypt_d2i(3)>,
701729 L<PKCS12_key_gen_utf8(3)>, L<PKCS12_pack_p7encdata(3)>, L<PKCS12_pbe_crypt(3)>,
702730 L<PKCS12_PBE_keyivgen(3)>, L<PKCS12_SAFEBAG_create_pkcs8_encrypt(3)>
703731
704 =item -
732 =item *
705733
706734 L<PKCS5_pbe_set0_algor(3)>, L<PKCS5_pbe_set(3)>, L<PKCS5_pbe2_set_iv(3)>,
707735 L<PKCS5_pbkdf2_set(3)> and L<PKCS5_v2_scrypt_keyivgen(3)>
708736
709 =item -
737 =item *
710738
711739 L<PKCS7_encrypt(3)>, L<PKCS7_new(3)> and L<PKCS7_sign(3)>
712740
713 =item -
741 =item *
714742
715743 L<PKCS8_decrypt(3)>, L<PKCS8_encrypt(3)> and L<PKCS8_set0_pbe(3)>
716744
717 =item -
745 =item *
718746
719747 L<RAND_bytes(3)> and L<RAND_priv_bytes(3)>
720748
721 =item -
749 =item *
722750
723751 L<SMIME_write_ASN1(3)>
724752
725 =item -
753 =item *
726754
727755 L<SSL_load_client_CA_file(3)>
728756
729 =item -
757 =item *
730758
731759 L<SSL_CTX_new(3)>
732760
733 =item -
761 =item *
734762
735763 L<TS_RESP_CTX_new(3)>
736764
737 =item -
765 =item *
738766
739767 L<X509_CRL_new(3)>
740768
741 =item -
769 =item *
742770
743771 L<X509_load_cert_crl_file(3)> and L<X509_load_cert_file(3)>
744772
745 =item -
773 =item *
746774
747775 L<X509_LOOKUP_by_subject(3)> and L<X509_LOOKUP_ctrl(3)>
748776
749 =item -
777 =item *
750778
751779 L<X509_NAME_hash(3)>
752780
753 =item -
781 =item *
754782
755783 L<X509_new(3)>
756784
757 =item -
785 =item *
758786
759787 L<X509_REQ_new(3)> and L<X509_REQ_verify(3)>
760788
761 =item -
789 =item *
762790
763791 L<X509_STORE_CTX_new(3)>, L<X509_STORE_set_default_paths(3)>, L<X509_STORE_load_file(3)>,
764792 L<X509_STORE_load_locations(3)> and L<X509_STORE_load_store(3)>
772800
773801 =over 4
774802
775 =item -
803 =item *
776804
777805 L<BIO_new_from_core_bio(3)>
778806
779 =item -
807 =item *
780808
781809 L<EVP_ASYM_CIPHER_fetch(3)> and L<EVP_ASYM_CIPHER_do_all_provided(3)>
782810
783 =item -
811 =item *
784812
785813 L<EVP_CIPHER_fetch(3)> and L<EVP_CIPHER_do_all_provided(3)>
786814
787 =item -
815 =item *
788816
789817 L<EVP_default_properties_enable_fips(3)> and
790818 L<EVP_default_properties_is_fips_enabled(3)>
791819
792 =item -
820 =item *
793821
794822 L<EVP_KDF_fetch(3)> and L<EVP_KDF_do_all_provided(3)>
795823
796 =item -
824 =item *
797825
798826 L<EVP_KEM_fetch(3)> and L<EVP_KEM_do_all_provided(3)>
799827
800 =item -
828 =item *
801829
802830 L<EVP_KEYEXCH_fetch(3)> and L<EVP_KEYEXCH_do_all_provided(3)>
803831
804 =item -
832 =item *
805833
806834 L<EVP_KEYMGMT_fetch(3)> and L<EVP_KEYMGMT_do_all_provided(3)>
807835
808 =item -
836 =item *
809837
810838 L<EVP_MAC_fetch(3)> and L<EVP_MAC_do_all_provided(3)>
811839
812 =item -
840 =item *
813841
814842 L<EVP_MD_fetch(3)> and L<EVP_MD_do_all_provided(3)>
815843
816 =item -
844 =item *
817845
818846 L<EVP_PKEY_CTX_new_from_pkey(3)>
819847
820 =item -
848 =item *
821849
822850 L<EVP_PKEY_Q_keygen(3)>
823851
824 =item -
852 =item *
825853
826854 L<EVP_Q_mac(3)> and L<EVP_Q_digest(3)>
827855
828 =item -
856 =item *
829857
830858 L<EVP_RAND(3)> and L<EVP_RAND_do_all_provided(3)>
831859
832 =item -
860 =item *
833861
834862 L<EVP_set_default_properties(3)>
835863
836 =item -
864 =item *
837865
838866 L<EVP_SIGNATURE_fetch(3)> and L<EVP_SIGNATURE_do_all_provided(3)>
839867
840 =item -
868 =item *
841869
842870 L<OSSL_CMP_CTX_new(3)> and L<OSSL_CMP_SRV_CTX_new(3)>
843871
844 =item -
872 =item *
845873
846874 L<OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(3)>
847875
848 =item -
876 =item *
849877
850878 L<OSSL_CRMF_MSG_create_popo(3)> and L<OSSL_CRMF_MSGS_verify_popo(3)>
851879
852 =item -
880 =item *
853881
854882 L<OSSL_CRMF_pbm_new(3)> and L<OSSL_CRMF_pbmp_new(3)>
855883
856 =item -
884 =item *
857885
858886 L<OSSL_DECODER_CTX_add_extra(3)> and L<OSSL_DECODER_CTX_new_for_pkey(3)>
859887
860 =item -
888 =item *
861889
862890 L<OSSL_DECODER_fetch(3)> and L<OSSL_DECODER_do_all_provided(3)>
863891
864 =item -
892 =item *
865893
866894 L<OSSL_ENCODER_CTX_add_extra(3)>
867895
868 =item -
896 =item *
869897
870898 L<OSSL_ENCODER_fetch(3)> and L<OSSL_ENCODER_do_all_provided(3)>
871899
872 =item -
900 =item *
873901
874902 L<OSSL_LIB_CTX_free(3)>, L<OSSL_LIB_CTX_load_config(3)> and L<OSSL_LIB_CTX_set0_default(3)>
875903
876 =item -
904 =item *
877905
878906 L<OSSL_PROVIDER_add_builtin(3)>, L<OSSL_PROVIDER_available(3)>,
879907 L<OSSL_PROVIDER_do_all(3)>, L<OSSL_PROVIDER_load(3)>,
880908 L<OSSL_PROVIDER_set_default_search_path(3)> and L<OSSL_PROVIDER_try_load(3)>
881909
882 =item -
910 =item *
883911
884912 L<OSSL_SELF_TEST_get_callback(3)> and L<OSSL_SELF_TEST_set_callback(3)>
885913
886 =item -
914 =item *
887915
888916 L<OSSL_STORE_attach(3)>
889917
890 =item -
918 =item *
891919
892920 L<OSSL_STORE_LOADER_fetch(3)> and L<OSSL_STORE_LOADER_do_all_provided(3)>
893921
894 =item -
922 =item *
895923
896924 L<RAND_get0_primary(3)>, L<RAND_get0_private(3)>, L<RAND_get0_public(3)>,
897925 L<RAND_set_DRBG_type(3)> and L<RAND_set_seed_source_type(3)>
10751103
10761104 =over 4
10771105
1078 =item -
1106 =item *
10791107
10801108 AES_bi_ige_encrypt() and AES_ige_encrypt()
10811109
10881116 is ever used. The security implications are believed to be minimal, but
10891117 this issue was never fixed for backwards compatibility reasons.
10901118
1091 =item -
1119 =item *
10921120
10931121 AES_encrypt(), AES_decrypt(), AES_set_encrypt_key(), AES_set_decrypt_key(),
10941122 AES_cbc_encrypt(), AES_cfb128_encrypt(), AES_cfb1_encrypt(), AES_cfb8_encrypt(),
10951123 AES_ecb_encrypt(), AES_ofb128_encrypt()
10961124
1097 =item -
1125 =item *
10981126
10991127 AES_unwrap_key(), AES_wrap_key()
11001128
11011129 See L</Deprecated low-level encryption functions>
11021130
1103 =item -
1131 =item *
11041132
11051133 AES_options()
11061134
11071135 There is no replacement. It returned a string indicating if the AES code was unrolled.
11081136
1109 =item -
1137 =item *
11101138
11111139 ASN1_digest(), ASN1_sign(), ASN1_verify()
11121140
11131141 There are no replacements. These old functions are not used, and could be
11141142 disabled with the macro NO_ASN1_OLD since OpenSSL 0.9.7.
11151143
1116 =item -
1144 =item *
11171145
11181146 ASN1_STRING_length_set()
11191147
11211149 This was a potentially unsafe function that could change the bounds of a
11221150 previously passed in pointer.
11231151
1124 =item -
1152 =item *
11251153
11261154 BF_encrypt(), BF_decrypt(), BF_set_key(), BF_cbc_encrypt(), BF_cfb64_encrypt(),
11271155 BF_ecb_encrypt(), BF_ofb64_encrypt()
11291157 See L</Deprecated low-level encryption functions>.
11301158 The Blowfish algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
11311159
1132 =item -
1160 =item *
11331161
11341162 BF_options()
11351163
11361164 There is no replacement. This option returned a constant string.
11371165
1138 =item -
1166 =item *
11391167
11401168 BIO_get_callback(), BIO_set_callback(), BIO_debug_callback()
11411169
11421170 Use the respective non-deprecated _ex() functions.
11431171
1144 =item -
1172 =item *
11451173
11461174 BN_is_prime_ex(), BN_is_prime_fasttest_ex()
11471175
11481176 Use L<BN_check_prime(3)> which that avoids possible misuse and always uses at least
11491177 64 rounds of the Miller-Rabin primality test.
11501178
1151 =item -
1179 =item *
11521180
11531181 BN_pseudo_rand(), BN_pseudo_rand_range()
11541182
11551183 Use L<BN_rand(3)> and L<BN_rand_range(3)>.
11561184
1157 =item -
1185 =item *
11581186
11591187 BN_X931_derive_prime_ex(), BN_X931_generate_prime_ex(), BN_X931_generate_Xpq()
11601188
11621190 by RSA_X931_derive_ex() and RSA_X931_generate_key_ex() which are also deprecated.
11631191 Use L<EVP_PKEY_keygen(3)> instead.
11641192
1165 =item -
1193 =item *
11661194
11671195 Camellia_encrypt(), Camellia_decrypt(), Camellia_set_key(),
11681196 Camellia_cbc_encrypt(), Camellia_cfb128_encrypt(), Camellia_cfb1_encrypt(),
11711199
11721200 See L</Deprecated low-level encryption functions>.
11731201
1174 =item -
1202 =item *
11751203
11761204 CAST_encrypt(), CAST_decrypt(), CAST_set_key(), CAST_cbc_encrypt(),
11771205 CAST_cfb64_encrypt(), CAST_ecb_encrypt(), CAST_ofb64_encrypt()
11791207 See L</Deprecated low-level encryption functions>.
11801208 The CAST algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
11811209
1182 =item -
1210 =item *
11831211
11841212 CMAC_CTX_new(), CMAC_CTX_cleanup(), CMAC_CTX_copy(), CMAC_CTX_free(),
11851213 CMAC_CTX_get0_cipher_ctx()
11861214
11871215 See L</Deprecated low-level MAC functions>.
11881216
1189 =item -
1217 =item *
11901218
11911219 CMAC_Init(), CMAC_Update(), CMAC_Final(), CMAC_resume()
11921220
11931221 See L</Deprecated low-level MAC functions>.
11941222
1195 =item -
1223 =item *
11961224
11971225 CRYPTO_mem_ctrl(), CRYPTO_mem_debug_free(), CRYPTO_mem_debug_malloc(),
11981226 CRYPTO_mem_debug_pop(), CRYPTO_mem_debug_push(), CRYPTO_mem_debug_realloc(),
12021230 Memory-leak checking has been deprecated in favor of more modern development
12031231 tools, such as compiler memory and leak sanitizers or Valgrind.
12041232
1205 =item -
1233 =item *
1234
1235 CRYPTO_cts128_encrypt_block(), CRYPTO_cts128_encrypt(),
1236 CRYPTO_cts128_decrypt_block(), CRYPTO_cts128_decrypt(),
1237 CRYPTO_nistcts128_encrypt_block(), CRYPTO_nistcts128_encrypt(),
1238 CRYPTO_nistcts128_decrypt_block(), CRYPTO_nistcts128_decrypt()
1239
1240 Use the higher level functions EVP_CipherInit_ex2(), EVP_CipherUpdate() and
1241 EVP_CipherFinal_ex() instead.
1242 See the "cts_mode" parameter in
1243 L<EVP_EncryptInit(3)/Gettable and Settable EVP_CIPHER_CTX parameters>.
1244 See L<EVP_EncryptInit(3)/EXAMPLES> for a AES-256-CBC-CTS example.
1245
1246 =item *
12061247
12071248 d2i_DHparams(), d2i_DHxparams(), d2i_DSAparams(), d2i_DSAPrivateKey(),
12081249 d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
12161257
12171258 See L</Deprecated i2d and d2i functions for low-level key types>
12181259
1219 =item -
1260 =item *
12201261
12211262 DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(),
12221263 DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(),
12321273 Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB",
12331274 "DES-CFB1" and "DES-CFB8" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
12341275
1235 =item -
1276 =item *
12361277
12371278 DH_bits(), DH_security_bits(), DH_size()
12381279
12391280 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
12401281 L<EVP_PKEY_get_size(3)>.
12411282
1242 =item -
1283 =item *
12431284
12441285 DH_check(), DH_check_ex(), DH_check_params(), DH_check_params_ex(),
12451286 DH_check_pub_key(), DH_check_pub_key_ex()
12461287
12471288 See L</Deprecated low-level validation functions>
12481289
1249 =item -
1290 =item *
12501291
12511292 DH_clear_flags(), DH_test_flags(), DH_set_flags()
12521293
12551296 Use EVP_PKEY_is_a() to determine the type of a key.
12561297 There is no replacement for setting these flags.
12571298
1258 =item -
1299 =item *
12591300
12601301 DH_compute_key() DH_compute_key_padded()
12611302
12621303 See L</Deprecated low-level key exchange functions>.
12631304
1264 =item -
1305 =item *
12651306
12661307 DH_new(), DH_new_by_nid(), DH_free(), DH_up_ref()
12671308
12681309 See L</Deprecated low-level object creation>
12691310
1270 =item -
1311 =item *
12711312
12721313 DH_generate_key(), DH_generate_parameters_ex()
12731314
12741315 See L</Deprecated low-level key generation functions>.
12751316
1276 =item -
1317 =item *
12771318
12781319 DH_get0_pqg(), DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_key(),
12791320 DH_get0_priv_key(), DH_get0_pub_key(), DH_get_length(), DH_get_nid()
12801321
12811322 See L</Deprecated low-level key parameter getters>
12821323
1283 =item -
1324 =item *
12841325
12851326 DH_get_1024_160(), DH_get_2048_224(), DH_get_2048_256()
12861327
12881329 L<EVP_PKEY-DH(7)/DH parameters>) to one of "dh_1024_160", "dh_2048_224" or
12891330 "dh_2048_256" when generating a DH key.
12901331
1291 =item -
1332 =item *
12921333
12931334 DH_KDF_X9_42()
12941335
12951336 Applications should use L<EVP_PKEY_CTX_set_dh_kdf_type(3)> instead.
12961337
1297 =item -
1338 =item *
12981339
12991340 DH_get_default_method(), DH_get0_engine(), DH_meth_*(), DH_new_method(),
13001341 DH_OpenSSL(), DH_get_ex_data(), DH_set_default_method(), DH_set_method(),
13021343
13031344 See L</Providers are a replacement for engines and low-level method overrides>
13041345
1305 =item -
1346 =item *
13061347
13071348 DHparams_print(), DHparams_print_fp()
13081349
13091350 See L</Deprecated low-level key printing functions>
13101351
1311 =item -
1352 =item *
13121353
13131354 DH_set0_key(), DH_set0_pqg(), DH_set_length()
13141355
13151356 See L</Deprecated low-level key parameter setters>
13161357
1317 =item -
1358 =item *
13181359
13191360 DSA_bits(), DSA_security_bits(), DSA_size()
13201361
13211362 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
13221363 L<EVP_PKEY_get_size(3)>.
13231364
1324 =item -
1365 =item *
13251366
13261367 DHparams_dup(), DSA_dup_DH()
13271368
13281369 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
13291370 and L<EVP_PKEY_dup(3)> instead.
13301371
1331 =item -
1372 =item *
13321373
13331374 DSA_generate_key(), DSA_generate_parameters_ex()
13341375
13351376 See L</Deprecated low-level key generation functions>.
13361377
1337 =item -
1378 =item *
13381379
13391380 DSA_get0_engine(), DSA_get_default_method(), DSA_get_ex_data(),
13401381 DSA_get_method(), DSA_meth_*(), DSA_new_method(), DSA_OpenSSL(),
13421383
13431384 See L</Providers are a replacement for engines and low-level method overrides>.
13441385
1345 =item -
1386 =item *
13461387
13471388 DSA_get0_p(), DSA_get0_q(), DSA_get0_g(), DSA_get0_pqg(), DSA_get0_key(),
13481389 DSA_get0_priv_key(), DSA_get0_pub_key()
13491390
13501391 See L</Deprecated low-level key parameter getters>.
13511392
1352 =item -
1393 =item *
13531394
13541395 DSA_new(), DSA_free(), DSA_up_ref()
13551396
13561397 See L</Deprecated low-level object creation>
13571398
1358 =item -
1399 =item *
13591400
13601401 DSAparams_dup()
13611402
13621403 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
13631404 and L<EVP_PKEY_dup(3)> instead.
13641405
1365 =item -
1406 =item *
13661407
13671408 DSAparams_print(), DSAparams_print_fp(), DSA_print(), DSA_print_fp()
13681409
13691410 See L</Deprecated low-level key printing functions>
13701411
1371 =item -
1412 =item *
13721413
13731414 DSA_set0_key(), DSA_set0_pqg()
13741415
13751416 See L</Deprecated low-level key parameter setters>
13761417
1377 =item -
1418 =item *
13781419
13791420 DSA_set_flags(), DSA_clear_flags(), DSA_test_flags()
13801421
13811422 The B<DSA_FLAG_CACHE_MONT_P> flag has been deprecated without replacement.
13821423
1383 =item -
1424 =item *
13841425
13851426 DSA_sign(), DSA_do_sign(), DSA_sign_setup(), DSA_verify(), DSA_do_verify()
13861427
13871428 See L</Deprecated low-level signing functions>.
13881429
1389 =item -
1430 =item *
13901431
13911432 ECDH_compute_key()
13921433
13931434 See L</Deprecated low-level key exchange functions>.
13941435
1395 =item -
1436 =item *
13961437
13971438 ECDH_KDF_X9_62()
13981439
14001441 L<EVP_PKEY_CTX_set_ecdh_kdf_type(3)> or by setting an B<OSSL_PARAM> using the
14011442 "kdf-type" as shown in L<EVP_KEYEXCH-ECDH(7)/EXAMPLES>
14021443
1403 =item -
1444 =item *
14041445
14051446 ECDSA_sign(), ECDSA_sign_ex(), ECDSA_sign_setup(), ECDSA_do_sign(),
14061447 ECDSA_do_sign_ex(), ECDSA_verify(), ECDSA_do_verify()
14071448
14081449 See L</Deprecated low-level signing functions>.
14091450
1410 =item -
1451 =item *
14111452
14121453 ECDSA_size()
14131454
14141455 Applications should use L<EVP_PKEY_get_size(3)>.
14151456
1416 =item -
1457 =item *
14171458
14181459 EC_GF2m_simple_method(), EC_GFp_mont_method(), EC_GFp_nist_method(),
14191460 EC_GFp_nistp224_method(), EC_GFp_nistp256_method(), EC_GFp_nistp521_method(),
14231464 library automatically assigning a suitable method internally when an EC_GROUP
14241465 is constructed.
14251466
1426 =item -
1467 =item *
14271468
14281469 EC_GROUP_clear_free()
14291470
14301471 Use L<EC_GROUP_free(3)> instead.
14311472
1432 =item -
1473 =item *
14331474
14341475 EC_GROUP_get_curve_GF2m(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
14351476 EC_GROUP_set_curve_GFp()
14361477
14371478 Applications should use L<EC_GROUP_get_curve(3)> and L<EC_GROUP_set_curve(3)>.
14381479
1439 =item -
1480 =item *
14401481
14411482 EC_GROUP_have_precompute_mult(), EC_GROUP_precompute_mult(),
14421483 EC_KEY_precompute_mult()
14441485 These functions are not widely used. Applications should instead switch to
14451486 named curves which OpenSSL has hardcoded lookup tables for.
14461487
1447 =item -
1488 =item *
14481489
14491490 EC_GROUP_new(), EC_GROUP_method_of(), EC_POINT_method_of()
14501491
14521493 internally without application intervention.
14531494 Users of EC_GROUP_new() should switch to a different suitable constructor.
14541495
1455 =item -
1496 =item *
14561497
14571498 EC_KEY_can_sign()
14581499
14591500 Applications should use L<EVP_PKEY_can_sign(3)> instead.
14601501
1461 =item -
1502 =item *
14621503
14631504 EC_KEY_check_key()
14641505
14651506 See L</Deprecated low-level validation functions>
14661507
1467 =item -
1508 =item *
14681509
14691510 EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags()
14701511
14751516 B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>.
14761517 See also L<EVP_PKEY-EC(7)/EXAMPLES>
14771518
1478 =item -
1519 =item *
14791520
14801521 EC_KEY_dup(), EC_KEY_copy()
14811522
14821523 There is no direct replacement. Applications may use L<EVP_PKEY_copy_parameters(3)>
14831524 and L<EVP_PKEY_dup(3)> instead.
14841525
1485 =item -
1526 =item *
14861527
14871528 EC_KEY_decoded_from_explicit_params()
14881529
14891530 There is no replacement.
14901531
1491 =item -
1532 =item *
14921533
14931534 EC_KEY_generate_key()
14941535
14951536 See L</Deprecated low-level key generation functions>.
14961537
1497 =item -
1538 =item *
14981539
14991540 EC_KEY_get0_group(), EC_KEY_get0_private_key(), EC_KEY_get0_public_key(),
15001541 EC_KEY_get_conv_form(), EC_KEY_get_enc_flags()
15011542
15021543 See L</Deprecated low-level key parameter getters>.
15031544
1504 =item -
1545 =item *
15051546
15061547 EC_KEY_get0_engine(), EC_KEY_get_default_method(), EC_KEY_get_method(),
15071548 EC_KEY_new_method(), EC_KEY_get_ex_data(), EC_KEY_OpenSSL(),
15101551
15111552 See L</Providers are a replacement for engines and low-level method overrides>
15121553
1513 =item -
1554 =item *
15141555
15151556 EC_METHOD_get_field_type()
15161557
15171558 Use L<EC_GROUP_get_field_type(3)> instead.
15181559 See L</Providers are a replacement for engines and low-level method overrides>
15191560
1520 =item -
1561 =item *
15211562
15221563 EC_KEY_key2buf(), EC_KEY_oct2key(), EC_KEY_oct2priv(), EC_KEY_priv2buf(),
15231564 EC_KEY_priv2oct()
15241565
15251566 There are no replacements for these.
15261567
1527 =item -
1568 =item *
15281569
15291570 EC_KEY_new(), EC_KEY_new_by_curve_name(), EC_KEY_free(), EC_KEY_up_ref()
15301571
15311572 See L</Deprecated low-level object creation>
15321573
1533 =item -
1574 =item *
15341575
15351576 EC_KEY_print(), EC_KEY_print_fp()
15361577
15371578 See L</Deprecated low-level key printing functions>
15381579
1539 =item -
1580 =item *
15401581
15411582 EC_KEY_set_asn1_flag(), EC_KEY_set_conv_form(), EC_KEY_set_enc_flags()
15421583
15431584 See L</Deprecated low-level key parameter setters>.
15441585
1545 =item -
1586 =item *
15461587
15471588 EC_KEY_set_group(), EC_KEY_set_private_key(), EC_KEY_set_public_key(),
15481589 EC_KEY_set_public_key_affine_coordinates()
15491590
15501591 See L</Deprecated low-level key parameter setters>.
15511592
1552 =item -
1593 =item *
15531594
15541595 ECParameters_print(), ECParameters_print_fp(), ECPKParameters_print(),
15551596 ECPKParameters_print_fp()
15561597
15571598 See L</Deprecated low-level key printing functions>
15581599
1559 =item -
1600 =item *
15601601
15611602 EC_POINT_bn2point(), EC_POINT_point2bn()
15621603
15631604 These functions were not particularly useful, since EC point serialization
15641605 formats are not individual big-endian integers.
15651606
1566 =item -
1607 =item *
15671608
15681609 EC_POINT_get_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GFp(),
15691610 EC_POINT_set_affine_coordinates_GF2m(), EC_POINT_set_affine_coordinates_GFp()
15711612 Applications should use L<EC_POINT_get_affine_coordinates(3)> and
15721613 L<EC_POINT_set_affine_coordinates(3)> instead.
15731614
1574 =item -
1615 =item *
15751616
15761617 EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_Jprojective_coordinates_GFp()
15771618
15791620 L<EC_POINT_set_affine_coordinates(3)> and L<EC_POINT_get_affine_coordinates(3)>
15801621 functions.
15811622
1582 =item -
1623 =item *
15831624
15841625 EC_POINT_make_affine(), EC_POINTs_make_affine()
15851626
15861627 There is no replacement. These functions were not widely used, and OpenSSL
15871628 automatically performs this conversion when needed.
15881629
1589 =item -
1630 =item *
15901631
15911632 EC_POINT_set_compressed_coordinates_GF2m(), EC_POINT_set_compressed_coordinates_GFp()
15921633
15931634 Applications should use L<EC_POINT_set_compressed_coordinates(3)> instead.
15941635
1595 =item -
1636 =item *
15961637
15971638 EC_POINTs_mul()
15981639
15991640 This function is not widely used. Applications should instead use the
16001641 L<EC_POINT_mul(3)> function.
16011642
1602 =item -
1643 =item *
16031644
16041645 B<ENGINE_*()>
16051646
16061647 All engine functions are deprecated. An engine should be rewritten as a provider.
16071648 See L</Providers are a replacement for engines and low-level method overrides>.
16081649
1609 =item -
1650 =item *
16101651
16111652 B<ERR_load_*()>, ERR_func_error_string(), ERR_get_error_line(),
16121653 ERR_get_error_line_data(), ERR_get_state()
16131654
16141655 OpenSSL now loads error strings automatically so these functions are not needed.
16151656
1616 =item -
1657 =item *
16171658
16181659 ERR_peek_error_line_data(), ERR_peek_last_error_line_data()
16191660
16241665 with ERR_peek functions and finish off with getting the error code by using
16251666 L<ERR_get_error(3)>.
16261667
1627 =item -
1668 =item *
16281669
16291670 EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_iv_noconst(), EVP_CIPHER_CTX_original_iv()
16301671
16331674 respectively.
16341675 See L<EVP_CIPHER_CTX_get_original_iv(3)> for further information.
16351676
1636 =item -
1677 =item *
16371678
16381679 B<EVP_CIPHER_meth_*()>, EVP_MD_CTX_set_update_fn(), EVP_MD_CTX_update_fn(),
16391680 B<EVP_MD_meth_*()>
16401681
16411682 See L</Providers are a replacement for engines and low-level method overrides>.
16421683
1643 =item -
1684 =item *
16441685
16451686 EVP_PKEY_CTRL_PKCS7_ENCRYPT(), EVP_PKEY_CTRL_PKCS7_DECRYPT(),
16461687 EVP_PKEY_CTRL_PKCS7_SIGN(), EVP_PKEY_CTRL_CMS_ENCRYPT(),
16501691 are replaced by direct checks of the key operation against the key type
16511692 when the operation is initialized.
16521693
1653 =item -
1694 =item *
16541695
16551696 EVP_PKEY_CTX_get0_dh_kdf_ukm(), EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
16561697
16581699 L<EVP_KEYEXCH-ECDH(7)/ECDH Key Exchange parameters>.
16591700 These functions are obsolete and should not be required.
16601701
1661 =item -
1702 =item *
16621703
16631704 EVP_PKEY_CTX_set_rsa_keygen_pubexp()
16641705
16651706 Applications should use L<EVP_PKEY_CTX_set1_rsa_keygen_pubexp(3)> instead.
16661707
1667 =item -
1708 =item *
16681709
16691710 EVP_PKEY_cmp(), EVP_PKEY_cmp_parameters()
16701711
16711712 Applications should use L<EVP_PKEY_eq(3)> and L<EVP_PKEY_parameters_eq(3)> instead.
16721713 See L<EVP_PKEY_copy_parameters(3)> for further details.
16731714
1674 =item -
1715 =item *
16751716
16761717 EVP_PKEY_encrypt_old(), EVP_PKEY_decrypt_old(),
16771718
16781719 Applications should use L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)> or
16791720 L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)> instead.
16801721
1681 =item -
1722 =item *
16821723
16831724 EVP_PKEY_get0()
16841725
16851726 This function returns NULL if the key comes from a provider.
16861727
1687 =item -
1728 =item *
16881729
16891730 EVP_PKEY_get0_DH(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_RSA(),
16901731 EVP_PKEY_get1_DH(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_EC_KEY and EVP_PKEY_get1_RSA(),
16921733
16931734 See L</Functions that return an internal key should be treated as read only>.
16941735
1695 =item -
1736 =item *
16961737
16971738 B<EVP_PKEY_meth_*()>
16981739
16991740 See L</Providers are a replacement for engines and low-level method overrides>.
17001741
1701 =item -
1742 =item *
17021743
17031744 EVP_PKEY_new_CMAC_key()
17041745
17051746 See L</Deprecated low-level MAC functions>.
17061747
1707 =item -
1748 =item *
17081749
17091750 EVP_PKEY_assign(), EVP_PKEY_set1_DH(), EVP_PKEY_set1_DSA(),
17101751 EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_RSA()
17111752
17121753 See L</Deprecated low-level key object getters and setters>
17131754
1714 =item -
1755 =item *
17151756
17161757 EVP_PKEY_set1_tls_encodedpoint() EVP_PKEY_get1_tls_encodedpoint()
17171758
17221763 The old versions have been converted to deprecated macros that just call the
17231764 new functions.
17241765
1725 =item -
1766 =item *
17261767
17271768 EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine()
17281769
17291770 See L</Providers are a replacement for engines and low-level method overrides>.
17301771
1731 =item -
1772 =item *
17321773
17331774 EVP_PKEY_set_alias_type()
17341775
17351776 This function has been removed. There is no replacement.
17361777 See L</EVP_PKEY_set_alias_type() method has been removed>
17371778
1738 =item -
1779 =item *
17391780
17401781 HMAC_Init_ex(), HMAC_Update(), HMAC_Final(), HMAC_size()
17411782
17421783 See L</Deprecated low-level MAC functions>.
17431784
1744 =item -
1785 =item *
17451786
17461787 HMAC_CTX_new(), HMAC_CTX_free(), HMAC_CTX_copy(), HMAC_CTX_reset(),
17471788 HMAC_CTX_set_flags(), HMAC_CTX_get_md()
17481789
17491790 See L</Deprecated low-level MAC functions>.
17501791
1751 =item -
1792 =item *
17521793
17531794 i2d_DHparams(), i2d_DHxparams()
17541795
17551796 See L</Deprecated low-level key reading and writing functions>
17561797 and L<d2i_RSAPrivateKey(3)/Migration>
17571798
1758 =item -
1799 =item *
17591800
17601801 i2d_DSAparams(), i2d_DSAPrivateKey(), i2d_DSAPrivateKey_bio(),
17611802 i2d_DSAPrivateKey_fp(), i2d_DSA_PUBKEY(), i2d_DSA_PUBKEY_bio(),
17641805 See L</Deprecated low-level key reading and writing functions>
17651806 and L<d2i_RSAPrivateKey(3)/Migration>
17661807
1767 =item -
1808 =item *
17681809
17691810 i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(),
17701811 i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(),
17731814 See L</Deprecated low-level key reading and writing functions>
17741815 and L<d2i_RSAPrivateKey(3)/Migration>
17751816
1776 =item -
1817 =item *
17771818
17781819 i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(),
17791820 i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(),
17821823 See L</Deprecated low-level key reading and writing functions>
17831824 and L<d2i_RSAPrivateKey(3)/Migration>
17841825
1785 =item -
1826 =item *
17861827
17871828 IDEA_encrypt(), IDEA_set_decrypt_key(), IDEA_set_encrypt_key(),
17881829 IDEA_cbc_encrypt(), IDEA_cfb64_encrypt(), IDEA_ecb_encrypt(),
17911832 See L</Deprecated low-level encryption functions>.
17921833 IDEA has been moved to the L<Legacy Provider|/Legacy Algorithms>.
17931834
1794 =item -
1835 =item *
17951836
17961837 IDEA_options()
17971838
17981839 There is no replacement. This function returned a constant string.
17991840
1800 =item -
1841 =item *
18011842
18021843 MD2(), MD2_Init(), MD2_Update(), MD2_Final()
18031844
18041845 See L</Deprecated low-level encryption functions>.
18051846 MD2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
18061847
1807 =item -
1848 =item *
18081849
18091850 MD2_options()
18101851
18111852 There is no replacement. This function returned a constant string.
18121853
1813 =item -
1854 =item *
18141855
18151856 MD4(), MD4_Init(), MD4_Update(), MD4_Final(), MD4_Transform()
18161857
18171858 See L</Deprecated low-level encryption functions>.
18181859 MD4 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
18191860
1820 =item -
1861 =item *
18211862
18221863 MDC2(), MDC2_Init(), MDC2_Update(), MDC2_Final()
18231864
18241865 See L</Deprecated low-level encryption functions>.
18251866 MDC2 has been moved to the L<Legacy Provider|/Legacy Algorithms>.
18261867
1827 =item -
1868 =item *
18281869
18291870 MD5(), MD5_Init(), MD5_Update(), MD5_Final(), MD5_Transform()
18301871
18311872 See L</Deprecated low-level encryption functions>.
18321873
1833 =item -
1874 =item *
18341875
18351876 NCONF_WIN32()
18361877
18371878 This undocumented function has no replacement.
18381879 See L<config(5)/HISTORY> for more details.
18391880
1840 =item -
1881 =item *
18411882
18421883 OCSP_parse_url()
18431884
18441885 Use L<OSSL_HTTP_parse_url(3)> instead.
18451886
1846 =item -
1887 =item *
18471888
18481889 B<OCSP_REQ_CTX> type and B<OCSP_REQ_CTX_*()> functions
18491890
18531894 with B<OSSL_HTTP_REQ_CTX_*()>. See L<OSSL_HTTP_REQ_CTX(3)> for additional
18541895 details.
18551896
1856 =item -
1897 =item *
18571898
18581899 OPENSSL_fork_child(), OPENSSL_fork_parent(), OPENSSL_fork_prepare()
18591900
18601901 There is no replacement for these functions. These pthread fork support methods
18611902 were unused by OpenSSL.
18621903
1863 =item -
1904 =item *
18641905
18651906 OSSL_STORE_ctrl(), OSSL_STORE_do_all_loaders(), OSSL_STORE_LOADER_get0_engine(),
18661907 OSSL_STORE_LOADER_get0_scheme(), OSSL_STORE_LOADER_new(),
18761917 schemes they supported. These are all deprecated and discouraged in favour of
18771918 provider implementations, see L<provider-storemgmt(7)>.
18781919
1879 =item -
1920 =item *
18801921
18811922 PEM_read_DHparams(), PEM_read_bio_DHparams(),
18821923 PEM_read_DSAparams(), PEM_read_bio_DSAparams(),
18971938
18981939 See L</Deprecated low-level key reading and writing functions>
18991940
1900 =item -
1941 =item *
19011942
19021943 PKCS1_MGF1()
19031944
19041945 See L</Deprecated low-level encryption functions>.
19051946
1906 =item -
1947 =item *
19071948
19081949 RAND_get_rand_method(), RAND_set_rand_method(), RAND_OpenSSL(),
19091950 RAND_set_rand_engine()
19121953 L<EVP_RAND(3)> and L<EVP_RAND(7)>.
19131954 See L<RAND_set_rand_method(3)> for more details.
19141955
1915 =item -
1956 =item *
19161957
19171958 RC2_encrypt(), RC2_decrypt(), RC2_set_key(), RC2_cbc_encrypt(), RC2_cfb64_encrypt(),
19181959 RC2_ecb_encrypt(), RC2_ofb64_encrypt(),
19231964 See L</Deprecated low-level encryption functions>.
19241965 The Algorithms "RC2", "RC4" and "RC5" have been moved to the L<Legacy Provider|/Legacy Algorithms>.
19251966
1926 =item -
1967 =item *
19271968
19281969 RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update(), RIPEMD160_Final(),
19291970 RIPEMD160_Transform()
19311972 See L</Deprecated low-level digest functions>.
19321973 The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
19331974
1934 =item -
1975 =item *
19351976
19361977 RSA_bits(), RSA_security_bits(), RSA_size()
19371978
19381979 Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
19391980 L<EVP_PKEY_get_size(3)>.
19401981
1941 =item -
1982 =item *
19421983
19431984 RSA_check_key(), RSA_check_key_ex()
19441985
19451986 See L</Deprecated low-level validation functions>
19461987
1947 =item -
1988 =item *
19481989
19491990 RSA_clear_flags(), RSA_flags(), RSA_set_flags(), RSA_test_flags(),
19501991 RSA_setup_blinding(), RSA_blinding_off(), RSA_blinding_on()
19551996 B<RSA_FLAG_EXT_PKEY>, B<RSA_FLAG_NO_BLINDING>, B<RSA_FLAG_THREAD_SAFE>
19561997 B<RSA_METHOD_FLAG_NO_CHECK>
19571998
1958 =item -
1999 =item *
19592000
19602001 RSA_generate_key_ex(), RSA_generate_multi_prime_key()
19612002
19622003 See L</Deprecated low-level key generation functions>.
19632004
1964 =item -
2005 =item *
19652006
19662007 RSA_get0_engine()
19672008
19682009 See L</Providers are a replacement for engines and low-level method overrides>
19692010
1970 =item -
2011 =item *
19712012
19722013 RSA_get0_crt_params(), RSA_get0_d(), RSA_get0_dmp1(), RSA_get0_dmq1(),
19732014 RSA_get0_e(), RSA_get0_factors(), RSA_get0_iqmp(), RSA_get0_key(),
19772018
19782019 See L</Deprecated low-level key parameter getters>
19792020
1980 =item -
2021 =item *
19812022
19822023 RSA_new(), RSA_free(), RSA_up_ref()
19832024
19842025 See L</Deprecated low-level object creation>.
19852026
1986 =item -
2027 =item *
19872028
19882029 RSA_get_default_method(), RSA_get_ex_data and RSA_get_method()
19892030
19902031 See L</Providers are a replacement for engines and low-level method overrides>.
19912032
1992 =item -
2033 =item *
19932034
19942035 RSA_get_version()
19952036
19962037 There is no replacement.
19972038
1998 =item -
2039 =item *
19992040
20002041 B<RSA_meth_*()>, RSA_new_method(), RSA_null_method and RSA_PKCS1_OpenSSL()
20012042
20022043 See L</Providers are a replacement for engines and low-level method overrides>.
20032044
2004 =item -
2045 =item *
20052046
20062047 B<RSA_padding_add_*()>, B<RSA_padding_check_*()>
20072048
20082049 See L</Deprecated low-level signing functions> and
20092050 L</Deprecated low-level encryption functions>.
20102051
2011 =item -
2052 =item *
20122053
20132054 RSA_print(), RSA_print_fp()
20142055
20152056 See L</Deprecated low-level key printing functions>
20162057
2017 =item -
2058 =item *
20182059
20192060 RSA_public_encrypt(), RSA_private_decrypt()
20202061
20212062 See L</Deprecated low-level encryption functions>
20222063
2023 =item -
2064 =item *
20242065
20252066 RSA_private_encrypt(), RSA_public_decrypt()
20262067
20272068 This is equivalent to doing sign and verify recover operations (with a padding
20282069 mode of none). See L</Deprecated low-level signing functions>.
20292070
2030 =item -
2071 =item *
20312072
20322073 RSAPrivateKey_dup(), RSAPublicKey_dup()
20332074
20342075 There is no direct replacement. Applications may use L<EVP_PKEY_dup(3)>.
20352076
2036 =item -
2077 =item *
20372078
20382079 RSAPublicKey_it(), RSAPrivateKey_it()
20392080
20402081 See L</Deprecated low-level key reading and writing functions>
20412082
2042 =item -
2083 =item *
20432084
20442085 RSA_set0_crt_params(), RSA_set0_factors(), RSA_set0_key(),
20452086 RSA_set0_multi_prime_params()
20462087
20472088 See L</Deprecated low-level key parameter setters>.
20482089
2049 =item -
2090 =item *
20502091
20512092 RSA_set_default_method(), RSA_set_method(), RSA_set_ex_data()
20522093
20532094 See L</Providers are a replacement for engines and low-level method overrides>
20542095
2055 =item -
2096 =item *
20562097
20572098 RSA_sign(), RSA_sign_ASN1_OCTET_STRING(), RSA_verify(),
20582099 RSA_verify_ASN1_OCTET_STRING(), RSA_verify_PKCS1_PSS(),
20602101
20612102 See L</Deprecated low-level signing functions>.
20622103
2063 =item -
2104 =item *
20642105
20652106 RSA_X931_derive_ex(), RSA_X931_generate_key_ex(), RSA_X931_hash_id()
20662107
20682109 X931 padding can be set using L<EVP_SIGNATURE-RSA(7)/Signature Parameters>.
20692110 See B<OSSL_SIGNATURE_PARAM_PAD_MODE>.
20702111
2071 =item -
2112 =item *
20722113
20732114 SEED_encrypt(), SEED_decrypt(), SEED_set_key(), SEED_cbc_encrypt(),
20742115 SEED_cfb128_encrypt(), SEED_ecb_encrypt(), SEED_ofb128_encrypt()
20762117 See L</Deprecated low-level encryption functions>.
20772118 The SEED algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
20782119
2079 =item -
2120 =item *
20802121
20812122 SHA1_Init(), SHA1_Update(), SHA1_Final(), SHA1_Transform(),
20822123 SHA224_Init(), SHA224_Update(), SHA224_Final(),
20862127
20872128 See L</Deprecated low-level digest functions>.
20882129
2089 =item -
2130 =item *
20902131
20912132 SRP_Calc_A(), SRP_Calc_B(), SRP_Calc_client_key(), SRP_Calc_server_key(),
20922133 SRP_Calc_u(), SRP_Calc_x(), SRP_check_known_gN_param(), SRP_create_verifier(),
20972138
20982139 There are no replacements for the SRP functions.
20992140
2100 =item -
2141 =item *
21012142
21022143 SSL_CTX_set_tmp_dh_callback(), SSL_set_tmp_dh_callback(),
21032144 SSL_CTX_set_tmp_dh(), SSL_set_tmp_dh()
21132154 longer supported by OpenSSL. Use of the callback functions should be replaced
21142155 by one of the other methods described above.
21152156
2116 =item -
2157 =item *
21172158
21182159 SSL_CTX_set_tlsext_ticket_key_cb()
21192160
21202161 Use the new L<SSL_CTX_set_tlsext_ticket_key_evp_cb(3)> function instead.
21212162
2122 =item -
2163 =item *
21232164
21242165 WHIRLPOOL(), WHIRLPOOL_Init(), WHIRLPOOL_Update(), WHIRLPOOL_Final(),
21252166 WHIRLPOOL_BitUpdate()
21272168 See L</Deprecated low-level digest functions>.
21282169 The Whirlpool algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>.
21292170
2130 =item -
2171 =item *
21312172
21322173 X509_certificate_type()
21332174
21342175 This was an undocumented function. Applications can use L<X509_get0_pubkey(3)>
21352176 and L<X509_get0_signature(3)> instead.
21362177
2137 =item -
2178 =item *
21382179
21392180 X509_http_nbio(), X509_CRL_http_nbio()
21402181
22132254
22142255 =over 4
22152256
2216 =item -
2257 =item *
22172258
22182259 TLS 1.3 FFDHE key exchange support added
22192260
22202261 This uses DH safe prime named groups.
22212262
2222 =item -
2263 =item *
22232264
22242265 Support for fully "pluggable" TLSv1.3 groups.
22252266
22272268 either the "key exchange" or the "key encapsulation" methods) which will
22282269 automatically be detected and used by libssl.
22292270
2230 =item -
2271 =item *
22312272
22322273 SSL and SSL_CTX options are now 64 bit instead of 32 bit.
22332274
22412282 See L<SSL_CTX_get_options(3)>, L<SSL_CTX_set_options(3)>,
22422283 L<SSL_get_options(3)> and L<SSL_set_options(3)>.
22432284
2244 =item -
2285 =item *
22452286
22462287 SSL_set1_host() and SSL_add1_host() Changes
22472288
22482289 These functions now take IP literal addresses as well as actual hostnames.
22492290
2250 =item -
2291 =item *
22512292
22522293 Added SSL option SSL_OP_CLEANSE_PLAINTEXT
22532294
22562297 the application is still responsible for cleansing other copies
22572298 (e.g.: data received by L<SSL_read(3)>).
22582299
2259 =item -
2300 =item *
22602301
22612302 Client-initiated renegotiation is disabled by default.
22622303
22642305 the B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION> flag, or the C<ClientRenegotiation>
22652306 config parameter as appropriate.
22662307
2267 =item -
2308 =item *
22682309
22692310 Secure renegotiation is now required by default for TLS connections
22702311
22742315 SSL_OP_LEGACY_SERVER_CONNECT. Accordingly, SSL_OP_LEGACY_SERVER_CONNECT
22752316 is no longer set as part of SSL_OP_ALL.
22762317
2277 =item -
2318 =item *
22782319
22792320 Combining the Configure options no-ec and no-dh no longer disables TLSv1.3
22802321
22862327 using third party provider groups may result in handshake failures. TLSv1.3
22872328 can be disabled at compile time using the "no-tls1_3" Configure option.
22882329
2289 =item -
2330 =item *
22902331
22912332 SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() changes.
22922333
22932334 The methods now ignore unknown ciphers.
22942335
2295 =item -
2336 =item *
22962337
22972338 Security callback change.
22982339
23052346 of the other locations. Therefore this client side call has been changed to
23062347 pass an EVP_PKEY instead.
23072348
2308 =item -
2349 =item *
23092350
23102351 New SSL option SSL_OP_IGNORE_UNEXPECTED_EOF
23112352
23132354 is set, an unexpected EOF is ignored, it pretends a close notify was received
23142355 instead and so the returned error becomes SSL_ERROR_ZERO_RETURN.
23152356
2316 =item -
2357 =item *
23172358
23182359 The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
23192360
23202361 This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
23212362 working at the default security level of 1 and instead requires security
23222363 level 0. The security level can be changed either using the cipher string
2323 with `C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
2364 with C<@SECLEVEL>, or calling L<SSL_CTX_set_security_level(3)>. This also means
23242365 that where the signature algorithms extension is missing from a ClientHello
23252366 then the handshake will fail in TLS 1.2 at security level 1. This is because,
23262367 although this extension is optional, failing to provide one means that
23272368 OpenSSL will fallback to a default set of signature algorithms. This default
23282369 set requires the availability of SHA1.
23292370
2330 =item -
2371 =item *
23312372
23322373 X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
23332374
+2
-2
doc/man7/passphrase-encoding.pod less more
104104 This is particularly relevant for PKCS#12 objects, where human readable pass
105105 phrases are assumed.
106106 For other objects, it's as legitimate to use any byte sequence (such as a
107 sequence of bytes from `/dev/urandom` that's been saved away), which makes any
107 sequence of bytes from F</dev/urandom> that's been saved away), which makes any
108108 character encoding discussion irrelevant; in such cases, simply use the same
109109 byte sequence as it is.
110110
169169
170170 =head1 COPYRIGHT
171171
172 Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
172 Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
173173
174174 Licensed under the Apache License 2.0 (the "License"). You may not use
175175 this file except in compliance with the License. You can obtain a copy
+5
-2
doc/man7/provider-base.pod less more
122122 All "functions" mentioned here are passed as function pointers between
123123 F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays, in the call
124124 of the provider initialization function. See L<provider(7)/Provider>
125 for a description of the initialization function.
125 for a description of the initialization function. They are known as "upcalls".
126126
127127 All these "functions" have a corresponding function type definition
128128 named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
327327 loading and unloading of providers in the application's library context.
328328 I<handle> is this provider's handle and I<cbdata> is this provider's data
329329 that will be passed back to the callbacks. It returns 1 on success or 0
330 otherwise.
330 otherwise. These callbacks may be called while holding locks in libcrypto. In
331 order to avoid deadlocks the callback implementation must not be long running
332 and must not call other OpenSSL API functions or upcalls.
331333
332334 I<create_cb> is a callback that will be called when a new provider is loaded
333335 into the application's library context. It is also called for any providers that
474476
475477 For example, let's say we have the following config example:
476478
479 config_diagnostics = 1
477480 openssl_conf = openssl_init
478481
479482 [openssl_init]
+15
-0
doc/man7/provider-kdf.pod less more
238238
239239 Sets the scrypt work factor parameter maxmem in the associated KDF ctx.
240240
241 =item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string>
242
243 Sets the prefix string using by the TLS 1.3 version of HKDF in the
244 associated KDF ctx.
245
246 =item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string>
247
248 Sets the label string using by the TLS 1.3 version of HKDF in the
249 associated KDF ctx.
250
251 =item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string>
252
253 Sets the context string using by the TLS 1.3 version of HKDF in the
254 associated KDF ctx.
255
241256 =item "info" (B<OSSL_KDF_PARAM_INFO>) <octet string>
242257
243258 Sets the optional shared info in the associated KDF ctx.
+1
-1
include/crypto/aes_platform.h less more
9191 # define HWAES_decrypt aes_v8_decrypt
9292 # define HWAES_cbc_encrypt aes_v8_cbc_encrypt
9393 # define HWAES_ecb_encrypt aes_v8_ecb_encrypt
94 # if __ARM_MAX_ARCH__>=8
94 # if __ARM_MAX_ARCH__>=8 && defined(__aarch64__)
9595 # define HWAES_xts_encrypt aes_v8_xts_encrypt
9696 # define HWAES_xts_decrypt aes_v8_xts_decrypt
9797 # endif
+10
-0
include/crypto/rand.h less more
2020
2121 # include <openssl/rand.h>
2222 # include "crypto/rand_pool.h"
23
24 # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
25 # include <Availability.h>
26 # if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \
27 (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
28 # define OPENSSL_APPLE_CRYPTO_RANDOM 1
29 # include <CommonCrypto/CommonCryptoError.h>
30 # include <CommonCrypto/CommonRandom.h>
31 # endif
32 # endif
2333
2434 /*
2535 * Defines related to seed sources
+2
-2
include/crypto/sm2.h less more
6666 int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest,
6767 size_t msg_len, size_t *ct_size);
6868
69 int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest,
70 size_t msg_len, size_t *pt_size);
69 int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
70 size_t *pt_size);
7171
7272 int ossl_sm2_encrypt(const EC_KEY *key,
7373 const EVP_MD *digest,
+7
-3
include/crypto/x509.h less more
1313 # include "internal/refcount.h"
1414 # include <openssl/asn1.h>
1515 # include <openssl/x509.h>
16 # include <openssl/conf.h>
1617 # include "crypto/types.h"
1718
1819 /* Internal X509 structures and functions: not for application use */
342343 int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp);
343344 DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length);
344345 int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp);
345 # endif
346 # endif /* OPENSSL_NO_DH */
346347 # ifndef OPENSSL_NO_EC
347348 ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a,
348349 const unsigned char **pp, long length);
356357 ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a,
357358 const unsigned char **pp, long length);
358359 int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp);
359 # endif
360 # endif /* OPENSSL_NO_EC */
360361 EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp,
361362 long length);
362 #endif
363
364 int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
365 size_t vallen, STACK_OF(CONF_VALUE) **extlist);
366 #endif /* OSSL_CRYPTO_X509_H */
+4
-0
include/openssl/core_names.h less more
189189 #define OSSL_KDF_PARAM_KEY "key" /* octet string */
190190 #define OSSL_KDF_PARAM_SALT "salt" /* octet string */
191191 #define OSSL_KDF_PARAM_PASSWORD "pass" /* octet string */
192 #define OSSL_KDF_PARAM_PREFIX "prefix" /* octet string */
193 #define OSSL_KDF_PARAM_LABEL "label" /* octet string */
194 #define OSSL_KDF_PARAM_DATA "data" /* octet string */
192195 #define OSSL_KDF_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */
193196 #define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
194197 #define OSSL_KDF_PARAM_MAC OSSL_ALG_PARAM_MAC /* utf8 string */
222225
223226 /* Known KDF names */
224227 #define OSSL_KDF_NAME_HKDF "HKDF"
228 #define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF"
225229 #define OSSL_KDF_NAME_PBKDF1 "PBKDF1"
226230 #define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
227231 #define OSSL_KDF_NAME_SCRYPT "SCRYPT"
+0
-4
include/openssl/dtls1.h less more
4848
4949 # define DTLS1_AL_HEADER_LENGTH 2
5050
51 /* Timeout multipliers */
52 # define DTLS1_TMO_READ_COUNT 2
53 # define DTLS1_TMO_WRITE_COUNT 2
54
5551 # define DTLS1_TMO_ALERT_COUNT 12
5652
5753 #ifdef __cplusplus
+3
-3
include/openssl/ec.h less more
914914 # define i2d_ECPKParameters_bio(bp,x) \
915915 ASN1_i2d_bio_of(EC_GROUP, i2d_ECPKParameters, bp, x)
916916 # define d2i_ECPKParameters_fp(fp,x) \
917 (EC_GROUP *)ASN1_d2i_fp(NULL, (char *(*)())d2i_ECPKParameters, (fp), \
918 (unsigned char **)(x))
917 (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \
918 (void **)(x))
919919 # define i2d_ECPKParameters_fp(fp,x) \
920 ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x))
920 ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x))
921921
922922 # ifndef OPENSSL_NO_DEPRECATED_3_0
923923 OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x,
+1
-0
include/openssl/proverr.h less more
5858 # define PROV_R_INVALID_DIGEST 122
5959 # define PROV_R_INVALID_DIGEST_LENGTH 166
6060 # define PROV_R_INVALID_DIGEST_SIZE 218
61 # define PROV_R_INVALID_INPUT_LENGTH 230
6162 # define PROV_R_INVALID_ITERATION_COUNT 123
6263 # define PROV_R_INVALID_IV_LENGTH 109
6364 # define PROV_R_INVALID_KEY 158
+4
-1
include/openssl/self_test.h less more
2828 # define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity"
2929 # define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity"
3030 # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test"
31 # define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test"
31 # define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT"
3232 # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher"
3333 # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher"
3434 # define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest"
3535 # define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature"
36 # define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature"
3637 # define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF"
3738 # define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA"
3839 # define OSSL_SELF_TEST_TYPE_DRBG "DRBG"
6768 # define OSSL_SELF_TEST_DESC_KDF_SSHKDF "SSHKDF"
6869 # define OSSL_SELF_TEST_DESC_KDF_TLS12_PRF "TLS12_PRF"
6970 # define OSSL_SELF_TEST_DESC_KDF_KBKDF "KBKDF"
71 # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT "TLS13_KDF_EXTRACT"
72 # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND"
7073 # define OSSL_SELF_TEST_DESC_RNG "RNG"
7174
7275 # ifdef __cplusplus
+2
-0
providers/common/provider_err.c less more
7979 "invalid digest length"},
8080 {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_SIZE),
8181 "invalid digest size"},
82 {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH),
83 "invalid input length"},
8284 {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),
8385 "invalid iteration count"},
8486 {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IV_LENGTH), "invalid iv length"},
+5
-0
providers/defltprov.c less more
250250 ALG(PROV_NAMES_CAMELLIA_256_CBC, ossl_camellia256cbc_functions),
251251 ALG(PROV_NAMES_CAMELLIA_192_CBC, ossl_camellia192cbc_functions),
252252 ALG(PROV_NAMES_CAMELLIA_128_CBC, ossl_camellia128cbc_functions),
253 ALG(PROV_NAMES_CAMELLIA_128_CBC_CTS, ossl_camellia128cbc_cts_functions),
254 ALG(PROV_NAMES_CAMELLIA_192_CBC_CTS, ossl_camellia192cbc_cts_functions),
255 ALG(PROV_NAMES_CAMELLIA_256_CBC_CTS, ossl_camellia256cbc_cts_functions),
253256 ALG(PROV_NAMES_CAMELLIA_256_OFB, ossl_camellia256ofb_functions),
254257 ALG(PROV_NAMES_CAMELLIA_192_OFB, ossl_camellia192ofb_functions),
255258 ALG(PROV_NAMES_CAMELLIA_128_OFB, ossl_camellia128ofb_functions),
319322
320323 static const OSSL_ALGORITHM deflt_kdfs[] = {
321324 { PROV_NAMES_HKDF, "provider=default", ossl_kdf_hkdf_functions },
325 { PROV_NAMES_TLS1_3_KDF, "provider=default",
326 ossl_kdf_tls1_3_kdf_functions },
322327 { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions },
323328 { PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions },
324329 { PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions },
+26
-3
providers/encoders.inc less more
1414 #define ENCODER_STRUCTURE_type_specific_params "type-specific"
1515 #define ENCODER_STRUCTURE_type_specific "type-specific"
1616 #define ENCODER_STRUCTURE_type_specific_no_pub "type-specific"
17 #define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo"
1718 #define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo"
1819 #define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo"
1920 #define ENCODER_STRUCTURE_DH "dh"
126127 #endif
127128
128129 /*
129 * Entries for PKCS#8 (PrivateKeyInfo) and SubjectPublicKeyInfo.
130 * The "der" ones are added convenience for any user that wants to use
131 * OSSL_ENCODER directly.
130 * Entries for encrypted PKCS#8 (EncryptedPrivateKeyInfo), unencrypted PKCS#8
131 * (PrivateKeyInfo) and SubjectPublicKeyInfo. The "der" ones are added
132 * convenience for any user that wants to use OSSL_ENCODER directly.
132133 * The "pem" ones also support PEM_write_bio_PrivateKey() and
133134 * PEM_write_bio_PUBKEY().
134135 */
136 ENCODER_w_structure("RSA", rsa, yes, der, EncryptedPrivateKeyInfo),
137 ENCODER_w_structure("RSA", rsa, yes, pem, EncryptedPrivateKeyInfo),
135138 ENCODER_w_structure("RSA", rsa, yes, der, PrivateKeyInfo),
136139 ENCODER_w_structure("RSA", rsa, yes, pem, PrivateKeyInfo),
137140 ENCODER_w_structure("RSA", rsa, yes, der, SubjectPublicKeyInfo),
138141 ENCODER_w_structure("RSA", rsa, yes, pem, SubjectPublicKeyInfo),
139142
143 ENCODER_w_structure("RSA-PSS", rsapss, yes, der, EncryptedPrivateKeyInfo),
144 ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, EncryptedPrivateKeyInfo),
140145 ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PrivateKeyInfo),
141146 ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PrivateKeyInfo),
142147 ENCODER_w_structure("RSA-PSS", rsapss, yes, der, SubjectPublicKeyInfo),
143148 ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, SubjectPublicKeyInfo),
144149
145150 #ifndef OPENSSL_NO_DH
151 ENCODER_w_structure("DH", dh, yes, der, EncryptedPrivateKeyInfo),
152 ENCODER_w_structure("DH", dh, yes, pem, EncryptedPrivateKeyInfo),
146153 ENCODER_w_structure("DH", dh, yes, der, PrivateKeyInfo),
147154 ENCODER_w_structure("DH", dh, yes, pem, PrivateKeyInfo),
148155 ENCODER_w_structure("DH", dh, yes, der, SubjectPublicKeyInfo),
149156 ENCODER_w_structure("DH", dh, yes, pem, SubjectPublicKeyInfo),
150157
158 ENCODER_w_structure("DHX", dhx, yes, der, EncryptedPrivateKeyInfo),
159 ENCODER_w_structure("DHX", dhx, yes, pem, EncryptedPrivateKeyInfo),
151160 ENCODER_w_structure("DHX", dhx, yes, der, PrivateKeyInfo),
152161 ENCODER_w_structure("DHX", dhx, yes, pem, PrivateKeyInfo),
153162 ENCODER_w_structure("DHX", dhx, yes, der, SubjectPublicKeyInfo),
155164 #endif
156165
157166 #ifndef OPENSSL_NO_DSA
167 ENCODER_w_structure("DSA", dsa, yes, der, EncryptedPrivateKeyInfo),
168 ENCODER_w_structure("DSA", dsa, yes, pem, EncryptedPrivateKeyInfo),
158169 ENCODER_w_structure("DSA", dsa, yes, der, PrivateKeyInfo),
159170 ENCODER_w_structure("DSA", dsa, yes, pem, PrivateKeyInfo),
160171 ENCODER_w_structure("DSA", dsa, yes, der, SubjectPublicKeyInfo),
162173 #endif
163174
164175 #ifndef OPENSSL_NO_EC
176 ENCODER_w_structure("EC", ec, yes, der, EncryptedPrivateKeyInfo),
177 ENCODER_w_structure("EC", ec, yes, pem, EncryptedPrivateKeyInfo),
165178 ENCODER_w_structure("EC", ec, yes, der, PrivateKeyInfo),
166179 ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo),
167180 ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo),
168181 ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo),
169182
183 ENCODER_w_structure("X25519", x25519, yes, der, EncryptedPrivateKeyInfo),
184 ENCODER_w_structure("X25519", x25519, yes, pem, EncryptedPrivateKeyInfo),
170185 ENCODER_w_structure("X25519", x25519, yes, der, PrivateKeyInfo),
171186 ENCODER_w_structure("X25519", x25519, yes, pem, PrivateKeyInfo),
172187 ENCODER_w_structure("X25519", x25519, yes, der, SubjectPublicKeyInfo),
173188 ENCODER_w_structure("X25519", x25519, yes, pem, SubjectPublicKeyInfo),
174189
190 ENCODER_w_structure("X448", x448, yes, der, EncryptedPrivateKeyInfo),
191 ENCODER_w_structure("X448", x448, yes, pem, EncryptedPrivateKeyInfo),
175192 ENCODER_w_structure("X448", x448, yes, der, PrivateKeyInfo),
176193 ENCODER_w_structure("X448", x448, yes, pem, PrivateKeyInfo),
177194 ENCODER_w_structure("X448", x448, yes, der, SubjectPublicKeyInfo),
178195 ENCODER_w_structure("X448", x448, yes, pem, SubjectPublicKeyInfo),
179196
197 ENCODER_w_structure("ED25519", ed25519, yes, der, EncryptedPrivateKeyInfo),
198 ENCODER_w_structure("ED25519", ed25519, yes, pem, EncryptedPrivateKeyInfo),
180199 ENCODER_w_structure("ED25519", ed25519, yes, der, PrivateKeyInfo),
181200 ENCODER_w_structure("ED25519", ed25519, yes, pem, PrivateKeyInfo),
182201 ENCODER_w_structure("ED25519", ed25519, yes, der, SubjectPublicKeyInfo),
183202 ENCODER_w_structure("ED25519", ed25519, yes, pem, SubjectPublicKeyInfo),
184203
204 ENCODER_w_structure("ED448", ed448, yes, der, EncryptedPrivateKeyInfo),
205 ENCODER_w_structure("ED448", ed448, yes, pem, EncryptedPrivateKeyInfo),
185206 ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo),
186207 ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo),
187208 ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo),
188209 ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo),
189210
190211 # ifndef OPENSSL_NO_SM2
212 ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo),
213 ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo),
191214 ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo),
192215 ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo),
193216 ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo),
+2
-0
providers/fips/fipsprov.c less more
345345
346346 static const OSSL_ALGORITHM fips_kdfs[] = {
347347 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions },
348 { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES,
349 ossl_kdf_tls1_3_kdf_functions },
348350 { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
349351 { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions },
350352 { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
+64
-0
providers/fips/self_test_data.inc less more
493493 ST_KAT_PARAM_END()
494494 };
495495
496 static const char tls13_kdf_digest[] = "SHA256";
497 static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
498 static int tls13_kdf_expand_mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
499 static const unsigned char tls13_kdf_prefix[] = {
500 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20 /* "tls13 " */
501 };
502 static const unsigned char tls13_kdf_client_early_secret_label[] = {
503 0x63, 0x20, 0x65, 0x20, 0x74, 0x72, 0x61, 0x66,
504 0x66, 0x69, 0x63 /* "c e traffic"*/
505 };
506 static const unsigned char tls13_kdf_psk[] = {
507 0xF8, 0xAF, 0x6A, 0xEA, 0x2D, 0x39, 0x7B, 0xAF,
508 0x29, 0x48, 0xA2, 0x5B, 0x28, 0x34, 0x20, 0x06,
509 0x92, 0xCF, 0xF1, 0x7E, 0xEE, 0x91, 0x65, 0xE4,
510 0xE2, 0x7B, 0xAB, 0xEE, 0x9E, 0xDE, 0xFD, 0x05
511 };
512 static const unsigned char tls13_kdf_client_hello_hash[] = {
513 0x7c, 0x92, 0xf6, 0x8b, 0xd5, 0xbf, 0x36, 0x38,
514 0xea, 0x33, 0x8a, 0x64, 0x94, 0x72, 0x2e, 0x1b,
515 0x44, 0x12, 0x7e, 0x1b, 0x7e, 0x8a, 0xad, 0x53,
516 0x5f, 0x23, 0x22, 0xa6, 0x44, 0xff, 0x22, 0xb3
517 };
518
519 static const unsigned char tls13_kdf_early_secret[] = {
520 0x15, 0x3B, 0x63, 0x94, 0xA9, 0xC0, 0x3C, 0xF3,
521 0xF5, 0xAC, 0xCC, 0x6E, 0x45, 0x5A, 0x76, 0x93,
522 0x28, 0x11, 0x38, 0xA1, 0xBC, 0xFA, 0x38, 0x03,
523 0xC2, 0x67, 0x35, 0xDD, 0x11, 0x94, 0xD2, 0x16
524 };
525 static const unsigned char tls13_kdf_client_early_traffic_secret[] = {
526 0xC8, 0x05, 0x83, 0xA9, 0x0E, 0x99, 0x5C, 0x48,
527 0x96, 0x00, 0x49, 0x2A, 0x5D, 0xA6, 0x42, 0xE6,
528 0xB1, 0xF6, 0x79, 0xBA, 0x67, 0x48, 0x28, 0x79,
529 0x2D, 0xF0, 0x87, 0xB9, 0x39, 0x63, 0x61, 0x71
530 };
531 static const ST_KAT_PARAM tls13_kdf_early_secret_params[] = {
532 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_extract_mode),
533 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
534 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_psk),
535 ST_KAT_PARAM_END()
536 };
537 static const ST_KAT_PARAM tls13_kdf_client_early_secret_params[] = {
538 ST_KAT_PARAM_INT(OSSL_KDF_PARAM_MODE, tls13_kdf_expand_mode),
539 ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, tls13_kdf_digest),
540 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, tls13_kdf_early_secret),
541 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_DATA, tls13_kdf_client_hello_hash),
542 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PREFIX, tls13_kdf_prefix),
543 ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_LABEL,
544 tls13_kdf_client_early_secret_label),
545 ST_KAT_PARAM_END()
546 };
547
496548 static const ST_KAT_KDF st_kat_kdf_tests[] =
497549 {
550 {
551 OSSL_SELF_TEST_DESC_KDF_TLS13_EXTRACT,
552 OSSL_KDF_NAME_TLS1_3_KDF,
553 tls13_kdf_early_secret_params,
554 ITM(tls13_kdf_early_secret)
555 },
556 {
557 OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND,
558 OSSL_KDF_NAME_TLS1_3_KDF,
559 tls13_kdf_client_early_secret_params,
560 ITM(tls13_kdf_client_early_traffic_secret)
561 },
498562 {
499563 OSSL_SELF_TEST_DESC_KDF_TLS12_PRF,
500564 OSSL_KDF_NAME_TLS1_PRF,
+6
-2
providers/fips/self_test_kats.c less more
451451 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
452452 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
453453 };
454
455 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
454 const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
455
456 if (t->sig_expected == NULL)
457 typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
458
459 OSSL_SELF_TEST_onbegin(st, typ, t->desc);
456460
457461 bnctx = BN_CTX_new_ex(libctx);
458462 if (bnctx == NULL)
+22
-22
providers/fips-sources.checksums less more
187187 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
188188 847e039a249a1f9af42dfc6427de2ad4925f1116f86619dd420cf8cec9d3bbfe crypto/evp/digest.c
189189 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c
190 bd8cdd250f64cc314133a1c3cdef8eba3de5a40f1a9ef1d26729c5361690a368 crypto/evp/evp_enc.c
190 37b5e0bdb30a24c925a26f818828fd3b4ab4c1725f84797260556c0f47f2b76d crypto/evp/evp_enc.c
191191 363dda606a23f1cbb6eefc713903bb353b8fc8661dee0e853366c7798f050483 crypto/evp/evp_fetch.c
192192 6e0a2b11440a3cfd80d5539aa6a4b133dbfefc6a646736980dbbd504b3f16ac8 crypto/evp/evp_lib.c
193193 34574e474d3f5daf24981200cae9e24a427d165cd43d8fb738844fa9b0fc991f crypto/evp/evp_local.h
202202 e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c
203203 f9988dfed6253c30b08a966496f188763671cb72a2fcb25455f65f8d270027cc crypto/evp/mac_lib.c
204204 e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c
205 0b3714cb5ff9deb5e17081b8dc12922910de9b8693e644dd2ac67a53fe25c7ff crypto/evp/p_lib.c
205 cd2902a111d200417d04f0422451b3760a67fc21cd1f9ca3b02200dc91b8b916 crypto/evp/p_lib.c
206206 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c
207207 bbce11755bcc5ba2ee8e9c1eb95905447136f614fdc2b0f74cf785fe81ead6a5 crypto/evp/pmeth_gn.c
208208 fdaddf5c4b274d83292a5121d9b0541dce82fb83e59d64d48a93964840421f30 crypto/evp/pmeth_lib.c
213213 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c
214214 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c
215215 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c
216 916d93b50c8a1e69b94ac5d0949a762f3b1580a40b72eb269a764b9905450204 crypto/ffc/ffc_params_generate.c
216 5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c
217217 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c
218218 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c
219219 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h
255255 5d780fd1a656db32a0292d2692690f69aa1b977646282f4884f17dca861fe681 crypto/property/property_parse.c
256256 43259a466b118d938e4480f4e6f46aaa8eab452f971ff0788e2eb8369ff1b5ec crypto/property/property_query.c
257257 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
258 9f286d199826f65b2658497370a85d8c5537b8112b98b3e10f373e638865ed94 crypto/provider_core.c
258 a065691f37df209ce2ab5ce721e6fc45008e2f00edfbad0ceaa5ef2a0cfee23d crypto/provider_core.c
259259 d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h
260260 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c
261261 5d16318d3a36b06145af74afa3523109768990a33457c81895c7ab8a830654f8 crypto/rand/rand_lib.c
335335 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a crypto/threads_win.c
336336 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl
337337 d13560a5f8a66d7b956d54cd6bf24eade529d686992d243bfb312376a57b475e e_os.h
338 6761a5e155b5eec21bcae9d3c6714a3677c747fdf9daefdd7819250e686f8129 include/crypto/aes_platform.h
338 4dab31beb4bbd9275a914839f590eaa328cc8ddec3561acd3e6fae0606758b32 include/crypto/aes_platform.h
339339 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h
340340 8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h
341341 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in
351351 bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h
352352 162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h
353353 f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h
354 763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22 include/crypto/rand.h
354 11734df47031edd5fd025313ab10d3cfd777920760c023f0bc7019d0653e73df include/crypto/rand.h
355355 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h
356356 bd5ce686c97a8a3a0e3d7ca1e4f16706fd51df5da9673169303a4428d62da233 include/crypto/rsa.h
357357 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h
400400 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h
401401 792488b5d6bb87a5138322d7a6ae011faa279918321af62e76fa018e1a991c93 include/openssl/core.h
402402 00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h
403 3841bcf3fc61aa9a3b770a5d64185e90cd9a1778bf7c83f1e379bda2f0e480d0 include/openssl/core_names.h
403 cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h
404404 d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49 include/openssl/crypto.h.in
405405 06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0 include/openssl/cryptoerr.h
406406 bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h
411411 335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea include/openssl/dsaerr.h
412412 41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h
413413 bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h
414 8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833 include/openssl/ec.h
414 0ad64e592528898c84f2a16e2a03749774b908b3a9944a7f9aa54b1f95094dfb include/openssl/ec.h
415415 cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h
416416 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h
417417 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
433433 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h
434434 30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984 include/openssl/params.h
435435 097615b849375e2903967521f76c570512e5be47b8159fdbcd31e433f8a4cca7 include/openssl/prov_ssl.h
436 90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603 include/openssl/proverr.h
436 bdadffba7b7b8294c9f7450ce2563ae31145ca0f196f5ce7b8c2f19ed7fba816 include/openssl/proverr.h
437437 b97e8ad49b38683817387596aefec0abd5f4d572643beef48be4f7acba26768d include/openssl/provider.h
438438 7c9b5f479d9b22cfc8db0976dddfc2a1ee6e757b436e01a2b4d2744bcb6d81a5 include/openssl/rand.h
439439 108966f56c82fedff53df76a4aa7861c82be4db1fd1ddafb59dc086ea155831c include/openssl/randerr.h
440440 c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openssl/rsa.h
441441 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h
442442 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in
443 c7da25794eb70f0cbc2457f4cb87e8d04dc3512b509034ff1db7285961952963 include/openssl/self_test.h
443 2702c0c5b8df31f764aa97d44c8a2b00b4b91c3482fd8ca5e1c5c91dfc61dc58 include/openssl/self_test.h
444444 2964274ab32b1ba8578a06b06663db2eda4317ae806369271d889176bb5a7d04 include/openssl/sha.h
445445 c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h
446446 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h
475475 e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/common/include/prov/providercommon.h
476476 73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939 providers/common/include/prov/securitycheck.h
477477 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c
478 08eb591a084afaa48802734fa0a77a37c94b6caeee1cb5f810ed02cbd03afaff providers/common/provider_err.c
478 a8b73b10ab0100942dd2bc45f2fc9c9238b70bec0e49708ba113bc7479c8b92a providers/common/provider_err.c
479479 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c
480480 eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c
481481 ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c
482482 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c
483483 abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c
484 3bae030b142c90518f3b6c59924fee939b17667008e670e73733c09c3f1d54f0 providers/fips/fipsprov.c
484 a4dc9bf2d77e34175737b7b8d28fbe90815ac0e2904e3ac2d9e2a271f345ef20 providers/fips/fipsprov.c
485485 fdbaf748044ce54f13e673b92db876e32436e4d5644f443cc43d063112a89676 providers/fips/self_test.c
486486 f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h
487 26b6bf82ee3865d0c6c612d98957dee7e2b7a82b68b643eb25771735fd6cec59 providers/fips/self_test_data.inc
488 f2775b7effa96b7c925ed71bd8c90e74b6256e7ed28346f59de46dffecb3e5a0 providers/fips/self_test_kats.c
487 7a23cc81ca7542325634891d1982c70e68a27914b088a51ca60249d54031bfc2 providers/fips/self_test_data.inc
488 85c068c86363777941e226a37b3cba23c78f963eda2bd848f66af4a7eedc0e21 providers/fips/self_test_kats.c
489489 f054b24ea53ad5db41dd7f37f20f42166ed68b832121a94858cb0173b1aaeb1d providers/implementations/asymciphers/rsa_enc.c
490490 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c
491491 f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h
497497 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h
498498 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7 providers/implementations/ciphers/cipher_aes_ccm_hw.c
499499 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
500 7a61f7e0684b6053aeb64edb1de2eb1a47df1e70d041eb5e2e96a528a4c5512f providers/implementations/ciphers/cipher_aes_cts.c
501 2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf providers/implementations/ciphers/cipher_aes_cts.h
502 2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b providers/implementations/ciphers/cipher_aes_cts.inc
500 a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc
503501 710ee60704dd9dffa2a11e2e96596af1f7f84f915cedcedeec7292e0d978317a providers/implementations/ciphers/cipher_aes_gcm.c
504502 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h
505503 ab298c5f89f3165fa11093fad8063b7bcbff0924b43fb3107148ae66d54adcb5 providers/implementations/ciphers/cipher_aes_gcm_hw.c
509507 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573 providers/implementations/ciphers/cipher_aes_ocb.c
510508 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h
511509 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70 providers/implementations/ciphers/cipher_aes_ocb_hw.c
512 d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2 providers/implementations/ciphers/cipher_aes_wrp.c
510 a872195161ac6c3a2cb59c3d15b212e34bb7596a41712258f5d0b5e771e25239 providers/implementations/ciphers/cipher_aes_wrp.c
513511 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931 providers/implementations/ciphers/cipher_aes_xts.c
514512 c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h
515513 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c
516514 f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c
515 f2e7404005e0602c4cc90b49b7af7453aa5b8644720ca1028d93e78bc28a7c09 providers/implementations/ciphers/cipher_cts.c
516 74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h
517517 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5 providers/implementations/ciphers/cipher_tdes.c
518518 77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h
519519 9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd providers/implementations/ciphers/cipher_tdes_common.c
529529 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c
530530 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c
531531 de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c
532 b14f76813cb10cb1cfadfc04bb5e0660bb12c5a120c96d196b0f6f1a948d2f48 providers/implementations/exchange/dh_exch.c
532 007d431b3cdb53374c5f5aaef2fcb557e213c23f26e55ebdd32b53527f3f4826 providers/implementations/exchange/dh_exch.c
533533 9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c
534534 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c
535535 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513 providers/implementations/exchange/kdf_exch.c
538538 dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h
539539 0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h
540540 79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5 providers/implementations/include/prov/digestcommon.h
541 19ddd49020b421794be5e69645a62a3ebfa75cb9cb32253bb52d8d7a508e147c providers/implementations/include/prov/implementations.h
541 c47c960398bad27844f837e68d19df3912e2c9497362789b3d5c858ca4f9242b providers/implementations/include/prov/implementations.h
542542 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8 providers/implementations/include/prov/kdfexchange.h
543543 c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h
544 968eaa42bcc58d8b4991a4071768a497ca12bfc332b57c6644dfb749e1e84461 providers/implementations/include/prov/names.h
544 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h
545545 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h
546 925c5beb1f5e204d27aa2ba045d67dcceeda453cc029dbc8ed194bb897306d8a providers/implementations/kdfs/hkdf.c
546 432e2d5e467a50bd031a6b94b27072f5d66f4fadb6d62c9bfd9453d444c2aedf providers/implementations/kdfs/hkdf.c
547547 b2e971a5a5d91da121db468cd8c8501c154643120dae31bb674e758c6403ad14 providers/implementations/kdfs/kbkdf.c
548548 fb62e76d7d751bf3b4c39157d601aa0a16477bb9335121ec6649ba7176a43f8d providers/implementations/kdfs/pbkdf2.c
549549 c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h
+1
-1
providers/fips.checksum less more
0 0c627e1484ecf223a7939c9ab5c4b59eea02025d821ae634b9db5f0581b2d916 providers/fips-sources.checksums
0 bbbd640470428086f7a658e7020fa73149e276e594412a83347ca1782c0e0486 providers/fips-sources.checksums
+2
-2
providers/fips.module.sources less more
497497 providers/implementations/ciphers/cipher_aes_ccm.h
498498 providers/implementations/ciphers/cipher_aes_ccm_hw.c
499499 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc
500 providers/implementations/ciphers/cipher_aes_cts.c
501 providers/implementations/ciphers/cipher_aes_cts.h
502500 providers/implementations/ciphers/cipher_aes_cts.inc
503501 providers/implementations/ciphers/cipher_aes_gcm.c
504502 providers/implementations/ciphers/cipher_aes_gcm.h
514512 providers/implementations/ciphers/cipher_aes_xts.h
515513 providers/implementations/ciphers/cipher_aes_xts_fips.c
516514 providers/implementations/ciphers/cipher_aes_xts_hw.c
515 providers/implementations/ciphers/cipher_cts.c
516 providers/implementations/ciphers/cipher_cts.h
517517 providers/implementations/ciphers/cipher_tdes.c
518518 providers/implementations/ciphers/cipher_tdes.h
519519 providers/implementations/ciphers/cipher_tdes_common.c
+1
-1
providers/implementations/asymciphers/sm2_enc.c less more
109109 return 0;
110110
111111 if (out == NULL) {
112 if (!ossl_sm2_plaintext_size(psm2ctx->key, md, inlen, outlen))
112 if (!ossl_sm2_plaintext_size(in, inlen, outlen))
113113 return 0;
114114 return 1;
115115 }
+1
-1
providers/implementations/ciphers/build.info less more
4646 cipher_aes_wrp.c \
4747 cipher_aes_cbc_hmac_sha.c \
4848 cipher_aes_cbc_hmac_sha256_hw.c cipher_aes_cbc_hmac_sha1_hw.c \
49 cipher_aes_cts.c
49 cipher_cts.c
5050
5151 # Extra code to satisfy the FIPS and non-FIPS separation.
5252 # When the AES-xxx-XTS moves to legacy, cipher_aes_xts_fips.c can be removed.
+0
-361
providers/implementations/ciphers/cipher_aes_cts.c less more
0 /*
1 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 /*
10 * Helper functions for AES CBC CTS ciphers.
11 *
12 * The function dispatch tables are embedded into cipher_aes.c
13 * using cipher_aes_cts.inc
14 */
15
16 /*
17 * Refer to SP800-38A-Addendum
18 *
19 * Ciphertext stealing encrypts plaintext using a block cipher, without padding
20 * the message to a multiple of the block size, so the ciphertext is the same
21 * size as the plaintext.
22 * It does this by altering processing of the last two blocks of the message.
23 * The processing of all but the last two blocks is unchanged, but a portion of
24 * the second-last block's ciphertext is "stolen" to pad the last plaintext
25 * block. The padded final block is then encrypted as usual.
26 * The final ciphertext for the last two blocks, consists of the partial block
27 * (with the "stolen" portion omitted) plus the full final block,
28 * which are the same size as the original plaintext.
29 * Decryption requires decrypting the final block first, then restoring the
30 * stolen ciphertext to the partial block, which can then be decrypted as usual.
31
32 * AES_CBC_CTS has 3 variants:
33 * (1) CS1 The NIST variant.
34 * If the length is a multiple of the blocksize it is the same as CBC mode.
35 * otherwise it produces C1||C2||(C(n-1))*||Cn.
36 * Where C(n-1)* is a partial block.
37 * (2) CS2
38 * If the length is a multiple of the blocksize it is the same as CBC mode.
39 * otherwise it produces C1||C2||Cn||(C(n-1))*.
40 * Where C(n-1)* is a partial block.
41 * (3) CS3 The Kerberos5 variant.
42 * Produces C1||C2||Cn||(C(n-1))* regardless of the length.
43 * If the length is a multiple of the blocksize it looks similar to CBC mode
44 * with the last 2 blocks swapped.
45 * Otherwise it is the same as CS2.
46 */
47
48 #include "e_os.h" /* strcasecmp */
49 #include <openssl/core_names.h>
50 #include <openssl/aes.h>
51 #include "prov/ciphercommon.h"
52 #include "internal/nelem.h"
53 #include "cipher_aes_cts.h"
54
55 /* The value assigned to 0 is the default */
56 #define CTS_CS1 0
57 #define CTS_CS2 1
58 #define CTS_CS3 2
59
60 typedef union {
61 size_t align;
62 unsigned char c[AES_BLOCK_SIZE];
63 } aligned_16bytes;
64
65 typedef struct cts_mode_name2id_st {
66 unsigned int id;
67 const char *name;
68 } CTS_MODE_NAME2ID;
69
70 static CTS_MODE_NAME2ID cts_modes[] =
71 {
72 { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 },
73 { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 },
74 { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 },
75 };
76
77 const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id)
78 {
79 size_t i;
80
81 for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
82 if (cts_modes[i].id == id)
83 return cts_modes[i].name;
84 }
85 return NULL;
86 }
87
88 int ossl_aes_cbc_cts_mode_name2id(const char *name)
89 {
90 size_t i;
91
92 for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
93 if (strcasecmp(name, cts_modes[i].name) == 0)
94 return (int)cts_modes[i].id;
95 }
96 return -1;
97 }
98
99 static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
100 unsigned char *out, size_t len)
101 {
102 aligned_16bytes tmp_in;
103 size_t residue;
104
105 residue = len % AES_BLOCK_SIZE;
106 len -= residue;
107 if (!ctx->hw->cipher(ctx, out, in, len))
108 return 0;
109
110 if (residue == 0)
111 return len;
112
113 in += len;
114 out += len;
115
116 memset(tmp_in.c, 0, sizeof(tmp_in));
117 memcpy(tmp_in.c, in, residue);
118 if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE + residue, tmp_in.c,
119 AES_BLOCK_SIZE))
120 return 0;
121 return len + residue;
122 }
123
124 static void do_xor(const unsigned char *in1, const unsigned char *in2,
125 size_t len, unsigned char *out)
126 {
127 size_t i;
128
129 for (i = 0; i < len; ++i)
130 out[i] = in1[i] ^ in2[i];
131 }
132
133 static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
134 unsigned char *out, size_t len)
135 {
136 aligned_16bytes mid_iv, ct_mid, pt_last;
137 size_t residue;
138
139 residue = len % AES_BLOCK_SIZE;
140 if (residue == 0) {
141 /* If there are no partial blocks then it is the same as CBC mode */
142 if (!ctx->hw->cipher(ctx, out, in, len))
143 return 0;
144 return len;
145 }
146 /* Process blocks at the start - but leave the last 2 blocks */
147 len -= AES_BLOCK_SIZE + residue;
148 if (len > 0) {
149 if (!ctx->hw->cipher(ctx, out, in, len))
150 return 0;
151 in += len;
152 out += len;
153 }
154 /* Save the iv that will be used by the second last block */
155 memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE);
156
157 /* Decrypt the last block first using an iv of zero */
158 memset(ctx->iv, 0, AES_BLOCK_SIZE);
159 if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, AES_BLOCK_SIZE))
160 return 0;
161
162 /*
163 * Rebuild the ciphertext of the second last block as a combination of
164 * the decrypted last block + replace the start with the ciphertext bytes
165 * of the partial second last block.
166 */
167 memcpy(ct_mid.c, in, residue);
168 memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue);
169 /*
170 * Restore the last partial ciphertext block.
171 * Now that we have the cipher text of the second last block, apply
172 * that to the partial plaintext end block. We have already decrypted the
173 * block using an IV of zero. For decryption the IV is just XORed after
174 * doing an AES block - so just XOR in the cipher text.
175 */
176 do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE);
177
178 /* Restore the iv needed by the second last block */
179 memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE);
180 /*
181 * Decrypt the second last plaintext block now that we have rebuilt the
182 * ciphertext.
183 */
184 if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE))
185 return 0;
186
187 return len + AES_BLOCK_SIZE + residue;
188 }
189
190 static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
191 unsigned char *out, size_t len)
192 {
193 aligned_16bytes tmp_in;
194 size_t residue;
195
196 if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */
197 return 0;
198
199 residue = len % AES_BLOCK_SIZE;
200 if (residue == 0)
201 residue = AES_BLOCK_SIZE;
202 len -= residue;
203
204 if (!ctx->hw->cipher(ctx, out, in, len))
205 return 0;
206
207 in += len;
208 out += len;
209
210 memset(tmp_in.c, 0, sizeof(tmp_in));
211 memcpy(tmp_in.c, in, residue);
212 memcpy(out, out - AES_BLOCK_SIZE, residue);
213 if (!ctx->hw->cipher(ctx, out - AES_BLOCK_SIZE, tmp_in.c, AES_BLOCK_SIZE))
214 return 0;
215 return len + residue;
216 }
217
218 /*
219 * Note:
220 * The cipher text (in) is of the form C(0), C(1), ., C(n), C(n-1)* where
221 * C(n) is a full block and C(n-1)* can be a partial block
222 * (but could be a full block).
223 * This means that the output plaintext (out) needs to swap the plaintext of
224 * the last two decoded ciphertext blocks.
225 */
226 static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
227 unsigned char *out, size_t len)
228 {
229 aligned_16bytes mid_iv, ct_mid, pt_last;
230 size_t residue;
231
232 if (len <= AES_BLOCK_SIZE) /* CS3 requires 2 blocks */
233 return 0;
234
235 /* Process blocks at the start - but leave the last 2 blocks */
236 residue = len % AES_BLOCK_SIZE;
237 if (residue == 0)
238 residue = AES_BLOCK_SIZE;
239 len -= AES_BLOCK_SIZE + residue;
240
241 if (len > 0) {
242 if (!ctx->hw->cipher(ctx, out, in, len))
243 return 0;
244 in += len;
245 out += len;
246 }
247 /* Save the iv that will be used by the second last block */
248 memcpy(mid_iv.c, ctx->iv, AES_BLOCK_SIZE);
249
250 /* Decrypt the Cn block first using an iv of zero */
251 memset(ctx->iv, 0, AES_BLOCK_SIZE);
252 if (!ctx->hw->cipher(ctx, pt_last.c, in, AES_BLOCK_SIZE))
253 return 0;
254
255 /*
256 * Rebuild the ciphertext of C(n-1) as a combination of
257 * the decrypted C(n) block + replace the start with the ciphertext bytes
258 * of the partial last block.
259 */
260 memcpy(ct_mid.c, in + AES_BLOCK_SIZE, residue);
261 if (residue != AES_BLOCK_SIZE)
262 memcpy(ct_mid.c + residue, pt_last.c + residue, AES_BLOCK_SIZE - residue);
263 /*
264 * Restore the last partial ciphertext block.
265 * Now that we have the cipher text of the second last block, apply
266 * that to the partial plaintext end block. We have already decrypted the
267 * block using an IV of zero. For decryption the IV is just XORed after
268 * doing an AES block - so just XOR in the ciphertext.
269 */
270 do_xor(ct_mid.c, pt_last.c, residue, out + AES_BLOCK_SIZE);
271
272 /* Restore the iv needed by the second last block */
273 memcpy(ctx->iv, mid_iv.c, AES_BLOCK_SIZE);
274 /*
275 * Decrypt the second last plaintext block now that we have rebuilt the
276 * ciphertext.
277 */
278 if (!ctx->hw->cipher(ctx, out, ct_mid.c, AES_BLOCK_SIZE))
279 return 0;
280
281 return len + AES_BLOCK_SIZE + residue;
282 }
283
284 static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
285 unsigned char *out, size_t len)
286 {
287 if (len % AES_BLOCK_SIZE == 0) {
288 /* If there are no partial blocks then it is the same as CBC mode */
289 if (!ctx->hw->cipher(ctx, out, in, len))
290 return 0;
291 return len;
292 }
293 /* For partial blocks CS2 is equivalent to CS3 */
294 return cts128_cs3_encrypt(ctx, in, out, len);
295 }
296
297 static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
298 unsigned char *out, size_t len)
299 {
300 if (len % AES_BLOCK_SIZE == 0) {
301 /* If there are no partial blocks then it is the same as CBC mode */
302 if (!ctx->hw->cipher(ctx, out, in, len))
303 return 0;
304 return len;
305 }
306 /* For partial blocks CS2 is equivalent to CS3 */
307 return cts128_cs3_decrypt(ctx, in, out, len);
308 }
309
310 int ossl_aes_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
311 size_t outsize, const unsigned char *in,
312 size_t inl)
313 {
314 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
315 size_t sz = 0;
316
317 if (inl < AES_BLOCK_SIZE) /* There must be at least one block for CTS mode */
318 return 0;
319 if (outsize < inl)
320 return 0;
321 if (out == NULL) {
322 *outl = inl;
323 return 1;
324 }
325
326 /*
327 * Return an error if the update is called multiple times, only one shot
328 * is supported.
329 */
330 if (ctx->updated == 1)
331 return 0;
332
333 if (ctx->enc) {
334 if (ctx->cts_mode == CTS_CS1)
335 sz = cts128_cs1_encrypt(ctx, in, out, inl);
336 else if (ctx->cts_mode == CTS_CS2)
337 sz = cts128_cs2_encrypt(ctx, in, out, inl);
338 else if (ctx->cts_mode == CTS_CS3)
339 sz = cts128_cs3_encrypt(ctx, in, out, inl);
340 } else {
341 if (ctx->cts_mode == CTS_CS1)
342 sz = cts128_cs1_decrypt(ctx, in, out, inl);
343 else if (ctx->cts_mode == CTS_CS2)
344 sz = cts128_cs2_decrypt(ctx, in, out, inl);
345 else if (ctx->cts_mode == CTS_CS3)
346 sz = cts128_cs3_decrypt(ctx, in, out, inl);
347 }
348 if (sz == 0)
349 return 0;
350 ctx->updated = 1; /* Stop multiple updates being allowed */
351 *outl = sz;
352 return 1;
353 }
354
355 int ossl_aes_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl,
356 size_t outsize)
357 {
358 *outl = 0;
359 return 1;
360 }
+0
-16
providers/implementations/ciphers/cipher_aes_cts.h less more
0 /*
1 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 #include "crypto/evp.h"
10
11 OSSL_FUNC_cipher_update_fn ossl_aes_cbc_cts_block_update;
12 OSSL_FUNC_cipher_final_fn ossl_aes_cbc_cts_block_final;
13
14 const char *ossl_aes_cbc_cts_mode_id2name(unsigned int id);
15 int ossl_aes_cbc_cts_mode_name2id(const char *name);
+7
-43
providers/implementations/ciphers/cipher_aes_cts.inc less more
99 /* Dispatch functions for AES CBC CTS ciphers */
1010
1111 #include <openssl/proverr.h>
12 #include "cipher_aes_cts.h"
12 #include "cipher_cts.h"
1313
14 #define AES_CTS_FLAGS PROV_CIPHER_FLAG_CTS
14 #define CTS_FLAGS PROV_CIPHER_FLAG_CTS
1515
1616 static OSSL_FUNC_cipher_encrypt_init_fn aes_cbc_cts_einit;
1717 static OSSL_FUNC_cipher_decrypt_init_fn aes_cbc_cts_dinit;
4949
5050 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE);
5151 if (p != NULL) {
52 const char *name = ossl_aes_cbc_cts_mode_id2name(ctx->cts_mode);
52 const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode);
5353
5454 if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) {
5555 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
7373 if (p != NULL) {
7474 if (p->data_type != OSSL_PARAM_UTF8_STRING)
7575 goto err;
76 id = ossl_aes_cbc_cts_mode_name2id(p->data);
76 id = ossl_cipher_cbc_cts_mode_name2id(p->data);
7777 if (id < 0)
7878 goto err;
7979
8585 return 0;
8686 }
8787
88 /* NOTE: The underlying block cipher is AES CBC so we reuse most of the code */
89 #define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
90 blkbits, ivbits, typ) \
91 static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
92 static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
93 { \
94 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, flags, \
95 kbits, blkbits, ivbits); \
96 } \
97 const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \
98 { OSSL_FUNC_CIPHER_NEWCTX, \
99 (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
100 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
101 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
102 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))aes_cbc_cts_einit }, \
103 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))aes_cbc_cts_dinit }, \
104 { OSSL_FUNC_CIPHER_UPDATE, \
105 (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_update }, \
106 { OSSL_FUNC_CIPHER_FINAL, \
107 (void (*)(void)) ossl_##alg##_##lcmode##_cts_block_final }, \
108 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \
109 { OSSL_FUNC_CIPHER_GET_PARAMS, \
110 (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \
111 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
112 (void (*)(void))ossl_cipher_generic_gettable_params }, \
113 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
114 (void (*)(void))aes_cbc_cts_get_ctx_params }, \
115 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
116 (void (*)(void))aes_cbc_cts_set_ctx_params }, \
117 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
118 (void (*)(void))aes_cbc_cts_gettable_ctx_params }, \
119 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
120 (void (*)(void))aes_cbc_cts_settable_ctx_params }, \
121 { 0, NULL } \
122 };
123
12488 /* ossl_aes256cbc_cts_functions */
125 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 256, 128, 128, block)
89 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 256, 128, 128, block)
12690 /* ossl_aes192cbc_cts_functions */
127 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 192, 128, 128, block)
91 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 192, 128, 128, block)
12892 /* ossl_aes128cbc_cts_functions */
129 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, AES_CTS_FLAGS, 128, 128, 128, block)
93 IMPLEMENT_cts_cipher(aes, AES, cbc, CBC, CTS_FLAGS, 128, 128, 128, block)
+24
-10
providers/implementations/ciphers/cipher_aes_wrp.c less more
151151 return 0;
152152
153153 /* Input length must always be non-zero */
154 if (inlen == 0)
155 return -1;
154 if (inlen == 0) {
155 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
156 return -1;
157 }
156158
157159 /* If decrypting need at least 16 bytes and multiple of 8 */
158 if (!ctx->enc && (inlen < 16 || inlen & 0x7))
159 return -1;
160 if (!ctx->enc && (inlen < 16 || inlen & 0x7)) {
161 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
162 return -1;
163 }
160164
161165 /* If not padding input must be multiple of 8 */
162 if (!pad && inlen & 0x7)
163 return -1;
166 if (!pad && inlen & 0x7) {
167 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH);
168 return -1;
169 }
164170
165171 if (out == NULL) {
166172 if (ctx->enc) {
181187
182188 rv = wctx->wrapfn(&wctx->ks.ks, ctx->iv_set ? ctx->iv : NULL, out, in,
183189 inlen, ctx->block);
184 return rv ? (int)rv : -1;
190 if (!rv) {
191 ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
192 return -1;
193 }
194 if (rv > INT_MAX) {
195 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
196 return -1;
197 }
198 return (int)rv;
185199 }
186200
187201 static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl,
211225
212226 if (outsize < inl) {
213227 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
214 return -1;
228 return 0;
215229 }
216230
217231 len = aes_wrap_cipher_internal(ctx, out, in, inl);
218 if (len == 0)
219 return -1;
232 if (len <= 0)
233 return 0;
220234
221235 *outl = len;
222236 return 1;
+2
-1
providers/implementations/ciphers/cipher_camellia.c less more
00 /*
1 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
9090 /* ossl_camellia128ctr_functions */
9191 IMPLEMENT_generic_cipher(camellia, CAMELLIA, ctr, CTR, 0, 128, 8, 128, stream)
9292
93 #include "cipher_camellia_cts.inc"
+94
-0
providers/implementations/ciphers/cipher_camellia_cts.inc less more
0 /*
1 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 /* Dispatch functions for CAMELLIA CBC CTS ciphers */
10
11 #include <openssl/proverr.h>
12 #include "cipher_cts.h"
13
14 #define CTS_FLAGS PROV_CIPHER_FLAG_CTS
15
16 static OSSL_FUNC_cipher_encrypt_init_fn camellia_cbc_cts_einit;
17 static OSSL_FUNC_cipher_decrypt_init_fn camellia_cbc_cts_dinit;
18 static OSSL_FUNC_cipher_get_ctx_params_fn camellia_cbc_cts_get_ctx_params;
19 static OSSL_FUNC_cipher_set_ctx_params_fn camellia_cbc_cts_set_ctx_params;
20 static OSSL_FUNC_cipher_gettable_ctx_params_fn camellia_cbc_cts_gettable_ctx_params;
21 static OSSL_FUNC_cipher_settable_ctx_params_fn camellia_cbc_cts_settable_ctx_params;
22
23 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
24 OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
25 CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
26
27 static int camellia_cbc_cts_einit(void *ctx, const unsigned char *key, size_t keylen,
28 const unsigned char *iv, size_t ivlen,
29 const OSSL_PARAM params[])
30 {
31 if (!ossl_cipher_generic_einit(ctx, key, keylen, iv, ivlen, NULL))
32 return 0;
33 return camellia_cbc_cts_set_ctx_params(ctx, params);
34 }
35
36 static int camellia_cbc_cts_dinit(void *ctx, const unsigned char *key, size_t keylen,
37 const unsigned char *iv, size_t ivlen,
38 const OSSL_PARAM params[])
39 {
40 if (!ossl_cipher_generic_dinit(ctx, key, keylen, iv, ivlen, NULL))
41 return 0;
42 return camellia_cbc_cts_set_ctx_params(ctx, params);
43 }
44
45 static int camellia_cbc_cts_get_ctx_params(void *vctx, OSSL_PARAM params[])
46 {
47 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
48 OSSL_PARAM *p;
49
50 p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_CTS_MODE);
51 if (p != NULL) {
52 const char *name = ossl_cipher_cbc_cts_mode_id2name(ctx->cts_mode);
53
54 if (name == NULL || !OSSL_PARAM_set_utf8_string(p, name)) {
55 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
56 return 0;
57 }
58 }
59 return ossl_cipher_generic_get_ctx_params(vctx, params);
60 }
61
62 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(camellia_cbc_cts)
63 OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_CTS_MODE, NULL, 0),
64 CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(camellia_cbc_cts)
65
66 static int camellia_cbc_cts_set_ctx_params(void *vctx, const OSSL_PARAM params[])
67 {
68 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
69 const OSSL_PARAM *p;
70 int id;
71
72 p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_CTS_MODE);
73 if (p != NULL) {
74 if (p->data_type != OSSL_PARAM_UTF8_STRING)
75 goto err;
76 id = ossl_cipher_cbc_cts_mode_name2id(p->data);
77 if (id < 0)
78 goto err;
79
80 ctx->cts_mode = (unsigned int)id;
81 }
82 return ossl_cipher_generic_set_ctx_params(vctx, params);
83 err:
84 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
85 return 0;
86 }
87
88 /* ossl_camellia256cbc_cts_functions */
89 IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 256, 128, 128, block)
90 /* ossl_camellia192cbc_cts_functions */
91 IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 192, 128, 128, block)
92 /* ossl_camellia128cbc_cts_functions */
93 IMPLEMENT_cts_cipher(camellia, CAMELLIA, cbc, CBC, CTS_FLAGS, 128, 128, 128, block)
+379
-0
providers/implementations/ciphers/cipher_cts.c less more
0 /*
1 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 /*
10 * Helper functions for 128 bit CBC CTS ciphers (Currently AES and Camellia).
11 *
12 * The function dispatch tables are embedded into cipher_aes.c
13 * and cipher_camellia.c using cipher_aes_cts.inc and cipher_camellia_cts.inc
14 */
15
16 /*
17 * Refer to SP800-38A-Addendum
18 *
19 * Ciphertext stealing encrypts plaintext using a block cipher, without padding
20 * the message to a multiple of the block size, so the ciphertext is the same
21 * size as the plaintext.
22 * It does this by altering processing of the last two blocks of the message.
23 * The processing of all but the last two blocks is unchanged, but a portion of
24 * the second-last block's ciphertext is "stolen" to pad the last plaintext
25 * block. The padded final block is then encrypted as usual.
26 * The final ciphertext for the last two blocks, consists of the partial block
27 * (with the "stolen" portion omitted) plus the full final block,
28 * which are the same size as the original plaintext.
29 * Decryption requires decrypting the final block first, then restoring the
30 * stolen ciphertext to the partial block, which can then be decrypted as usual.
31
32 * AES_CBC_CTS has 3 variants:
33 * (1) CS1 The NIST variant.
34 * If the length is a multiple of the blocksize it is the same as CBC mode.
35 * otherwise it produces C1||C2||(C(n-1))*||Cn.
36 * Where C(n-1)* is a partial block.
37 * (2) CS2
38 * If the length is a multiple of the blocksize it is the same as CBC mode.
39 * otherwise it produces C1||C2||Cn||(C(n-1))*.
40 * Where C(n-1)* is a partial block.
41 * (3) CS3 The Kerberos5 variant.
42 * Produces C1||C2||Cn||(C(n-1))* regardless of the length.
43 * If the length is a multiple of the blocksize it looks similar to CBC mode
44 * with the last 2 blocks swapped.
45 * Otherwise it is the same as CS2.
46 */
47
48 #include "e_os.h" /* strcasecmp */
49 #include <openssl/core_names.h>
50 #include "prov/ciphercommon.h"
51 #include "internal/nelem.h"
52 #include "cipher_cts.h"
53
54 /* The value assigned to 0 is the default */
55 #define CTS_CS1 0
56 #define CTS_CS2 1
57 #define CTS_CS3 2
58
59 #define CTS_BLOCK_SIZE 16
60
61 typedef union {
62 size_t align;
63 unsigned char c[CTS_BLOCK_SIZE];
64 } aligned_16bytes;
65
66 typedef struct cts_mode_name2id_st {
67 unsigned int id;
68 const char *name;
69 } CTS_MODE_NAME2ID;
70
71 static CTS_MODE_NAME2ID cts_modes[] =
72 {
73 { CTS_CS1, OSSL_CIPHER_CTS_MODE_CS1 },
74 { CTS_CS2, OSSL_CIPHER_CTS_MODE_CS2 },
75 { CTS_CS3, OSSL_CIPHER_CTS_MODE_CS3 },
76 };
77
78 const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id)
79 {
80 size_t i;
81
82 for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
83 if (cts_modes[i].id == id)
84 return cts_modes[i].name;
85 }
86 return NULL;
87 }
88
89 int ossl_cipher_cbc_cts_mode_name2id(const char *name)
90 {
91 size_t i;
92
93 for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
94 if (strcasecmp(name, cts_modes[i].name) == 0)
95 return (int)cts_modes[i].id;
96 }
97 return -1;
98 }
99
100 static size_t cts128_cs1_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
101 unsigned char *out, size_t len)
102 {
103 aligned_16bytes tmp_in;
104 size_t residue;
105
106 residue = len % CTS_BLOCK_SIZE;
107 len -= residue;
108 if (!ctx->hw->cipher(ctx, out, in, len))
109 return 0;
110
111 if (residue == 0)
112 return len;
113
114 in += len;
115 out += len;
116
117 memset(tmp_in.c, 0, sizeof(tmp_in));
118 memcpy(tmp_in.c, in, residue);
119 if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE + residue, tmp_in.c,
120 CTS_BLOCK_SIZE))
121 return 0;
122 return len + residue;
123 }
124
125 static void do_xor(const unsigned char *in1, const unsigned char *in2,
126 size_t len, unsigned char *out)
127 {
128 size_t i;
129
130 for (i = 0; i < len; ++i)
131 out[i] = in1[i] ^ in2[i];
132 }
133
134 static size_t cts128_cs1_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
135 unsigned char *out, size_t len)
136 {
137 aligned_16bytes mid_iv, ct_mid, cn, pt_last;
138 size_t residue;
139
140 residue = len % CTS_BLOCK_SIZE;
141 if (residue == 0) {
142 /* If there are no partial blocks then it is the same as CBC mode */
143 if (!ctx->hw->cipher(ctx, out, in, len))
144 return 0;
145 return len;
146 }
147 /* Process blocks at the start - but leave the last 2 blocks */
148 len -= CTS_BLOCK_SIZE + residue;
149 if (len > 0) {
150 if (!ctx->hw->cipher(ctx, out, in, len))
151 return 0;
152 in += len;
153 out += len;
154 }
155 /* Save the iv that will be used by the second last block */
156 memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE);
157 /* Save the C(n) block */
158 memcpy(cn.c, in + residue, CTS_BLOCK_SIZE);
159
160 /* Decrypt the last block first using an iv of zero */
161 memset(ctx->iv, 0, CTS_BLOCK_SIZE);
162 if (!ctx->hw->cipher(ctx, pt_last.c, in + residue, CTS_BLOCK_SIZE))
163 return 0;
164
165 /*
166 * Rebuild the ciphertext of the second last block as a combination of
167 * the decrypted last block + replace the start with the ciphertext bytes
168 * of the partial second last block.
169 */
170 memcpy(ct_mid.c, in, residue);
171 memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue);
172 /*
173 * Restore the last partial ciphertext block.
174 * Now that we have the cipher text of the second last block, apply
175 * that to the partial plaintext end block. We have already decrypted the
176 * block using an IV of zero. For decryption the IV is just XORed after
177 * doing an Cipher CBC block - so just XOR in the cipher text.
178 */
179 do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE);
180
181 /* Restore the iv needed by the second last block */
182 memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE);
183
184 /*
185 * Decrypt the second last plaintext block now that we have rebuilt the
186 * ciphertext.
187 */
188 if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE))
189 return 0;
190
191 /* The returned iv is the C(n) block */
192 memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE);
193 return len + CTS_BLOCK_SIZE + residue;
194 }
195
196 static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
197 unsigned char *out, size_t len)
198 {
199 aligned_16bytes tmp_in;
200 size_t residue;
201
202 if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */
203 return 0;
204
205 /* If we only have one block then just process the aligned block */
206 if (len == CTS_BLOCK_SIZE)
207 return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
208
209 residue = len % CTS_BLOCK_SIZE;
210 if (residue == 0)
211 residue = CTS_BLOCK_SIZE;
212 len -= residue;
213
214 if (!ctx->hw->cipher(ctx, out, in, len))
215 return 0;
216
217 in += len;
218 out += len;
219
220 memset(tmp_in.c, 0, sizeof(tmp_in));
221 memcpy(tmp_in.c, in, residue);
222 memcpy(out, out - CTS_BLOCK_SIZE, residue);
223 if (!ctx->hw->cipher(ctx, out - CTS_BLOCK_SIZE, tmp_in.c, CTS_BLOCK_SIZE))
224 return 0;
225 return len + residue;
226 }
227
228 /*
229 * Note:
230 * The cipher text (in) is of the form C(0), C(1), ., C(n), C(n-1)* where
231 * C(n) is a full block and C(n-1)* can be a partial block
232 * (but could be a full block).
233 * This means that the output plaintext (out) needs to swap the plaintext of
234 * the last two decoded ciphertext blocks.
235 */
236 static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
237 unsigned char *out, size_t len)
238 {
239 aligned_16bytes mid_iv, ct_mid, cn, pt_last;
240 size_t residue;
241
242 if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */
243 return 0;
244
245 /* If we only have one block then just process the aligned block */
246 if (len == CTS_BLOCK_SIZE)
247 return ctx->hw->cipher(ctx, out, in, len) ? len : 0;
248
249 /* Process blocks at the start - but leave the last 2 blocks */
250 residue = len % CTS_BLOCK_SIZE;
251 if (residue == 0)
252 residue = CTS_BLOCK_SIZE;
253 len -= CTS_BLOCK_SIZE + residue;
254
255 if (len > 0) {
256 if (!ctx->hw->cipher(ctx, out, in, len))
257 return 0;
258 in += len;
259 out += len;
260 }
261 /* Save the iv that will be used by the second last block */
262 memcpy(mid_iv.c, ctx->iv, CTS_BLOCK_SIZE);
263 /* Save the C(n) block : For CS3 it is C(1)||...||C(n-2)||C(n)||C(n-1)* */
264 memcpy(cn.c, in, CTS_BLOCK_SIZE);
265
266 /* Decrypt the C(n) block first using an iv of zero */
267 memset(ctx->iv, 0, CTS_BLOCK_SIZE);
268 if (!ctx->hw->cipher(ctx, pt_last.c, in, CTS_BLOCK_SIZE))
269 return 0;
270
271 /*
272 * Rebuild the ciphertext of C(n-1) as a combination of
273 * the decrypted C(n) block + replace the start with the ciphertext bytes
274 * of the partial last block.
275 */
276 memcpy(ct_mid.c, in + CTS_BLOCK_SIZE, residue);
277 if (residue != CTS_BLOCK_SIZE)
278 memcpy(ct_mid.c + residue, pt_last.c + residue, CTS_BLOCK_SIZE - residue);
279 /*
280 * Restore the last partial ciphertext block.
281 * Now that we have the cipher text of the second last block, apply
282 * that to the partial plaintext end block. We have already decrypted the
283 * block using an IV of zero. For decryption the IV is just XORed after
284 * doing an AES block - so just XOR in the ciphertext.
285 */
286 do_xor(ct_mid.c, pt_last.c, residue, out + CTS_BLOCK_SIZE);
287
288 /* Restore the iv needed by the second last block */
289 memcpy(ctx->iv, mid_iv.c, CTS_BLOCK_SIZE);
290 /*
291 * Decrypt the second last plaintext block now that we have rebuilt the
292 * ciphertext.
293 */
294 if (!ctx->hw->cipher(ctx, out, ct_mid.c, CTS_BLOCK_SIZE))
295 return 0;
296
297 /* The returned iv is the C(n) block */
298 memcpy(ctx->iv, cn.c, CTS_BLOCK_SIZE);
299 return len + CTS_BLOCK_SIZE + residue;
300 }
301
302 static size_t cts128_cs2_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
303 unsigned char *out, size_t len)
304 {
305 if (len % CTS_BLOCK_SIZE == 0) {
306 /* If there are no partial blocks then it is the same as CBC mode */
307 if (!ctx->hw->cipher(ctx, out, in, len))
308 return 0;
309 return len;
310 }
311 /* For partial blocks CS2 is equivalent to CS3 */
312 return cts128_cs3_encrypt(ctx, in, out, len);
313 }
314
315 static size_t cts128_cs2_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in,
316 unsigned char *out, size_t len)
317 {
318 if (len % CTS_BLOCK_SIZE == 0) {
319 /* If there are no partial blocks then it is the same as CBC mode */
320 if (!ctx->hw->cipher(ctx, out, in, len))
321 return 0;
322 return len;
323 }
324 /* For partial blocks CS2 is equivalent to CS3 */
325 return cts128_cs3_decrypt(ctx, in, out, len);
326 }
327
328 int ossl_cipher_cbc_cts_block_update(void *vctx, unsigned char *out, size_t *outl,
329 size_t outsize, const unsigned char *in,
330 size_t inl)
331 {
332 PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
333 size_t sz = 0;
334
335 if (inl < CTS_BLOCK_SIZE) /* There must be at least one block for CTS mode */
336 return 0;
337 if (outsize < inl)
338 return 0;
339 if (out == NULL) {
340 *outl = inl;
341 return 1;
342 }
343
344 /*
345 * Return an error if the update is called multiple times, only one shot
346 * is supported.
347 */
348 if (ctx->updated == 1)
349 return 0;
350
351 if (ctx->enc) {
352 if (ctx->cts_mode == CTS_CS1)
353 sz = cts128_cs1_encrypt(ctx, in, out, inl);
354 else if (ctx->cts_mode == CTS_CS2)
355 sz = cts128_cs2_encrypt(ctx, in, out, inl);
356 else if (ctx->cts_mode == CTS_CS3)
357 sz = cts128_cs3_encrypt(ctx, in, out, inl);
358 } else {
359 if (ctx->cts_mode == CTS_CS1)
360 sz = cts128_cs1_decrypt(ctx, in, out, inl);
361 else if (ctx->cts_mode == CTS_CS2)
362 sz = cts128_cs2_decrypt(ctx, in, out, inl);
363 else if (ctx->cts_mode == CTS_CS3)
364 sz = cts128_cs3_decrypt(ctx, in, out, inl);
365 }
366 if (sz == 0)
367 return 0;
368 ctx->updated = 1; /* Stop multiple updates being allowed */
369 *outl = sz;
370 return 1;
371 }
372
373 int ossl_cipher_cbc_cts_block_final(void *vctx, unsigned char *out, size_t *outl,
374 size_t outsize)
375 {
376 *outl = 0;
377 return 1;
378 }
+52
-0
providers/implementations/ciphers/cipher_cts.h less more
0 /*
1 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 #include "crypto/evp.h"
10
11 /* NOTE: The underlying block cipher is CBC so we reuse most of the code */
12 #define IMPLEMENT_cts_cipher(alg, UCALG, lcmode, UCMODE, flags, kbits, \
13 blkbits, ivbits, typ) \
14 static OSSL_FUNC_cipher_get_params_fn alg##_##kbits##_##lcmode##_get_params; \
15 static int alg##_cts_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
16 { \
17 return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
18 flags, kbits, blkbits, ivbits); \
19 } \
20 const OSSL_DISPATCH ossl_##alg##kbits##lcmode##_cts_functions[] = { \
21 { OSSL_FUNC_CIPHER_NEWCTX, \
22 (void (*)(void)) alg##_##kbits##_##lcmode##_newctx }, \
23 { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void)) alg##_freectx }, \
24 { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void)) alg##_dupctx }, \
25 { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void)) alg##_cbc_cts_einit }, \
26 { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void)) alg##_cbc_cts_dinit }, \
27 { OSSL_FUNC_CIPHER_UPDATE, \
28 (void (*)(void)) ossl_cipher_cbc_cts_block_update }, \
29 { OSSL_FUNC_CIPHER_FINAL, \
30 (void (*)(void)) ossl_cipher_cbc_cts_block_final }, \
31 { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))ossl_cipher_generic_cipher }, \
32 { OSSL_FUNC_CIPHER_GET_PARAMS, \
33 (void (*)(void)) alg##_cts_##kbits##_##lcmode##_get_params }, \
34 { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
35 (void (*)(void))ossl_cipher_generic_gettable_params }, \
36 { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
37 (void (*)(void)) alg##_cbc_cts_get_ctx_params }, \
38 { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
39 (void (*)(void)) alg##_cbc_cts_set_ctx_params }, \
40 { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
41 (void (*)(void)) alg##_cbc_cts_gettable_ctx_params }, \
42 { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
43 (void (*)(void)) alg##_cbc_cts_settable_ctx_params }, \
44 { 0, NULL } \
45 };
46
47 OSSL_FUNC_cipher_update_fn ossl_cipher_cbc_cts_block_update;
48 OSSL_FUNC_cipher_final_fn ossl_cipher_cbc_cts_block_final;
49
50 const char *ossl_cipher_cbc_cts_mode_id2name(unsigned int id);
51 int ossl_cipher_cbc_cts_mode_name2id(const char *name);
+5
-4
providers/implementations/encode_decode/decode_pem2der.c less more
122122 * though there is no provider interface to handle such objects, yet.
123123 * However, this is beneficial for the OSSL_STORE result handler.
124124 */
125 { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, NULL },
126 { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, NULL },
127 { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, NULL },
128 { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, NULL }
125 { PEM_STRING_X509, OSSL_OBJECT_CERT, NULL, "Certificate" },
126 { PEM_STRING_X509_TRUSTED, OSSL_OBJECT_CERT, NULL, "Certificate" },
127 { PEM_STRING_X509_OLD, OSSL_OBJECT_CERT, NULL, "Certificate" },
128 { PEM_STRING_X509_CRL, OSSL_OBJECT_CRL, NULL, "CertificateList" }
129129 };
130130 struct pem2der_ctx_st *ctx = vctx;
131131 char *pem_name = NULL, *pem_header = NULL;
177177 char *data_type = (char *)pem_name_map[i].data_type;
178178 char *data_structure = (char *)pem_name_map[i].data_structure;
179179
180 objtype = pem_name_map[i].object_type;
180181 if (data_type != NULL)
181182 *p++ =
182183 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
+35
-1
providers/implementations/encode_decode/encode_key2any.c less more
166166 * key_to_epki_* produce encoded output with the private key data in a
167167 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
168168 * that there's an intent to encrypt, anything else is an error.
169 * They are currently only called from the corresponding key_to_pki_ function.
170169 *
171170 * key_to_pki_* primarly produce encoded output with the private key data
172171 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
509508 return ret;
510509 }
511510
511 # define dh_epki_priv_to_der dh_pki_priv_to_der
512
512513 static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder)
513514 {
514515 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
621622 ASN1_STRING_clear_free(priv_key);
622623 return ret;
623624 }
625
626 # define dsa_epki_priv_to_der dsa_pki_priv_to_der
624627
625628 # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey
626629 # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey
720723 return ret; /* return the length of the der encoded data */
721724 }
722725
726 # define ec_epki_priv_to_der ec_pki_priv_to_der
727
723728 # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters
724729 # define ec_type_specific_pub_to_der (i2d_of_void *)i2o_ECPublicKey
725730 # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey
784789
785790 return keybloblen;
786791 }
792
793 # define ecx_epki_priv_to_der ecx_pki_priv_to_der
787794
788795 /*
789796 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
888895 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
889896 */
890897 #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
898 #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der
891899 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
892900 #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
893901 #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
11141122 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
11151123 #define DO_PrivateKeyInfo(impl, type, output) \
11161124 DO_PRIVATE_KEY(impl, type, pki, output)
1125
1126 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1127 #define DO_EncryptedPrivateKeyInfo(impl, type, output) \
1128 DO_PRIVATE_KEY(impl, type, epki, output)
11171129
11181130 /* SubjectPublicKeyInfo is a structure for public keys only */
11191131 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
13271339 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
13281340 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
13291341 */
1342 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der);
1343 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem);
13301344 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der);
13311345 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem);
13321346 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
13331347 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
1348 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der);
1349 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem);
13341350 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der);
13351351 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem);
13361352 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
13371353 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
13381354 #ifndef OPENSSL_NO_DH
1355 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der);
1356 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem);
13391357 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der);
13401358 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem);
13411359 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
13421360 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
1361 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der);
1362 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem);
13431363 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der);
13441364 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem);
13451365 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
13461366 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
13471367 #endif
13481368 #ifndef OPENSSL_NO_DSA
1369 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der);
1370 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem);
13491371 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der);
13501372 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem);
13511373 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
13521374 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
13531375 #endif
13541376 #ifndef OPENSSL_NO_EC
1377 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
1378 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
13551379 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
13561380 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
13571381 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
13581382 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
13591383 # ifndef OPENSSL_NO_SM2
1384 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
1385 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
13601386 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
13611387 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
13621388 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
13631389 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
13641390 # endif
1391 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der);
1392 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem);
13651393 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der);
13661394 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem);
13671395 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
13681396 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
1397 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
1398 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
13691399 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
13701400 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
13711401 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
13721402 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
1403 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der);
1404 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem);
13731405 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der);
13741406 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem);
13751407 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
13761408 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
1409 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
1410 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
13771411 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
13781412 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
13791413 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
+2
-2
providers/implementations/encode_decode/encode_key2text.c less more
632632 {
633633 const RSA *rsa = key;
634634 const char *type_label = "RSA key";
635 const char *modulus_label;
636 const char *exponent_label;
635 const char *modulus_label = NULL;
636 const char *exponent_label = NULL;
637637 const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
638638 STACK_OF(BIGNUM_const) *factors = NULL;
639639 STACK_OF(BIGNUM_const) *exps = NULL;
+2
-3
providers/implementations/exchange/dh_exch.c less more
237237 return 0;
238238 }
239239
240
241240 static void dh_freectx(void *vpdhctx)
242241 {
243242 PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx;
270269 dstctx->kdf_ukm = NULL;
271270 dstctx->kdf_cekalg = NULL;
272271
273 if (dstctx->dh != NULL && !DH_up_ref(srcctx->dh))
272 if (srcctx->dh != NULL && !DH_up_ref(srcctx->dh))
274273 goto err;
275274 else
276275 dstctx->dh = srcctx->dh;
277276
278 if (dstctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer))
277 if (srcctx->dhpeer != NULL && !DH_up_ref(srcctx->dhpeer))
279278 goto err;
280279 else
281280 dstctx->dhpeer = srcctx->dhpeer;
+26
-0
providers/implementations/include/prov/implementations.h less more
128128 extern const OSSL_DISPATCH ossl_camellia256cbc_functions[];
129129 extern const OSSL_DISPATCH ossl_camellia192cbc_functions[];
130130 extern const OSSL_DISPATCH ossl_camellia128cbc_functions[];
131 extern const OSSL_DISPATCH ossl_camellia256cbc_cts_functions[];
132 extern const OSSL_DISPATCH ossl_camellia192cbc_cts_functions[];
133 extern const OSSL_DISPATCH ossl_camellia128cbc_cts_functions[];
131134 extern const OSSL_DISPATCH ossl_camellia256ofb_functions[];
132135 extern const OSSL_DISPATCH ossl_camellia192ofb_functions[];
133136 extern const OSSL_DISPATCH ossl_camellia128ofb_functions[];
256259 #endif
257260 extern const OSSL_DISPATCH ossl_kdf_tls1_prf_functions[];
258261 extern const OSSL_DISPATCH ossl_kdf_hkdf_functions[];
262 extern const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[];
259263 extern const OSSL_DISPATCH ossl_kdf_sshkdf_functions[];
260264 extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[];
261265 extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[];
322326 /* Encoders */
323327 extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_der_encoder_functions[];
324328 extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_pem_encoder_functions[];
329 extern const OSSL_DISPATCH ossl_rsa_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
330 extern const OSSL_DISPATCH ossl_rsa_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
325331 extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_der_encoder_functions[];
326332 extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_pem_encoder_functions[];
327333 extern const OSSL_DISPATCH ossl_rsa_to_RSA_der_encoder_functions[];
336342
337343 extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_der_encoder_functions[];
338344 extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_pem_encoder_functions[];
345 extern const OSSL_DISPATCH ossl_rsapss_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
346 extern const OSSL_DISPATCH ossl_rsapss_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
339347 extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_der_encoder_functions[];
340348 extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_pem_encoder_functions[];
341349 extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_der_encoder_functions[];
346354 extern const OSSL_DISPATCH ossl_dh_to_DH_pem_encoder_functions[];
347355 extern const OSSL_DISPATCH ossl_dh_to_PKCS3_der_encoder_functions[];
348356 extern const OSSL_DISPATCH ossl_dh_to_PKCS3_pem_encoder_functions[];
357 extern const OSSL_DISPATCH ossl_dh_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
358 extern const OSSL_DISPATCH ossl_dh_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
349359 extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_der_encoder_functions[];
350360 extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_pem_encoder_functions[];
351361 extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_der_encoder_functions[];
356366
357367 extern const OSSL_DISPATCH ossl_dhx_to_DHX_der_encoder_functions[];
358368 extern const OSSL_DISPATCH ossl_dhx_to_DHX_pem_encoder_functions[];
369 extern const OSSL_DISPATCH ossl_dhx_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
370 extern const OSSL_DISPATCH ossl_dhx_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
359371 extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_der_encoder_functions[];
360372 extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_pem_encoder_functions[];
361373 extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_der_encoder_functions[];
368380
369381 extern const OSSL_DISPATCH ossl_dsa_to_DSA_der_encoder_functions[];
370382 extern const OSSL_DISPATCH ossl_dsa_to_DSA_pem_encoder_functions[];
383 extern const OSSL_DISPATCH ossl_dsa_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
384 extern const OSSL_DISPATCH ossl_dsa_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
371385 extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_der_encoder_functions[];
372386 extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_pem_encoder_functions[];
373387 extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_der_encoder_functions[];
381395 extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[];
382396 extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[];
383397 extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[];
398 extern const OSSL_DISPATCH ossl_ec_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
399 extern const OSSL_DISPATCH ossl_ec_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
384400 extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_der_encoder_functions[];
385401 extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_pem_encoder_functions[];
386402 extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[];
395411 extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[];
396412 extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[];
397413 extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[];
414 extern const OSSL_DISPATCH ossl_sm2_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
415 extern const OSSL_DISPATCH ossl_sm2_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
398416 extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_der_encoder_functions[];
399417 extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_pem_encoder_functions[];
400418 extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[];
404422 extern const OSSL_DISPATCH ossl_sm2_to_text_encoder_functions[];
405423 #endif
406424
425 extern const OSSL_DISPATCH ossl_ed25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
426 extern const OSSL_DISPATCH ossl_ed25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
407427 extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_der_encoder_functions[];
408428 extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_pem_encoder_functions[];
409429 extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[];
411431 extern const OSSL_DISPATCH ossl_ed25519_to_OSSL_current_der_encoder_functions[];
412432 extern const OSSL_DISPATCH ossl_ed25519_to_text_encoder_functions[];
413433
434 extern const OSSL_DISPATCH ossl_ed448_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
435 extern const OSSL_DISPATCH ossl_ed448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
414436 extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_der_encoder_functions[];
415437 extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_pem_encoder_functions[];
416438 extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[];
418440 extern const OSSL_DISPATCH ossl_ed448_to_OSSL_current_der_encoder_functions[];
419441 extern const OSSL_DISPATCH ossl_ed448_to_text_encoder_functions[];
420442
443 extern const OSSL_DISPATCH ossl_x25519_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
444 extern const OSSL_DISPATCH ossl_x25519_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
421445 extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_der_encoder_functions[];
422446 extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_pem_encoder_functions[];
423447 extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_der_encoder_functions[];
425449 extern const OSSL_DISPATCH ossl_x25519_to_OSSL_current_der_encoder_functions[];
426450 extern const OSSL_DISPATCH ossl_x25519_to_text_encoder_functions[];
427451
452 extern const OSSL_DISPATCH ossl_x448_to_EncryptedPrivateKeyInfo_der_encoder_functions[];
453 extern const OSSL_DISPATCH ossl_x448_to_EncryptedPrivateKeyInfo_pem_encoder_functions[];
428454 extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_der_encoder_functions[];
429455 extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_pem_encoder_functions[];
430456 extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_der_encoder_functions[];
+4
-0
providers/implementations/include/prov/names.h less more
129129 #define PROV_NAMES_CAMELLIA_256_CBC "CAMELLIA-256-CBC:CAMELLIA256:1.2.392.200011.61.1.1.1.4"
130130 #define PROV_NAMES_CAMELLIA_192_CBC "CAMELLIA-192-CBC:CAMELLIA192:1.2.392.200011.61.1.1.1.3"
131131 #define PROV_NAMES_CAMELLIA_128_CBC "CAMELLIA-128-CBC:CAMELLIA128:1.2.392.200011.61.1.1.1.2"
132 #define PROV_NAMES_CAMELLIA_256_CBC_CTS "CAMELLIA-256-CBC-CTS"
133 #define PROV_NAMES_CAMELLIA_192_CBC_CTS "CAMELLIA-192-CBC-CTS"
134 #define PROV_NAMES_CAMELLIA_128_CBC_CTS "CAMELLIA-128-CBC-CTS"
132135 #define PROV_NAMES_CAMELLIA_256_OFB "CAMELLIA-256-OFB:0.3.4401.5.3.1.9.43"
133136 #define PROV_NAMES_CAMELLIA_192_OFB "CAMELLIA-192-OFB:0.3.4401.5.3.1.9.23"
134137 #define PROV_NAMES_CAMELLIA_128_OFB "CAMELLIA-128-OFB:0.3.4401.5.3.1.9.3"
248251 */
249252 #define PROV_NAMES_HKDF "HKDF"
250253 #define PROV_DESCS_HKDF_SIGN "OpenSSL HKDF via EVP_PKEY implementation"
254 #define PROV_NAMES_TLS1_3_KDF "TLS13-KDF"
251255 #define PROV_NAMES_SSKDF "SSKDF"
252256 #define PROV_NAMES_PBKDF1 "PBKDF1"
253257 #define PROV_NAMES_PBKDF2 "PBKDF2:1.2.840.113549.1.5.12"
+253
-10
providers/implementations/kdfs/hkdf.c less more
2222 #include <openssl/proverr.h>
2323 #include "internal/cryptlib.h"
2424 #include "internal/numbers.h"
25 #include "internal/packet.h"
2526 #include "crypto/evp.h"
2627 #include "prov/provider_ctx.h"
2728 #include "prov/providercommon.h"
3940 static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
4041 static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
4142 static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
43 static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
44 static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
45 static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
4246
4347 static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md,
4448 const unsigned char *salt, size_t salt_len,
5458 const unsigned char *info, size_t info_len,
5559 unsigned char *okm, size_t okm_len);
5660
61 /* Settable context parameters that are common across HKDF and the TLS KDF */
62 #define HKDF_COMMON_SETTABLES \
63 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), \
64 OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL), \
65 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \
66 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \
67 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \
68 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0)
69
5770 typedef struct {
5871 void *provctx;
5972 int mode;
6275 size_t salt_len;
6376 unsigned char *key;
6477 size_t key_len;
78 unsigned char *prefix;
79 size_t prefix_len;
80 unsigned char *label;
81 size_t label_len;
82 unsigned char *data;
83 size_t data_len;
6584 unsigned char info[HKDF_MAXBUF];
6685 size_t info_len;
6786 } KDF_HKDF;
97116
98117 ossl_prov_digest_reset(&ctx->digest);
99118 OPENSSL_free(ctx->salt);
119 OPENSSL_free(ctx->prefix);
120 OPENSSL_free(ctx->label);
121 OPENSSL_clear_free(ctx->data, ctx->data_len);
100122 OPENSSL_clear_free(ctx->key, ctx->key_len);
101123 OPENSSL_cleanse(ctx->info, ctx->info_len);
102124 memset(ctx, 0, sizeof(*ctx));
162184 }
163185 }
164186
165 static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
166 {
187 static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[])
188 {
189 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
167190 const OSSL_PARAM *p;
168 KDF_HKDF *ctx = vctx;
169 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
170191 int n;
171192
172193 if (params == NULL)
218239 return 0;
219240 }
220241 }
242
243 return 1;
244 }
245
246 static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
247 {
248 const OSSL_PARAM *p;
249 KDF_HKDF *ctx = vctx;
250
251 if (params == NULL)
252 return 1;
253
254 if (!hkdf_common_set_ctx_params(ctx, params))
255 return 0;
256
221257 /* The info fields concatenate, so process them all */
222258 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) {
223259 ctx->info_len = 0;
242278 ossl_unused void *provctx)
243279 {
244280 static const OSSL_PARAM known_settable_ctx_params[] = {
245 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0),
246 OSSL_PARAM_int(OSSL_KDF_PARAM_MODE, NULL),
247 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
248 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0),
249 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0),
250 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0),
281 HKDF_COMMON_SETTABLES,
251282 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
252283 OSSL_PARAM_END
253284 };
495526 HMAC_CTX_free(hmac);
496527 return ret;
497528 }
529
530 /*
531 * TLS uses slight variations of the above and for FIPS validation purposes,
532 * they need to be present here.
533 * Refer to RFC 8446 section 7 for specific details.
534 */
535
536 /*
537 * Given a |secret|; a |label| of length |labellen|; and |data| of length
538 * |datalen| (e.g. typically a hash of the handshake messages), derive a new
539 * secret |outlen| bytes long and store it in the location pointed to be |out|.
540 * The |data| value may be zero length. Returns 1 on success and 0 on failure.
541 */
542 static int prov_tls13_hkdf_expand(const EVP_MD *md,
543 const unsigned char *key, size_t keylen,
544 const unsigned char *prefix, size_t prefixlen,
545 const unsigned char *label, size_t labellen,
546 const unsigned char *data, size_t datalen,
547 unsigned char *out, size_t outlen)
548 {
549 size_t hkdflabellen;
550 unsigned char hkdflabel[HKDF_MAXBUF];
551 WPACKET pkt;
552
553 /*
554 * 2 bytes for length of derived secret + 1 byte for length of combined
555 * prefix and label + bytes for the label itself + 1 byte length of hash
556 * + bytes for the hash itself. We've got the maximum the KDF can handle
557 * which should always be sufficient.
558 */
559 if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
560 || !WPACKET_put_bytes_u16(&pkt, outlen)
561 || !WPACKET_start_sub_packet_u8(&pkt)
562 || !WPACKET_memcpy(&pkt, prefix, prefixlen)
563 || !WPACKET_memcpy(&pkt, label, labellen)
564 || !WPACKET_close(&pkt)
565 || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
566 || !WPACKET_get_total_written(&pkt, &hkdflabellen)
567 || !WPACKET_finish(&pkt)) {
568 WPACKET_cleanup(&pkt);
569 return 0;
570 }
571
572 return HKDF_Expand(md, key, keylen, hkdflabel, hkdflabellen,
573 out, outlen);
574 }
575
576 static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
577 const EVP_MD *md,
578 const unsigned char *prevsecret,
579 size_t prevsecretlen,
580 const unsigned char *insecret,
581 size_t insecretlen,
582 const unsigned char *prefix,
583 size_t prefixlen,
584 const unsigned char *label,
585 size_t labellen,
586 unsigned char *out, size_t outlen)
587 {
588 size_t mdlen;
589 int ret;
590 unsigned char preextractsec[EVP_MAX_MD_SIZE];
591 /* Always filled with zeros */
592 static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
593
594 ret = EVP_MD_get_size(md);
595 /* Ensure cast to size_t is safe */
596 if (ret <= 0)
597 return 0;
598 mdlen = (size_t)ret;
599
600 if (insecret == NULL) {
601 insecret = default_zeros;
602 insecretlen = mdlen;
603 }
604 if (prevsecret == NULL) {
605 prevsecret = default_zeros;
606 prevsecretlen = 0;
607 } else {
608 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
609 unsigned char hash[EVP_MAX_MD_SIZE];
610
611 /* The pre-extract derive step uses a hash of no messages */
612 if (mctx == NULL
613 || EVP_DigestInit_ex(mctx, md, NULL) <= 0
614 || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
615 EVP_MD_CTX_free(mctx);
616 return 0;
617 }
618 EVP_MD_CTX_free(mctx);
619
620 /* Generate the pre-extract secret */
621 if (!prov_tls13_hkdf_expand(md, prevsecret, mdlen,
622 prefix, prefixlen, label, labellen,
623 hash, mdlen, preextractsec, mdlen))
624 return 0;
625 prevsecret = preextractsec;
626 prevsecretlen = mdlen;
627 }
628
629 ret = HKDF_Extract(libctx, md, prevsecret, prevsecretlen,
630 insecret, insecretlen, out, outlen);
631
632 if (prevsecret == preextractsec)
633 OPENSSL_cleanse(preextractsec, mdlen);
634 return ret;
635 }
636
637 static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
638 const OSSL_PARAM params[])
639 {
640 KDF_HKDF *ctx = (KDF_HKDF *)vctx;
641 const EVP_MD *md;
642
643 if (!ossl_prov_is_running() || !kdf_tls1_3_set_ctx_params(ctx, params))
644 return 0;
645
646 md = ossl_prov_digest_md(&ctx->digest);
647 if (md == NULL) {
648 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
649 return 0;
650 }
651
652 switch (ctx->mode) {
653 default:
654 return 0;
655
656 case EVP_KDF_HKDF_MODE_EXTRACT_ONLY:
657 return prov_tls13_hkdf_generate_secret(PROV_LIBCTX_OF(ctx->provctx),
658 md,
659 ctx->salt, ctx->salt_len,
660 ctx->key, ctx->key_len,
661 ctx->prefix, ctx->prefix_len,
662 ctx->label, ctx->label_len,
663 key, keylen);
664
665 case EVP_KDF_HKDF_MODE_EXPAND_ONLY:
666 return prov_tls13_hkdf_expand(md, ctx->key, ctx->key_len,
667 ctx->prefix, ctx->prefix_len,
668 ctx->label, ctx->label_len,
669 ctx->data, ctx->data_len,
670 key, keylen);
671 }
672 }
673
674 static int kdf_tls1_3_set_ctx_params(void *vctx, const OSSL_PARAM params[])
675 {
676 const OSSL_PARAM *p;
677 KDF_HKDF *ctx = vctx;
678
679 if (params == NULL)
680 return 1;
681
682 if (!hkdf_common_set_ctx_params(ctx, params))
683 return 0;
684
685 if (ctx->mode == EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND) {
686 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
687 return 0;
688 }
689
690 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PREFIX)) != NULL) {
691 OPENSSL_free(ctx->prefix);
692 ctx->prefix = NULL;
693 if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->prefix, 0,
694 &ctx->prefix_len))
695 return 0;
696 }
697
698 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_LABEL)) != NULL) {
699 OPENSSL_free(ctx->label);
700 ctx->label = NULL;
701 if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->label, 0,
702 &ctx->label_len))
703 return 0;
704 }
705
706 OPENSSL_clear_free(ctx->data, ctx->data_len);
707 ctx->data = NULL;
708 if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DATA)) != NULL
709 && !OSSL_PARAM_get_octet_string(p, (void **)&ctx->data, 0,
710 &ctx->data_len))
711 return 0;
712 return 1;
713 }
714
715 static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
716 ossl_unused void *provctx)
717 {
718 static const OSSL_PARAM known_settable_ctx_params[] = {
719 HKDF_COMMON_SETTABLES,
720 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PREFIX, NULL, 0),
721 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_LABEL, NULL, 0),
722 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_DATA, NULL, 0),
723 OSSL_PARAM_END
724 };
725 return known_settable_ctx_params;
726 }
727
728 const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
729 { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new },
730 { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
731 { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
732 { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_tls1_3_derive },
733 { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS,
734 (void(*)(void))kdf_tls1_3_settable_ctx_params },
735 { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_tls1_3_set_ctx_params },
736 { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
737 (void(*)(void))kdf_hkdf_gettable_ctx_params },
738 { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_hkdf_get_ctx_params },
739 { 0, NULL }
740 };
+1
-1
providers/implementations/kdfs/pkcs12kdf.c less more
6363 }
6464 vi = EVP_MD_get_block_size(md_type);
6565 ui = EVP_MD_get_size(md_type);
66 if (ui < 0 || vi <= 0) {
66 if (ui <= 0 || vi <= 0) {
6767 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE);
6868 goto end;
6969 }
+1
-4
providers/implementations/rands/seeding/rand_unix.c less more
3838 #if defined(__DragonFly__)
3939 # include <sys/param.h>
4040 # include <sys/random.h>
41 #endif
42 #if defined(__APPLE__)
43 # include <CommonCrypto/CommonRandom.h>
4441 #endif
4542
4643 #if (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) \
368365 if (errno != ENOSYS)
369366 return -1;
370367 }
371 # elif defined(__APPLE__)
368 # elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
372369
373370 if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
374371 return (ssize_t)buflen;
+2
-2
providers/implementations/rands/seeding/rand_vms.c less more
478478 struct {
479479 pid_t pid;
480480 CRYPTO_THREAD_ID tid;
481 uint64_t time;
481 unsigned __int64 time;
482482 } data;
483483
484484 /* Erase the entire structure including any padding */
579579 {
580580 struct {
581581 CRYPTO_THREAD_ID tid;
582 uint64_t time;
582 unsigned __int64 time;
583583 } data;
584584
585585 /* Erase the entire structure including any padding */
+25
-0
providers/implementations/storemgmt/file_store.c less more
436436 goto err;
437437 }
438438
439 /*
440 * Where applicable, set the outermost structure name.
441 * The goal is to avoid the STORE object types that are
442 * potentially password protected but aren't interesting
443 * for this load.
444 */
445 switch (ctx->expected_type) {
446 case OSSL_STORE_INFO_CERT:
447 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
448 "Certificate")) {
449 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
450 goto err;
451 }
452 break;
453 case OSSL_STORE_INFO_CRL:
454 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
455 "CertificateList")) {
456 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
457 goto err;
458 }
459 break;
460 default:
461 break;
462 }
463
439464 for (to_algo = ossl_any_to_obj_algorithm;
440465 to_algo->algorithm_names != NULL;
441466 to_algo++) {
+4
-9
ssl/d1_lib.c less more
351351 void dtls1_stop_timer(SSL *s)
352352 {
353353 /* Reset everything */
354 memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
354 s->d1->timeout_num_alerts = 0;
355355 memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
356356 s->d1->timeout_duration_us = 1000000;
357357 BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
364364 {
365365 size_t mtu;
366366
367 s->d1->timeout.num_alerts++;
367 s->d1->timeout_num_alerts++;
368368
369369 /* Reduce MTU after 2 unsuccessful retransmissions */
370 if (s->d1->timeout.num_alerts > 2
370 if (s->d1->timeout_num_alerts > 2
371371 && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
372372 mtu =
373373 BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
375375 s->d1->mtu = mtu;
376376 }
377377
378 if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
378 if (s->d1->timeout_num_alerts > DTLS1_TMO_ALERT_COUNT) {
379379 /* fail the connection, enough alerts have been sent */
380380 SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_READ_TIMEOUT_EXPIRED);
381381 return -1;
399399 if (dtls1_check_timeout_num(s) < 0) {
400400 /* SSLfatal() already called */
401401 return -1;
402 }
403
404 s->d1->timeout.read_timeouts++;
405 if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
406 s->d1->timeout.read_timeouts = 1;
407402 }
408403
409404 dtls1_start_timer(s);
+1
-1
ssl/record/ssl3_record.c less more
10461046
10471047 if (SSL_IS_DTLS(s)) {
10481048 /* DTLS does not support pipelining */
1049 unsigned char dtlsseq[9], *p = dtlsseq;
1049 unsigned char dtlsseq[8], *p = dtlsseq;
10501050
10511051 s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
10521052 DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+1
-1
ssl/ssl_asn1.c less more
228228 static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
229229 ASN1_OCTET_STRING *src, size_t maxlen)
230230 {
231 if (src == NULL) {
231 if (src == NULL || src->length == 0) {
232232 *pdstlen = 0;
233233 return 1;
234234 }
+2
-10
ssl/ssl_local.h less more
18611861 struct dtls1_retransmit_state saved_retransmit_state;
18621862 };
18631863
1864 struct dtls1_timeout_st {
1865 /* Number of read timeouts so far */
1866 unsigned int read_timeouts;
1867 /* Number of write timeouts so far */
1868 unsigned int write_timeouts;
1869 /* Number of alerts received so far */
1870 unsigned int num_alerts;
1871 };
1872
18731864 typedef struct hm_fragment_st {
18741865 struct hm_header_st msg_header;
18751866 unsigned char *fragment;
19151906 size_t mtu; /* max DTLS packet size */
19161907 struct hm_header_st w_msg_hdr;
19171908 struct hm_header_st r_msg_hdr;
1918 struct dtls1_timeout_st timeout;
1909 /* Number of alerts received so far */
1910 unsigned int timeout_num_alerts;
19191911 /*
19201912 * Indicates when the last handshake msg sent will timeout
19211913 */
+5
-5
ssl/ssl_stat.c less more
00 /*
1 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright 2005 Nokia. All rights reserved.
33 *
44 * Licensed under the Apache License 2.0 (the "License"). You may not use
136136 case TLS_ST_CW_NEXT_PROTO:
137137 return "TWNP";
138138 case TLS_ST_BEFORE:
139 return "PINIT ";
139 return "PINIT";
140140 case TLS_ST_OK:
141 return "SSLOK ";
141 return "SSLOK";
142142 case TLS_ST_CW_CLNT_HELLO:
143143 return "TWCH";
144144 case TLS_ST_CR_SRVR_HELLO:
200200 case TLS_ST_CR_CERT_VRFY:
201201 return "TRSCV";
202202 case TLS_ST_SW_CERT_VRFY:
203 return "TRSCV";
203 return "TWSCV";
204204 case TLS_ST_CR_HELLO_REQ:
205205 return "TRHR";
206206 case TLS_ST_SW_KEY_UPDATE:
220220 case TLS_ST_SR_END_OF_EARLY_DATA:
221221 return "TWEOED";
222222 default:
223 return "UNKWN ";
223 return "UNKWN";
224224 }
225225 }
226226
+1
-1
ssl/statem/statem_srvr.c less more
35553555
35563556 sk_X509_pop_free(s->session->peer_chain, X509_free);
35573557 s->session->peer_chain = sk;
3558 sk = NULL;
35583559
35593560 /*
35603561 * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
35693570 * Inconsistency alert: cert_chain does *not* include the peer's own
35703571 * certificate, while we do include it in statem_clnt.c
35713572 */
3572 sk = NULL;
35733573
35743574 /* Save the current hash state for when we receive the CertificateVerify */
35753575 if (SSL_IS_TLS13(s)) {
+2
-2
ssl/t1_lib.c less more
33013301 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
33023302 if (!fatalerrs)
33033303 return 1;
3304 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
3304 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
33053305 SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
33063306 return 0;
33073307 }
33163316 if (i == sent_sigslen) {
33173317 if (!fatalerrs)
33183318 return 1;
3319 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
3319 SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
33203320 SSL_R_WRONG_SIGNATURE_TYPE);
33213321 return 0;
33223322 }
+39
-87
ssl/tls13_enc.c less more
1717
1818 #define TLS13_MAX_LABEL_LEN 249
1919
20 /* Always filled with zeros */
21 static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
20 #ifdef CHARSET_EBCDIC
21 static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 };
22 #else
23 static const unsigned char label_prefix[] = "tls13 ";
24 #endif
2225
2326 /*
2427 * Given a |secret|; a |label| of length |labellen|; and |data| of length
2831 * |fatal| is set. Returns 1 on success 0 on failure.
2932 */
3033 int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
31 const unsigned char *label, size_t labellen,
32 const unsigned char *data, size_t datalen,
33 unsigned char *out, size_t outlen, int fatal)
34 {
35 #ifdef CHARSET_EBCDIC
36 static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 };
37 #else
38 static const unsigned char label_prefix[] = "tls13 ";
39 #endif
40 EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF,
34 const unsigned char *label, size_t labellen,
35 const unsigned char *data, size_t datalen,
36 unsigned char *out, size_t outlen, int fatal)
37 {
38 EVP_KDF *kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF,
4139 s->ctx->propq);
4240 EVP_KDF_CTX *kctx;
43 OSSL_PARAM params[5], *p = params;
41 OSSL_PARAM params[7], *p = params;
4442 int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
4543 const char *mdname = EVP_MD_get0_name(md);
4644 int ret;
47 size_t hkdflabellen;
4845 size_t hashlen;
49 /*
50 * 2 bytes for length of derived secret + 1 byte for length of combined
51 * prefix and label + bytes for the label itself + 1 byte length of hash
52 * + bytes for the hash itself
53 */
54 unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t)
55 + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
56 + 1 + EVP_MAX_MD_SIZE];
57 WPACKET pkt;
5846
5947 kctx = EVP_KDF_CTX_new(kdf);
6048 EVP_KDF_free(kdf);
7563 return 0;
7664 }
7765
78 hashlen = EVP_MD_get_size(md);
79
80 if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
81 || !WPACKET_put_bytes_u16(&pkt, outlen)
82 || !WPACKET_start_sub_packet_u8(&pkt)
83 || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1)
84 || !WPACKET_memcpy(&pkt, label, labellen)
85 || !WPACKET_close(&pkt)
86 || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
87 || !WPACKET_get_total_written(&pkt, &hkdflabellen)
88 || !WPACKET_finish(&pkt)) {
66 if ((ret = EVP_MD_get_size(md)) <= 0) {
8967 EVP_KDF_CTX_free(kctx);
90 WPACKET_cleanup(&pkt);
9168 if (fatal)
9269 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
9370 else
9471 ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
9572 return 0;
9673 }
74 hashlen = (size_t)ret;
9775
9876 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
9977 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
10078 (char *)mdname, 0);
10179 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
10280 (unsigned char *)secret, hashlen);
103 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
104 hkdflabel, hkdflabellen);
81 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX,
82 (unsigned char *)label_prefix,
83 sizeof(label_prefix) - 1);
84 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL,
85 (unsigned char *)label, labellen);
86 if (data != NULL)
87 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_DATA,
88 (unsigned char *)data,
89 datalen);
10590 *p++ = OSSL_PARAM_construct_end();
10691
10792 ret = EVP_KDF_derive(kctx, out, outlen, params) <= 0;
108
10993 EVP_KDF_CTX_free(kctx);
11094
11195 if (ret != 0) {
177161 size_t insecretlen,
178162 unsigned char *outsecret)
179163 {
180 size_t mdlen, prevsecretlen;
164 size_t mdlen;
181165 int mdleni;
182166 int ret;
183167 EVP_KDF *kdf;
184168 EVP_KDF_CTX *kctx;
185 OSSL_PARAM params[5], *p = params;
169 OSSL_PARAM params[7], *p = params;
186170 int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
187171 const char *mdname = EVP_MD_get0_name(md);
188172 #ifdef CHARSET_EBCDIC
190174 #else
191175 static const char derived_secret_label[] = "derived";
192176 #endif
193 unsigned char preextractsec[EVP_MAX_MD_SIZE];
194
195 kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq);
177
178 kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_3_KDF, s->ctx->propq);
196179 kctx = EVP_KDF_CTX_new(kdf);
197180 EVP_KDF_free(kdf);
198181 if (kctx == NULL) {
209192 }
210193 mdlen = (size_t)mdleni;
211194
212 if (insecret == NULL) {
213 insecret = default_zeros;
214 insecretlen = mdlen;
215 }
216 if (prevsecret == NULL) {
217 prevsecret = default_zeros;
218 prevsecretlen = 0;
219 } else {
220 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
221 unsigned char hash[EVP_MAX_MD_SIZE];
222
223 /* The pre-extract derive step uses a hash of no messages */
224 if (mctx == NULL
225 || EVP_DigestInit_ex(mctx, md, NULL) <= 0
226 || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
227 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
228 EVP_MD_CTX_free(mctx);
229 EVP_KDF_CTX_free(kctx);
230 return 0;
231 }
232 EVP_MD_CTX_free(mctx);
233
234 /* Generate the pre-extract secret */
235 if (!tls13_hkdf_expand(s, md, prevsecret,
236 (unsigned char *)derived_secret_label,
237 sizeof(derived_secret_label) - 1, hash, mdlen,
238 preextractsec, mdlen, 1)) {
239 /* SSLfatal() already called */
240 EVP_KDF_CTX_free(kctx);
241 return 0;
242 }
243
244 prevsecret = preextractsec;
245 prevsecretlen = mdlen;
246 }
247
248195 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
249196 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
250197 (char *)mdname, 0);
251 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
252 (unsigned char *)insecret,
253 insecretlen);
254 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
255 (unsigned char *)prevsecret,
256 prevsecretlen);
198 if (insecret != NULL)
199 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
200 (unsigned char *)insecret,
201 insecretlen);
202 if (prevsecret != NULL)
203 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
204 (unsigned char *)prevsecret, mdlen);
205 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PREFIX,
206 (unsigned char *)label_prefix,
207 sizeof(label_prefix) - 1);
208 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_LABEL,
209 (unsigned char *)derived_secret_label,
210 sizeof(derived_secret_label) - 1);
257211 *p++ = OSSL_PARAM_construct_end();
258212
259213 ret = EVP_KDF_derive(kctx, outsecret, mdlen, params) <= 0;
262216 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
263217
264218 EVP_KDF_CTX_free(kctx);
265 if (prevsecret == preextractsec)
266 OPENSSL_cleanse(preextractsec, mdlen);
267219 return ret == 0;
268220 }
269221
+3
-0
test/CAtsa.cnf less more
11 #
22 # This config is used by the Time Stamp Authority tests.
33 #
4
5 # Comment out the next line to ignore configuration errors
6 config_diagnostics = 1
47
58 # Extra OBJECT IDENTIFIER info:
69 oid_section = new_oids
+2
-2
test/README-dev.md less more
4343
4444 A script that just runs a program looks like this:
4545
46 #! /usr/bin/perl
46 #! /usr/bin/env perl
4747
4848 use OpenSSL::Test::Simple;
4949
6666
6767 A script to start from could be this:
6868
69 #! /usr/bin/perl
69 #! /usr/bin/env perl
7070
7171 use strict;
7272 use warnings;
+11
-2
test/build.info less more
1010 ENDIF
1111 IF[{- $config{target} =~ /^vms-/ -}]
1212 $AUXLIBAPPSSRC=../apps/lib/vms_term_sock.c ../apps/lib/vms_decc_argv.c
13 ENDIF
14 # Program init source, that don't have direct linkage with the rest of the
15 # source, and can therefore not be part of a library.
16 IF[{- !$disabled{uplink} -}]
17 $INITSRC=../ms/applink.c
1318 ENDIF
1419 $LIBAPPSSRC=../apps/lib/opt.c $AUXLIBAPPSSRC
1520
5661 context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
5762 keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
5863 bio_readbuffer_test user_property_test pkcs7_test upcallstest \
59 provfetchtest
64 provfetchtest prov_config_test
6065
6166 IF[{- !$disabled{'deprecated-3.0'} -}]
6267 PROGRAMS{noinst}=enginetest
174179 SOURCE[provfetchtest]=provfetchtest.c
175180 INCLUDE[provfetchtest]=../include ../apps/include
176181 DEPEND[provfetchtest]=../libcrypto.a libtestutil.a
182
183 SOURCE[prov_config_test]=prov_config_test.c
184 INCLUDE[prov_config_test]=../include ../apps/include
185 DEPEND[prov_config_test]=../libcrypto.a libtestutil.a
177186
178187 SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c
179188 INCLUDE[evp_pkey_provided_test]=../include ../apps/include
707716 INCLUDE[rc5test]=../include ../apps/include
708717 DEPEND[rc5test]=../libcrypto.a libtestutil.a
709718
710 SOURCE[ec_internal_test]=ec_internal_test.c
719 SOURCE[ec_internal_test]=ec_internal_test.c $INITSRC
711720 INCLUDE[ec_internal_test]=../include ../crypto/ec ../apps/include
712721 DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
713722
+3
-0
test/ca-and-certs.cnf less more
0
1 # Comment out the next line to ignore configuration errors
2 config_diagnostics = 1
03
14 CN2 = Brother 2
25
+3
-2
test/cmp_status_test.c less more
00 /*
1 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
22 * Copyright Nokia 2007-2019
33 * Copyright Siemens AG 2015-2019
44 *
5757 if (!TEST_ptr(statusString =
5858 sk_ASN1_UTF8STRING_value(ossl_cmp_pkisi_get0_statusString(si),
5959 0))
60 || !TEST_str_eq(fixture->text, (char *)statusString->data))
60 || !TEST_mem_eq(fixture->text, strlen(fixture->text),
61 (char *)statusString->data, statusString->length))
6162 goto end;
6263
6364 if (!TEST_int_eq(fixture->pkifailure,
+3
-0
test/ct/log_list.cnf less more
00 enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 [test]
36 description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata
+3
-0
test/default-and-fips.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 .include fipsmodule.cnf
36
+3
-0
test/default-and-legacy.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 [openssl_init]
36 providers = provider_sect
+3
-0
test/default.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 [openssl_init]
36 providers = provider_sect
+76
-1
test/destest.c less more
00 /*
1 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
1616 #include <string.h>
1717
1818 #include "testutil.h"
19 #include "internal/nelem.h"
1920
2021 #ifndef OPENSSL_NO_DES
2122 # include <openssl/des.h>
696697 return 0;
697698 return 1;
698699 }
700
701 /*
702 * Test TDES based key wrapping.
703 * The wrapping process uses a randomly generated IV so it is difficult to
704 * undertake KATs. End to end testing is performed instead.
705 */
706 static const int test_des_key_wrap_sizes[] = {
707 8, 16, 24, 32, 64, 80
708 };
709
710 static int test_des_key_wrap(int idx)
711 {
712 int in_bytes = test_des_key_wrap_sizes[idx];
713 unsigned char in[100], c_txt[200], p_txt[200], key[24];
714 int clen, clen_upd, clen_fin, plen, plen_upd, plen_fin, expect, bs, i;
715 EVP_CIPHER *cipher = NULL;
716 EVP_CIPHER_CTX *ctx = NULL;
717 int res = 0;
718
719 /* Some sanity checks and cipher loading */
720 if (!TEST_size_t_le(in_bytes, sizeof(in))
721 || !TEST_ptr(cipher = EVP_CIPHER_fetch(NULL, "DES3-WRAP", NULL))
722 || !TEST_int_eq(bs = EVP_CIPHER_get_block_size(cipher), 8)
723 || !TEST_size_t_eq(bs * 3u, sizeof(key))
724 || !TEST_true(in_bytes % bs == 0)
725 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
726 goto err;
727
728 /* Create random data to end to end test */
729 for (i = 0; i < in_bytes; i++)
730 in[i] = test_random();
731
732 /* Build the key */
733 memcpy(key, cbc_key, sizeof(cbc_key));
734 memcpy(key + sizeof(cbc_key), cbc2_key, sizeof(cbc2_key));
735 memcpy(key + sizeof(cbc_key) + sizeof(cbc3_key), cbc_key, sizeof(cbc3_key));
736
737 /* Wrap / encrypt the key */
738 clen_upd = sizeof(c_txt);
739 if (!TEST_true(EVP_EncryptInit(ctx, cipher, key, NULL))
740 || !TEST_true(EVP_EncryptUpdate(ctx, c_txt, &clen_upd,
741 in, in_bytes)))
742 goto err;
743
744 expect = (in_bytes + (bs - 1)) / bs * bs + 2 * bs;
745 if (!TEST_int_eq(clen_upd, expect))
746 goto err;
747
748 clen_fin = sizeof(c_txt) - clen_upd;
749 if (!TEST_true(EVP_EncryptFinal(ctx, c_txt + clen_upd, &clen_fin))
750 || !TEST_int_eq(clen_fin, 0))
751 goto err;
752 clen = clen_upd + clen_fin;
753
754 /* Decrypt the wrapped key */
755 plen_upd = sizeof(p_txt);
756 if (!TEST_true(EVP_DecryptInit(ctx, cipher, key, NULL))
757 || !TEST_true(EVP_DecryptUpdate(ctx, p_txt, &plen_upd,
758 c_txt, clen)))
759 goto err;
760 plen_fin = sizeof(p_txt) - plen_upd;
761 if (!TEST_true(EVP_DecryptFinal(ctx, p_txt + plen_upd, &plen_fin)))
762 goto err;
763 plen = plen_upd + plen_fin;
764
765 if (!TEST_mem_eq(in, in_bytes, p_txt, plen))
766 goto err;
767 res = 1;
768 err:
769 EVP_CIPHER_free(cipher);
770 EVP_CIPHER_CTX_free(ctx);
771 return res;
772 }
699773 #endif
700774
701775 int setup_tests(void)
721795 ADD_TEST(test_des_crypt);
722796 ADD_ALL_TESTS(test_input_align, 4);
723797 ADD_ALL_TESTS(test_output_align, 4);
798 ADD_ALL_TESTS(test_des_key_wrap, OSSL_NELEM(test_des_key_wrap_sizes));
724799 #endif
725800 return 1;
726801 }
+5
-3
test/dsatest.c less more
107107 if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i))
108108 goto end;
109109
110 DSA_generate_key(dsa);
111 DSA_sign(0, str1, 20, sig, &siglen, dsa);
112 if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa)))
110 if (!TEST_true(DSA_generate_key(dsa)))
111 goto end;
112 if (!TEST_true(DSA_sign(0, str1, 20, sig, &siglen, dsa)))
113 goto end;
114 if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0))
113115 ret = 1;
114116
115117 end:
+43
-0
test/ec_internal_test.c less more
358358 return testresult;
359359 }
360360
361 static
362 int ecpkparams_i2d2i_test(int n)
363 {
364 EC_GROUP *g1 = NULL, *g2 = NULL;
365 FILE *fp = NULL;
366 int nid = curves[n].nid;
367 int testresult = 0;
368
369 /* create group */
370 if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)))
371 goto end;
372
373 /* encode params to file */
374 if (!TEST_ptr(fp = fopen("params.der", "wb"))
375 || !TEST_true(i2d_ECPKParameters_fp(fp, g1)))
376 goto end;
377
378 /* flush and close file */
379 if (!TEST_int_eq(fclose(fp), 0)) {
380 fp = NULL;
381 goto end;
382 }
383 fp = NULL;
384
385 /* decode params from file */
386 if (!TEST_ptr(fp = fopen("params.der", "rb"))
387 || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL)))
388 goto end;
389
390 testresult = 1; /* PASS */
391
392 end:
393 if (fp != NULL)
394 fclose(fp);
395
396 EC_GROUP_free(g1);
397 EC_GROUP_free(g2);
398
399 return testresult;
400 }
401
361402 int setup_tests(void)
362403 {
363404 crv_len = EC_get_builtin_curves(NULL, 0);
375416 ADD_TEST(underflow_test);
376417 #endif
377418 ADD_TEST(decoded_flag_test);
419 ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len);
420
378421 return 1;
379422 }
380423
+2
-2
test/endecode_test.c less more
702702 return test_encode_decode(__FILE__, __LINE__, type, key,
703703 OSSL_KEYMGMT_SELECT_KEYPAIR
704704 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
705 "DER", "PrivateKeyInfo",
705 "DER", "EncryptedPrivateKeyInfo",
706706 pass, pass_cipher,
707707 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
708708 test_mem, check_protected_PKCS8_DER,
725725 return test_encode_decode(__FILE__, __LINE__, type, key,
726726 OSSL_KEYMGMT_SELECT_KEYPAIR
727727 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
728 "PEM", "PrivateKeyInfo",
728 "PEM", "EncryptedPrivateKeyInfo",
729729 pass, pass_cipher,
730730 encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
731731 test_text, check_protected_PKCS8_PEM,
+163
-16
test/evp_extra_test.c less more
10501050 {
10511051 int ret = 0;
10521052 EVP_PKEY *pkey = NULL;
1053 unsigned char *sig = NULL;
1054 size_t sig_len = 0;
1053 unsigned char *sig = NULL, *sig2 = NULL;
1054 size_t sig_len = 0, sig2_len = 0;
10551055 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
10561056 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
10571057 BIO *mdbio = NULL, *membio = NULL;
11141114 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
11151115 goto out;
11161116
1117 if (tst >= 6) {
1118 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1119 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1120 goto out;
1121 }
1122
11231117 /*
11241118 * Ensure that the signature round-trips (Verification isn't supported for
11251119 * HMAC via EVP_DigestVerify*)
11261120 */
11271121 if (tst != 2 && tst != 5 && tst != 8) {
1122 if (tst >= 6) {
1123 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1124 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1125 goto out;
1126 }
1127
11281128 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
11291129 NULL, pkey)))
11301130 goto out;
11391139 }
11401140 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
11411141 goto out;
1142
1143 /* Multiple calls to EVP_DigestVerifyFinal should work */
1144 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1145 goto out;
1146 } else {
1147 /*
1148 * For HMAC a doubled call to DigestSignFinal should produce the same
1149 * value as finalization should not happen.
1150 */
1151 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1152 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1153 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1154 goto out;
1155
1156 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1157 goto out;
11421158 }
11431159
11441160 ret = 1;
11501166 EVP_MD_CTX_free(a_md_ctx_verify);
11511167 EVP_PKEY_free(pkey);
11521168 OPENSSL_free(sig);
1169 OPENSSL_free(sig2);
11531170 EVP_MD_free(mdexp);
11541171
11551172 return ret;
24802497 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
24812498 int ret = 0;
24822499 BIGNUM *p, *g = NULL;
2500 BIGNUM *pubkey = NULL;
2501 unsigned char pub[2048 / 8];
2502 size_t len = 0;
24832503
24842504 if (!TEST_ptr(p = BN_new())
24852505 || !TEST_ptr(g = BN_new())
2486 || !BN_set_word(p, 9999)
2487 || !BN_set_word(g, 2)
2506 || !TEST_ptr(pubkey = BN_new())
2507 || !TEST_true(BN_set_word(p, 9999))
2508 || !TEST_true(BN_set_word(g, 2))
2509 || !TEST_true(BN_set_word(pubkey, 4321))
24882510 || !TEST_ptr(noqdh = DH_new())
2489 || !DH_set0_pqg(noqdh, p, NULL, g))
2511 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
2512 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
2513 || !TEST_ptr(pubkey = BN_new())
2514 || !TEST_true(BN_set_word(pubkey, 4321)))
24902515 goto err;
24912516 p = g = NULL;
24922517
24962521 if (!TEST_ptr(x942dh)
24972522 || !TEST_ptr(noqdh)
24982523 || !TEST_ptr(pkey1)
2499 || !TEST_ptr(pkey2))
2500 goto err;
2501
2502 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
2524 || !TEST_ptr(pkey2)
2525 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
2526 goto err;
2527 pubkey = NULL;
2528
2529 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
25032530 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
25042531 goto err;
25052532
2506 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
2533 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
2534 &pubkey))
2535 || !TEST_ptr(pubkey))
2536 goto err;
2537
2538 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
25072539 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
2540 goto err;
2541
2542 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
2543 OSSL_PKEY_PARAM_PUB_KEY,
2544 pub, sizeof(pub), &len))
2545 || !TEST_size_t_ne(len, 0))
25082546 goto err;
25092547
25102548 ret = 1;
25112549 err:
25122550 BN_free(p);
25132551 BN_free(g);
2552 BN_free(pubkey);
25142553 EVP_PKEY_free(pkey1);
25152554 EVP_PKEY_free(pkey2);
25162555 DH_free(x942dh);
33113350 }
33123351
33133352 typedef struct {
3353 const char *cipher;
3354 int enc;
3355 } EVP_UPDATED_IV_TEST_st;
3356
3357 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
3358 {
3359 "aes-128-cfb", 1
3360 },
3361 {
3362 "aes-128-cfb", 0
3363 },
3364 {
3365 "aes-128-cfb1", 1
3366 },
3367 {
3368 "aes-128-cfb1", 0
3369 },
3370 {
3371 "aes-128-cfb8", 1
3372 },
3373 {
3374 "aes-128-cfb8", 0
3375 },
3376 {
3377 "aes-128-ofb", 1
3378 },
3379 {
3380 "aes-128-ofb", 0
3381 },
3382 {
3383 "aes-128-ctr", 1
3384 },
3385 {
3386 "aes-128-ctr", 0
3387 },
3388 {
3389 "aes-128-cbc", 1
3390 },
3391 {
3392 "aes-128-cbc", 0
3393 }
3394 };
3395
3396 /*
3397 * Test that the IV in the context is updated during a crypto operation for CFB
3398 * and OFB.
3399 */
3400 static int test_evp_updated_iv(int idx)
3401 {
3402 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
3403 int outlen1, outlen2;
3404 int testresult = 0;
3405 unsigned char outbuf[1024];
3406 EVP_CIPHER_CTX *ctx = NULL;
3407 EVP_CIPHER *type = NULL;
3408 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
3409 int iv_len;
3410 char *errmsg = NULL;
3411
3412 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3413 errmsg = "CTX_ALLOC";
3414 goto err;
3415 }
3416 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
3417 TEST_info("cipher %s not supported, skipping", t->cipher);
3418 goto ok;
3419 }
3420
3421 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3422 errmsg = "CIPHER_INIT";
3423 goto err;
3424 }
3425 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3426 errmsg = "PADDING";
3427 goto err;
3428 }
3429 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
3430 errmsg = "CIPHER_UPDATE";
3431 goto err;
3432 }
3433 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
3434 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
3435 goto err;
3436 }
3437 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
3438 errmsg = "CIPHER_CTX_GET_IV_LEN";
3439 goto err;
3440 }
3441 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
3442 errmsg = "IV_NOT_UPDATED";
3443 goto err;
3444 }
3445 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3446 errmsg = "CIPHER_FINAL";
3447 goto err;
3448 }
3449 ok:
3450 testresult = 1;
3451 err:
3452 if (errmsg != NULL)
3453 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
3454 EVP_CIPHER_CTX_free(ctx);
3455 EVP_CIPHER_free(type);
3456 return testresult;
3457 }
3458
3459 typedef struct {
33143460 const unsigned char *iv1;
33153461 const unsigned char *iv2;
33163462 const unsigned char *expected1;
38283974 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
38293975 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
38303976 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
3977 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
38313978
38323979 #ifndef OPENSSL_NO_DEPRECATED_3_0
38333980 ADD_ALL_TESTS(test_custom_pmeth, 12);
+5
-3
test/evp_libctx_test.c less more
524524 int ret = 0;
525525 EVP_PKEY *pub = NULL;
526526 EVP_PKEY *priv = NULL;
527 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL;
527 EVP_PKEY_CTX *sctx = NULL, *rctx = NULL, *dctx = NULL;
528528 unsigned char secret[256] = { 0, };
529529 unsigned char ct[256] = { 0, };
530530 unsigned char unwrap[256] = { 0, };
535535 && TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub, NULL))
536536 && TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, NULL), 1)
537537 && TEST_int_eq(EVP_PKEY_CTX_set_kem_op(sctx, "RSASVE"), 1)
538 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &ctlen, NULL,
538 && TEST_ptr(dctx = EVP_PKEY_CTX_dup(sctx))
539 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, NULL, &ctlen, NULL,
539540 &secretlen), 1)
540541 && TEST_int_eq(ctlen, secretlen)
541542 && TEST_int_eq(ctlen, bits / 8)
542 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, ct, &ctlen, secret,
543 && TEST_int_eq(EVP_PKEY_encapsulate(dctx, ct, &ctlen, secret,
543544 &secretlen), 1)
544545 && TEST_ptr(rctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv, NULL))
545546 && TEST_int_eq(EVP_PKEY_decapsulate_init(rctx, NULL), 1)
552553 EVP_PKEY_free(pub);
553554 EVP_PKEY_free(priv);
554555 EVP_PKEY_CTX_free(rctx);
556 EVP_PKEY_CTX_free(dctx);
555557 EVP_PKEY_CTX_free(sctx);
556558 return ret;
557559 }
+79
-0
test/evp_pkey_provided_test.c less more
1313 #include <openssl/provider.h>
1414 #include <openssl/param_build.h>
1515 #include <openssl/core_names.h>
16 #include <openssl/sha.h>
1617 #include "crypto/ecx.h"
1718 #include "crypto/evp.h" /* For the internal API */
1819 #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
523524 if (!TEST_true(EVP_PKEY_fromdata_init(ctx))
524525 || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR,
525526 fromdata_params)))
527 goto err;
528
529 /*
530 * A few extra checks of EVP_PKEY_get_utf8_string_param() to see that
531 * it behaves as expected with regards to string length and terminating
532 * NUL byte.
533 */
534 if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk,
535 OSSL_PKEY_PARAM_GROUP_NAME,
536 NULL, sizeof(name_out),
537 &len))
538 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
539 /* Just enough space to hold the group name and a terminating NUL */
540 || !TEST_true(EVP_PKEY_get_utf8_string_param(pk,
541 OSSL_PKEY_PARAM_GROUP_NAME,
542 name_out,
543 sizeof(group_name),
544 &len))
545 || !TEST_size_t_eq(len, sizeof(group_name) - 1)
546 /* Too small buffer to hold the terminating NUL byte */
547 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
548 OSSL_PKEY_PARAM_GROUP_NAME,
549 name_out,
550 sizeof(group_name) - 1,
551 &len))
552 /* Too small buffer to hold the whole group name, even! */
553 || !TEST_false(EVP_PKEY_get_utf8_string_param(pk,
554 OSSL_PKEY_PARAM_GROUP_NAME,
555 name_out,
556 sizeof(group_name) - 2,
557 &len)))
526558 goto err;
527559
528560 while (dup_pk == NULL) {
15901622 #endif /* OPENSSL_NO_DSA */
15911623
15921624
1625 static OSSL_PARAM *do_construct_hkdf_params(char *digest, char *key,
1626 size_t keylen, char *salt)
1627 {
1628 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
1629 OSSL_PARAM *p = params;
1630
1631 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digest, 0);
1632 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
1633 salt, strlen(salt));
1634 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
1635 (unsigned char *)key, keylen);
1636 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
1637 "EXTRACT_ONLY", 0);
1638 *p = OSSL_PARAM_construct_end();
1639
1640 return params;
1641 }
1642
1643 /* Test that EVP_PKEY_CTX_dup() fails gracefully for a KDF */
1644 static int test_evp_pkey_ctx_dup_kdf_fail(void)
1645 {
1646 int ret = 0;
1647 size_t len = 0;
1648 EVP_PKEY_CTX *pctx = NULL, *dctx = NULL;
1649 OSSL_PARAM *params = NULL;
1650
1651 if (!TEST_ptr(params = do_construct_hkdf_params("sha256", "secret", 6,
1652 "salt")))
1653 goto err;
1654 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "HKDF", NULL)))
1655 goto err;
1656 if (!TEST_int_eq(EVP_PKEY_derive_init_ex(pctx, params), 1))
1657 goto err;
1658 if (!TEST_int_eq(EVP_PKEY_derive(pctx, NULL, &len), 1)
1659 || !TEST_size_t_eq(len, SHA256_DIGEST_LENGTH))
1660 goto err;
1661 if (!TEST_ptr_null(dctx = EVP_PKEY_CTX_dup(pctx)))
1662 goto err;
1663 ret = 1;
1664 err:
1665 OPENSSL_free(params);
1666 EVP_PKEY_CTX_free(dctx);
1667 EVP_PKEY_CTX_free(pctx);
1668 return ret;
1669 }
1670
15931671 int setup_tests(void)
15941672 {
15951673 if (!test_skip_common_options()) {
16001678 if (!TEST_ptr(datadir = test_get_argument(0)))
16011679 return 0;
16021680
1681 ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail);
16031682 ADD_TEST(test_evp_pkey_get_bn_param_large);
16041683 ADD_TEST(test_fromdata_rsa);
16051684 #ifndef OPENSSL_NO_DH
+11
-4
test/evp_test.c less more
18471847
18481848 static int pderive_test_run(EVP_TEST *t)
18491849 {
1850 EVP_PKEY_CTX *dctx = NULL;
18501851 PKEY_DATA *expected = t->data;
18511852 unsigned char *got = NULL;
18521853 size_t got_len;
18531854
1854 if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) {
1855 if (!TEST_ptr(dctx = EVP_PKEY_CTX_dup(expected->ctx))) {
1856 t->err = "DERIVE_ERROR";
1857 goto err;
1858 }
1859
1860 if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0) {
18551861 t->err = "DERIVE_ERROR";
18561862 goto err;
18571863 }
18591865 t->err = "DERIVE_ERROR";
18601866 goto err;
18611867 }
1862 if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) {
1868 if (EVP_PKEY_derive(dctx, got, &got_len) <= 0) {
18631869 t->err = "DERIVE_ERROR";
18641870 goto err;
18651871 }
18711877 t->err = NULL;
18721878 err:
18731879 OPENSSL_free(got);
1880 EVP_PKEY_CTX_free(dctx);
18741881 return 1;
18751882 }
18761883
26632670 t->err = "KDF_CTRL_ERROR";
26642671 return 1;
26652672 }
2666 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2673 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
26672674 t->err = "INTERNAL_ERROR";
26682675 goto err;
26692676 }
27592766 unsigned char *got = NULL;
27602767 size_t got_len = expected->output_len;
27612768
2762 if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
2769 if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
27632770 t->err = "INTERNAL_ERROR";
27642771 goto err;
27652772 }
+3
-0
test/fips-and-base.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 .include fipsmodule.cnf
36
+3
-0
test/fips.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 .include fipsmodule.cnf
36
+5
-2
test/helpers/pkcs12.c less more
478478 break;
479479
480480 case V_ASN1_UTF8STRING:
481 if (!TEST_str_eq(txt, (char *)av->value.utf8string->data))
481 if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
482 av->value.utf8string->length))
482483 goto err;
483484 break;
484485
485486 case V_ASN1_OCTET_STRING:
486 if (!TEST_str_eq(txt, (char *)av->value.octet_string->data))
487 if (!TEST_mem_eq(txt, strlen(txt),
488 (char *)av->value.octet_string->data,
489 av->value.octet_string->length))
487490 goto err;
488491 break;
489492
+3
-0
test/legacy.cnf less more
00 openssl_conf = openssl_init
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 [openssl_init]
36 providers = provider_sect
+61
-0
test/prov_config_test.c less more
0 /*
1 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 *
3 * Licensed under the Apache License 2.0 (the "License"). You may not use
4 * this file except in compliance with the License. You can obtain a copy
5 * in the file LICENSE in the source distribution or at
6 * https://www.openssl.org/source/license.html
7 */
8
9 #include <openssl/evp.h>
10 #include "testutil.h"
11
12 static char *configfile = NULL;
13
14 /*
15 * Test to make sure there are no leaks or failures from loading the config
16 * file twice.
17 */
18 static int test_double_config(void)
19 {
20 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
21 int testresult = 0;
22 EVP_MD *sha256 = NULL;
23
24 if (!TEST_ptr(configfile))
25 return 0;
26 if (!TEST_ptr(ctx))
27 return 0;
28
29 if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
30 return 0;
31 if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
32 return 0;
33
34 /* Check we can actually fetch something */
35 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
36 if (!TEST_ptr(sha256))
37 goto err;
38
39 testresult = 1;
40 err:
41 EVP_MD_free(sha256);
42 OSSL_LIB_CTX_free(ctx);
43 return testresult;
44 }
45
46 OPT_TEST_DECLARE_USAGE("configfile\n")
47
48 int setup_tests(void)
49 {
50 if (!test_skip_common_options()) {
51 TEST_error("Error parsing test options\n");
52 return 0;
53 }
54
55 if (!TEST_ptr(configfile = test_get_argument(0)))
56 return 0;
57
58 ADD_TEST(test_double_config);
59 return 1;
60 }
+3
-0
test/provider_internal_test.cnf.in less more
0 # Comment out the next line to ignore configuration errors
1 config_diagnostics = 1
2
03 {- use platform -}
14 openssl_conf = openssl_init
25
+3
-0
test/proxy.cnf less more
00
11 ## Config file for proxy certificate testing.
2
3 # Comment out the next line to ignore configuration errors
4 config_diagnostics = 1
25
36 [ req ]
47 distinguished_name = req_distinguished_name_p1
+1
-1
test/recipes/03-test_fipsinstall.t less more
234234 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
235235 '-section_name', 'fips_sect',
236236 '-corrupt_desc', 'DSA',
237 '-corrupt_type', 'KAT_Signature'])),
237 '-corrupt_type', 'PCT_Signature'])),
238238 "fipsinstall fails when the signature result is corrupted");
239239 }
240240
+2
-2
test/recipes/06-test_algorithmid.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 #
3 #
44 # Licensed under the Apache License 2.0 (the "License"). You may not use
55 # this file except in compliance with the License. You can obtain a copy
66 # in the file LICENSE in the source distribution or at
+2
-2
test/recipes/06-test_rdrand_sanity.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 # Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 #
3 #
44 # Licensed under the Apache License 2.0 (the "License"). You may not use
55 # this file except in compliance with the License. You can obtain a copy
66 # in the file LICENSE in the source distribution or at
+16
-1
test/recipes/20-test_dgst.t less more
1616
1717 setup("test_dgst");
1818
19 plan tests => 8;
19 plan tests => 9;
2020
2121 sub tsignverify {
2222 my $testtext = shift;
130130 "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
131131 };
132132
133 subtest "HMAC generation with `dgst` CLI, key via option" => sub {
134 plan tests => 2;
135
136 my $testdata = srctop_file('test', 'data.bin');
137 #HMAC the data twice to check consistency
138 my @hmacdata = run(app(['openssl', 'dgst', '-sha256', '-hmac',
139 '-macopt', 'hexkey:FFFF',
140 $testdata, $testdata]), capture => 1);
141 chomp(@hmacdata);
142 my $expected = qr/HMAC-SHA2-256\(\Q$testdata\E\)= b6727b7bb251dfa65846e0a8223bdd57d244aa6d7e312cb906d8e21f2dee3a57/;
143 ok($hmacdata[0] =~ $expected, "HMAC: Check HMAC value is as expected ($hmacdata[0]) vs ($expected)");
144 ok($hmacdata[1] =~ $expected,
145 "HMAC: Check second HMAC value is consistent with the first ($hmacdata[1]) vs ($expected)");
146 };
147
133148 subtest "Custom length XOF digest generation with `dgst` CLI" => sub {
134149 plan tests => 2;
135150
+12
-2
test/recipes/25-test_eai_data.t less more
1111
1212 use File::Spec;
1313 use OpenSSL::Test::Utils;
14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
14 use OpenSSL::Test qw/:DEFAULT srctop_file with/;
1515
1616 setup("test_eai_data");
1717
2020 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
2121 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
2222
23 plan tests => 11;
23 plan tests => 12;
2424
2525 require_ok(srctop_file('test','recipes','tconversion.pl'));
2626 my $folder = "test/recipes/25-test_eai_data";
5959 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
6060 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem])));
6161
62 #Check that we get the expected failure return code
63 with({ exit_checker => sub { return shift == 2; } },
64 sub {
65 ok(run(app(["openssl", "verify", "-CAfile",
66 srctop_file("test", "certs", "bad-othername-namec.pem"),
67 "-partial_chain", "-no_check_time", "-verify_email",
68 'foo@example.com',
69 srctop_file("test", "certs", "bad-othername-namec.pem")])));
70 });
71
+6
-1
test/recipes/25-test_req.t less more
7777
7878
7979 subtest "generating certificate requests with RSA" => sub {
80 plan tests => 7;
80 plan tests => 8;
8181
8282 SKIP: {
8383 skip "RSA is not supported by this OpenSSL build", 2
101101 "-config", srctop_file("test", "test.cnf"),
102102 "-verify", "-in", "testreq-rsa.pem", "-noout"])),
103103 "Verifying signature on request");
104
105 ok(run(app(["openssl", "req",
106 "-config", srctop_file("test", "test.cnf"),
107 "-modulus", "-in", "testreq-rsa.pem", "-noout"])),
108 "Printing a modulus of the request key");
104109
105110 ok(run(app(["openssl", "req",
106111 "-config", srctop_file("test", "test.cnf"),
+34
-1
test/recipes/25-test_verify.t less more
1010 use warnings;
1111
1212 use File::Spec::Functions qw/canonpath/;
13 use File::Copy;
1314 use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/;
1415 use OpenSSL::Test::Utils;
1516
2728 run(app([@args]));
2829 }
2930
30 plan tests => 157;
31 plan tests => 159;
3132
3233 # Canonical success
3334 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
447448 ok_nofips(verify("sm2", "", ["sm2-ca-cert"], [], "-vfyopt", "hexdistid:31323334353637383132333435363738"),
448449 "SM2 hex ID test");
449450 }
451
452 # Mixed content tests
453 my $cert_file = srctop_file('test', 'certs', 'root-cert.pem');
454 my $rsa_file = srctop_file('test', 'certs', 'key-pass-12345.pem');
455
456 SKIP: {
457 my $certplusrsa_file = 'certplusrsa.pem';
458 my $certplusrsa;
459
460 skip "Couldn't create certplusrsa.pem", 1
461 unless ( open $certplusrsa, '>', $certplusrsa_file
462 and copy($cert_file, $certplusrsa)
463 and copy($rsa_file, $certplusrsa)
464 and close $certplusrsa );
465
466 ok(run(app([ qw(openssl verify -trusted), $certplusrsa_file, $cert_file ])),
467 'Mixed cert + key file test');
468 }
469
470 SKIP: {
471 my $rsapluscert_file = 'rsapluscert.pem';
472 my $rsapluscert;
473
474 skip "Couldn't create rsapluscert.pem", 1
475 unless ( open $rsapluscert, '>', $rsapluscert_file
476 and copy($rsa_file, $rsapluscert)
477 and copy($cert_file, $rsapluscert)
478 and close $rsapluscert );
479
480 ok(run(app([ qw(openssl verify -trusted), $rsapluscert_file, $cert_file ])),
481 'Mixed key + cert file test');
482 }
+1
-1
test/recipes/30-test_defltfips.t less more
3535
3636 #Configured to run FIPS but the module-mac is bad
3737 $ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "fips.cnf"));
38 $ENV{OPENSSL_CONF_INCLUDE} = srctop_file("test", "recipes", "30-test_defltfips");
38 $ENV{OPENSSL_CONF_INCLUDE} = srctop_dir("test", "recipes", "30-test_defltfips");
3939 ok(run(test(["defltfips_test", "badfips"])), "running defltfips_test badfips");
4040
4141 #Test an alternative way of configuring fips (but still with bad module-mac)
+2
-0
test/recipes/30-test_evp.t less more
4949 evpkdf_ss.txt
5050 evpkdf_ssh.txt
5151 evpkdf_tls12_prf.txt
52 evpkdf_tls13_kdf.txt
5253 evpkdf_x942.txt
5354 evpkdf_x963.txt
5455 evpmac_common.txt
8485 evpciph_aria.txt
8586 evpciph_bf.txt
8687 evpciph_camellia.txt
88 evpciph_camellia_cts.txt
8789 evpciph_cast5.txt
8890 evpciph_chacha.txt
8991 evpciph_des.txt
+42
-6
test/recipes/30-test_evp_data/evpciph_aes_cts.txt less more
00 #
1 # Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
1 # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
22 #
33 # Licensed under the Apache License 2.0 (the "License"). You may not use
44 # this file except in compliance with the License. You can obtain a copy
4747 IV = 00000000000000000000000000000000
4848 Plaintext = 4920776f756c64206c696b652074686520
4949 Ciphertext = 97c6353568f2bf8cb4d8a580362da7ff7f
50 NextIV = c6353568f2bf8cb4d8a580362da7ff7f
5051
5152 # 31 bytes input
5253 Cipher = AES-128-CBC-CTS
5556 IV = 00000000000000000000000000000000
5657 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
5758 Ciphertext = 97687268d6ecccc0c07b25e25ecfe5fc00783e0efdb2c1d445d4c8eff7ed22
59 NextIV = fc00783e0efdb2c1d445d4c8eff7ed22
5860
5961 # 32 bytes input
6062 Cipher = AES-128-CBC-CTS
6365 IV = 00000000000000000000000000000000
6466 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
6567 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
68 NextIV = 39312523a78662d5be7fcbcc98ebf5a8
6669
6770 # 47 bytes input
6871 Cipher = AES-128-CBC-CTS
7073 IV = 00000000000000000000000000000000
7174 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
7275 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5b3fffd940c16a18c1b5549d2f838029e
76 NextIV = b3fffd940c16a18c1b5549d2f838029e
7377
7478 # 64 bytes input (CS1 is equivalent to CBC when the last block in full)
7579 Cipher = AES-128-CBC-CTS
7882 IV = 00000000000000000000000000000000
7983 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
8084 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
85 NextIV = 4807efe836ee89a526730dbc2f7bc840
8186
8287 #-------------------------------------------------------------------------------
8388 # Generated test values using an IV.
158163 IV = 00000000000000000000000000000000
159164 Plaintext = 4920776f756c64206c696b652074686520
160165 Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
166 NextIV = c6353568f2bf8cb4d8a580362da7ff7f
161167
162168 # 31 bytes input (For partial blocks the output should match CS3)
163169 Cipher = AES-128-CBC-CTS
166172 IV = 00000000000000000000000000000000
167173 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
168174 Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
175 NextIV = fc00783e0efdb2c1d445d4c8eff7ed22
169176
170177 # 32 bytes input (Aligned blocks should match normal CBC mode)
171178 Cipher = AES-128-CBC-CTS
174181 IV = 00000000000000000000000000000000
175182 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
176183 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a8
184 NextIV = 39312523a78662d5be7fcbcc98ebf5a8
177185
178186 # 47 bytes input
179187 Cipher = AES-128-CBC-CTS
182190 IV = 00000000000000000000000000000000
183191 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
184192 Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
193 NextIV = b3fffd940c16a18c1b5549d2f838029e
185194
186195 # 64 bytes input (CS2 is equivalent to CBC when the last block in full)
187196 Cipher = AES-128-CBC-CTS
190199 IV = 00000000000000000000000000000000
191200 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20616e6420776f6e746f6e20736f75702e
192201 Ciphertext = 97687268d6ecccc0c07b25e25ecfe58439312523a78662d5be7fcbcc98ebf5a89dad8bbb96c4cdc03bc103e1a194bbd84807efe836ee89a526730dbc2f7bc840
202 NextIV = 4807efe836ee89a526730dbc2f7bc840
193203
194204 # Generated test values using an IV.
195205
235245 IV = 00000000000000000000000000000000
236246 Plaintext = 4920776f756c64206c696b652074686520
237247 Ciphertext = c6353568f2bf8cb4d8a580362da7ff7f97
248 NextIV = c6353568f2bf8cb4d8a580362da7ff7f
238249
239250 # 31 bytes input
240251 Cipher = AES-128-CBC-CTS
243254 IV = 00000000000000000000000000000000
244255 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320
245256 Ciphertext = fc00783e0efdb2c1d445d4c8eff7ed2297687268d6ecccc0c07b25e25ecfe5
257 NextIV = fc00783e0efdb2c1d445d4c8eff7ed22
246258
247259 # 32 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
248260 Cipher = AES-128-CBC-CTS
251263 IV = 00000000000000000000000000000000
252264 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c2047617527732043
253265 Ciphertext = 39312523a78662d5be7fcbcc98ebf5a897687268d6ecccc0c07b25e25ecfe584
266 NextIV = 39312523a78662d5be7fcbcc98ebf5a8
254267
255268 # 47 bytes input
256269 Cipher = AES-128-CBC-CTS
259272 IV = 00000000000000000000000000000000
260273 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c
261274 Ciphertext = 97687268d6ecccc0c07b25e25ecfe584b3fffd940c16a18c1b5549d2f838029e39312523a78662d5be7fcbcc98ebf5
275 NextIV = b3fffd940c16a18c1b5549d2f838029e
262276
263277 # 48 bytes input
264278 Cipher = AES-128-CBC-CTS
267281 IV = 00000000000000000000000000000000
268282 Plaintext = 4920776f756c64206c696b65207468652047656e6572616c20476175277320436869636b656e2c20706c656173652c20
269283 Ciphertext = 97687268d6ecccc0c07b25e25ecfe5849dad8bbb96c4cdc03bc103e1a194bbd839312523a78662d5be7fcbcc98ebf5a8
284 NextIV = 9dad8bbb96c4cdc03bc103e1a194bbd8
270285
271286 # 64 bytes input (CS3 always swaps the last 2 byte blocks - so it is not equivalent to CBC for a full block)
272287 Cipher = AES-128-CBC-CTS
343358 Plaintext = 0102030405060708090A0B0C0D0E0F
344359 Result = CIPHERUPDATE_ERROR
345360
346 # 16 bytes should fail for CS3 (since it always needs 2 blocks).
347 Cipher = AES-128-CBC-CTS
348 CTSMode = CS3
361 # 16 bytes input
362 Cipher = AES-128-CBC
349363 Key = 636869636b656e207465726979616b69
350364 IV = 00000000000000000000000000000000
351365 Plaintext = 0102030405060708090A0B0C0D0E0F00
352 Result = CIPHERUPDATE_ERROR
353
366 Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
367
368 # 16 bytes with CS3 should return the same as plain CBC mode.
369 Cipher = AES-128-CBC-CTS
370 CTSMode = CS1
371 Key = 636869636b656e207465726979616b69
372 IV = 00000000000000000000000000000000
373 Plaintext = 0102030405060708090A0B0C0D0E0F00
374 Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
375
376 Cipher = AES-128-CBC-CTS
377 CTSMode = CS2
378 Key = 636869636b656e207465726979616b69
379 IV = 00000000000000000000000000000000
380 Plaintext = 0102030405060708090A0B0C0D0E0F00
381 Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
382
383 Cipher = AES-128-CBC-CTS
384 CTSMode = CS3
385 Key = 636869636b656e207465726979616b69
386 IV = 00000000000000000000000000000000
387 Plaintext = 0102030405060708090A0B0C0D0E0F00
388 Ciphertext = 011ca8de3bd20ebc2f8701d56dcf768e
389
+141
-0
test/recipes/30-test_evp_data/evpciph_camellia_cts.txt less more
0 #
1 # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 #
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
7
8 Title = Camellia CTS tests from RFC6803
9
10 # The encryption test vectors in RFC6803 specify the base_key,
11 # not the derived encryption key.
12 # The encryption key was manually derived using:
13 # ke = KBKDF(mac = CMAC, mode = FEEDBACK, base_key,
14 # salt = 0000000 || usage || AA,
15 # seed = 00000000000000000000000000000000)
16 # NOTE: that the usage was not specified in the test vectors,
17 # but is listed here in https://www.rfc-editor.org/errata_search.php?rfc=6803
18 #
19 # e.g: openssl kdf -cipher CAMELLIA-128-CBC
20 # -keylen 16
21 # -kdfopt hexkey:1DC46A8D763F4F93742BCBA3387576C3
22 # -kdfopt hexsalt:00000000AA
23 # -kdfopt mode:FEEDBACK
24 # -kdfopt hexseed:00000000000000000000000000000000
25 # -mac CMAC
26 # KBKDF
27 #
28 # The ciphertext result also contains a MAC result so this was also manually stripped from the test data.
29 # The random confounder is also prepended to the plaintext.
30 #
31
32 # 128-bit Camellia key: 1DC46A8D763F4F93742BCBA3387576C3
33 # Key usage: 0
34 # Random confounder: B69822A19A6B09C0EBC8557D1F1B6C0A
35 # Plaintext: (empty)
36 Cipher = CAMELLIA-128-CBC-CTS
37 CTSMode = CS3
38 Key = E99B82B36C4AE8EA19E95DFA9EDE882C
39 IV = 00000000000000000000000000000000
40 Plaintext = B69822A19A6B09C0EBC8557D1F1B6C0A
41 Ciphertext = C466F1871069921EDB7C6FDE244A52DB
42
43 # 128-bit Camellia key: 5027BC231D0F3A9D23333F1CA6FDBE7C
44 # Key usage: 1
45 # Random confounder: 6F2FC3C2A166FD8898967A83DE9596D9
46 # Plaintext: 1 (31)
47 Cipher = CAMELLIA-128-CBC-CTS
48 CTSMode = CS3
49 Key = A7EDCD5397EA6D12B0AFF4CB8DAA57AD
50 IV = 00000000000000000000000000000000
51 Plaintext = 6F2FC3C2A166FD8898967A83DE9596D931
52 Ciphertext = 842D21FD950311C0DD464A3F4BE8D6DA88
53
54 # 128-bit Camellia key: A1BB61E805F9BA6DDE8FDBDDC05CDEA0
55 # Key usage: 2
56 # Random confounder: A5B4A71E077AEEF93C8763C18FDB1F10
57 # Plaintext: 9 bytesss (392062797465737373)
58 Cipher = CAMELLIA-128-CBC-CTS
59 CTSMode = CS3
60 Key = DDE42ECA7CD9863FC3CE89CBC94362D7
61 IV = 00000000000000000000000000000000
62 Plaintext = A5B4A71E077AEEF93C8763C18FDB1F10392062797465737373
63 Ciphertext = 619FF072E36286FF0A28DEB3A352EC0D0EDF5C5160D663C901
64
65 # 128-bit Camellia key: 2CA27A5FAF5532244506434E1CEF6676
66 # Key usage: 3
67 # Random confounder: 19FEE40D810C524B5B22F01874C693DA
68 # Plaintext: 13 bytes byte (31332062797465732062797465)
69 Cipher = CAMELLIA-128-CBC-CTS
70 CTSMode = CS3
71 Key = C3113A258590B9AEBF721B1AF6B0CBF8
72 IV = 00000000000000000000000000000000
73 Plaintext = 19FEE40D810C524B5B22F01874C693DA31332062797465732062797465
74 Ciphertext = B8ECA3167AE6315512E59F98A7C500205E5F63FF3BB389AF1C41A21D64
75
76 # 128-bit Camellia key: 7824F8C16F83FF354C6BF7515B973F43
77 # Key usage: 4
78 # Random confounder: CA7A7AB4BE192DABD603506DB19C39E2
79 # Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
80 Cipher = CAMELLIA-128-CBC-CTS
81 CTSMode = CS3
82 Key = 8B07EED30149916AA20DB3F5CED8AFAD
83 IV = 00000000000000000000000000000000
84 Plaintext = CA7A7AB4BE192DABD603506DB19C39E2333020627974657320627974657320627974657320627974657320627974
85 Ciphertext = A26A3905A4FFD5816B7B1E27380D08090C8EC1F304496E1ABDCD2BDCD1DFFC660989E117A713DDBB57A4146C1587
86
87 # 256-bit Camellia key: B61C86CC4E5D2757545AD423399FB7031ECAB913CBB900BD7A3C6DD8BF92015B
88 # Key usage: 0
89 # Random confounder: 3CBBD2B45917941067F96599BB98926C
90 # Plaintext: (empty)
91 Cipher = CAMELLIA-256-CBC-CTS
92 CTSMode = CS3
93 Key = 6CCB3F25D8AE57F4E8F6CA474BDDEFF116CE131B3F71012E756D6B1E3F70A7F1
94 IV = 00000000000000000000000000000000
95 Plaintext = 3CBBD2B45917941067F96599BB98926C
96 Ciphertext = 03886D03310B47A6D8F06D7B94D1DD83
97
98 # 256-bit Camellia key: 1B97FE0A190E2021EB30753E1B6E1E77B0754B1D684610355864104963463833
99 # Key usage: 1
100 # Random confounder: DEF487FCEBE6DE6346D4DA4521BBA2D2
101 # Plaintext: 1 (31)
102 Cipher = CAMELLIA-256-CBC-CTS
103 CTSMode = CS3
104 Key = E93173AA01EB3C246231DAFC7802EE32AF24851D8C7387D18CB9B2C5B7F570B8
105 IV = 00000000000000000000000000000000
106 Plaintext = DEF487FCEBE6DE6346D4DA4521BBA2D231
107 Ciphertext = 2C9C1570133C99BF6A34BC1B0212002FD1
108
109 # 256-bit Camellia key: 32164C5B434D1D1538E4CFD9BE8040FE8C4AC7ACC4B93D3314D2133668147A05
110 # Key usage: 2
111 # Random confounder: AD4FF904D34E555384B14100FC465F88
112 # Plaintext: 9 bytesss (392062797465737373)
113 Cipher = CAMELLIA-256-CBC-CTS
114 CTSMode = CS3
115 Key = CDA2D39A9B243FFEB56E8D5F4BD528741ECB520C62123FB040B8418B15C7D70C
116 IV = 00000000000000000000000000000000
117 Plaintext = AD4FF904D34E555384B14100FC465F88392062797465737373
118 Ciphertext = 9C6DE75F812DE7ED0D28B2963557A115640998275B0AF51527
119
120 # 256-bit Camellia key: B038B132CD8E06612267FAB7170066D88AECCBA0B744BFC60DC89BCA182D0715
121 # Key usage: 3
122 # Random confounder: CF9BCA6DF1144E0C0AF9B8F34C90D514
123 # Plaintext: 13 bytes byte (31332062797465732062797465)
124 Cipher = CAMELLIA-256-CBC-CTS
125 CTSMode = CS3
126 Key = CD8A10E279DADDB6901EC30BDF9873250F6EFC6A77367D74DC3EE7F74BC7774E
127 IV = 00000000000000000000000000000000
128 Plaintext = CF9BCA6DF1144E0C0AF9B8F34C90D51431332062797465732062797465
129 Ciphertext = EEEC85A9813CDC536772AB9B42DEFC5706F726E975DDE05A87EB5406EA
130
131 # 256-bit Camellia key: CCFCD349BF4C6677E86E4B02B8EAB924A546AC731CF9BF6989B996E7D6BFBBA7
132 # Key usage: 4
133 # Random confounder: 644DEF38DA35007275878D216855E228
134 # Plaintext: 30 bytes bytes bytes bytes byt (333020627974657320627974657320627974657320627974657320627974)
135 Cipher = CAMELLIA-256-CBC-CTS
136 CTSMode = CS3
137 Key = 1D5147F34BB001A04A68A71346E7654E0223A60D90BC2B79B4D87956D47CD42A
138 IV = 00000000000000000000000000000000
139 Plaintext = 644DEF38DA35007275878D216855E228333020627974657320627974657320627974657320627974657320627974
140 Ciphertext = 0E44680985855F2D1F1812529CA83BFD8E349DE6FD9ADA0BAAA048D68E265FEBF34AD1255A344999AD37146887A6
+3
-3
test/recipes/30-test_evp_data/evpkdf_scrypt.txt less more
00 #
1 # Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
1 # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
22 #
33 # Licensed under the Apache License 2.0 (the "License"). You may not use
44 # this file except in compliance with the License. You can obtain a copy
5656 KDF = id-scrypt
5757 Ctrl.pass = pass:pleaseletmein
5858 Ctrl.salt = salt:SodiumChloride
59 Ctrl.N = n:1048576
59 Ctrl.N = n:2097152
6060 Ctrl.r = r:8
6161 Ctrl.p = p:1
62 Result = INTERNAL_ERROR
62 Result = KDF_DERIVE_ERROR
+4937
-0
test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt less more
0 #
1 # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 #
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
7
8 # Tests start with one of these keywords
9 # Cipher Decrypt Derive Digest Encoding KDF MAC PBE
10 # PrivPubKeyPair Sign Verify VerifyRecover
11 # and continue until a blank line. Lines starting with a pound sign are ignored.
12
13 Title = TLS 1.3 KDF tests (from ACVP test vectors)
14
15 # Each test suite simulates the steps in a TLS 1.3 session
16 # The output of each step is used as an input for the next. These were not
17 # generally included in the ACVP data and have been generated. The end to end
18 # correctness indicates that the intermediate values are okay.
19
20 KDF = TLS13-KDF
21 Ctrl.mode = mode:EXTRACT_ONLY
22 Ctrl.digest = digest:SHA2-256
23 Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
24 Output = 153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216
25
26 KDF = TLS13-KDF
27 Ctrl.mode = mode:EXPAND_ONLY
28 Ctrl.digest = digest:SHA2-256
29 Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216
30 Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
31 Ctrl.prefix = hexprefix:746c73313320
32 Ctrl.label = hexlabel:6320652074726166666963
33 Output = c80583a90e995c489600492a5da642e6b1f679ba674828792df087b939636171
34
35 KDF = TLS13-KDF
36 Ctrl.mode = mode:EXPAND_ONLY
37 Ctrl.digest = digest:SHA2-256
38 Ctrl.key = hexkey:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216
39 Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
40 Ctrl.prefix = hexprefix:746c73313320
41 Ctrl.label = hexlabel:6520657870206d6173746572
42 Output = 1fe336ab43b4a69b11ebc64c8343ed21a9c7f6724702d9d63970e8ff72a4bde7
43
44 KDF = TLS13-KDF
45 Ctrl.mode = mode:EXTRACT_ONLY
46 Ctrl.digest = digest:SHA2-256
47 Ctrl.key = hexkey:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4
48 Ctrl.salt = hexsalt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216
49 Ctrl.prefix = hexprefix:746c73313320
50 Ctrl.label = hexlabel:64657269766564
51 Output = cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd
52
53 KDF = TLS13-KDF
54 Ctrl.mode = mode:EXPAND_ONLY
55 Ctrl.digest = digest:SHA2-256
56 Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd
57 Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc
58 Ctrl.prefix = hexprefix:746c73313320
59 Ctrl.label = hexlabel:632068732074726166666963
60 Output = c2451ee08fd221331f3dabada534393ed1fc8f5983afa251c1d004ec94e823a2
61
62 KDF = TLS13-KDF
63 Ctrl.mode = mode:EXPAND_ONLY
64 Ctrl.digest = digest:SHA2-256
65 Ctrl.key = hexkey:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd
66 Ctrl.data = hexdata:78d80b86fb9b089fb73375e51ae5bcfd742df4cadbd84dea0aaa0ac9d07ba6dc
67 Ctrl.prefix = hexprefix:746c73313320
68 Ctrl.label = hexlabel:732068732074726166666963
69 Output = 40eefbf66cb79c41c9ee1bf0be7f41696da165e7e69628ca8e342fee51827abd
70
71 KDF = TLS13-KDF
72 Ctrl.mode = mode:EXTRACT_ONLY
73 Ctrl.digest = digest:SHA2-256
74 Ctrl.salt = hexsalt:cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd
75 Ctrl.prefix = hexprefix:746c73313320
76 Ctrl.label = hexlabel:64657269766564
77 Output = 9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17
78
79 KDF = TLS13-KDF
80 Ctrl.mode = mode:EXPAND_ONLY
81 Ctrl.digest = digest:SHA2-256
82 Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17
83 Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e
84 Ctrl.prefix = hexprefix:746c73313320
85 Ctrl.label = hexlabel:632061702074726166666963
86 Output = b162c65cdc0f9425aa7cd8fb30a821c8c8f0e8f8f9eb42209d10d784dafadcb5
87
88 KDF = TLS13-KDF
89 Ctrl.mode = mode:EXPAND_ONLY
90 Ctrl.digest = digest:SHA2-256
91 Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17
92 Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e
93 Ctrl.prefix = hexprefix:746c73313320
94 Ctrl.label = hexlabel:732061702074726166666963
95 Output = 6fe71fd9a81dffb3fecedd80c7a4801804116c79bc37b3605f54bc01a9cbed99
96
97 KDF = TLS13-KDF
98 Ctrl.mode = mode:EXPAND_ONLY
99 Ctrl.digest = digest:SHA2-256
100 Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17
101 Ctrl.data = hexdata:fb3e78c3924a01fe4bf912bff8ddb120848ddf3e4b3cdd2cd661abbeff16a96e
102 Ctrl.prefix = hexprefix:746c73313320
103 Ctrl.label = hexlabel:657870206d6173746572
104 Output = eb1069417c771402a32b4797099adc449fd2be22ac47fb771ccd319e1a11ce55
105
106 KDF = TLS13-KDF
107 Ctrl.mode = mode:EXPAND_ONLY
108 Ctrl.digest = digest:SHA2-256
109 Ctrl.key = hexkey:9bdaae0c714cdbd47dd27dd7e37a1b4e5cf82fcaead2389cd71e6de12470ee17
110 Ctrl.data = hexdata:db603b863e82a12147bd81a8e715d3273efe641d467436309e19ae0254461a35
111 Ctrl.prefix = hexprefix:746c73313320
112 Ctrl.label = hexlabel:726573206d6173746572
113 Output = b4face4931df0e3380830805af22055bf29b030988a9e278f7d04f2b00f323e8
114
115 # New TLS 1.3 session starts here
116
117 KDF = TLS13-KDF
118 Ctrl.mode = mode:EXTRACT_ONLY
119 Ctrl.digest = digest:SHA2-256
120 Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
121
122 KDF = TLS13-KDF
123 Ctrl.mode = mode:EXPAND_ONLY
124 Ctrl.digest = digest:SHA2-256
125 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
126 Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2
127 Ctrl.prefix = hexprefix:746c73313320
128 Ctrl.label = hexlabel:6320652074726166666963
129 Output = 265aa1591dd7b8046d95580c5dec47f4f175cd3121afc066ab65b14c2ff2eeec
130
131 KDF = TLS13-KDF
132 Ctrl.mode = mode:EXPAND_ONLY
133 Ctrl.digest = digest:SHA2-256
134 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
135 Ctrl.data = hexdata:ad5c61780c37f5dbe1666e846ffcbfe0694e6d7ee87fc855850cd961420a0da2
136 Ctrl.prefix = hexprefix:746c73313320
137 Ctrl.label = hexlabel:6520657870206d6173746572
138 Output = dfeadee3e4cd8d260ae389043e5f806ea55ee332270487289abaf3933ec219ed
139
140 KDF = TLS13-KDF
141 Ctrl.mode = mode:EXTRACT_ONLY
142 Ctrl.digest = digest:SHA2-256
143 Ctrl.key = hexkey:8ba75a8cee15fe15599cec2d6590313ca4cf2efd7aed87a85ed4cbcbdc5edf9bb1
144 Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
145 Ctrl.prefix = hexprefix:746c73313320
146 Ctrl.label = hexlabel:64657269766564
147 Output = 7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702
148
149 KDF = TLS13-KDF
150 Ctrl.mode = mode:EXPAND_ONLY
151 Ctrl.digest = digest:SHA2-256
152 Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702
153 Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15
154 Ctrl.prefix = hexprefix:746c73313320
155 Ctrl.label = hexlabel:632068732074726166666963
156 Output = f1f7241a9c150b2a9e1e20f00ba42c038688468167201cae15a51f83ddd8520b
157
158 KDF = TLS13-KDF
159 Ctrl.mode = mode:EXPAND_ONLY
160 Ctrl.digest = digest:SHA2-256
161 Ctrl.key = hexkey:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702
162 Ctrl.data = hexdata:fc732c631dec5b82edae0288d698f0ab1823128d73ee370864cc0edc69b1dd15
163 Ctrl.prefix = hexprefix:746c73313320
164 Ctrl.label = hexlabel:732068732074726166666963
165 Output = 38f88680f83f4cbc7afc2e58c7161076da181185009074b5f576c61643bc2e55
166
167 KDF = TLS13-KDF
168 Ctrl.mode = mode:EXTRACT_ONLY
169 Ctrl.digest = digest:SHA2-256
170 Ctrl.salt = hexsalt:7a6d31fe71da649e8e8168a42c5ab12c668f39499df77bc94405853530b85702
171 Ctrl.prefix = hexprefix:746c73313320
172 Ctrl.label = hexlabel:64657269766564
173 Output = 160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce
174
175 KDF = TLS13-KDF
176 Ctrl.mode = mode:EXPAND_ONLY
177 Ctrl.digest = digest:SHA2-256
178 Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce
179 Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070
180 Ctrl.prefix = hexprefix:746c73313320
181 Ctrl.label = hexlabel:632061702074726166666963
182 Output = e8634a48b7162c0c0d55afea28af35f06fcbbd268328bd6a9034b6fcddc48bb2
183
184 KDF = TLS13-KDF
185 Ctrl.mode = mode:EXPAND_ONLY
186 Ctrl.digest = digest:SHA2-256
187 Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce
188 Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070
189 Ctrl.prefix = hexprefix:746c73313320
190 Ctrl.label = hexlabel:732061702074726166666963
191 Output = 1f5f7e35b4495e94f2b847129e246d98cc67d511729ed9ce60fa3c8176a7c41d
192
193 KDF = TLS13-KDF
194 Ctrl.mode = mode:EXPAND_ONLY
195 Ctrl.digest = digest:SHA2-256
196 Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce
197 Ctrl.data = hexdata:127da44d7325927afc7f81b2108b006dd843f05011f4ddb6408c82a0a11da070
198 Ctrl.prefix = hexprefix:746c73313320
199 Ctrl.label = hexlabel:657870206d6173746572
200 Output = ff76b85accc260ce264686e011c9ab08e955cd01943d8c03989ac060ea4ad12e
201
202 KDF = TLS13-KDF
203 Ctrl.mode = mode:EXPAND_ONLY
204 Ctrl.digest = digest:SHA2-256
205 Ctrl.key = hexkey:160f1552154d4be73bcdbcea0dca9594c86b319cf3b052e1e8b080f0b0f128ce
206 Ctrl.data = hexdata:26872f541995715cbf7fcdd26544cfeff9fdff638578d166851127fb8a91ade7
207 Ctrl.prefix = hexprefix:746c73313320
208 Ctrl.label = hexlabel:726573206d6173746572
209 Output = 9d0a1aa3ed67e5bd066e61f15fdfd7a552bea57aed956af3f8b49abc2a9480b7
210
211 # New TLS 1.3 session starts here
212
213 KDF = TLS13-KDF
214 Ctrl.mode = mode:EXTRACT_ONLY
215 Ctrl.digest = digest:SHA2-256
216 Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
217
218 KDF = TLS13-KDF
219 Ctrl.mode = mode:EXPAND_ONLY
220 Ctrl.digest = digest:SHA2-256
221 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
222 Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd
223 Ctrl.prefix = hexprefix:746c73313320
224 Ctrl.label = hexlabel:6320652074726166666963
225 Output = 22c60538c233cbabc8d14ca55fa7b264f4bf1eaa68ca7460be6f965edc2706bd
226
227 KDF = TLS13-KDF
228 Ctrl.mode = mode:EXPAND_ONLY
229 Ctrl.digest = digest:SHA2-256
230 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
231 Ctrl.data = hexdata:ab9a6fa58d1efd4d862d33e5fa1b610ef8af8b1c66d12f7871598e39b5540dcd
232 Ctrl.prefix = hexprefix:746c73313320
233 Ctrl.label = hexlabel:6520657870206d6173746572
234 Output = 04c9e7d5e5709d0d5e98cce5b8d995973427a2adb1e3d092c5418e520959d24c
235
236 KDF = TLS13-KDF
237 Ctrl.mode = mode:EXTRACT_ONLY
238 Ctrl.digest = digest:SHA2-256
239 Ctrl.key = hexkey:079d4c92c73f842771e76173ffc79976499728b81e75ba77255d3f97a9b075b515
240 Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
241 Ctrl.prefix = hexprefix:746c73313320
242 Ctrl.label = hexlabel:64657269766564
243 Output = 18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284
244
245 KDF = TLS13-KDF
246 Ctrl.mode = mode:EXPAND_ONLY
247 Ctrl.digest = digest:SHA2-256
248 Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284
249 Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af
250 Ctrl.prefix = hexprefix:746c73313320
251 Ctrl.label = hexlabel:632068732074726166666963
252 Output = 2f0e7afb326b06b482c82e5a775d65656ae653cd4f9c5527f9fea54c4872331d
253
254 KDF = TLS13-KDF
255 Ctrl.mode = mode:EXPAND_ONLY
256 Ctrl.digest = digest:SHA2-256
257 Ctrl.key = hexkey:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284
258 Ctrl.data = hexdata:eb62d1f34a8aeb2a391e3f6d1e2f9f66e3053530551a41e94ba8f38068f273af
259 Ctrl.prefix = hexprefix:746c73313320
260 Ctrl.label = hexlabel:732068732074726166666963
261 Output = 4c0d8dff2bb81366bde630eb466479765acd151bd14da1ce5a313292ad2e7f3f
262
263 KDF = TLS13-KDF
264 Ctrl.mode = mode:EXTRACT_ONLY
265 Ctrl.digest = digest:SHA2-256
266 Ctrl.salt = hexsalt:18420b91716670f5330e9281ff0816663cb16de070ce6d0378fddbbf2e3d2284
267 Ctrl.prefix = hexprefix:746c73313320
268 Ctrl.label = hexlabel:64657269766564
269 Output = 8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058
270
271 KDF = TLS13-KDF
272 Ctrl.mode = mode:EXPAND_ONLY
273 Ctrl.digest = digest:SHA2-256
274 Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058
275 Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb
276 Ctrl.prefix = hexprefix:746c73313320
277 Ctrl.label = hexlabel:632061702074726166666963
278 Output = 21ecbb49c1013e3fb86e21600b2643bb22db2a5747d1d580b088ec545985750c
279
280 KDF = TLS13-KDF
281 Ctrl.mode = mode:EXPAND_ONLY
282 Ctrl.digest = digest:SHA2-256
283 Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058
284 Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb
285 Ctrl.prefix = hexprefix:746c73313320
286 Ctrl.label = hexlabel:732061702074726166666963
287 Output = 692ce960da75200ba64c0898172c383eba3e910f943e2dc6fb0ca5ea860dd128
288
289 KDF = TLS13-KDF
290 Ctrl.mode = mode:EXPAND_ONLY
291 Ctrl.digest = digest:SHA2-256
292 Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058
293 Ctrl.data = hexdata:ad53aca17f9e3c0fdd64cea888d106584b24e673a834b81f84acadcb5e93addb
294 Ctrl.prefix = hexprefix:746c73313320
295 Ctrl.label = hexlabel:657870206d6173746572
296 Output = 414267573db54653b960060e78f24efbbe0e6eb3bba77f8a1330c52ce748cea9
297
298 KDF = TLS13-KDF
299 Ctrl.mode = mode:EXPAND_ONLY
300 Ctrl.digest = digest:SHA2-256
301 Ctrl.key = hexkey:8ead73c6e289e2f8a0615a95301d80a11801b6e7ae25d59dd13e6fe1b9b3d058
302 Ctrl.data = hexdata:2cf39c1d072fe6ca2e9385b5deb93f6706ca97c4cecd7141968ae9f92d1b331d
303 Ctrl.prefix = hexprefix:746c73313320
304 Ctrl.label = hexlabel:726573206d6173746572
305 Output = 71afefcc45ef6cf641320fd33c0711fce1b177f2de278a3009a423c013eb156e
306
307 # New TLS 1.3 session starts here
308
309 KDF = TLS13-KDF
310 Ctrl.mode = mode:EXTRACT_ONLY
311 Ctrl.digest = digest:SHA2-256
312 Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
313
314 KDF = TLS13-KDF
315 Ctrl.mode = mode:EXPAND_ONLY
316 Ctrl.digest = digest:SHA2-256
317 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
318 Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d
319 Ctrl.prefix = hexprefix:746c73313320
320 Ctrl.label = hexlabel:6320652074726166666963
321 Output = bcb5dab7001fb36b9877b3cc53c92157de4a4a304be8ce1ae8a49b71b5cf5384
322
323 KDF = TLS13-KDF
324 Ctrl.mode = mode:EXPAND_ONLY
325 Ctrl.digest = digest:SHA2-256
326 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
327 Ctrl.data = hexdata:0ba5fc85501734dc78cea66aacc3b2fa36be938b34b10037e842dc6ff493560d
328 Ctrl.prefix = hexprefix:746c73313320
329 Ctrl.label = hexlabel:6520657870206d6173746572
330 Output = efc512b05a887d11ed829bdf90162ace73456c83a6543d74ef95f98022b6162c
331
332 KDF = TLS13-KDF
333 Ctrl.mode = mode:EXTRACT_ONLY
334 Ctrl.digest = digest:SHA2-256
335 Ctrl.key = hexkey:51b7a0a74de27eed1bc77a0691850387f4bfbaafef1033780d027fb0a00d1ba957
336 Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
337 Ctrl.prefix = hexprefix:746c73313320
338 Ctrl.label = hexlabel:64657269766564
339 Output = bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b
340
341 KDF = TLS13-KDF
342 Ctrl.mode = mode:EXPAND_ONLY
343 Ctrl.digest = digest:SHA2-256
344 Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b
345 Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e
346 Ctrl.prefix = hexprefix:746c73313320
347 Ctrl.label = hexlabel:632068732074726166666963
348 Output = 7c318f397dd56ec69c7ab5eafde196c06aefccaf24fb2487e045b55f8d5865dc
349
350 KDF = TLS13-KDF
351 Ctrl.mode = mode:EXPAND_ONLY
352 Ctrl.digest = digest:SHA2-256
353 Ctrl.key = hexkey:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b
354 Ctrl.data = hexdata:9d3b6a05267ca141c132ae2685bba0b8eb27d8b4349af822607bf4c215070d2e
355 Ctrl.prefix = hexprefix:746c73313320
356 Ctrl.label = hexlabel:732068732074726166666963
357 Output = f9b5e2e18869a920128dad1c836d57deacaa85cfec21012823a52182cb5484fc
358
359 KDF = TLS13-KDF
360 Ctrl.mode = mode:EXTRACT_ONLY
361 Ctrl.digest = digest:SHA2-256
362 Ctrl.salt = hexsalt:bb6ebdf3a3790704ba46b29277e0f699cc8d4eb0320c922c4537e3d2897dda7b
363 Ctrl.prefix = hexprefix:746c73313320
364 Ctrl.label = hexlabel:64657269766564
365 Output = 71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba
366
367 KDF = TLS13-KDF
368 Ctrl.mode = mode:EXPAND_ONLY
369 Ctrl.digest = digest:SHA2-256
370 Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba
371 Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8
372 Ctrl.prefix = hexprefix:746c73313320
373 Ctrl.label = hexlabel:632061702074726166666963
374 Output = 7b48562a81323355b3c090d59b8adbb6aaf17b8489448d3d20bee397523ef0ac
375
376 KDF = TLS13-KDF
377 Ctrl.mode = mode:EXPAND_ONLY
378 Ctrl.digest = digest:SHA2-256
379 Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba
380 Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8
381 Ctrl.prefix = hexprefix:746c73313320
382 Ctrl.label = hexlabel:732061702074726166666963
383 Output = 19c59876c3f79fad0f66e3038ef2126ff1f0167a15d8fe10901671fbdb7aca9e
384
385 KDF = TLS13-KDF
386 Ctrl.mode = mode:EXPAND_ONLY
387 Ctrl.digest = digest:SHA2-256
388 Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba
389 Ctrl.data = hexdata:cdb5539c16d3b95ca0c30abd03d11f78175f63768a79c7dd2a5f4ee72d93f7a8
390 Ctrl.prefix = hexprefix:746c73313320
391 Ctrl.label = hexlabel:657870206d6173746572
392 Output = a41b62871f071de5536da378f4b88071dd9839b367065e84da932e45a6b155e6
393
394 KDF = TLS13-KDF
395 Ctrl.mode = mode:EXPAND_ONLY
396 Ctrl.digest = digest:SHA2-256
397 Ctrl.key = hexkey:71e002695a3a5e8899ef4a705462505eb0ec33f9e3214a668d739eeca833e1ba
398 Ctrl.data = hexdata:40248b70ecbe954e7b825281e052f5d1f784678f02c1574f91034c09fa5b4f91
399 Ctrl.prefix = hexprefix:746c73313320
400 Ctrl.label = hexlabel:726573206d6173746572
401 Output = c27da667ff071ee5907d272d0f26cb204af7df95895670a96c8441bcc9433c6c
402
403 # New TLS 1.3 session starts here
404
405 KDF = TLS13-KDF
406 Ctrl.mode = mode:EXTRACT_ONLY
407 Ctrl.digest = digest:SHA2-256
408 Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
409
410 KDF = TLS13-KDF
411 Ctrl.mode = mode:EXPAND_ONLY
412 Ctrl.digest = digest:SHA2-256
413 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
414 Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0
415 Ctrl.prefix = hexprefix:746c73313320
416 Ctrl.label = hexlabel:6320652074726166666963
417 Output = 9988ba03ffa2aa8f8332efc47051278dd4831bb2b2231010b49354f23a14fcc2
418
419 KDF = TLS13-KDF
420 Ctrl.mode = mode:EXPAND_ONLY
421 Ctrl.digest = digest:SHA2-256
422 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
423 Ctrl.data = hexdata:1db79ad32111ded07970f5a4958d60deaaea16c9364d72fd97f1b9d2eb4389f0
424 Ctrl.prefix = hexprefix:746c73313320
425 Ctrl.label = hexlabel:6520657870206d6173746572
426 Output = 332e88ff7e3b1b3e592a89b3151bb79a418f5db6dff522a73ff53bc7e237777e
427
428 KDF = TLS13-KDF
429 Ctrl.mode = mode:EXTRACT_ONLY
430 Ctrl.digest = digest:SHA2-256
431 Ctrl.key = hexkey:6d42939374a8adf6d3d96bf450eece38f2d0268814262f9780acf5b6769582b0aa
432 Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
433 Ctrl.prefix = hexprefix:746c73313320
434 Ctrl.label = hexlabel:64657269766564
435 Output = ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1
436
437 KDF = TLS13-KDF
438 Ctrl.mode = mode:EXPAND_ONLY
439 Ctrl.digest = digest:SHA2-256
440 Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1
441 Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f
442 Ctrl.prefix = hexprefix:746c73313320
443 Ctrl.label = hexlabel:632068732074726166666963
444 Output = 60822aa502f3065ec3972e5dba90f14b254544f99d3274cd67fa3565e5e78f11
445
446 KDF = TLS13-KDF
447 Ctrl.mode = mode:EXPAND_ONLY
448 Ctrl.digest = digest:SHA2-256
449 Ctrl.key = hexkey:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1
450 Ctrl.data = hexdata:782580319c405ffabb7c272f730a4d0c06da94923f49fc8194e86c91b339cd0f
451 Ctrl.prefix = hexprefix:746c73313320
452 Ctrl.label = hexlabel:732068732074726166666963
453 Output = 4534439181f03ed7c34471c0b2cd59a064402a6cb8092f5e30dfe3db4ce29c65
454
455 KDF = TLS13-KDF
456 Ctrl.mode = mode:EXTRACT_ONLY
457 Ctrl.digest = digest:SHA2-256
458 Ctrl.salt = hexsalt:ab43c87709e09c9acbdaad583da6fe1e8e6756a43fddf59382113981a33621b1
459 Ctrl.prefix = hexprefix:746c73313320
460 Ctrl.label = hexlabel:64657269766564
461 Output = bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96
462
463 KDF = TLS13-KDF
464 Ctrl.mode = mode:EXPAND_ONLY
465 Ctrl.digest = digest:SHA2-256
466 Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96
467 Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a
468 Ctrl.prefix = hexprefix:746c73313320
469 Ctrl.label = hexlabel:632061702074726166666963
470 Output = 1fa11fda9fc1840f2082a9a81b9212bca08915c8402f5d9d3e6403df529a6872
471
472 KDF = TLS13-KDF
473 Ctrl.mode = mode:EXPAND_ONLY
474 Ctrl.digest = digest:SHA2-256
475 Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96
476 Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a
477 Ctrl.prefix = hexprefix:746c73313320
478 Ctrl.label = hexlabel:732061702074726166666963
479 Output = 5d3b814a5ea0b320dc2d6b0d50f766013073e92203184ea6f990f3a23ba1b936
480
481 KDF = TLS13-KDF
482 Ctrl.mode = mode:EXPAND_ONLY
483 Ctrl.digest = digest:SHA2-256
484 Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96
485 Ctrl.data = hexdata:87815c0c6533c20ce2a749d15be7f5e5efcb01a9d66ff0c1eaf9317a35f78c0a
486 Ctrl.prefix = hexprefix:746c73313320
487 Ctrl.label = hexlabel:657870206d6173746572
488 Output = 12c9b8c8b42467ccfb6161cafda1027212c59782891fc9f4b43e68f66a6ff0be
489
490 KDF = TLS13-KDF
491 Ctrl.mode = mode:EXPAND_ONLY
492 Ctrl.digest = digest:SHA2-256
493 Ctrl.key = hexkey:bdc1b213a768dc7302f236094affb53ee401f6420f6f9730f9e5638600119c96
494 Ctrl.data = hexdata:7d3160a347ba24ed246af7287f60a64cebe1678aa3055958693c1189f9ae45b8
495 Ctrl.prefix = hexprefix:746c73313320
496 Ctrl.label = hexlabel:726573206d6173746572
497 Output = b39060999fb0e2319294654c6ddf17c6375e25d5e44da3d00474aba66384f961
498
499 # New TLS 1.3 session starts here
500
501 KDF = TLS13-KDF
502 Ctrl.mode = mode:EXTRACT_ONLY
503 Ctrl.digest = digest:SHA2-256
504 Output = 33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
505
506 KDF = TLS13-KDF
507 Ctrl.mode = mode:EXPAND_ONLY
508 Ctrl.digest = digest:SHA2-256
509 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
510 Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5
511 Ctrl.prefix = hexprefix:746c73313320
512 Ctrl.label = hexlabel:6320652074726166666963
513 Output = 659f7cc8a36d4efcea9bb1dbe7d0723b968a7a78eb80d18966afb24fabdb86a2
514
515 KDF = TLS13-KDF
516 Ctrl.mode = mode:EXPAND_ONLY
517 Ctrl.digest = digest:SHA2-256
518 Ctrl.key = hexkey:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
519 Ctrl.data = hexdata:491d9ca9cd0d5c8ddef62cd87b9ee6e934ec66191b22667447544355ae5903d5
520 Ctrl.prefix = hexprefix:746c73313320
521 Ctrl.label = hexlabel:6520657870206d6173746572
522 Output = 292bcf6dd3c94e79d2ac4bd4de158f0bedb7416591e87a911ea4034ba6da7a7c
523
524 KDF = TLS13-KDF
525 Ctrl.mode = mode:EXTRACT_ONLY
526 Ctrl.digest = digest:SHA2-256
527 Ctrl.key = hexkey:8bed9e790b96b98846068b237082f9c0c0e53af3bea98bdda5f1a079448775ab6d
528 Ctrl.salt = hexsalt:33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a
529 Ctrl.prefix = hexprefix:746c73313320
530 Ctrl.label = hexlabel:64657269766564
531 Output = 9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0
532
533 KDF = TLS13-KDF
534 Ctrl.mode = mode:EXPAND_ONLY
535 Ctrl.digest = digest:SHA2-256
536 Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0
537 Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812
538 Ctrl.prefix = hexprefix:746c73313320
539 Ctrl.label = hexlabel:632068732074726166666963
540 Output = 7b4d547ba11886f439c6d53b1e65b09aff3f1fea4fb8628962a546013fd53bbc
541
542 KDF = TLS13-KDF
543 Ctrl.mode = mode:EXPAND_ONLY
544 Ctrl.digest = digest:SHA2-256
545 Ctrl.key = hexkey:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0
546 Ctrl.data = hexdata:b969708ab3a1b1b1b87f228a49d37df58a367064a6bccec689a475dc5edda812
547 Ctrl.prefix = hexprefix:746c73313320
548 Ctrl.label = hexlabel:732068732074726166666963
549 Output = cdb6b0be56d99c2a9a9c201a4b62b27df40877b228ba085fd0d06a5489545595
550
551 KDF = TLS13-KDF
552 Ctrl.mode = mode:EXTRACT_ONLY
553 Ctrl.digest = digest:SHA2-256
554 Ctrl.salt = hexsalt:9aed3d26bbdc6406c1262928224052a9e9e68f64dbc3a159f41b6644dccf81d0
555 Ctrl.prefix = hexprefix:746c73313320
556 Ctrl.label = hexlabel:64657269766564
557 Output = c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb
558
559 KDF = TLS13-KDF
560 Ctrl.mode = mode:EXPAND_ONLY
561 Ctrl.digest = digest:SHA2-256
562 Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb
563 Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da
564 Ctrl.prefix = hexprefix:746c73313320
565 Ctrl.label = hexlabel:632061702074726166666963
566 Output = f2a8f833af1dc5db36b842769955d97db05d3bd5014ca9c9fa301e8ac6214ebe
567
568 KDF = TLS13-KDF
569 Ctrl.mode = mode:EXPAND_ONLY
570 Ctrl.digest = digest:SHA2-256
571 Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb
572 Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da
573 Ctrl.prefix = hexprefix:746c73313320
574 Ctrl.label = hexlabel:732061702074726166666963
575 Output = 1ac34b3063a496f7be40f83e01055a97a0899c9a0484121df5f11ce25d9ca426
576
577 KDF = TLS13-KDF
578 Ctrl.mode = mode:EXPAND_ONLY
579 Ctrl.digest = digest:SHA2-256
580 Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb
581 Ctrl.data = hexdata:129524eaf21476767f2f14c3ec038f7fadb38f0c35645391b41b218729a1a9da
582 Ctrl.prefix = hexprefix:746c73313320
583 Ctrl.label = hexlabel:657870206d6173746572
584 Output = 58374f792176371d434f9866ba8958fab9eced9edc0a4d7a787798ded90fa9b7
585
586 KDF = TLS13-KDF
587 Ctrl.mode = mode:EXPAND_ONLY
588 Ctrl.digest = digest:SHA2-256
589 Ctrl.key = hexkey:c54b82100787f03b666cbb04d34bd894911346cc6c39266971a5de5f99fdb7bb
590 Ctrl.data = hexdata:3279a4e27fc27a69208764df2fc0de77e3d9c73dd971b368b8d0a32536a6f8bb
591 Ctrl.prefix = hexprefix:746c73313320
592 Ctrl.label = hexlabel:726573206d6173746572
593 Output = 1aff1cdf216ba86913a3d191159de6869490ca94e79da7fbc6173643c87d407a
594
595 # New TLS 1.3 session starts here
596
597 KDF = TLS13-KDF
598 Ctrl.mode = mode:EXTRACT_ONLY
599 Ctrl.digest = digest:SHA2-256
600 Ctrl.key = hexkey:b6d0a81fd3c91c1970a2d85ed695fba34143ae0fea07bc7c8653ad4830c905db
601 Output = 94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc
602
603 KDF = TLS13-KDF
604 Ctrl.mode = mode:EXPAND_ONLY
605 Ctrl.digest = digest:SHA2-256
606 Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc
607 Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3
608 Ctrl.prefix = hexprefix:746c73313320
609 Ctrl.label = hexlabel:6320652074726166666963
610 Output = 122a73631c397d888895544f34925464a3d6983cdf647d6e23b050d140af1273
611
612 KDF = TLS13-KDF
613 Ctrl.mode = mode:EXPAND_ONLY
614 Ctrl.digest = digest:SHA2-256
615 Ctrl.key = hexkey:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc
616 Ctrl.data = hexdata:47afa605ef0002b533bedbc155030e2b96c1d8d20d410dc44ce37dd94c8cb1e3
617 Ctrl.prefix = hexprefix:746c73313320
618 Ctrl.label = hexlabel:6520657870206d6173746572
619 Output = 0bb4c7419f9a02f9eb52ab21886b20b7be6ae8223db2e67c50d5d3461ec9b936
620
621 KDF = TLS13-KDF
622 Ctrl.mode = mode:EXTRACT_ONLY
623 Ctrl.digest = digest:SHA2-256
624 Ctrl.key = hexkey:d36680e32c17596202cbf2765472708cb5bc41399b2c9d7cf1c88ca219e7a1ee
625 Ctrl.salt = hexsalt:94374db506b58237defb8b1d7fd10c17440ea9c46380d00e22fdb879fbfe2cbc
626 Ctrl.prefix = hexprefix:746c73313320
627 Ctrl.label = hexlabel:64657269766564
628 Output = e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3
629
630 KDF = TLS13-KDF
631 Ctrl.mode = mode:EXPAND_ONLY
632 Ctrl.digest = digest:SHA2-256
633 Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3
634 Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0
635 Ctrl.prefix = hexprefix:746c73313320
636 Ctrl.label = hexlabel:632068732074726166666963
637 Output = 0de142b91cfda627b365dab23e69ad00edb0085b33076052cf5f7f0ec735abc8
638
639 KDF = TLS13-KDF
640 Ctrl.mode = mode:EXPAND_ONLY
641 Ctrl.digest = digest:SHA2-256
642 Ctrl.key = hexkey:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3
643 Ctrl.data = hexdata:c724c6137e799c69850f94ccbe089b07896d44cc7845fcf07cfea716176cc0f0
644 Ctrl.prefix = hexprefix:746c73313320
645 Ctrl.label = hexlabel:732068732074726166666963
646 Output = abdeed5d5f41fb963e1a136ac914aa35617c3cd19a56b1c975f27656b967db89
647
648 KDF = TLS13-KDF
649 Ctrl.mode = mode:EXTRACT_ONLY
650 Ctrl.digest = digest:SHA2-256
651 Ctrl.salt = hexsalt:e6d83b5c15773dd227c4f4506bf6584ae196d28153dec17aec2142077b4d1ae3
652 Ctrl.prefix = hexprefix:746c73313320
653 Ctrl.label = hexlabel:64657269766564
654 Output = 7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129
655
656 KDF = TLS13-KDF
657 Ctrl.mode = mode:EXPAND_ONLY
658 Ctrl.digest = digest:SHA2-256
659 Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129
660 Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3
661 Ctrl.prefix = hexprefix:746c73313320
662 Ctrl.label = hexlabel:632061702074726166666963
663 Output = d4e9ecf730820bf96846489a1b717af11cf498f7b0a2a779a4064996597cb97b
664
665 KDF = TLS13-KDF
666 Ctrl.mode = mode:EXPAND_ONLY
667 Ctrl.digest = digest:SHA2-256
668 Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129
669 Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3
670 Ctrl.prefix = hexprefix:746c73313320
671 Ctrl.label = hexlabel:732061702074726166666963
672 Output = 6d9189f42b5cc41f50c26ada399521e2e3a79f9d8764f00e76e6bce962169cc8
673
674 KDF = TLS13-KDF
675 Ctrl.mode = mode:EXPAND_ONLY
676 Ctrl.digest = digest:SHA2-256
677 Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129
678 Ctrl.data = hexdata:6550c34750ff90a4e62391d53b2cb45650380f018845cb63a399516a66681fc3
679 Ctrl.prefix = hexprefix:746c73313320
680 Ctrl.label = hexlabel:657870206d6173746572
681 Output = 3998b7178fef3a48ce434d8ead4b09f136dc2f900218dcfcbe7321bc9ce4ec4b
682
683 KDF = TLS13-KDF
684 Ctrl.mode = mode:EXPAND_ONLY
685 Ctrl.digest = digest:SHA2-256
686 Ctrl.key = hexkey:7eace69e348057e83a83a877a4920daa9fb4c7fbfe897600f29d9496424d5129
687 Ctrl.data = hexdata:e8a32347070a957786be61942a657b1e51ef0a37591e4d69e4c1362033ced9f0
688 Ctrl.prefix = hexprefix:746c73313320
689 Ctrl.label = hexlabel:726573206d6173746572
690 Output = c3112140c8aed04d114af73b6f245fafdc0c7ff4661ad6252cc754b9afb5b59a
691
692 # New TLS 1.3 session starts here
693
694 KDF = TLS13-KDF
695 Ctrl.mode = mode:EXTRACT_ONLY
696 Ctrl.digest = digest:SHA2-256
697 Ctrl.key = hexkey:89f7a556f3c19a2833b3313868dc11f5728880fb3ac74eb142042bd5e951a1a6
698 Output = 7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5
699
700 KDF = TLS13-KDF
701 Ctrl.mode = mode:EXPAND_ONLY
702 Ctrl.digest = digest:SHA2-256
703 Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5
704 Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f
705 Ctrl.prefix = hexprefix:746c73313320
706 Ctrl.label = hexlabel:6320652074726166666963
707 Output = 97cddc9e02e8a54646e1d3cd1018185d93bd76743a64cef03fef3bc1305db4cc
708
709 KDF = TLS13-KDF
710 Ctrl.mode = mode:EXPAND_ONLY
711 Ctrl.digest = digest:SHA2-256
712 Ctrl.key = hexkey:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5
713 Ctrl.data = hexdata:fb6e2fffef563561a53b0cbd6b93da78597fd7127f03069b1e724312e0f1a49f
714 Ctrl.prefix = hexprefix:746c73313320
715 Ctrl.label = hexlabel:6520657870206d6173746572
716 Output = b78c86ab545bd86e890359a2c0bf695c95dec4e3207ad7c110372153328641ae
717
718 KDF = TLS13-KDF
719 Ctrl.mode = mode:EXTRACT_ONLY
720 Ctrl.digest = digest:SHA2-256
721 Ctrl.key = hexkey:0cec10693bc11dee75ca5e1d06cb42abba7d1d76762f7400f323b1c191e7e745
722 Ctrl.salt = hexsalt:7f9c0864adf9769f2f362f239121b620f2a0bfc4e2898e8cc1f05e11517ceac5
723 Ctrl.prefix = hexprefix:746c73313320
724 Ctrl.label = hexlabel:64657269766564
725 Output = 1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee
726
727 KDF = TLS13-KDF
728 Ctrl.mode = mode:EXPAND_ONLY
729 Ctrl.digest = digest:SHA2-256
730 Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee
731 Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1
732 Ctrl.prefix = hexprefix:746c73313320
733 Ctrl.label = hexlabel:632068732074726166666963
734 Output = 8f4432e28701a3491742a5588ab506ef378d2ee46dcb9df3c2b8f1161638226a
735
736 KDF = TLS13-KDF
737 Ctrl.mode = mode:EXPAND_ONLY
738 Ctrl.digest = digest:SHA2-256
739 Ctrl.key = hexkey:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee
740 Ctrl.data = hexdata:6f71510b9e2d8ef93dbdb4523bee6649f2066dbe9f8b0c1d3b8295b0c70f75e1
741 Ctrl.prefix = hexprefix:746c73313320
742 Ctrl.label = hexlabel:732068732074726166666963
743 Output = 62ddaed76a7bc9aa623a10176e180333bf50e2d436ab9d6df2e6327c3934b0aa
744
745 KDF = TLS13-KDF
746 Ctrl.mode = mode:EXTRACT_ONLY
747 Ctrl.digest = digest:SHA2-256
748 Ctrl.salt = hexsalt:1e88503eafb7a8e5d37d4d05c2d11a7b2a41b139c321eaf72aa33e155c815aee
749 Ctrl.prefix = hexprefix:746c73313320
750 Ctrl.label = hexlabel:64657269766564
751 Output = f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8
752
753 KDF = TLS13-KDF
754 Ctrl.mode = mode:EXPAND_ONLY
755 Ctrl.digest = digest:SHA2-256
756 Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8
757 Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de
758 Ctrl.prefix = hexprefix:746c73313320
759 Ctrl.label = hexlabel:632061702074726166666963
760 Output = 5a25fbebbb09a70ee782337a601f6e86e7a77cdfe980c90d2e2acf48a2426c8b
761
762 KDF = TLS13-KDF
763 Ctrl.mode = mode:EXPAND_ONLY
764 Ctrl.digest = digest:SHA2-256
765 Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8
766 Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de
767 Ctrl.prefix = hexprefix:746c73313320
768 Ctrl.label = hexlabel:732061702074726166666963
769 Output = 495df78c999d00de7c410c8e964df0dbf9192231bbe1b06880b13a0dafee1003
770
771 KDF = TLS13-KDF
772 Ctrl.mode = mode:EXPAND_ONLY
773 Ctrl.digest = digest:SHA2-256
774 Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8
775 Ctrl.data = hexdata:daf66774a6c5575457a3c4d8fd127fbcaeae1a95b518be04955dced1f14861de
776 Ctrl.prefix = hexprefix:746c73313320
777 Ctrl.label = hexlabel:657870206d6173746572
778 Output = d39992ac1cfbe2715b1b95affff6e23934121d3b0b54685f668f5c4473f36f1d
779
780 KDF = TLS13-KDF
781 Ctrl.mode = mode:EXPAND_ONLY
782 Ctrl.digest = digest:SHA2-256
783 Ctrl.key = hexkey:f167151ca3b7e09230e2b19b35d5eb94ac185bcd11718bf3fa7b4ad9b13c50d8
784 Ctrl.data = hexdata:77100f9b44422180a922b28ef83701c5ac19fdc3aea8e4f966840f9fa3c893eb
785 Ctrl.prefix = hexprefix:746c73313320
786 Ctrl.label = hexlabel:726573206d6173746572
787 Output = 928104946f6338386e8ac29c6a9b16453fa8c96ee18e7dd9e2f4091cd5399f91
788
789 # New TLS 1.3 session starts here
790
791 KDF = TLS13-KDF
792 Ctrl.mode = mode:EXTRACT_ONLY
793 Ctrl.digest = digest:SHA2-256
794 Ctrl.key = hexkey:90f8ba43a34bffd93495f3d854c84594e0daf85d9468b35c4dcf44a80eb31718
795 Output = c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5
796
797 KDF = TLS13-KDF
798 Ctrl.mode = mode:EXPAND_ONLY
799 Ctrl.digest = digest:SHA2-256
800 Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5
801 Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9
802 Ctrl.prefix = hexprefix:746c73313320
803 Ctrl.label = hexlabel:6320652074726166666963
804 Output = fd0edb84e6742a9f33892c91e7fc9fe59d932c7677ab3627ede5b15991a607ec
805
806 KDF = TLS13-KDF
807 Ctrl.mode = mode:EXPAND_ONLY
808 Ctrl.digest = digest:SHA2-256
809 Ctrl.key = hexkey:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5
810 Ctrl.data = hexdata:218aa61bd49bc0f7ad65332ad4bb18015d3e646cacfdc72f710c9efbe01979a9
811 Ctrl.prefix = hexprefix:746c73313320
812 Ctrl.label = hexlabel:6520657870206d6173746572
813 Output = 25a8973e89c3f3eb3f1394df0f62ee66a7003c794876473c2cc800f7cf4c11fb
814
815 KDF = TLS13-KDF
816 Ctrl.mode = mode:EXTRACT_ONLY
817 Ctrl.digest = digest:SHA2-256
818 Ctrl.key = hexkey:a2092cf8a9357e82253844c9f563385e8d44b89d960a7b2fffbc8d697fdcb057
819 Ctrl.salt = hexsalt:c7222ce686f8f5ae6580fe79f05591187b9238eb9884828074c2d2af274a07d5
820 Ctrl.prefix = hexprefix:746c73313320
821 Ctrl.label = hexlabel:64657269766564
822 Output = 917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf
823
824 KDF = TLS13-KDF
825 Ctrl.mode = mode:EXPAND_ONLY
826 Ctrl.digest = digest:SHA2-256
827 Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf
828 Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f
829 Ctrl.prefix = hexprefix:746c73313320
830 Ctrl.label = hexlabel:632068732074726166666963
831 Output = a2861ceecd2842fac7245facc65f6b13145635eaaabd2c3a02db6b20b91f9d38
832
833 KDF = TLS13-KDF
834 Ctrl.mode = mode:EXPAND_ONLY
835 Ctrl.digest = digest:SHA2-256
836 Ctrl.key = hexkey:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf
837 Ctrl.data = hexdata:bfe3f121ae6e973c2b58a7ab40295212387146eeec3d3c5764a320de2c37051f
838 Ctrl.prefix = hexprefix:746c73313320
839 Ctrl.label = hexlabel:732068732074726166666963
840 Output = 3b74970ceec49ff0aa043603487194c7c42f4e31ac4aab661f9056c8000afa25
841
842 KDF = TLS13-KDF
843 Ctrl.mode = mode:EXTRACT_ONLY
844 Ctrl.digest = digest:SHA2-256
845 Ctrl.salt = hexsalt:917c83ffd6a51b4ec8682d215b683a4c1025180779b2d4af6321ea63a9c7abaf
846 Ctrl.prefix = hexprefix:746c73313320
847 Ctrl.label = hexlabel:64657269766564
848 Output = 67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af
849
850 KDF = TLS13-KDF
851 Ctrl.mode = mode:EXPAND_ONLY
852 Ctrl.digest = digest:SHA2-256
853 Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af
854 Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9
855 Ctrl.prefix = hexprefix:746c73313320
856 Ctrl.label = hexlabel:632061702074726166666963
857 Output = c10c35faa34fc917cf0acb280fdb0c3ac513d5c86f418a99e5590d40ccb8fcb9
858
859 KDF = TLS13-KDF
860 Ctrl.mode = mode:EXPAND_ONLY
861 Ctrl.digest = digest:SHA2-256
862 Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af
863 Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9
864 Ctrl.prefix = hexprefix:746c73313320
865 Ctrl.label = hexlabel:732061702074726166666963
866 Output = f0ac9ca472ab7587b074d59824a5daec75d613da9b168a2589bbbdcd76c51976
867
868 KDF = TLS13-KDF
869 Ctrl.mode = mode:EXPAND_ONLY
870 Ctrl.digest = digest:SHA2-256
871 Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af
872 Ctrl.data = hexdata:35f9b9be0850baa1016762d63005ea679c47971932f7141038ae009a904cf7f9
873 Ctrl.prefix = hexprefix:746c73313320
874 Ctrl.label = hexlabel:657870206d6173746572
875 Output = 5e8deab072f10d9c8ffdcda58b93ea5a61f11cf72ca0647118164a2a7fa03a08
876
877 KDF = TLS13-KDF
878 Ctrl.mode = mode:EXPAND_ONLY
879 Ctrl.digest = digest:SHA2-256
880 Ctrl.key = hexkey:67acff590a7ff60cf452d56a9824f8e8831f0b401b4e9968f7f715c73374d1af
881 Ctrl.data = hexdata:b8d1e9993b45dfda130aa77c5319074806042cb4aad1b505bedb951a40cf2003
882 Ctrl.prefix = hexprefix:746c73313320
883 Ctrl.label = hexlabel:726573206d6173746572
884 Output = 6cf8a005b4b453cc982f4707dc64bc3dc8d00602aebd5f85413f4d405e656851
885
886 # New TLS 1.3 session starts here
887
888 KDF = TLS13-KDF
889 Ctrl.mode = mode:EXTRACT_ONLY
890 Ctrl.digest = digest:SHA2-256
891 Ctrl.key = hexkey:bd1eead608338b0308e4243325a02b350ef6eb5e5fae728fd73f3f9a02c3d515
892 Output = c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c
893
894 KDF = TLS13-KDF
895 Ctrl.mode = mode:EXPAND_ONLY
896 Ctrl.digest = digest:SHA2-256
897 Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c
898 Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e
899 Ctrl.prefix = hexprefix:746c73313320
900 Ctrl.label = hexlabel:6320652074726166666963
901 Output = 308ecfa294dec305f736df30570315d28b63b6c72507c1ce14c4f51441982e63
902
903 KDF = TLS13-KDF
904 Ctrl.mode = mode:EXPAND_ONLY
905 Ctrl.digest = digest:SHA2-256
906 Ctrl.key = hexkey:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c
907 Ctrl.data = hexdata:eaa65a5ab61073c13c86d5d4dc97dba62c746b6d63f4e09014d157223daf2a0e
908 Ctrl.prefix = hexprefix:746c73313320
909 Ctrl.label = hexlabel:6520657870206d6173746572
910 Output = a41017b7a9ef987dc543e52539688cfc74bb95094693ecf6d9a1724f78ba6403
911
912 KDF = TLS13-KDF
913 Ctrl.mode = mode:EXTRACT_ONLY
914 Ctrl.digest = digest:SHA2-256
915 Ctrl.key = hexkey:a501370b0ffebbf0f115b367ed21f6d8816b10282a2724cb480993583f64f787
916 Ctrl.salt = hexsalt:c67ac5e381b0bdc51b8dc7891f581882a2b83408e6f7cdc36a6245cc2797270c
917 Ctrl.prefix = hexprefix:746c73313320
918 Ctrl.label = hexlabel:64657269766564
919 Output = 6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53
920
921 KDF = TLS13-KDF
922 Ctrl.mode = mode:EXPAND_ONLY
923 Ctrl.digest = digest:SHA2-256
924 Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53
925 Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4
926 Ctrl.prefix = hexprefix:746c73313320
927 Ctrl.label = hexlabel:632068732074726166666963
928 Output = f2bed07ad9d2efd2718fb4da4a9dc90fa1dc40440b98c5291377beca16dc6599
929
930 KDF = TLS13-KDF
931 Ctrl.mode = mode:EXPAND_ONLY
932 Ctrl.digest = digest:SHA2-256
933 Ctrl.key = hexkey:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53
934 Ctrl.data = hexdata:ebbe1a77c63580e02ff7b51438c736a955326403640edfbdb1812097b57c2fb4
935 Ctrl.prefix = hexprefix:746c73313320
936 Ctrl.label = hexlabel:732068732074726166666963
937 Output = f47f4524fd86c43d2c4c1618b03492f8bbcc3bdc1b8c8b97b4ec18581dc13f8e
938
939 KDF = TLS13-KDF
940 Ctrl.mode = mode:EXTRACT_ONLY
941 Ctrl.digest = digest:SHA2-256
942 Ctrl.salt = hexsalt:6698bc4d53decbb95a8912dea1332c67f83a1f1fb077701bee15ead22054bc53
943 Ctrl.prefix = hexprefix:746c73313320
944 Ctrl.label = hexlabel:64657269766564
945 Output = 55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a
946
947 KDF = TLS13-KDF
948 Ctrl.mode = mode:EXPAND_ONLY
949 Ctrl.digest = digest:SHA2-256
950 Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a
951 Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335
952 Ctrl.prefix = hexprefix:746c73313320
953 Ctrl.label = hexlabel:632061702074726166666963
954 Output = 64e2482febc65460e45d3b9dad2fa847ba2ec91737225920fa4d0afb83ac4558
955
956 KDF = TLS13-KDF
957 Ctrl.mode = mode:EXPAND_ONLY
958 Ctrl.digest = digest:SHA2-256
959 Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a
960 Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335
961 Ctrl.prefix = hexprefix:746c73313320
962 Ctrl.label = hexlabel:732061702074726166666963
963 Output = 902dcd1e49c7facf55ce6dbedab06f7265a092418a235df019102b4265d648d2
964
965 KDF = TLS13-KDF
966 Ctrl.mode = mode:EXPAND_ONLY
967 Ctrl.digest = digest:SHA2-256
968 Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a
969 Ctrl.data = hexdata:af6d979bb4e54e8a1cec24983efd7d72deccbf8d6bd137a9a95b94c70cceb335
970 Ctrl.prefix = hexprefix:746c73313320
971 Ctrl.label = hexlabel:657870206d6173746572
972 Output = e168010de64b519d0cf575dbf267590c03b45782d875e10e193be95366d450cd
973
974 KDF = TLS13-KDF
975 Ctrl.mode = mode:EXPAND_ONLY
976 Ctrl.digest = digest:SHA2-256
977 Ctrl.key = hexkey:55042c631e7e5e78a6afca32f09741a93d987e55de8213bf8418546c5b40be8a
978 Ctrl.data = hexdata:0fe329b7ebec20e21a6322f657702873afb4a52dab88f7484c9cfbfd3b1c1105
979 Ctrl.prefix = hexprefix:746c73313320
980 Ctrl.label = hexlabel:726573206d6173746572
981 Output = 815929e43c3624dccc01db4adfd97f0fea124ff83bfe79cfd0aa76f91e36d9ea
982
983 # New TLS 1.3 session starts here
984
985 KDF = TLS13-KDF
986 Ctrl.mode = mode:EXTRACT_ONLY
987 Ctrl.digest = digest:SHA2-256
988 Ctrl.key = hexkey:47a2f1ed109d1ed2e7a31288312da8930e8f3445c98b6a8862da85ae07507bc6
989 Output = 1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b
990
991 KDF = TLS13-KDF
992 Ctrl.mode = mode:EXPAND_ONLY
993 Ctrl.digest = digest:SHA2-256
994 Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b
995 Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842
996 Ctrl.prefix = hexprefix:746c73313320
997 Ctrl.label = hexlabel:6320652074726166666963
998 Output = 7b57c9475d089b4798340fec63fe876f9fd1214cf0947c8779d0f4952f6aa9c7
999
1000 KDF = TLS13-KDF
1001 Ctrl.mode = mode:EXPAND_ONLY
1002 Ctrl.digest = digest:SHA2-256
1003 Ctrl.key = hexkey:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b
1004 Ctrl.data = hexdata:31748082bf14950d21b4a0759143bb70474cb1c231cd91764d5bd241de984842
1005 Ctrl.prefix = hexprefix:746c73313320
1006 Ctrl.label = hexlabel:6520657870206d6173746572
1007 Output = 0f0790d9d50286db6cb769f3b6c1ca72a8a9597176ff8c79d8969aa38be74215
1008
1009 KDF = TLS13-KDF
1010 Ctrl.mode = mode:EXTRACT_ONLY
1011 Ctrl.digest = digest:SHA2-256
1012 Ctrl.key = hexkey:9674cae88f3468d7b34df9bd2c348b99f1a964d7ed2bd5340edae2c9c96399db
1013 Ctrl.salt = hexsalt:1d08642939bbb7369d15c7a1d022ed05ec030321bd953593fabd43a8703b096b
1014 Ctrl.prefix = hexprefix:746c73313320
1015 Ctrl.label = hexlabel:64657269766564
1016 Output = cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c
1017
1018 KDF = TLS13-KDF
1019 Ctrl.mode = mode:EXPAND_ONLY
1020 Ctrl.digest = digest:SHA2-256
1021 Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c
1022 Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819
1023 Ctrl.prefix = hexprefix:746c73313320
1024 Ctrl.label = hexlabel:632068732074726166666963
1025 Output = b0beb402fbbd33be12a60927c160210f0343c31143945d0320d0337ed1466aa7
1026
1027 KDF = TLS13-KDF
1028 Ctrl.mode = mode:EXPAND_ONLY
1029 Ctrl.digest = digest:SHA2-256
1030 Ctrl.key = hexkey:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c
1031 Ctrl.data = hexdata:6db5315252802b3132297f0c49983ad9b406bacbb256bac50189a44055bd1819
1032 Ctrl.prefix = hexprefix:746c73313320
1033 Ctrl.label = hexlabel:732068732074726166666963
1034 Output = 09bf60f0d825d1fa6696e0d52b93dd40cc1087bdeade1eb0970f55bd4cbe85fc
1035
1036 KDF = TLS13-KDF
1037 Ctrl.mode = mode:EXTRACT_ONLY
1038 Ctrl.digest = digest:SHA2-256
1039 Ctrl.salt = hexsalt:cd332e44da2306e3d3812f7f55171c50f7d8ad1bc57f7e758b452e51163bdf0c
1040 Ctrl.prefix = hexprefix:746c73313320
1041 Ctrl.label = hexlabel:64657269766564
1042 Output = 8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c
1043
1044 KDF = TLS13-KDF
1045 Ctrl.mode = mode:EXPAND_ONLY
1046 Ctrl.digest = digest:SHA2-256
1047 Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c
1048 Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e
1049 Ctrl.prefix = hexprefix:746c73313320
1050 Ctrl.label = hexlabel:632061702074726166666963
1051 Output = a5150664aec6f4600ee21c9285943f26427e399a7d348fcd291ac804527be921
1052
1053 KDF = TLS13-KDF
1054 Ctrl.mode = mode:EXPAND_ONLY
1055 Ctrl.digest = digest:SHA2-256
1056 Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c
1057 Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e
1058 Ctrl.prefix = hexprefix:746c73313320
1059 Ctrl.label = hexlabel:732061702074726166666963
1060 Output = 695dedb2a8762a90ec40ea1c6c1cbd592b0106a7833df9a4d07cd108e62039bd
1061
1062 KDF = TLS13-KDF
1063 Ctrl.mode = mode:EXPAND_ONLY
1064 Ctrl.digest = digest:SHA2-256
1065 Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c
1066 Ctrl.data = hexdata:7ebc29c29c002f5ea3f80283a1919ee7689424c35be6637c86666d0a843bac2e
1067 Ctrl.prefix = hexprefix:746c73313320
1068 Ctrl.label = hexlabel:657870206d6173746572
1069 Output = 389d8adce83b1b0aa6574155e62c22d999b43babb388d9223c0ed9f1fe458084
1070
1071 KDF = TLS13-KDF
1072 Ctrl.mode = mode:EXPAND_ONLY
1073 Ctrl.digest = digest:SHA2-256
1074 Ctrl.key = hexkey:8a1bf9169726cc39cd9f1496ae22a68d5407924d53d6003b41d6fd551566295c
1075 Ctrl.data = hexdata:9a38f4bc144df26d362f0249ed9a47ed0d29c2c40e566d0a688584303dcc79eb
1076 Ctrl.prefix = hexprefix:746c73313320
1077 Ctrl.label = hexlabel:726573206d6173746572
1078 Output = 4ba917b3adcbc372aa431bef94a44a4afa1b528ce9278aeb79a9bd35885ad745
1079
1080 # New TLS 1.3 session starts here
1081
1082 KDF = TLS13-KDF
1083 Ctrl.mode = mode:EXTRACT_ONLY
1084 Ctrl.digest = digest:SHA2-256
1085 Ctrl.key = hexkey:c4c9a0266ed3b657058cb9674c530247a09b660954cc26b888a2d56e579fcbd82ef6
1086 Output = 3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222
1087
1088 KDF = TLS13-KDF
1089 Ctrl.mode = mode:EXPAND_ONLY
1090 Ctrl.digest = digest:SHA2-256
1091 Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222
1092 Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691
1093 Ctrl.prefix = hexprefix:746c73313320
1094 Ctrl.label = hexlabel:6320652074726166666963
1095 Output = 08a4b77232d0c46ff57fd77306a2ed3edf0f10272525532fb69ad88c7d01a785
1096
1097 KDF = TLS13-KDF
1098 Ctrl.mode = mode:EXPAND_ONLY
1099 Ctrl.digest = digest:SHA2-256
1100 Ctrl.key = hexkey:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222
1101 Ctrl.data = hexdata:b10c0c2d6a38f88c89be8f5e7a37da9d7fda20b021ccab52a1eccaa722f64691
1102 Ctrl.prefix = hexprefix:746c73313320
1103 Ctrl.label = hexlabel:6520657870206d6173746572
1104 Output = 2b7574a39cdcebe3f0fc50a42422cd227d72164203661ad3ab0146220c51d638
1105
1106 KDF = TLS13-KDF
1107 Ctrl.mode = mode:EXTRACT_ONLY
1108 Ctrl.digest = digest:SHA2-256
1109 Ctrl.salt = hexsalt:3780287d1e1d2c16b1971dafc255c414e7523694a94c45f2faa3dc0f6519e222
1110 Ctrl.prefix = hexprefix:746c73313320
1111 Ctrl.label = hexlabel:64657269766564
1112 Output = bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c
1113
1114 KDF = TLS13-KDF
1115 Ctrl.mode = mode:EXPAND_ONLY
1116 Ctrl.digest = digest:SHA2-256
1117 Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c
1118 Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58
1119 Ctrl.prefix = hexprefix:746c73313320
1120 Ctrl.label = hexlabel:632068732074726166666963
1121 Output = 3c808386d173aa3edad8e0eb9e9bbec629d5a00d3503f1a524aa75c7e8ff4002
1122
1123 KDF = TLS13-KDF
1124 Ctrl.mode = mode:EXPAND_ONLY
1125 Ctrl.digest = digest:SHA2-256
1126 Ctrl.key = hexkey:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c
1127 Ctrl.data = hexdata:6a593ba39e4ea72392a7fc4198d56c01dd25094c808f9dc8f7ed39e808dd1e58
1128 Ctrl.prefix = hexprefix:746c73313320
1129 Ctrl.label = hexlabel:732068732074726166666963
1130 Output = db33c5ae5c8b525ebfa000d5446c62a4b2469da9faa913c0694f154371e2c16b
1131
1132 KDF = TLS13-KDF
1133 Ctrl.mode = mode:EXTRACT_ONLY
1134 Ctrl.digest = digest:SHA2-256
1135 Ctrl.salt = hexsalt:bc7ce3027cd67bbf366c78e07023f2efedab1e021366a3bdf7e8f0331de1113c
1136 Ctrl.prefix = hexprefix:746c73313320
1137 Ctrl.label = hexlabel:64657269766564
1138 Output = 5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e
1139
1140 KDF = TLS13-KDF
1141 Ctrl.mode = mode:EXPAND_ONLY
1142 Ctrl.digest = digest:SHA2-256
1143 Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e
1144 Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a
1145 Ctrl.prefix = hexprefix:746c73313320
1146 Ctrl.label = hexlabel:632061702074726166666963
1147 Output = 8885938e3e4be164c56aa53c52695ba4739c6fabdb51a9ab2b35423ebeec2416
1148
1149 KDF = TLS13-KDF
1150 Ctrl.mode = mode:EXPAND_ONLY
1151 Ctrl.digest = digest:SHA2-256
1152 Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e
1153 Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a
1154 Ctrl.prefix = hexprefix:746c73313320
1155 Ctrl.label = hexlabel:732061702074726166666963
1156 Output = 3e7d7c5f9ac3a184715ed7a45d68da393cf07a297456849ec671e1a3b29e1dce
1157
1158 KDF = TLS13-KDF
1159 Ctrl.mode = mode:EXPAND_ONLY
1160 Ctrl.digest = digest:SHA2-256
1161 Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e
1162 Ctrl.data = hexdata:375373bbfd7dc61d49f8b987b537808c79e673202f0825518d9c2f3e9973360a
1163 Ctrl.prefix = hexprefix:746c73313320
1164 Ctrl.label = hexlabel:657870206d6173746572
1165 Output = 86e5c6fd2304433f8532a1f863716fc09022346a2f76e2d52fe03f8294fff882
1166
1167 KDF = TLS13-KDF
1168 Ctrl.mode = mode:EXPAND_ONLY
1169 Ctrl.digest = digest:SHA2-256
1170 Ctrl.key = hexkey:5d151d7f20547939c3fa2c3c1a25a7b5f43c2d9e077e387816a23789589f4d8e
1171 Ctrl.data = hexdata:1a06ef15e61cb724a2f84f51c9ba466877261e5597858adda4f461d8cb5352ef
1172 Ctrl.prefix = hexprefix:746c73313320
1173 Ctrl.label = hexlabel:726573206d6173746572
1174 Output = 426b2739c854867d4ea7b560092786a4601648d35505ad8040cf67b5978a5f25
1175
1176 # New TLS 1.3 session starts here
1177
1178 KDF = TLS13-KDF
1179 Ctrl.mode = mode:EXTRACT_ONLY
1180 Ctrl.digest = digest:SHA2-256
1181 Ctrl.key = hexkey:925f595de96572a2e8c35346d9beeca43329f3a66c96168d50588f4e262ed01c66f2
1182 Output = 3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d
1183
1184 KDF = TLS13-KDF
1185 Ctrl.mode = mode:EXPAND_ONLY
1186 Ctrl.digest = digest:SHA2-256
1187 Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d
1188 Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9
1189 Ctrl.prefix = hexprefix:746c73313320
1190 Ctrl.label = hexlabel:6320652074726166666963
1191 Output = 7450f33c7ba624e4151bc8230df0a7163c164f863801949102d4e9715e4813f9
1192
1193 KDF = TLS13-KDF
1194 Ctrl.mode = mode:EXPAND_ONLY
1195 Ctrl.digest = digest:SHA2-256
1196 Ctrl.key = hexkey:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d
1197 Ctrl.data = hexdata:4abf7521447134215ad896ca371e0cee966c0d7fb152b98ca4bc872dcaba37b9
1198 Ctrl.prefix = hexprefix:746c73313320
1199 Ctrl.label = hexlabel:6520657870206d6173746572
1200 Output = c6047f5c4eed302b627d1f10bac575db43a29e20a4fdfec20975c8e63a410205
1201
1202 KDF = TLS13-KDF
1203 Ctrl.mode = mode:EXTRACT_ONLY
1204 Ctrl.digest = digest:SHA2-256
1205 Ctrl.salt = hexsalt:3a03d61dec9a96667ac5aeae6d904eb87bf7f60362ca7c19eefc9c9d4466189d
1206 Ctrl.prefix = hexprefix:746c73313320
1207 Ctrl.label = hexlabel:64657269766564
1208 Output = 7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73
1209
1210 KDF = TLS13-KDF
1211 Ctrl.mode = mode:EXPAND_ONLY
1212 Ctrl.digest = digest:SHA2-256
1213 Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73
1214 Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978
1215 Ctrl.prefix = hexprefix:746c73313320
1216 Ctrl.label = hexlabel:632068732074726166666963
1217 Output = cce2f4cf5dc234c4c2366488a8ea141a5be0ec1ef1418aafec947c08d37325b6
1218
1219 KDF = TLS13-KDF
1220 Ctrl.mode = mode:EXPAND_ONLY
1221 Ctrl.digest = digest:SHA2-256
1222 Ctrl.key = hexkey:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73
1223 Ctrl.data = hexdata:574d667be4aa6d090fb0bfd15eca6188004a2216969fb69768b786e1dae03978
1224 Ctrl.prefix = hexprefix:746c73313320
1225 Ctrl.label = hexlabel:732068732074726166666963
1226 Output = 2a3c42a2125c21a7bdfb1902dbc5ab3df1cee0d496472c841751128b4f6ba7ea
1227
1228 KDF = TLS13-KDF
1229 Ctrl.mode = mode:EXTRACT_ONLY
1230 Ctrl.digest = digest:SHA2-256
1231 Ctrl.salt = hexsalt:7a8ac221aa898261e625b7a88a964136e8522d100fca2d57d385a1a324670f73
1232 Ctrl.prefix = hexprefix:746c73313320
1233 Ctrl.label = hexlabel:64657269766564
1234 Output = a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4
1235
1236 KDF = TLS13-KDF
1237 Ctrl.mode = mode:EXPAND_ONLY
1238 Ctrl.digest = digest:SHA2-256
1239 Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4
1240 Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982
1241 Ctrl.prefix = hexprefix:746c73313320
1242 Ctrl.label = hexlabel:632061702074726166666963
1243 Output = efd8f8e08644e81b8a2068d59bf4957da16f376dcce547d485f35158ed934463
1244
1245 KDF = TLS13-KDF
1246 Ctrl.mode = mode:EXPAND_ONLY
1247 Ctrl.digest = digest:SHA2-256
1248 Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4
1249 Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982
1250 Ctrl.prefix = hexprefix:746c73313320
1251 Ctrl.label = hexlabel:732061702074726166666963
1252 Output = 1ec28e0fdb42e283058c3cb093b64b2a51f25f309f6903736de591cb730b0d59
1253
1254 KDF = TLS13-KDF
1255 Ctrl.mode = mode:EXPAND_ONLY
1256 Ctrl.digest = digest:SHA2-256
1257 Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4
1258 Ctrl.data = hexdata:fc47a64ea7d238286e710775efb6fd4e6cc52238f956723f997c0c1a5d97c982
1259 Ctrl.prefix = hexprefix:746c73313320
1260 Ctrl.label = hexlabel:657870206d6173746572
1261 Output = 1cd2d315b8720a771f7b8d84ee19704193a3ad7f903d62561d51318fda4ef8e2
1262
1263 KDF = TLS13-KDF
1264 Ctrl.mode = mode:EXPAND_ONLY
1265 Ctrl.digest = digest:SHA2-256
1266 Ctrl.key = hexkey:a5c4c6c92cae6d1f1bf65382b8aa396097587b6053ebfb30392e8a9e2095a3b4
1267 Ctrl.data = hexdata:6094455245209c442e19e5f313534da9f9c7e5d634d443d8cd14b9e9b6d778ab
1268 Ctrl.prefix = hexprefix:746c73313320
1269 Ctrl.label = hexlabel:726573206d6173746572
1270 Output = 7df15d385663c45a359e5d1f4b648d6e77156b48e3d382db08cb26d3218dabee
1271
1272 # New TLS 1.3 session starts here
1273
1274 KDF = TLS13-KDF
1275 Ctrl.mode = mode:EXTRACT_ONLY
1276 Ctrl.digest = digest:SHA2-256
1277 Ctrl.key = hexkey:3a985db779275ed7c23af0f123220d862db237fc9ac9834e76eec0692b1e98055c12
1278 Output = 75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd
1279
1280 KDF = TLS13-KDF
1281 Ctrl.mode = mode:EXPAND_ONLY
1282 Ctrl.digest = digest:SHA2-256
1283 Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd
1284 Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad
1285 Ctrl.prefix = hexprefix:746c73313320
1286 Ctrl.label = hexlabel:6320652074726166666963
1287 Output = adaacbad9407c0c69632800eb3c7e5f901af2bfae618fa0cbcf63fb0064df997
1288
1289 KDF = TLS13-KDF
1290 Ctrl.mode = mode:EXPAND_ONLY
1291 Ctrl.digest = digest:SHA2-256
1292 Ctrl.key = hexkey:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd
1293 Ctrl.data = hexdata:1c80ac5d876634b04d7dbebfe687fbdf2df7f82df4e6549defa8e691b26dd3ad
1294 Ctrl.prefix = hexprefix:746c73313320
1295 Ctrl.label = hexlabel:6520657870206d6173746572
1296 Output = 70a6fd6201cddc6ac218cacf4487be2c23382e9a898a8e959d443602e66bc9ff
1297
1298 KDF = TLS13-KDF
1299 Ctrl.mode = mode:EXTRACT_ONLY
1300 Ctrl.digest = digest:SHA2-256
1301 Ctrl.salt = hexsalt:75a6012f1571fb5a7ab0712ef6d520a70246e8df9073445c28239fdb03c5c8dd
1302 Ctrl.prefix = hexprefix:746c73313320
1303 Ctrl.label = hexlabel:64657269766564
1304 Output = b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea
1305
1306 KDF = TLS13-KDF
1307 Ctrl.mode = mode:EXPAND_ONLY
1308 Ctrl.digest = digest:SHA2-256
1309 Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea
1310 Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b
1311 Ctrl.prefix = hexprefix:746c73313320
1312 Ctrl.label = hexlabel:632068732074726166666963
1313 Output = cedc4ca3f6acfc0495e9c4aacf236309e80688394296baab08b2821d8adeb3b2
1314
1315 KDF = TLS13-KDF
1316 Ctrl.mode = mode:EXPAND_ONLY
1317 Ctrl.digest = digest:SHA2-256
1318 Ctrl.key = hexkey:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea
1319 Ctrl.data = hexdata:64dc967779196d895cf649ad603cd1abb1a9ac2f6e52df74c02c9fc38e0aca5b
1320 Ctrl.prefix = hexprefix:746c73313320
1321 Ctrl.label = hexlabel:732068732074726166666963
1322 Output = 22d95b8d42edc48c71e82ef68f3d0adea616742d829ef8dc40ee5a4a127e0c2f
1323
1324 KDF = TLS13-KDF
1325 Ctrl.mode = mode:EXTRACT_ONLY
1326 Ctrl.digest = digest:SHA2-256
1327 Ctrl.salt = hexsalt:b7be663035d51cb5f1a73c9618ebcb1836510ab2c8e29aaa8c0512dca901adea
1328 Ctrl.prefix = hexprefix:746c73313320
1329 Ctrl.label = hexlabel:64657269766564
1330 Output = 7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8
1331
1332 KDF = TLS13-KDF
1333 Ctrl.mode = mode:EXPAND_ONLY
1334 Ctrl.digest = digest:SHA2-256
1335 Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8
1336 Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f
1337 Ctrl.prefix = hexprefix:746c73313320
1338 Ctrl.label = hexlabel:632061702074726166666963
1339 Output = 36079cac5cd69338b13cdf43902c52353c0ad3bee52d9d4b80bdcbafb896c1f2
1340
1341 KDF = TLS13-KDF
1342 Ctrl.mode = mode:EXPAND_ONLY
1343 Ctrl.digest = digest:SHA2-256
1344 Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8
1345 Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f
1346 Ctrl.prefix = hexprefix:746c73313320
1347 Ctrl.label = hexlabel:732061702074726166666963
1348 Output = 5ccccbec1e524afdbfeb3f79eee231445ea4b970775ca44780b836278459e800
1349
1350 KDF = TLS13-KDF
1351 Ctrl.mode = mode:EXPAND_ONLY
1352 Ctrl.digest = digest:SHA2-256
1353 Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8
1354 Ctrl.data = hexdata:771a6f78341f621fc9a0ada0e428b129a072515e6aa0eb29501e5b4f67357a3f
1355 Ctrl.prefix = hexprefix:746c73313320
1356 Ctrl.label = hexlabel:657870206d6173746572
1357 Output = 1f99d16935378ad2b629602be4902ef36803a0456f4b412dc60069b02907c157
1358
1359 KDF = TLS13-KDF
1360 Ctrl.mode = mode:EXPAND_ONLY
1361 Ctrl.digest = digest:SHA2-256
1362 Ctrl.key = hexkey:7c0c1e280449811974dcb2b95b2505c5dd267bb6e367dfad8403149f61980ba8
1363 Ctrl.data = hexdata:53fa7ef57bd948347ee221a58e0357e5d64fc68337a40e1a2a955c362305b7d0
1364 Ctrl.prefix = hexprefix:746c73313320
1365 Ctrl.label = hexlabel:726573206d6173746572
1366 Output = 3f314a8cdade0c8fb7a8ada062c076cdc66f48ae85b06e9866823071b24569f6
1367
1368 # New TLS 1.3 session starts here
1369
1370 KDF = TLS13-KDF
1371 Ctrl.mode = mode:EXTRACT_ONLY
1372 Ctrl.digest = digest:SHA2-256
1373 Ctrl.key = hexkey:147e5b2a8c852a29cd2dbe0889eae5e127c08c7dc4ef2fcd10c7f074132b9316f82c
1374 Output = a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a
1375
1376 KDF = TLS13-KDF
1377 Ctrl.mode = mode:EXPAND_ONLY
1378 Ctrl.digest = digest:SHA2-256
1379 Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a
1380 Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768
1381 Ctrl.prefix = hexprefix:746c73313320
1382 Ctrl.label = hexlabel:6320652074726166666963
1383 Output = cf72dbf54ef12ad90c826cc5f745332a051bd22f3d4a4980e38ed5c91acdbe00
1384
1385 KDF = TLS13-KDF
1386 Ctrl.mode = mode:EXPAND_ONLY
1387 Ctrl.digest = digest:SHA2-256
1388 Ctrl.key = hexkey:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a
1389 Ctrl.data = hexdata:c029b25f3eeaa245d3b16415a9dfbd738f49972abd20cedf77e712e34151d768
1390 Ctrl.prefix = hexprefix:746c73313320
1391 Ctrl.label = hexlabel:6520657870206d6173746572
1392 Output = 04e7fa07f592562b442f41403f89ce197a777b890dd6ad4a37330d7b97f9297f
1393
1394 KDF = TLS13-KDF
1395 Ctrl.mode = mode:EXTRACT_ONLY
1396 Ctrl.digest = digest:SHA2-256
1397 Ctrl.salt = hexsalt:a4414022e17e270db589511aeed7c54f64383760bf6867b3ea2c87c6ab350c4a
1398 Ctrl.prefix = hexprefix:746c73313320
1399 Ctrl.label = hexlabel:64657269766564
1400 Output = facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2
1401
1402 KDF = TLS13-KDF
1403 Ctrl.mode = mode:EXPAND_ONLY
1404 Ctrl.digest = digest:SHA2-256
1405 Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2
1406 Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee
1407 Ctrl.prefix = hexprefix:746c73313320
1408 Ctrl.label = hexlabel:632068732074726166666963
1409 Output = e86ea8bf6c00c4e1415f55ffe5c6fc639cfde1aedb549eea54e536920794b677
1410
1411 KDF = TLS13-KDF
1412 Ctrl.mode = mode:EXPAND_ONLY
1413 Ctrl.digest = digest:SHA2-256
1414 Ctrl.key = hexkey:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2
1415 Ctrl.data = hexdata:22ef82f8cfc550dfed76234ee158ffa49e142788d40bb8f11503df76eaa414ee
1416 Ctrl.prefix = hexprefix:746c73313320
1417 Ctrl.label = hexlabel:732068732074726166666963
1418 Output = 4470d8eaf03e31af06885a327decd84b44b073ed040d81e223cd40e018ae3ebb
1419
1420 KDF = TLS13-KDF
1421 Ctrl.mode = mode:EXTRACT_ONLY
1422 Ctrl.digest = digest:SHA2-256
1423 Ctrl.salt = hexsalt:facf154981665599f9071f24fbe03da350726c0580865bec44eb81cca53624a2
1424 Ctrl.prefix = hexprefix:746c73313320
1425 Ctrl.label = hexlabel:64657269766564
1426 Output = 77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c
1427
1428 KDF = TLS13-KDF
1429 Ctrl.mode = mode:EXPAND_ONLY
1430 Ctrl.digest = digest:SHA2-256
1431 Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c
1432 Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29
1433 Ctrl.prefix = hexprefix:746c73313320
1434 Ctrl.label = hexlabel:632061702074726166666963
1435 Output = e7a16831383b4617205c40de58a169f567f4c612b2c07667f10b61a4b137a088
1436
1437 KDF = TLS13-KDF
1438 Ctrl.mode = mode:EXPAND_ONLY
1439 Ctrl.digest = digest:SHA2-256
1440 Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c
1441 Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29
1442 Ctrl.prefix = hexprefix:746c73313320
1443 Ctrl.label = hexlabel:732061702074726166666963
1444 Output = 912010401679c0279d6e45cc968232ed8cea41b66dc80fa5ad1d4ac666a38873
1445
1446 KDF = TLS13-KDF
1447 Ctrl.mode = mode:EXPAND_ONLY
1448 Ctrl.digest = digest:SHA2-256
1449 Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c
1450 Ctrl.data = hexdata:5cc964a080f748ff23e5b303b291002a4dbf13e657efd4fe880aec0f7ef42b29
1451 Ctrl.prefix = hexprefix:746c73313320
1452 Ctrl.label = hexlabel:657870206d6173746572
1453 Output = d3ad734749b9c723c3a4186ac4af12e70a6c8f209c96277af7caaf0a8a30a284
1454
1455 KDF = TLS13-KDF
1456 Ctrl.mode = mode:EXPAND_ONLY
1457 Ctrl.digest = digest:SHA2-256
1458 Ctrl.key = hexkey:77c02b58bcf97af0ffded733e0a297b212f6d72e55af55609fdd85c99b52cb4c
1459 Ctrl.data = hexdata:19c68fab2d15ea5cefe7de3478c9207f8321be8045ff3a3463cdc0c11dbe7cd1
1460 Ctrl.prefix = hexprefix:746c73313320
1461 Ctrl.label = hexlabel:726573206d6173746572
1462 Output = 6acd62983abf673fc0884510ca8c92f617089ad5dad4b16b4a9c43c45af97020
1463
1464 # New TLS 1.3 session starts here
1465
1466 KDF = TLS13-KDF
1467 Ctrl.mode = mode:EXTRACT_ONLY
1468 Ctrl.digest = digest:SHA2-256
1469 Ctrl.key = hexkey:d3b971aced61ea7ec4fbe922509a9f7184ee8fec3758728d199a78207ebb14078e68
1470 Output = 5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b
1471
1472 KDF = TLS13-KDF
1473 Ctrl.mode = mode:EXPAND_ONLY
1474 Ctrl.digest = digest:SHA2-256
1475 Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b
1476 Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744
1477 Ctrl.prefix = hexprefix:746c73313320
1478 Ctrl.label = hexlabel:6320652074726166666963
1479 Output = 747dd5593aa133934f8be2e7c92e7431dcb5c369222a2d5c6a8142435d1d6df5
1480
1481 KDF = TLS13-KDF
1482 Ctrl.mode = mode:EXPAND_ONLY
1483 Ctrl.digest = digest:SHA2-256
1484 Ctrl.key = hexkey:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b
1485 Ctrl.data = hexdata:62b7f550fdb7e6af518714ff659c8539fd5fe2cbefa7338dd4f01cee8734a744
1486 Ctrl.prefix = hexprefix:746c73313320
1487 Ctrl.label = hexlabel:6520657870206d6173746572
1488 Output = 20a8ddd7a7d1ba973465bf35610018bdc54baf59dc4984a6dad05d11308e4952
1489
1490 KDF = TLS13-KDF
1491 Ctrl.mode = mode:EXTRACT_ONLY
1492 Ctrl.digest = digest:SHA2-256
1493 Ctrl.salt = hexsalt:5d60ce4dbf5ab602baef6141d47216c6f9c24c080525fe81f9f2c53e39cefe3b
1494 Ctrl.prefix = hexprefix:746c73313320
1495 Ctrl.label = hexlabel:64657269766564
1496 Output = 58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc
1497
1498 KDF = TLS13-KDF
1499 Ctrl.mode = mode:EXPAND_ONLY
1500 Ctrl.digest = digest:SHA2-256
1501 Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc
1502 Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc
1503 Ctrl.prefix = hexprefix:746c73313320
1504 Ctrl.label = hexlabel:632068732074726166666963
1505 Output = 8c8ea28aad5411f3963ad2827f2bdc84041cc6da53c7400c998c6434c5c15ba1
1506
1507 KDF = TLS13-KDF
1508 Ctrl.mode = mode:EXPAND_ONLY
1509 Ctrl.digest = digest:SHA2-256
1510 Ctrl.key = hexkey:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc
1511 Ctrl.data = hexdata:88cedc1856dd0d81e3af6a9b320f05d3d005bbb3664f0fc912e41007fb8645dc
1512 Ctrl.prefix = hexprefix:746c73313320
1513 Ctrl.label = hexlabel:732068732074726166666963
1514 Output = 123b12381753a82aeb705cb2c3f2a2ae729511f1b1c92e6be3e587b07fe4c60f
1515
1516 KDF = TLS13-KDF
1517 Ctrl.mode = mode:EXTRACT_ONLY
1518 Ctrl.digest = digest:SHA2-256
1519 Ctrl.salt = hexsalt:58fc08f57ae7462775a3fb23cecaa4b3e7f5f9274c55aaf4d5aca9f57f3b1dfc
1520 Ctrl.prefix = hexprefix:746c73313320
1521 Ctrl.label = hexlabel:64657269766564
1522 Output = 3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037
1523
1524 KDF = TLS13-KDF
1525 Ctrl.mode = mode:EXPAND_ONLY
1526 Ctrl.digest = digest:SHA2-256
1527 Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037
1528 Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7
1529 Ctrl.prefix = hexprefix:746c73313320
1530 Ctrl.label = hexlabel:632061702074726166666963
1531 Output = 5a8fde0ac38739f0eb2e739b440530c3943b37ad26ffaff73f2904e17bde058d
1532
1533 KDF = TLS13-KDF
1534 Ctrl.mode = mode:EXPAND_ONLY
1535 Ctrl.digest = digest:SHA2-256
1536 Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037
1537 Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7
1538 Ctrl.prefix = hexprefix:746c73313320
1539 Ctrl.label = hexlabel:732061702074726166666963
1540 Output = 97e9a4d00eff6997d6e60d5a060851d7c1f5c6878ef198063fa5a3a9cc77e5e9
1541
1542 KDF = TLS13-KDF
1543 Ctrl.mode = mode:EXPAND_ONLY
1544 Ctrl.digest = digest:SHA2-256
1545 Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037
1546 Ctrl.data = hexdata:84e00926de1231de5d058c9d907aeec6a6b94b9e2c8edecd7672b4013d4bd4a7
1547 Ctrl.prefix = hexprefix:746c73313320
1548 Ctrl.label = hexlabel:657870206d6173746572
1549 Output = 5b596ab4521a354c141898211ac96fdf6965931fb142ca601ec5dcaccd900f39
1550
1551 KDF = TLS13-KDF
1552 Ctrl.mode = mode:EXPAND_ONLY
1553 Ctrl.digest = digest:SHA2-256
1554 Ctrl.key = hexkey:3e415c1fa74e9f96d1c1af252fe3c8e1fb9e991f0e45a4a471e13d03bb2a2037
1555 Ctrl.data = hexdata:622bf37da14b1110ffd9fde15a8b34b5a9192b7c003279df2d779a8441eb832a
1556 Ctrl.prefix = hexprefix:746c73313320
1557 Ctrl.label = hexlabel:726573206d6173746572
1558 Output = 86fc27400916d558eb24e277ada87cfb217bb41993b5947049eaab30ee1967de
1559
1560 # New TLS 1.3 session starts here
1561
1562 KDF = TLS13-KDF
1563 Ctrl.mode = mode:EXTRACT_ONLY
1564 Ctrl.digest = digest:SHA2-256
1565 Ctrl.key = hexkey:6e9a209d728b63a2649820ecba2439c3ced3facc56973fc63359e73f1fe8a5f0
1566 Output = 5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974
1567
1568 KDF = TLS13-KDF
1569 Ctrl.mode = mode:EXPAND_ONLY
1570 Ctrl.digest = digest:SHA2-256
1571 Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974
1572 Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942
1573 Ctrl.prefix = hexprefix:746c73313320
1574 Ctrl.label = hexlabel:6320652074726166666963
1575 Output = 4b3538bdc30df6f4052310a5f66ea6de2ca506a22a0e3631b2d3eff387dd2425
1576
1577 KDF = TLS13-KDF
1578 Ctrl.mode = mode:EXPAND_ONLY
1579 Ctrl.digest = digest:SHA2-256
1580 Ctrl.key = hexkey:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974
1581 Ctrl.data = hexdata:d222fdad7a1eaf29aa5c1699fb2c6452337e6a3f4eed5112706edc32d2aa5942
1582 Ctrl.prefix = hexprefix:746c73313320
1583 Ctrl.label = hexlabel:6520657870206d6173746572
1584 Output = 377e1abcc286c58d438f146ceb39050d453a1b9c842ed8d9275842cfac27484b
1585
1586 KDF = TLS13-KDF
1587 Ctrl.mode = mode:EXTRACT_ONLY
1588 Ctrl.digest = digest:SHA2-256
1589 Ctrl.salt = hexsalt:5774c653d8f3ca4b852189369e8fcb03001837900c0c9b47037565139b2a8974
1590 Ctrl.prefix = hexprefix:746c73313320
1591 Ctrl.label = hexlabel:64657269766564
1592 Output = 5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006
1593
1594 KDF = TLS13-KDF
1595 Ctrl.mode = mode:EXPAND_ONLY
1596 Ctrl.digest = digest:SHA2-256
1597 Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006
1598 Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270
1599 Ctrl.prefix = hexprefix:746c73313320
1600 Ctrl.label = hexlabel:632068732074726166666963
1601 Output = 992ef872ba2d217c7e2256e42a2e4391a3482105db09fb0330813f4ae093d8ec
1602
1603 KDF = TLS13-KDF
1604 Ctrl.mode = mode:EXPAND_ONLY
1605 Ctrl.digest = digest:SHA2-256
1606 Ctrl.key = hexkey:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006
1607 Ctrl.data = hexdata:6f19f45a25846f2a30639c6a150a42c060007d3a4a637f9a1949ff980e151270
1608 Ctrl.prefix = hexprefix:746c73313320
1609 Ctrl.label = hexlabel:732068732074726166666963
1610 Output = e439ad92cd58b349cf2d44ceada80f0dc62cd03a216c0a6e98b9c4faa762e178
1611
1612 KDF = TLS13-KDF
1613 Ctrl.mode = mode:EXTRACT_ONLY
1614 Ctrl.digest = digest:SHA2-256
1615 Ctrl.salt = hexsalt:5feaf88808714444916bb5759151d2fa09d8dd884dbc76ed72f33023e45c1006
1616 Ctrl.prefix = hexprefix:746c73313320
1617 Ctrl.label = hexlabel:64657269766564
1618 Output = 02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d
1619
1620 KDF = TLS13-KDF
1621 Ctrl.mode = mode:EXPAND_ONLY
1622 Ctrl.digest = digest:SHA2-256
1623 Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d
1624 Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a
1625 Ctrl.prefix = hexprefix:746c73313320
1626 Ctrl.label = hexlabel:632061702074726166666963
1627 Output = 5915a67e1934c6a65cc0ff2a8101d2ab42c1d2fb448374cc4a4a1aa5b79304d2
1628
1629 KDF = TLS13-KDF
1630 Ctrl.mode = mode:EXPAND_ONLY
1631 Ctrl.digest = digest:SHA2-256
1632 Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d
1633 Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a
1634 Ctrl.prefix = hexprefix:746c73313320
1635 Ctrl.label = hexlabel:732061702074726166666963
1636 Output = 1526a83cee865495333b13328e5b6cf6a6f42f1cb354d5e0fac6ab75e32a059f
1637
1638 KDF = TLS13-KDF
1639 Ctrl.mode = mode:EXPAND_ONLY
1640 Ctrl.digest = digest:SHA2-256
1641 Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d
1642 Ctrl.data = hexdata:110d218cd286649a49fa86565f02e89c1e155e9d724392f98398cab4a2c6536a
1643 Ctrl.prefix = hexprefix:746c73313320
1644 Ctrl.label = hexlabel:657870206d6173746572
1645 Output = 4f7a8ecd191d6b18ede079553a6472159aed46da19f891349e94d14517614fe4
1646
1647 KDF = TLS13-KDF
1648 Ctrl.mode = mode:EXPAND_ONLY
1649 Ctrl.digest = digest:SHA2-256
1650 Ctrl.key = hexkey:02dc2e8f1f3827dd4eab288c3e2f02437a0a619e18db9092bf2a09fb01f14d7d
1651 Ctrl.data = hexdata:27c96e77f7f7e4dbdd958348ce3d95683f3b78652605fd41bc02280c091d199e
1652 Ctrl.prefix = hexprefix:746c73313320
1653 Ctrl.label = hexlabel:726573206d6173746572
1654 Output = c2d6e4992b13331da0843572e55dd0624a04067c9415a2f231f08e86d496fd15
1655
1656 # New TLS 1.3 session starts here
1657
1658 KDF = TLS13-KDF
1659 Ctrl.mode = mode:EXTRACT_ONLY
1660 Ctrl.digest = digest:SHA2-256
1661 Ctrl.key = hexkey:d339bc83462b544456e27a735516d50bd330bce6f39d0c388a89ef33ac209001
1662 Output = 4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67
1663
1664 KDF = TLS13-KDF
1665 Ctrl.mode = mode:EXPAND_ONLY
1666 Ctrl.digest = digest:SHA2-256
1667 Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67
1668 Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94
1669 Ctrl.prefix = hexprefix:746c73313320
1670 Ctrl.label = hexlabel:6320652074726166666963
1671 Output = 977fc35f7a57f30e6509cb0a2ad9ad5cd1bc18d9d945ef3d6efede51ca727be6
1672
1673 KDF = TLS13-KDF
1674 Ctrl.mode = mode:EXPAND_ONLY
1675 Ctrl.digest = digest:SHA2-256
1676 Ctrl.key = hexkey:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67
1677 Ctrl.data = hexdata:7b21856d85c0ed268cd2bd0fc5065edfe078c97e03ede2cb7912ce7615763b94
1678 Ctrl.prefix = hexprefix:746c73313320
1679 Ctrl.label = hexlabel:6520657870206d6173746572
1680 Output = a0a444d95f34b3abd80fa9c61f00e522ebaaba9b0b392bce0d5bdd64c66faea8
1681
1682 KDF = TLS13-KDF
1683 Ctrl.mode = mode:EXTRACT_ONLY
1684 Ctrl.digest = digest:SHA2-256
1685 Ctrl.salt = hexsalt:4d1c1c060c37258aaeff7aa73976f61e09779ffb2c296558b32a951c9bef5f67
1686 Ctrl.prefix = hexprefix:746c73313320
1687 Ctrl.label = hexlabel:64657269766564
1688 Output = 6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9
1689
1690 KDF = TLS13-KDF
1691 Ctrl.mode = mode:EXPAND_ONLY
1692 Ctrl.digest = digest:SHA2-256
1693 Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9
1694 Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f
1695 Ctrl.prefix = hexprefix:746c73313320
1696 Ctrl.label = hexlabel:632068732074726166666963
1697 Output = ae767de352cd5de70f06fa89c97c384f3114459d2d34358254536d6dc2a51a43
1698
1699 KDF = TLS13-KDF
1700 Ctrl.mode = mode:EXPAND_ONLY
1701 Ctrl.digest = digest:SHA2-256
1702 Ctrl.key = hexkey:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9
1703 Ctrl.data = hexdata:5212d18ab2b3f4749a2fdc8f7c5bfe86582c3ef4b82fd15e4fbcf679845a898f
1704 Ctrl.prefix = hexprefix:746c73313320
1705 Ctrl.label = hexlabel:732068732074726166666963
1706 Output = eadd1815582776d2af4c5b2459884f636c668ddb4f9de2a3c9d748f3d30c6c55
1707
1708 KDF = TLS13-KDF
1709 Ctrl.mode = mode:EXTRACT_ONLY
1710 Ctrl.digest = digest:SHA2-256
1711 Ctrl.salt = hexsalt:6d6c5cc5e179e9b883aef10af16e9f7fdfe185514c5a17ba42de5ea4ce4636a9
1712 Ctrl.prefix = hexprefix:746c73313320
1713 Ctrl.label = hexlabel:64657269766564
1714 Output = 87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1
1715
1716 KDF = TLS13-KDF
1717 Ctrl.mode = mode:EXPAND_ONLY
1718 Ctrl.digest = digest:SHA2-256
1719 Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1
1720 Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376
1721 Ctrl.prefix = hexprefix:746c73313320
1722 Ctrl.label = hexlabel:632061702074726166666963
1723 Output = 05df2e13f0bbc39095a751653198fbd71316d60f0b0ff34a571be0f24a0110e4
1724
1725 KDF = TLS13-KDF
1726 Ctrl.mode = mode:EXPAND_ONLY
1727 Ctrl.digest = digest:SHA2-256
1728 Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1
1729 Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376
1730 Ctrl.prefix = hexprefix:746c73313320
1731 Ctrl.label = hexlabel:732061702074726166666963
1732 Output = 7548a168eadc002e00a9f6992464d89053a09fafe5455424043e88625f6aa1f5
1733
1734 KDF = TLS13-KDF
1735 Ctrl.mode = mode:EXPAND_ONLY
1736 Ctrl.digest = digest:SHA2-256
1737 Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1
1738 Ctrl.data = hexdata:c326103e763f740bcfcf619cf5f6ed5516d73c58f73bb1a288ebe4c90f8a0376
1739 Ctrl.prefix = hexprefix:746c73313320
1740 Ctrl.label = hexlabel:657870206d6173746572
1741 Output = 55d8638f0b4e4a8c0c86a3b499c1f5a22c4b763f74f34415852fe66f5b14fc64
1742
1743 KDF = TLS13-KDF
1744 Ctrl.mode = mode:EXPAND_ONLY
1745 Ctrl.digest = digest:SHA2-256
1746 Ctrl.key = hexkey:87d23fc7cb12e158371709a0c492ac6b454ed1bd5d6f9034d8faf568d8388ea1
1747 Ctrl.data = hexdata:ef6958939a40f5a6da5514b25c61e65c785529da24b7abe4c2ff24de90e22865
1748 Ctrl.prefix = hexprefix:746c73313320
1749 Ctrl.label = hexlabel:726573206d6173746572
1750 Output = 91621081e013738d0565d87d48299f9663e9cb00ea10de8b4e524faed12b2549
1751
1752 # New TLS 1.3 session starts here
1753
1754 KDF = TLS13-KDF
1755 Ctrl.mode = mode:EXTRACT_ONLY
1756 Ctrl.digest = digest:SHA2-256
1757 Ctrl.key = hexkey:10cd69a2ff07b9fc1b97f048ff04f76bde83ffa1b7c55a7c90f4a335c678e603
1758 Output = 1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a
1759
1760 KDF = TLS13-KDF
1761 Ctrl.mode = mode:EXPAND_ONLY
1762 Ctrl.digest = digest:SHA2-256
1763 Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a
1764 Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19
1765 Ctrl.prefix = hexprefix:746c73313320
1766 Ctrl.label = hexlabel:6320652074726166666963
1767 Output = 4a274d1c3ffb31ccfd02b822c58e22540a08e8805467949049c790523f22a521
1768
1769 KDF = TLS13-KDF
1770 Ctrl.mode = mode:EXPAND_ONLY
1771 Ctrl.digest = digest:SHA2-256
1772 Ctrl.key = hexkey:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a
1773 Ctrl.data = hexdata:77c319274f0bee551e4ff02d35c109527430249982634b83620d555df1fc1b19
1774 Ctrl.prefix = hexprefix:746c73313320
1775 Ctrl.label = hexlabel:6520657870206d6173746572
1776 Output = fd0c1024664dce62f20828f6523804b6c3cf8cac1d0c226ca82c216617749278
1777
1778 KDF = TLS13-KDF
1779 Ctrl.mode = mode:EXTRACT_ONLY
1780 Ctrl.digest = digest:SHA2-256
1781 Ctrl.salt = hexsalt:1b658957e8bfcaa895101e83f6aed7ee70e09c1f9a712b98da9ec8f82072d62a
1782 Ctrl.prefix = hexprefix:746c73313320
1783 Ctrl.label = hexlabel:64657269766564
1784 Output = f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d
1785
1786 KDF = TLS13-KDF
1787 Ctrl.mode = mode:EXPAND_ONLY
1788 Ctrl.digest = digest:SHA2-256
1789 Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d
1790 Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24
1791 Ctrl.prefix = hexprefix:746c73313320
1792 Ctrl.label = hexlabel:632068732074726166666963
1793 Output = 649f88a321910f7e079515517de528f096ad00b460f700ca3a42249ffb0f198c
1794
1795 KDF = TLS13-KDF
1796 Ctrl.mode = mode:EXPAND_ONLY
1797 Ctrl.digest = digest:SHA2-256
1798 Ctrl.key = hexkey:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d
1799 Ctrl.data = hexdata:09579596d89a7bc16f6208f1b65d0af814a2e7dc2b5752153b01ebd403835b24
1800 Ctrl.prefix = hexprefix:746c73313320
1801 Ctrl.label = hexlabel:732068732074726166666963
1802 Output = 591cccb532575b11f3f7644305fc98b39b4ab5e857884b83f112eded0748d86c
1803
1804 KDF = TLS13-KDF
1805 Ctrl.mode = mode:EXTRACT_ONLY
1806 Ctrl.digest = digest:SHA2-256
1807 Ctrl.salt = hexsalt:f99b6c3c1a03d0ec64964a6a49e9ce4d9580e923c0afbbf9c46928e990e4cf2d
1808 Ctrl.prefix = hexprefix:746c73313320
1809 Ctrl.label = hexlabel:64657269766564
1810 Output = 9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710
1811
1812 KDF = TLS13-KDF
1813 Ctrl.mode = mode:EXPAND_ONLY
1814 Ctrl.digest = digest:SHA2-256
1815 Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710
1816 Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216
1817 Ctrl.prefix = hexprefix:746c73313320
1818 Ctrl.label = hexlabel:632061702074726166666963
1819 Output = 3b5e42c71b7f84c0c533c5b33fb677e5dbd00fa19461643a9f9a28ac68d33a34
1820
1821 KDF = TLS13-KDF
1822 Ctrl.mode = mode:EXPAND_ONLY
1823 Ctrl.digest = digest:SHA2-256
1824 Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710
1825 Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216
1826 Ctrl.prefix = hexprefix:746c73313320
1827 Ctrl.label = hexlabel:732061702074726166666963
1828 Output = 0755417db746dbca652cac12fc9e272f2ee1d65b7ddb95be3a1458cc0feb7ceb
1829
1830 KDF = TLS13-KDF
1831 Ctrl.mode = mode:EXPAND_ONLY
1832 Ctrl.digest = digest:SHA2-256
1833 Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710
1834 Ctrl.data = hexdata:4a78c3e4fdf496868bb144f02d5c8d751172fe3b31a2708a34a84b0035359216
1835 Ctrl.prefix = hexprefix:746c73313320
1836 Ctrl.label = hexlabel:657870206d6173746572
1837 Output = 7e518bab7a36df94f3e43c022300afcc5219c4a0b0353d7ec8d7b81a957fe8b3
1838
1839 KDF = TLS13-KDF
1840 Ctrl.mode = mode:EXPAND_ONLY
1841 Ctrl.digest = digest:SHA2-256
1842 Ctrl.key = hexkey:9e3829ca4efe839ce6518ecacbfb70699230a580c47d1593e7755663f42ab710
1843 Ctrl.data = hexdata:05e757c9c7a0a88a5242f101a8b9813ff7c28cbb60f82fe8d64efb3b29e2a35f
1844 Ctrl.prefix = hexprefix:746c73313320
1845 Ctrl.label = hexlabel:726573206d6173746572
1846 Output = 9df1f3a9a73ccf046ae832e6567f0381df1c279051d5e8d3d438533a8e3c286e
1847
1848 # New TLS 1.3 session starts here
1849
1850 KDF = TLS13-KDF
1851 Ctrl.mode = mode:EXTRACT_ONLY
1852 Ctrl.digest = digest:SHA2-256
1853 Ctrl.key = hexkey:1d6a3ca45771b6de38bfa21ef1b18c7f392dc245a40a678638ff703bc429cdfa
1854 Output = e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd
1855
1856 KDF = TLS13-KDF
1857 Ctrl.mode = mode:EXPAND_ONLY
1858 Ctrl.digest = digest:SHA2-256
1859 Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd
1860 Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4
1861 Ctrl.prefix = hexprefix:746c73313320
1862 Ctrl.label = hexlabel:6320652074726166666963
1863 Output = 35379b66e3989f860493b7f1a19d35a6b1786ead286f058b291a9e45f154984d
1864
1865 KDF = TLS13-KDF
1866 Ctrl.mode = mode:EXPAND_ONLY
1867 Ctrl.digest = digest:SHA2-256
1868 Ctrl.key = hexkey:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd
1869 Ctrl.data = hexdata:b596924c279606af433ef8939cb7e2e8f22b1a4c58f868f5e9b8b66f89f95ec4
1870 Ctrl.prefix = hexprefix:746c73313320
1871 Ctrl.label = hexlabel:6520657870206d6173746572
1872 Output = 3c06224ebfe816c633c1ca1785d1b9c234b41a050608cd24d3873f3e8caf3c6d
1873
1874 KDF = TLS13-KDF
1875 Ctrl.mode = mode:EXTRACT_ONLY
1876 Ctrl.digest = digest:SHA2-256
1877 Ctrl.salt = hexsalt:e283b4a0c6dee0763a2a7c1b3e5079f94c2e442c4876bdb37f9b2410687819bd
1878 Ctrl.prefix = hexprefix:746c73313320
1879 Ctrl.label = hexlabel:64657269766564
1880 Output = 43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237
1881
1882 KDF = TLS13-KDF
1883 Ctrl.mode = mode:EXPAND_ONLY
1884 Ctrl.digest = digest:SHA2-256
1885 Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237
1886 Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf
1887 Ctrl.prefix = hexprefix:746c73313320
1888 Ctrl.label = hexlabel:632068732074726166666963
1889 Output = 9d2d1d2d3aef26d116c4e8ae64c9cfc785c34b4e48ebed03291c05d97fbed48c
1890
1891 KDF = TLS13-KDF
1892 Ctrl.mode = mode:EXPAND_ONLY
1893 Ctrl.digest = digest:SHA2-256
1894 Ctrl.key = hexkey:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237
1895 Ctrl.data = hexdata:39f99c22b551a77eadb49cc2df00c0651bb847f678394c04a9663ff592122daf
1896 Ctrl.prefix = hexprefix:746c73313320
1897 Ctrl.label = hexlabel:732068732074726166666963
1898 Output = 8def30bd06498ab5d3687e1d5b7b255a4d8f0a350fff033e09fdedac103b33af
1899
1900 KDF = TLS13-KDF
1901 Ctrl.mode = mode:EXTRACT_ONLY
1902 Ctrl.digest = digest:SHA2-256
1903 Ctrl.salt = hexsalt:43081024ba4bc52ddbdaf075d2c0965e38521d0e2b43ad95235307ae567c4237
1904 Ctrl.prefix = hexprefix:746c73313320
1905 Ctrl.label = hexlabel:64657269766564
1906 Output = bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749
1907
1908 KDF = TLS13-KDF
1909 Ctrl.mode = mode:EXPAND_ONLY
1910 Ctrl.digest = digest:SHA2-256
1911 Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749
1912 Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8
1913 Ctrl.prefix = hexprefix:746c73313320
1914 Ctrl.label = hexlabel:632061702074726166666963
1915 Output = e45932f62656d9b4a4424d25b0dee0edc4dd7e5cd97ed559826ac2dc8753e234
1916
1917 KDF = TLS13-KDF
1918 Ctrl.mode = mode:EXPAND_ONLY
1919 Ctrl.digest = digest:SHA2-256
1920 Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749
1921 Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8
1922 Ctrl.prefix = hexprefix:746c73313320
1923 Ctrl.label = hexlabel:732061702074726166666963
1924 Output = 79e88b3776b65e1cf86e1652c1fa503b0fa9f425fb2d7f12ed980c82aea480d8
1925
1926 KDF = TLS13-KDF
1927 Ctrl.mode = mode:EXPAND_ONLY
1928 Ctrl.digest = digest:SHA2-256
1929 Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749
1930 Ctrl.data = hexdata:bfd5d60816d0d8aaa054a0c9ebe667f08b885bde11a0d2440ea48ae3d539ffd8
1931 Ctrl.prefix = hexprefix:746c73313320
1932 Ctrl.label = hexlabel:657870206d6173746572
1933 Output = a99de25f23b4c3b53e0f94c20e4cacbf69449eb6662ede20ecaf80f4b3588549
1934
1935 KDF = TLS13-KDF
1936 Ctrl.mode = mode:EXPAND_ONLY
1937 Ctrl.digest = digest:SHA2-256
1938 Ctrl.key = hexkey:bdc1635b5a2efb9d40f948e1885ef7dafabb342924cb93d8b5a41ef6b1291749
1939 Ctrl.data = hexdata:093be188157ab8ebdbc0862581178d451a89a496eec1d75a735c63745346d07e
1940 Ctrl.prefix = hexprefix:746c73313320
1941 Ctrl.label = hexlabel:726573206d6173746572
1942 Output = 5d068f2083afa672d025b89c6883a7d47899352d1f534f757cf9d046f42f2158
1943
1944 # New TLS 1.3 session starts here
1945
1946 KDF = TLS13-KDF
1947 Ctrl.mode = mode:EXTRACT_ONLY
1948 Ctrl.digest = digest:SHA2-256
1949 Ctrl.key = hexkey:b5c0634df696089d878e37b775c4c2f03f42748cec9dfc12661a8b888ed40685
1950 Output = c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795
1951
1952 KDF = TLS13-KDF
1953 Ctrl.mode = mode:EXPAND_ONLY
1954 Ctrl.digest = digest:SHA2-256
1955 Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795
1956 Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a
1957 Ctrl.prefix = hexprefix:746c73313320
1958 Ctrl.label = hexlabel:6320652074726166666963
1959 Output = cb5f4de81d60d9d8537b365b4311014a1380808c3b9c3a98a25dace58c0961c4
1960
1961 KDF = TLS13-KDF
1962 Ctrl.mode = mode:EXPAND_ONLY
1963 Ctrl.digest = digest:SHA2-256
1964 Ctrl.key = hexkey:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795
1965 Ctrl.data = hexdata:d4d8e30ea5e596830f165ab809b9c541383d621bf5502b83a27ed3ea2e570d2a
1966 Ctrl.prefix = hexprefix:746c73313320
1967 Ctrl.label = hexlabel:6520657870206d6173746572
1968 Output = 7aa5d4b291c159958c1781f0833e8dabf48ccd0d93553fbda644fea6ab1d730f
1969
1970 KDF = TLS13-KDF
1971 Ctrl.mode = mode:EXTRACT_ONLY
1972 Ctrl.digest = digest:SHA2-256
1973 Ctrl.salt = hexsalt:c2fcc802a14192c660e7728d983b6f85a21a9e9e0bfb1cc5154db457e5153795
1974 Ctrl.prefix = hexprefix:746c73313320
1975 Ctrl.label = hexlabel:64657269766564
1976 Output = cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306
1977
1978 KDF = TLS13-KDF
1979 Ctrl.mode = mode:EXPAND_ONLY
1980 Ctrl.digest = digest:SHA2-256
1981 Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306
1982 Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d
1983 Ctrl.prefix = hexprefix:746c73313320
1984 Ctrl.label = hexlabel:632068732074726166666963
1985 Output = bd18fde839dd5b186595135f6cce58f544c35168753489956d3bfc1691fdc9ea
1986
1987 KDF = TLS13-KDF
1988 Ctrl.mode = mode:EXPAND_ONLY
1989 Ctrl.digest = digest:SHA2-256
1990 Ctrl.key = hexkey:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306
1991 Ctrl.data = hexdata:f0ef84594377b8878aec3361beccd2c701cd1fff0bb1d091bdc960dbcc03ed2d
1992 Ctrl.prefix = hexprefix:746c73313320
1993 Ctrl.label = hexlabel:732068732074726166666963
1994 Output = bd404aafe66f33b525da924eab5a01330eed5e6792c18a2733594efa5fbe1770
1995
1996 KDF = TLS13-KDF
1997 Ctrl.mode = mode:EXTRACT_ONLY
1998 Ctrl.digest = digest:SHA2-256
1999 Ctrl.salt = hexsalt:cde47edec9e5f1fb69819b0fc195360469a11af491b2b85bffa5fe3d3794f306
2000 Ctrl.prefix = hexprefix:746c73313320
2001 Ctrl.label = hexlabel:64657269766564
2002 Output = 17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5
2003
2004 KDF = TLS13-KDF
2005 Ctrl.mode = mode:EXPAND_ONLY
2006 Ctrl.digest = digest:SHA2-256
2007 Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5
2008 Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e
2009 Ctrl.prefix = hexprefix:746c73313320
2010 Ctrl.label = hexlabel:632061702074726166666963
2011 Output = 4a28e31a44a9084c31045bab3cd9ca4bb7cc6c0a7a3339265919b6dbbf9bd439
2012
2013 KDF = TLS13-KDF
2014 Ctrl.mode = mode:EXPAND_ONLY
2015 Ctrl.digest = digest:SHA2-256
2016 Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5
2017 Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e
2018 Ctrl.prefix = hexprefix:746c73313320
2019 Ctrl.label = hexlabel:732061702074726166666963
2020 Output = 8f7bcfb0a364acb09af591dbfbd1f5d76a1b5da68eb86e22633e3d4ffd4ffb3b
2021
2022 KDF = TLS13-KDF
2023 Ctrl.mode = mode:EXPAND_ONLY
2024 Ctrl.digest = digest:SHA2-256
2025 Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5
2026 Ctrl.data = hexdata:47a04fbfcb7af70cd735ccd29f978db89ad2884a208f5e0a0efed6c78e21f93e
2027 Ctrl.prefix = hexprefix:746c73313320
2028 Ctrl.label = hexlabel:657870206d6173746572
2029 Output = 3d5d45e78c540d05a19ee723ef075ff5c30e4e637af9075a519224751bf73cbb
2030
2031 KDF = TLS13-KDF
2032 Ctrl.mode = mode:EXPAND_ONLY
2033 Ctrl.digest = digest:SHA2-256
2034 Ctrl.key = hexkey:17dc622c65dd8b948cbd8dba752fbf1132fc689717ad9e7d57258e85cff6b4e5
2035 Ctrl.data = hexdata:0f147eef330ea13e24db0e4f0f99ef57e226fcd893bcad0aa775736043a5678c
2036 Ctrl.prefix = hexprefix:746c73313320
2037 Ctrl.label = hexlabel:726573206d6173746572
2038 Output = 865f8cf4b1065211f6c79e2a269fc5d292c496389458ee1defdbdecdae3c178e
2039
2040 # New TLS 1.3 session starts here
2041
2042 KDF = TLS13-KDF
2043 Ctrl.mode = mode:EXTRACT_ONLY
2044 Ctrl.digest = digest:SHA2-256
2045 Ctrl.key = hexkey:c83e2d0710fea2c69df3ddb8e44ab8eff77b331b5bab68693150cb57024bb513
2046 Output = 670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7
2047
2048 KDF = TLS13-KDF
2049 Ctrl.mode = mode:EXPAND_ONLY
2050 Ctrl.digest = digest:SHA2-256
2051 Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7
2052 Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6
2053 Ctrl.prefix = hexprefix:746c73313320
2054 Ctrl.label = hexlabel:6320652074726166666963
2055 Output = da288713ae469437c7d49934f87461dec0884cc1c075d0c2b80467c9b497493e
2056
2057 KDF = TLS13-KDF
2058 Ctrl.mode = mode:EXPAND_ONLY
2059 Ctrl.digest = digest:SHA2-256
2060 Ctrl.key = hexkey:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7
2061 Ctrl.data = hexdata:b91f2426c7a814aa728b0d066803bb5f5ba89053a107093525bd37b8a228bbe6
2062 Ctrl.prefix = hexprefix:746c73313320
2063 Ctrl.label = hexlabel:6520657870206d6173746572
2064 Output = 9c4d05cc523e7486fa518512c15697e8da785182c9a07553d185634653ad57e1
2065
2066 KDF = TLS13-KDF
2067 Ctrl.mode = mode:EXTRACT_ONLY
2068 Ctrl.digest = digest:SHA2-256
2069 Ctrl.key = hexkey:3b2a40cdb43badc2354bbcab3232f150a29cdb6d701a4d954e53f93122ddb384
2070 Ctrl.salt = hexsalt:670bf2a12c3b914a0251276f624e2b7b38056b989c4e4e48a6bd9d6e649329a7
2071 Ctrl.prefix = hexprefix:746c73313320
2072 Ctrl.label = hexlabel:64657269766564
2073 Output = 0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3
2074
2075 KDF = TLS13-KDF
2076 Ctrl.mode = mode:EXPAND_ONLY
2077 Ctrl.digest = digest:SHA2-256
2078 Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3
2079 Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac
2080 Ctrl.prefix = hexprefix:746c73313320
2081 Ctrl.label = hexlabel:632068732074726166666963
2082 Output = 11ca6d097742c16dd5b42af8508d46771fac61ad30120f1eeffd90b8c0ecb0d9
2083
2084 KDF = TLS13-KDF
2085 Ctrl.mode = mode:EXPAND_ONLY
2086 Ctrl.digest = digest:SHA2-256
2087 Ctrl.key = hexkey:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3
2088 Ctrl.data = hexdata:106c8ade410c1a7972f9dcd60fde846a0652ad92dc3737120bceca0c3e316bac
2089 Ctrl.prefix = hexprefix:746c73313320
2090 Ctrl.label = hexlabel:732068732074726166666963
2091 Output = 4305a71a34bdb5e0821501b4bdd271593ab82dd4532cc273fed3db050ac2c1b6
2092
2093 KDF = TLS13-KDF
2094 Ctrl.mode = mode:EXTRACT_ONLY
2095 Ctrl.digest = digest:SHA2-256
2096 Ctrl.salt = hexsalt:0cb3b141bf3fc28050388dd84a2504e7cbebb715c0963f8291793ecf6d8bdff3
2097 Ctrl.prefix = hexprefix:746c73313320
2098 Ctrl.label = hexlabel:64657269766564
2099 Output = 59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c
2100
2101 KDF = TLS13-KDF
2102 Ctrl.mode = mode:EXPAND_ONLY
2103 Ctrl.digest = digest:SHA2-256
2104 Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c
2105 Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e
2106 Ctrl.prefix = hexprefix:746c73313320
2107 Ctrl.label = hexlabel:632061702074726166666963
2108 Output = 403399b9a3b3d8c729e488aedf59572057288184d845f65762965638d9044f02
2109
2110 KDF = TLS13-KDF
2111 Ctrl.mode = mode:EXPAND_ONLY
2112 Ctrl.digest = digest:SHA2-256
2113 Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c
2114 Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e
2115 Ctrl.prefix = hexprefix:746c73313320
2116 Ctrl.label = hexlabel:732061702074726166666963
2117 Output = 84c047db046fe61aff8a08b1baf4d2d19cc64e5d8520e0a7b0d53cf1c4a0d931
2118
2119 KDF = TLS13-KDF
2120 Ctrl.mode = mode:EXPAND_ONLY
2121 Ctrl.digest = digest:SHA2-256
2122 Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c
2123 Ctrl.data = hexdata:8c22d8b59e26690f0279c8b079f3b1712544600a0e5e5aef21609a1544f0fd7e
2124 Ctrl.prefix = hexprefix:746c73313320
2125 Ctrl.label = hexlabel:657870206d6173746572
2126 Output = 4ff1809a55380799faac1c9e7795f61d2f2e8d94e05076a863cf0624b2f7910e
2127
2128 KDF = TLS13-KDF
2129 Ctrl.mode = mode:EXPAND_ONLY
2130 Ctrl.digest = digest:SHA2-256
2131 Ctrl.key = hexkey:59714d40ada923b4bd6fcc27a4ace84d75003431b1b0ec496b786c15fd74345c
2132 Ctrl.data = hexdata:b3a2661fca9d2bd11f011da167daa18d7d705dffae6987ef1410fa932543bbc0
2133 Ctrl.prefix = hexprefix:746c73313320
2134 Ctrl.label = hexlabel:726573206d6173746572
2135 Output = c5fced915b2f444eba12a1dbda3487a2054201378640682a3a668a1513f6a232
2136
2137 # New TLS 1.3 session starts here
2138
2139 KDF = TLS13-KDF
2140 Ctrl.mode = mode:EXTRACT_ONLY
2141 Ctrl.digest = digest:SHA2-256
2142 Ctrl.key = hexkey:76d2def296a73bbbe2c0c58061fda9a8486a65fe0d25a312061a33de39665229
2143 Output = aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab
2144
2145 KDF = TLS13-KDF
2146 Ctrl.mode = mode:EXPAND_ONLY
2147 Ctrl.digest = digest:SHA2-256
2148 Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab
2149 Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd
2150 Ctrl.prefix = hexprefix:746c73313320
2151 Ctrl.label = hexlabel:6320652074726166666963
2152 Output = d2a135057bcf8843aed48c7c37a8d891ca459ac6def66950c57cf849a60cad9b
2153
2154 KDF = TLS13-KDF
2155 Ctrl.mode = mode:EXPAND_ONLY
2156 Ctrl.digest = digest:SHA2-256
2157 Ctrl.key = hexkey:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab
2158 Ctrl.data = hexdata:f2c3f79a329d8a0a0c71fdff27d21b4f5396cef54eee48e8d95823730af5c7cd
2159 Ctrl.prefix = hexprefix:746c73313320
2160 Ctrl.label = hexlabel:6520657870206d6173746572
2161 Output = 5c920375f607f4b1a179d31aff80074b3357108960051a22de8e001aa6979c0f
2162
2163 KDF = TLS13-KDF
2164 Ctrl.mode = mode:EXTRACT_ONLY
2165 Ctrl.digest = digest:SHA2-256
2166 Ctrl.key = hexkey:3313848ca37d8491646fd92c252257742d983c65090bc542c9a03fd4b26e9b1c
2167 Ctrl.salt = hexsalt:aad44b2999d3974a3a75f63b36380d3a4c1051b43054ff3681df46c52f3f7cab
2168 Ctrl.prefix = hexprefix:746c73313320
2169 Ctrl.label = hexlabel:64657269766564
2170 Output = 3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9
2171
2172 KDF = TLS13-KDF
2173 Ctrl.mode = mode:EXPAND_ONLY
2174 Ctrl.digest = digest:SHA2-256
2175 Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9
2176 Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3
2177 Ctrl.prefix = hexprefix:746c73313320
2178 Ctrl.label = hexlabel:632068732074726166666963
2179 Output = 929e776e48697a19220f40bcdb91d17aa81c72609dad9e44ce504a9b1b1a3666
2180
2181 KDF = TLS13-KDF
2182 Ctrl.mode = mode:EXPAND_ONLY
2183 Ctrl.digest = digest:SHA2-256
2184 Ctrl.key = hexkey:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9
2185 Ctrl.data = hexdata:68952fb6f6fab9968e16044c7d3d6e29f9b4cb969ea37d3b89317581242a51c3
2186 Ctrl.prefix = hexprefix:746c73313320
2187 Ctrl.label = hexlabel:732068732074726166666963
2188 Output = ca770b94d778f80d7bf5e9c57385d311944074fc971d4509666d9fd2da082f6f
2189
2190 KDF = TLS13-KDF
2191 Ctrl.mode = mode:EXTRACT_ONLY
2192 Ctrl.digest = digest:SHA2-256
2193 Ctrl.salt = hexsalt:3b7f06aab24b86a7e17d898b8f43c9460a3fa5b949db5e64de401efa2826daa9
2194 Ctrl.prefix = hexprefix:746c73313320
2195 Ctrl.label = hexlabel:64657269766564
2196 Output = c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316
2197
2198 KDF = TLS13-KDF
2199 Ctrl.mode = mode:EXPAND_ONLY
2200 Ctrl.digest = digest:SHA2-256
2201 Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316
2202 Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4
2203 Ctrl.prefix = hexprefix:746c73313320
2204 Ctrl.label = hexlabel:632061702074726166666963
2205 Output = 9cbdcf2aab74218e206b09990759afacf0b0fc6e9663df2ef3b1be8baa04137f
2206
2207 KDF = TLS13-KDF
2208 Ctrl.mode = mode:EXPAND_ONLY
2209 Ctrl.digest = digest:SHA2-256
2210 Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316
2211 Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4
2212 Ctrl.prefix = hexprefix:746c73313320
2213 Ctrl.label = hexlabel:732061702074726166666963
2214 Output = 68b56ade508cb9a80659247476e9bc51e11a2bf8996abcf31ef7ca40db8ce038
2215
2216 KDF = TLS13-KDF
2217 Ctrl.mode = mode:EXPAND_ONLY
2218 Ctrl.digest = digest:SHA2-256
2219 Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316
2220 Ctrl.data = hexdata:94cc1ab5421bc914655d3c9b29c62257e3921357c251714f0603d97ecb6af5b4
2221 Ctrl.prefix = hexprefix:746c73313320
2222 Ctrl.label = hexlabel:657870206d6173746572
2223 Output = 99b1731836e008fce195b2656a978653fab931ca7568538ea445e07758eaec3e
2224
2225 KDF = TLS13-KDF
2226 Ctrl.mode = mode:EXPAND_ONLY
2227 Ctrl.digest = digest:SHA2-256
2228 Ctrl.key = hexkey:c1cbedf5f8e8b561dd21c9ae1ee2e82ded1fa8ca3dbd58b8dbe153a78f87c316
2229 Ctrl.data = hexdata:9d6de017899f4866cf158fbcdff17f9be461b515424fcc68983ea14199b4f93e
2230 Ctrl.prefix = hexprefix:746c73313320
2231 Ctrl.label = hexlabel:726573206d6173746572
2232 Output = cfa68b4390998107c071a7a7f05aeaa67c399fbc74ae078d239953d97a9b192c
2233
2234 # New TLS 1.3 session starts here
2235
2236 KDF = TLS13-KDF
2237 Ctrl.mode = mode:EXTRACT_ONLY
2238 Ctrl.digest = digest:SHA2-256
2239 Ctrl.key = hexkey:84e4720169f84d06305f31d48bc80c38533262092dad037431595504652ad812
2240 Output = e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67
2241
2242 KDF = TLS13-KDF
2243 Ctrl.mode = mode:EXPAND_ONLY
2244 Ctrl.digest = digest:SHA2-256
2245 Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67
2246 Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b
2247 Ctrl.prefix = hexprefix:746c73313320
2248 Ctrl.label = hexlabel:6320652074726166666963
2249 Output = 4de207e64746e30b0422f9f61bb0d62f3e1559685a5b6231491dbedd7e7d3c70
2250
2251 KDF = TLS13-KDF
2252 Ctrl.mode = mode:EXPAND_ONLY
2253 Ctrl.digest = digest:SHA2-256
2254 Ctrl.key = hexkey:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67
2255 Ctrl.data = hexdata:629f374f2fbca62af9a940e8dbfa469605239b9af3d1a9ad870a5d09aa828d4b
2256 Ctrl.prefix = hexprefix:746c73313320
2257 Ctrl.label = hexlabel:6520657870206d6173746572
2258 Output = f98601cd853b472676a12f4d2b0ed496ded451aa7255f2261d9bc6b0e1831e26
2259
2260 KDF = TLS13-KDF
2261 Ctrl.mode = mode:EXTRACT_ONLY
2262 Ctrl.digest = digest:SHA2-256
2263 Ctrl.key = hexkey:0130ef5db75ffa78e0dd43c3c61d887a9153044d2ac8fe4046bb2b0c38034715
2264 Ctrl.salt = hexsalt:e8634fc371ec5aeb3e610dfaaa37f5d5964a3518a7c50dc02daeb409b5813a67
2265 Ctrl.prefix = hexprefix:746c73313320
2266 Ctrl.label = hexlabel:64657269766564
2267 Output = 45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf
2268
2269 KDF = TLS13-KDF
2270 Ctrl.mode = mode:EXPAND_ONLY
2271 Ctrl.digest = digest:SHA2-256
2272 Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf
2273 Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0
2274 Ctrl.prefix = hexprefix:746c73313320
2275 Ctrl.label = hexlabel:632068732074726166666963
2276 Output = 5e827d8f0a5198f40ce9a179220c64a5be7ffbb7238a7ce3924af12435517829
2277
2278 KDF = TLS13-KDF
2279 Ctrl.mode = mode:EXPAND_ONLY
2280 Ctrl.digest = digest:SHA2-256
2281 Ctrl.key = hexkey:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf
2282 Ctrl.data = hexdata:cb3e464901236370574fdb6e62e3578d6d055b13352bb009c7524be5046fe3f0
2283 Ctrl.prefix = hexprefix:746c73313320
2284 Ctrl.label = hexlabel:732068732074726166666963
2285 Output = cd3650173b74032cd5923eedd2ca939f4986071612025a3931fcbdae424c3fe0
2286
2287 KDF = TLS13-KDF
2288 Ctrl.mode = mode:EXTRACT_ONLY
2289 Ctrl.digest = digest:SHA2-256
2290 Ctrl.salt = hexsalt:45d0bc957523624818445ac480848850e07fb050d8d58a62614526c7b6f6a3cf
2291 Ctrl.prefix = hexprefix:746c73313320
2292 Ctrl.label = hexlabel:64657269766564
2293 Output = 305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d
2294
2295 KDF = TLS13-KDF
2296 Ctrl.mode = mode:EXPAND_ONLY
2297 Ctrl.digest = digest:SHA2-256
2298 Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d
2299 Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280
2300 Ctrl.prefix = hexprefix:746c73313320
2301 Ctrl.label = hexlabel:632061702074726166666963
2302 Output = 87c29eb07ed9d69f4f17d19dbe7d792c96243bcbab5a6ad674d476ab2723f3e9
2303
2304 KDF = TLS13-KDF
2305 Ctrl.mode = mode:EXPAND_ONLY
2306 Ctrl.digest = digest:SHA2-256
2307 Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d
2308 Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280
2309 Ctrl.prefix = hexprefix:746c73313320
2310 Ctrl.label = hexlabel:732061702074726166666963
2311 Output = 1bea4e5a0cce346fcf3784bbea219060a733bb9b3d9fbcd51b230df79e7bbaf7
2312
2313 KDF = TLS13-KDF
2314 Ctrl.mode = mode:EXPAND_ONLY
2315 Ctrl.digest = digest:SHA2-256
2316 Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d
2317 Ctrl.data = hexdata:05bb66eae94bafe82cbc264ce33f66a4259d1003910333ecd9d70a0dc6676280
2318 Ctrl.prefix = hexprefix:746c73313320
2319 Ctrl.label = hexlabel:657870206d6173746572
2320 Output = 56ad7e5af0a0c80dedf12d1206d731527e4a19d821ca666b887532da4dafddc2
2321
2322 KDF = TLS13-KDF
2323 Ctrl.mode = mode:EXPAND_ONLY
2324 Ctrl.digest = digest:SHA2-256
2325 Ctrl.key = hexkey:305e840032f79d5fc438a556f9c2a0aed6e63ba96dee4dbbcc46e3cd5254e52d
2326 Ctrl.data = hexdata:2f35a4e79e594f9552231c0a20b1c044f335970e1672fcd232ee080e0b1003d5
2327 Ctrl.prefix = hexprefix:746c73313320
2328 Ctrl.label = hexlabel:726573206d6173746572
2329 Output = 439199cbd6c133c77a01fd46314381dac23f9f75bc25a5b6bd3a0c3ae65c213a
2330
2331 # New TLS 1.3 session starts here
2332
2333 KDF = TLS13-KDF
2334 Ctrl.mode = mode:EXTRACT_ONLY
2335 Ctrl.digest = digest:SHA2-256
2336 Ctrl.key = hexkey:846579bee2d8787197afac0ad73a05ace42fdc88973863867f7034edaaa67bab
2337 Output = f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882
2338
2339 KDF = TLS13-KDF
2340 Ctrl.mode = mode:EXPAND_ONLY
2341 Ctrl.digest = digest:SHA2-256
2342 Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882
2343 Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9
2344 Ctrl.prefix = hexprefix:746c73313320
2345 Ctrl.label = hexlabel:6320652074726166666963
2346 Output = 539cbdca2eea93fb99498a1828d74e538110602331ca05e2e0a33904dbacc7e0
2347
2348 KDF = TLS13-KDF
2349 Ctrl.mode = mode:EXPAND_ONLY
2350 Ctrl.digest = digest:SHA2-256
2351 Ctrl.key = hexkey:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882
2352 Ctrl.data = hexdata:09183dfa8773dbcbcf4e956f909e91f9dc01134b4f3e478c2e9157c74610d4a9
2353 Ctrl.prefix = hexprefix:746c73313320
2354 Ctrl.label = hexlabel:6520657870206d6173746572
2355 Output = c5eed5ccc461fc4eed16ba2d4e73e61ee5e1e65fd37e4c683f754f69300b9d0f
2356
2357 KDF = TLS13-KDF
2358 Ctrl.mode = mode:EXTRACT_ONLY
2359 Ctrl.digest = digest:SHA2-256
2360 Ctrl.key = hexkey:0dc18e5c75390fcbff95fd629727fb8561efc9dbf88875aa37e59b204876d016
2361 Ctrl.salt = hexsalt:f2f46cf85e6dc82602eb1169a27aaa17185af5fc26ac8b4cc466f9be2f1b3882
2362 Ctrl.prefix = hexprefix:746c73313320
2363 Ctrl.label = hexlabel:64657269766564
2364 Output = a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee
2365
2366 KDF = TLS13-KDF
2367 Ctrl.mode = mode:EXPAND_ONLY
2368 Ctrl.digest = digest:SHA2-256
2369 Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee
2370 Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d
2371 Ctrl.prefix = hexprefix:746c73313320
2372 Ctrl.label = hexlabel:632068732074726166666963
2373 Output = d2ac822767a490a8087be7adcbcb2e213a98c5bed4a54c827ad2fc19ac0084e1
2374
2375 KDF = TLS13-KDF
2376 Ctrl.mode = mode:EXPAND_ONLY
2377 Ctrl.digest = digest:SHA2-256
2378 Ctrl.key = hexkey:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee
2379 Ctrl.data = hexdata:439b9eb6fc068e5c2709a044c98073d498d3151eab2237fc285093c6486fae8d
2380 Ctrl.prefix = hexprefix:746c73313320
2381 Ctrl.label = hexlabel:732068732074726166666963
2382 Output = 06613eeefdc210ff2624820604ae88d7160de324b8bfbb279b40bb0caea4b251
2383
2384 KDF = TLS13-KDF
2385 Ctrl.mode = mode:EXTRACT_ONLY
2386 Ctrl.digest = digest:SHA2-256
2387 Ctrl.salt = hexsalt:a308d6301c37989245c04c359fbc2cf2b07f8c4344bf37604cdb27c0e631a3ee
2388 Ctrl.prefix = hexprefix:746c73313320
2389 Ctrl.label = hexlabel:64657269766564
2390 Output = 36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece
2391
2392 KDF = TLS13-KDF
2393 Ctrl.mode = mode:EXPAND_ONLY
2394 Ctrl.digest = digest:SHA2-256
2395 Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece
2396 Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140
2397 Ctrl.prefix = hexprefix:746c73313320
2398 Ctrl.label = hexlabel:632061702074726166666963
2399 Output = 382e756a88f3dde4b775bc30064877563716e48e05c70382c4b4717b804f7900
2400
2401 KDF = TLS13-KDF
2402 Ctrl.mode = mode:EXPAND_ONLY
2403 Ctrl.digest = digest:SHA2-256
2404 Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece
2405 Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140
2406 Ctrl.prefix = hexprefix:746c73313320
2407 Ctrl.label = hexlabel:732061702074726166666963
2408 Output = 08fbcf658bf0ccd792bf9486c8304d5cec3e066fb310e14c642b5e838a80cec2
2409
2410 KDF = TLS13-KDF
2411 Ctrl.mode = mode:EXPAND_ONLY
2412 Ctrl.digest = digest:SHA2-256
2413 Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece
2414 Ctrl.data = hexdata:a0fe2ba2eee7dfc1431e4a0098f17146ccf75d424d4df5a325b10b130ca8a140
2415 Ctrl.prefix = hexprefix:746c73313320
2416 Ctrl.label = hexlabel:657870206d6173746572
2417 Output = af263cbe584c6257872182e4259e90dacce4e857c0971e63e90ef68313241f09
2418
2419 KDF = TLS13-KDF
2420 Ctrl.mode = mode:EXPAND_ONLY
2421 Ctrl.digest = digest:SHA2-256
2422 Ctrl.key = hexkey:36c02d8a722e424007309cf655c90d735ce618e7d3586a4c430253f3467e7ece
2423 Ctrl.data = hexdata:db71bdb1435bf594988f4288e9c8aa9d1ffc400d3b74a8f166dfff72ac2d251e
2424 Ctrl.prefix = hexprefix:746c73313320
2425 Ctrl.label = hexlabel:726573206d6173746572
2426 Output = f79d066e915aa9fdc491b522536fd389309d93b9e386adbeabf276bc18826a4d
2427
2428 # New TLS 1.3 session starts here
2429
2430 KDF = TLS13-KDF
2431 Ctrl.mode = mode:EXTRACT_ONLY
2432 Ctrl.digest = digest:SHA2-256
2433 Ctrl.key = hexkey:1c48bc355454d145972bf3e2fea127c34443a214ca2df0873d78db5610fd5598
2434 Output = 4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017
2435
2436 KDF = TLS13-KDF
2437 Ctrl.mode = mode:EXPAND_ONLY
2438 Ctrl.digest = digest:SHA2-256
2439 Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017
2440 Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0
2441 Ctrl.prefix = hexprefix:746c73313320
2442 Ctrl.label = hexlabel:6320652074726166666963
2443 Output = 6e9db9369095c899626c20463ddd98d1885e41dac533981bb0d0352ef9874697
2444
2445 KDF = TLS13-KDF
2446 Ctrl.mode = mode:EXPAND_ONLY
2447 Ctrl.digest = digest:SHA2-256
2448 Ctrl.key = hexkey:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017
2449 Ctrl.data = hexdata:a65f378bd6b9e498256afc30f268d87f2b93e95925e361f5a5f35198457bd3f0
2450 Ctrl.prefix = hexprefix:746c73313320
2451 Ctrl.label = hexlabel:6520657870206d6173746572
2452 Output = 93877fd5a8a4b5323b8561cfbb0e7cff34d63db1f6c0783de9edaee832a93026
2453
2454 KDF = TLS13-KDF
2455 Ctrl.mode = mode:EXTRACT_ONLY
2456 Ctrl.digest = digest:SHA2-256
2457 Ctrl.key = hexkey:ca08248684cb6529a53900f08a28734f5722193c21e8b01b99b968a4711f67e6
2458 Ctrl.salt = hexsalt:4c0857f54a8332d09dfdd41043a87d758b2ffb86bff9ab972ba9c0afba25b017
2459 Ctrl.prefix = hexprefix:746c73313320
2460 Ctrl.label = hexlabel:64657269766564
2461 Output = e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9
2462
2463 KDF = TLS13-KDF
2464 Ctrl.mode = mode:EXPAND_ONLY
2465 Ctrl.digest = digest:SHA2-256
2466 Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9
2467 Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200
2468 Ctrl.prefix = hexprefix:746c73313320
2469 Ctrl.label = hexlabel:632068732074726166666963
2470 Output = 18764172b9bf192527e7640b553c49785f49b17c139aec41d9ca711ad5c5aaa5
2471
2472 KDF = TLS13-KDF
2473 Ctrl.mode = mode:EXPAND_ONLY
2474 Ctrl.digest = digest:SHA2-256
2475 Ctrl.key = hexkey:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9
2476 Ctrl.data = hexdata:4b485da6cf1df86af0757b10a0f99d422a667444c42ea732c1ad9eb91b8a1200
2477 Ctrl.prefix = hexprefix:746c73313320
2478 Ctrl.label = hexlabel:732068732074726166666963
2479 Output = 07f5837669456a7a5cbadb1f88e8faa50a620e1a0577ef3c4304f4679596ba4d
2480
2481 KDF = TLS13-KDF
2482 Ctrl.mode = mode:EXTRACT_ONLY
2483 Ctrl.digest = digest:SHA2-256
2484 Ctrl.salt = hexsalt:e60e0c3fc3dc3c54964089b1211fda1e217e9ef7df4b37611fefca1309550da9
2485 Ctrl.prefix = hexprefix:746c73313320
2486 Ctrl.label = hexlabel:64657269766564
2487 Output = 5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b
2488
2489 KDF = TLS13-KDF
2490 Ctrl.mode = mode:EXPAND_ONLY
2491 Ctrl.digest = digest:SHA2-256
2492 Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b
2493 Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78
2494 Ctrl.prefix = hexprefix:746c73313320
2495 Ctrl.label = hexlabel:632061702074726166666963
2496 Output = 1f145b433d726ad8aed2b3d7a91dbf7dfee700a3a82650c496785c898b7be0f8
2497
2498 KDF = TLS13-KDF
2499 Ctrl.mode = mode:EXPAND_ONLY
2500 Ctrl.digest = digest:SHA2-256
2501 Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b
2502 Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78
2503 Ctrl.prefix = hexprefix:746c73313320
2504 Ctrl.label = hexlabel:732061702074726166666963
2505 Output = ba32a25990ad0d52861f0e24e283b1bf2f229c14649867415b8d0ac3c1d55b8e
2506
2507 KDF = TLS13-KDF
2508 Ctrl.mode = mode:EXPAND_ONLY
2509 Ctrl.digest = digest:SHA2-256
2510 Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b
2511 Ctrl.data = hexdata:5cef22380661440bbbe9d74f573a9329345481843b2512ef1a9a4f5d0d263f78
2512 Ctrl.prefix = hexprefix:746c73313320
2513 Ctrl.label = hexlabel:657870206d6173746572
2514 Output = 8d95c36d97d0d724a4a925d30db54fa9a00a7f40491617149f354f6a22abde69
2515
2516 KDF = TLS13-KDF
2517 Ctrl.mode = mode:EXPAND_ONLY
2518 Ctrl.digest = digest:SHA2-256
2519 Ctrl.key = hexkey:5d0803e36d1597791f4cbbe23b21571776ac0319e8e4f7023254a8d412dd6c0b
2520 Ctrl.data = hexdata:9581b3ed9dff21ace07228323489626f403dda4bf997885e80e23edaaa988d52
2521 Ctrl.prefix = hexprefix:746c73313320
2522 Ctrl.label = hexlabel:726573206d6173746572
2523 Output = 62750f7ddf116735e656c7014c9243b6c57a84f0ba6088f28deea97a91c6f2d3
2524
2525 # New TLS 1.3 session starts here
2526
2527 KDF = TLS13-KDF
2528 Ctrl.mode = mode:EXTRACT_ONLY
2529 Ctrl.digest = digest:SHA2-384
2530 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2531
2532 KDF = TLS13-KDF
2533 Ctrl.mode = mode:EXPAND_ONLY
2534 Ctrl.digest = digest:SHA2-384
2535 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2536 Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf
2537 Ctrl.prefix = hexprefix:746c73313320
2538 Ctrl.label = hexlabel:6320652074726166666963
2539 Output = b7af828d2d478d384d2a3c49e4068156de9ecefce3deebf281e2cb0947cd83dd28d1472bcf4b0484a9e2fd3b33d3cb81
2540
2541 KDF = TLS13-KDF
2542 Ctrl.mode = mode:EXPAND_ONLY
2543 Ctrl.digest = digest:SHA2-384
2544 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2545 Ctrl.data = hexdata:910113657bdc298e97ebedd20511eb096f973f55fee0fcbb2d9cb5a686e7ed200ed417839066bbea4c05209434590daf
2546 Ctrl.prefix = hexprefix:746c73313320
2547 Ctrl.label = hexlabel:6520657870206d6173746572
2548 Output = 98aaaed14b4ea329d9e1c2c4ae4e1c9fc74b58ca5748acb35be214cc106e23675ba8e7e95bea77aabdcaff37b7180953
2549
2550 KDF = TLS13-KDF
2551 Ctrl.mode = mode:EXTRACT_ONLY
2552 Ctrl.digest = digest:SHA2-384
2553 Ctrl.key = hexkey:69ebe2a6f0cbc6bda4f1fca02786df58a9abde209e15ca02ed167ecdaabaf78c26
2554 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2555 Ctrl.prefix = hexprefix:746c73313320
2556 Ctrl.label = hexlabel:64657269766564
2557 Output = 19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15
2558
2559 KDF = TLS13-KDF
2560 Ctrl.mode = mode:EXPAND_ONLY
2561 Ctrl.digest = digest:SHA2-384
2562 Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15
2563 Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d
2564 Ctrl.prefix = hexprefix:746c73313320
2565 Ctrl.label = hexlabel:632068732074726166666963
2566 Output = c087814576d3a18ec8cf9d7e0fd4e720f0e32cada8bbfc59d048376d57334ac6847dc2f2e642fcd5f100e187d728c626
2567
2568 KDF = TLS13-KDF
2569 Ctrl.mode = mode:EXPAND_ONLY
2570 Ctrl.digest = digest:SHA2-384
2571 Ctrl.key = hexkey:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15
2572 Ctrl.data = hexdata:53d60b426068e463f9d09308a007d0ef27bc8d2001f045afa2d7a3888d47b1d774ab3e7102ab901065b8e242dac6722d
2573 Ctrl.prefix = hexprefix:746c73313320
2574 Ctrl.label = hexlabel:732068732074726166666963
2575 Output = 0d6a7b15387fb7d8a748a07ddd4b6dc3ed9854410cb6c18515d013a8b0496cb3df1bbad7fa4ca64bec04e42362315269
2576
2577 KDF = TLS13-KDF
2578 Ctrl.mode = mode:EXTRACT_ONLY
2579 Ctrl.digest = digest:SHA2-384
2580 Ctrl.salt = hexsalt:19ff34d4b42a1a7066b34d60e3bfde4458eba1efd3fcd6ef1971824ca56468c1fb2cd35acc7e3ffbe95b3e59855c0b15
2581 Ctrl.prefix = hexprefix:746c73313320
2582 Ctrl.label = hexlabel:64657269766564
2583 Output = 5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8
2584
2585 KDF = TLS13-KDF
2586 Ctrl.mode = mode:EXPAND_ONLY
2587 Ctrl.digest = digest:SHA2-384
2588 Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8
2589 Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca
2590 Ctrl.prefix = hexprefix:746c73313320
2591 Ctrl.label = hexlabel:632061702074726166666963
2592 Output = eb4e606e2198835b8733a026ef1c97bd7a8df3da598f32494ebc5809cf697c7999e0154c56399a60ec20b705d50ed9e0
2593
2594 KDF = TLS13-KDF
2595 Ctrl.mode = mode:EXPAND_ONLY
2596 Ctrl.digest = digest:SHA2-384
2597 Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8
2598 Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca
2599 Ctrl.prefix = hexprefix:746c73313320
2600 Ctrl.label = hexlabel:732061702074726166666963
2601 Output = 580bb4a16e81ba7b21b1ae7688037bd76684dd8e5e1e9254732685acdcd44dd1a1ce8126815fcdb42f47ac6d8ac7d4b0
2602
2603 KDF = TLS13-KDF
2604 Ctrl.mode = mode:EXPAND_ONLY
2605 Ctrl.digest = digest:SHA2-384
2606 Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8
2607 Ctrl.data = hexdata:fbb73fd2d7c15c8ce25627f3ca7d61d1facebcfb6f9386c692479521a96973499ec24db280a12fc7bb83bfe32dc0a9ca
2608 Ctrl.prefix = hexprefix:746c73313320
2609 Ctrl.label = hexlabel:657870206d6173746572
2610 Output = caa396d3f1b8bfce67752855df1b5150b34613f74d6f02d6f1c3d07cf1f64b1c69d8e4cb129de293de5addca635467c9
2611
2612 KDF = TLS13-KDF
2613 Ctrl.mode = mode:EXPAND_ONLY
2614 Ctrl.digest = digest:SHA2-384
2615 Ctrl.key = hexkey:5fc2bcd2dc4427578c82386ec0a44b5837da7a7560ec9890609b0ce626d79263364adddeedb046b494da9daed06c2de8
2616 Ctrl.data = hexdata:37543f85f9c51e29d5bf1efeb8e82d35633fc1e53a6947453f579cbf3424e036b2d287b068079f9852cb2ed0b1577f65
2617 Ctrl.prefix = hexprefix:746c73313320
2618 Ctrl.label = hexlabel:726573206d6173746572
2619 Output = 0cd8131737f5411766ae31c739a8cf9c6156623c7e8a61960b368469db3df24be159f0dc3ea33489db810edfa38798bc
2620
2621 # New TLS 1.3 session starts here
2622
2623 KDF = TLS13-KDF
2624 Ctrl.mode = mode:EXTRACT_ONLY
2625 Ctrl.digest = digest:SHA2-384
2626 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2627
2628 KDF = TLS13-KDF
2629 Ctrl.mode = mode:EXPAND_ONLY
2630 Ctrl.digest = digest:SHA2-384
2631 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2632 Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714
2633 Ctrl.prefix = hexprefix:746c73313320
2634 Ctrl.label = hexlabel:6320652074726166666963
2635 Output = 9ea652bed125a4f5eb038bb92b45bb2206a885536280cdd33dc04837b9f243ce60ac08f6a1b60e410e1cbe6da2d1bfa5
2636
2637 KDF = TLS13-KDF
2638 Ctrl.mode = mode:EXPAND_ONLY
2639 Ctrl.digest = digest:SHA2-384
2640 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2641 Ctrl.data = hexdata:a807a39d8f59bcad113f00464839a49f2ea7bb3bf10ae124e706cbaef8438a69529d0423049659f41ca3bc879f135714
2642 Ctrl.prefix = hexprefix:746c73313320
2643 Ctrl.label = hexlabel:6520657870206d6173746572
2644 Output = 379bac9dbc4c02bd651db88b2109402259526992a6be8051052046baafabfcba43ecc95b85b212eefeb82abb9bf6342c
2645
2646 KDF = TLS13-KDF
2647 Ctrl.mode = mode:EXTRACT_ONLY
2648 Ctrl.digest = digest:SHA2-384
2649 Ctrl.key = hexkey:afd957f59d3891c7dc0274a3f017f1002e81694fdc48890f9b1f174eea8335ab20
2650 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2651 Ctrl.prefix = hexprefix:746c73313320
2652 Ctrl.label = hexlabel:64657269766564
2653 Output = 040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac
2654
2655 KDF = TLS13-KDF
2656 Ctrl.mode = mode:EXPAND_ONLY
2657 Ctrl.digest = digest:SHA2-384
2658 Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac
2659 Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690
2660 Ctrl.prefix = hexprefix:746c73313320
2661 Ctrl.label = hexlabel:632068732074726166666963
2662 Output = 8cf001ed150ee074eef37bc5ed369b46e5f47b022cdafc1feb8b506037983e2d7344ee7836348d66ad945507adea2852
2663
2664 KDF = TLS13-KDF
2665 Ctrl.mode = mode:EXPAND_ONLY
2666 Ctrl.digest = digest:SHA2-384
2667 Ctrl.key = hexkey:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac
2668 Ctrl.data = hexdata:fee3918af93355c76f410e931147484daebf34d71a32e819f92f294e083880113542ae4f2046bd047abee01919723690
2669 Ctrl.prefix = hexprefix:746c73313320
2670 Ctrl.label = hexlabel:732068732074726166666963
2671 Output = f920e99ce8b8765d9a4656ee00da97d5c26f9c9194202de256a27be7414ef6292bd0694ec07b6a7ceb50d31cec440645
2672
2673 KDF = TLS13-KDF
2674 Ctrl.mode = mode:EXTRACT_ONLY
2675 Ctrl.digest = digest:SHA2-384
2676 Ctrl.salt = hexsalt:040af5bc880d44dad19c2960264c1f495f6e3a06096aec1787032169797f66f4167cbbba2c2a78748ce7117baf8e7bac
2677 Ctrl.prefix = hexprefix:746c73313320
2678 Ctrl.label = hexlabel:64657269766564
2679 Output = e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694
2680
2681 KDF = TLS13-KDF
2682 Ctrl.mode = mode:EXPAND_ONLY
2683 Ctrl.digest = digest:SHA2-384
2684 Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694
2685 Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b
2686 Ctrl.prefix = hexprefix:746c73313320
2687 Ctrl.label = hexlabel:632061702074726166666963
2688 Output = 7053327731504219b522361396d6aba6d401bb4b5eabb9d05065c97b30b1cf704418740437b5afe6f4c3e1663d4fb602
2689
2690 KDF = TLS13-KDF
2691 Ctrl.mode = mode:EXPAND_ONLY
2692 Ctrl.digest = digest:SHA2-384
2693 Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694
2694 Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b
2695 Ctrl.prefix = hexprefix:746c73313320
2696 Ctrl.label = hexlabel:732061702074726166666963
2697 Output = 9b8e8196e2aaf0e1d8840fff8d17f7b2911a4f8cfd06a30d05a28792b4c6800bd0f0bac01552945733e7995ec67573f3
2698
2699 KDF = TLS13-KDF
2700 Ctrl.mode = mode:EXPAND_ONLY
2701 Ctrl.digest = digest:SHA2-384
2702 Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694
2703 Ctrl.data = hexdata:963e5b5cdf40ed5f735727034dfa1440f34866d5dc7cdd573ce4e93e75bc9570dcff0ce7ab6ad393c8d6984d5bf7868b
2704 Ctrl.prefix = hexprefix:746c73313320
2705 Ctrl.label = hexlabel:657870206d6173746572
2706 Output = 48f982ca8046c850fe5431eee4c043e78c0a96c7ba87dcc97b9afc69ae2d0dd18f9fd2054f811976774098a91f7917b2
2707
2708 KDF = TLS13-KDF
2709 Ctrl.mode = mode:EXPAND_ONLY
2710 Ctrl.digest = digest:SHA2-384
2711 Ctrl.key = hexkey:e131d6c67661e34de72558ea5176e3bc791cac2225fe62978aa0717c8e9b36c5e1341caaa118dd02e774b2138c460694
2712 Ctrl.data = hexdata:5f458dd3261694b6a3f57918a94dfeb7c77851441bfee4dd2d118051abdb945d37c74bee575fe52d71d6ff696991893a
2713 Ctrl.prefix = hexprefix:746c73313320
2714 Ctrl.label = hexlabel:726573206d6173746572
2715 Output = f3a292849c0daa0abf9257cdd5b5c2f92092a904a80f017d1020fbe33637e2733d583332aa212d942d70f7fe30f15677
2716
2717 # New TLS 1.3 session starts here
2718
2719 KDF = TLS13-KDF
2720 Ctrl.mode = mode:EXTRACT_ONLY
2721 Ctrl.digest = digest:SHA2-384
2722 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2723
2724 KDF = TLS13-KDF
2725 Ctrl.mode = mode:EXPAND_ONLY
2726 Ctrl.digest = digest:SHA2-384
2727 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2728 Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8
2729 Ctrl.prefix = hexprefix:746c73313320
2730 Ctrl.label = hexlabel:6320652074726166666963
2731 Output = 3cec2e60c6386fa9edad0635132eab0ece3eee9bd71e8884813cca61d3da3a7dfbfd9a4775a9e69510fb9455cd9bdcd9
2732
2733 KDF = TLS13-KDF
2734 Ctrl.mode = mode:EXPAND_ONLY
2735 Ctrl.digest = digest:SHA2-384
2736 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2737 Ctrl.data = hexdata:02b9fd278f70225406d715dd78eb54405fd19f9556e4a8a77882c6a63f9dc220944f27030c78ac1262e382fa95feb5c8
2738 Ctrl.prefix = hexprefix:746c73313320
2739 Ctrl.label = hexlabel:6520657870206d6173746572
2740 Output = 80c3e31156ad5bfd762b27d3f30bfa8a12f26eb0eb41ffe5cb155187b9a50178856f54e97076bb57518caad873cbd9d3
2741
2742 KDF = TLS13-KDF
2743 Ctrl.mode = mode:EXTRACT_ONLY
2744 Ctrl.digest = digest:SHA2-384
2745 Ctrl.key = hexkey:0ccc950ef8aa96c6b282e24741769bfb271d08a8b59324f6b08c6ef700d9a57049
2746 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2747 Ctrl.prefix = hexprefix:746c73313320
2748 Ctrl.label = hexlabel:64657269766564
2749 Output = af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef
2750
2751 KDF = TLS13-KDF
2752 Ctrl.mode = mode:EXPAND_ONLY
2753 Ctrl.digest = digest:SHA2-384
2754 Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef
2755 Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1
2756 Ctrl.prefix = hexprefix:746c73313320
2757 Ctrl.label = hexlabel:632068732074726166666963
2758 Output = cf114347819d9818f848be8662e1d88125558b48c5aa85b9fc51cb21934eaf6821c281beef7e8daece6ab7e48bdde433
2759
2760 KDF = TLS13-KDF
2761 Ctrl.mode = mode:EXPAND_ONLY
2762 Ctrl.digest = digest:SHA2-384
2763 Ctrl.key = hexkey:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef
2764 Ctrl.data = hexdata:44aee84be26ed9e08590afc301ef29fe2c6ce1aeba54004b4840f2d42433edc310a4401545cc80c0db2adbc7764dc5a1
2765 Ctrl.prefix = hexprefix:746c73313320
2766 Ctrl.label = hexlabel:732068732074726166666963
2767 Output = 531d87cc6e5319d60dd7b3b068249930572459219ec6d7dac14ebe6e79619f21a2cc370086f2090ac52e4e361d715ca5
2768
2769 KDF = TLS13-KDF
2770 Ctrl.mode = mode:EXTRACT_ONLY
2771 Ctrl.digest = digest:SHA2-384
2772 Ctrl.salt = hexsalt:af0b91b6da3e203922eeb31f60926c0706c8a1faa6428599c9d2f6456b91aec153ef978c93a949e4d40e45afc98fd3ef
2773 Ctrl.prefix = hexprefix:746c73313320
2774 Ctrl.label = hexlabel:64657269766564
2775 Output = 93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2
2776
2777 KDF = TLS13-KDF
2778 Ctrl.mode = mode:EXPAND_ONLY
2779 Ctrl.digest = digest:SHA2-384
2780 Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2
2781 Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29
2782 Ctrl.prefix = hexprefix:746c73313320
2783 Ctrl.label = hexlabel:632061702074726166666963
2784 Output = 92f638eaff114606821a19f881474502b3e761f70dc6b942280fbf2bc2b37976b4dc9c92bedb3c62e0a57d0d51259f75
2785
2786 KDF = TLS13-KDF
2787 Ctrl.mode = mode:EXPAND_ONLY
2788 Ctrl.digest = digest:SHA2-384
2789 Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2
2790 Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29
2791 Ctrl.prefix = hexprefix:746c73313320
2792 Ctrl.label = hexlabel:732061702074726166666963
2793 Output = 4d46be5133166d6b700177efc6ae82d6f35532d2bb5e25b7e8dc4cccbe8f3a2c232002e3ed88dea06bdfe637e7f87f65
2794
2795 KDF = TLS13-KDF
2796 Ctrl.mode = mode:EXPAND_ONLY
2797 Ctrl.digest = digest:SHA2-384
2798 Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2
2799 Ctrl.data = hexdata:93aee4415cb45f8548045fbc1b0391edbb837d6e8fe73958c951e30347490957b71642f43249ae13c4d0f36955fa2c29
2800 Ctrl.prefix = hexprefix:746c73313320
2801 Ctrl.label = hexlabel:657870206d6173746572
2802 Output = bc93830f69c49b15adec691b878ad08eba5bef6e721464dca985473456864231bde995571e9a3762d5db89c9e76f792b
2803
2804 KDF = TLS13-KDF
2805 Ctrl.mode = mode:EXPAND_ONLY
2806 Ctrl.digest = digest:SHA2-384
2807 Ctrl.key = hexkey:93fcd922322a65134cbb01574797abfde8d5d0dab98d362646fa625d3a970ff5030d8f92b6fc0d2920bb600fd10ef3f2
2808 Ctrl.data = hexdata:6847a6b4f5923482be779c96ab86e9f0e05d8b50d3deaa160f9806e53021d0eaac196371f01b0e523def730935ff5d60
2809 Ctrl.prefix = hexprefix:746c73313320
2810 Ctrl.label = hexlabel:726573206d6173746572
2811 Output = 35dae76a13277d942955c4a0ee6f03d540493184bb609be848d5ce0e0b3bdabfb62028e60eb006c1ef4dbcd5b5706e79
2812
2813 # New TLS 1.3 session starts here
2814
2815 KDF = TLS13-KDF
2816 Ctrl.mode = mode:EXTRACT_ONLY
2817 Ctrl.digest = digest:SHA2-384
2818 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2819
2820 KDF = TLS13-KDF
2821 Ctrl.mode = mode:EXPAND_ONLY
2822 Ctrl.digest = digest:SHA2-384
2823 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2824 Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e
2825 Ctrl.prefix = hexprefix:746c73313320
2826 Ctrl.label = hexlabel:6320652074726166666963
2827 Output = 8523607e3e5c9af1847211985f78397ead777b35d4b105c5176593131f3530709c60c8585b44250d770a4635db1a9980
2828
2829 KDF = TLS13-KDF
2830 Ctrl.mode = mode:EXPAND_ONLY
2831 Ctrl.digest = digest:SHA2-384
2832 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2833 Ctrl.data = hexdata:0bb979afa49117daa4a48360472aef44c6ba3d8fb56ff276e6c54aafd5d975c79880dece805db219641fc36bd2e0163e
2834 Ctrl.prefix = hexprefix:746c73313320
2835 Ctrl.label = hexlabel:6520657870206d6173746572
2836 Output = 638a7cab97994346d8a0cbab1a2d62ab83c924d91a8e4cd0df1dfa5e2803ff0770d41dd5000a2e0794e06aedfa52e43c
2837
2838 KDF = TLS13-KDF
2839 Ctrl.mode = mode:EXTRACT_ONLY
2840 Ctrl.digest = digest:SHA2-384
2841 Ctrl.key = hexkey:cd6f89d27bd11c9256080283dbce48f51375f74ae31658cb811c0bf8f991f11311
2842 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2843 Ctrl.prefix = hexprefix:746c73313320
2844 Ctrl.label = hexlabel:64657269766564
2845 Output = a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113
2846
2847 KDF = TLS13-KDF
2848 Ctrl.mode = mode:EXPAND_ONLY
2849 Ctrl.digest = digest:SHA2-384
2850 Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113
2851 Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31
2852 Ctrl.prefix = hexprefix:746c73313320
2853 Ctrl.label = hexlabel:632068732074726166666963
2854 Output = dfc278a206e08140fcfab6dbd56687bbf8279e5669c5272dc737654db955168de3e796c1b96dbd5f54ef31e578e228b1
2855
2856 KDF = TLS13-KDF
2857 Ctrl.mode = mode:EXPAND_ONLY
2858 Ctrl.digest = digest:SHA2-384
2859 Ctrl.key = hexkey:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113
2860 Ctrl.data = hexdata:f76083df586b29987add3fdef9656d763e2cedb1acfa6a8a2fc9bf0a3f8d89b9f4945bf31614239f224656f24f101a31
2861 Ctrl.prefix = hexprefix:746c73313320
2862 Ctrl.label = hexlabel:732068732074726166666963
2863 Output = cf79486a3d6be7736df39ea7127b32b6968f7cfed044f6f1fea84cd63361e11582689aa5b9c082c93c466e9265094da5
2864
2865 KDF = TLS13-KDF
2866 Ctrl.mode = mode:EXTRACT_ONLY
2867 Ctrl.digest = digest:SHA2-384
2868 Ctrl.salt = hexsalt:a0fe7ee6173a30d2db09b9a3e6edf578bd78be4490e6f67ceb4f0325de123065ab1ef4aa8c4885fc410be0d537f4f113
2869 Ctrl.prefix = hexprefix:746c73313320
2870 Ctrl.label = hexlabel:64657269766564
2871 Output = e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b
2872
2873 KDF = TLS13-KDF
2874 Ctrl.mode = mode:EXPAND_ONLY
2875 Ctrl.digest = digest:SHA2-384
2876 Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b
2877 Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306
2878 Ctrl.prefix = hexprefix:746c73313320
2879 Ctrl.label = hexlabel:632061702074726166666963
2880 Output = 5f3cdcf3ba4ace0797f4057bddc682a08fc87f8dc1fc22ea081881bfdb4d12e304339ee2afd4de9d5f532656fab410a5
2881
2882 KDF = TLS13-KDF
2883 Ctrl.mode = mode:EXPAND_ONLY
2884 Ctrl.digest = digest:SHA2-384
2885 Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b
2886 Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306
2887 Ctrl.prefix = hexprefix:746c73313320
2888 Ctrl.label = hexlabel:732061702074726166666963
2889 Output = ff655c4b338b8db54474a5f810cef029c9fcd96f7b264818692695373f74585f20584fbf434d200f2b47862a797ed052
2890
2891 KDF = TLS13-KDF
2892 Ctrl.mode = mode:EXPAND_ONLY
2893 Ctrl.digest = digest:SHA2-384
2894 Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b
2895 Ctrl.data = hexdata:383c7df1b7d34be920a4d9f9ac4ff9d9a8d0f3cf482983c1992270629ba70fcdb6d9fe80a24cee997a233596ad78a306
2896 Ctrl.prefix = hexprefix:746c73313320
2897 Ctrl.label = hexlabel:657870206d6173746572
2898 Output = 78a1e7c8f28704c2dc74ad35cfa88d79858449099daa274ff6fbc8c7ab60a00949e7c91f50bcc2f351af349fa1f4d912
2899
2900 KDF = TLS13-KDF
2901 Ctrl.mode = mode:EXPAND_ONLY
2902 Ctrl.digest = digest:SHA2-384
2903 Ctrl.key = hexkey:e69381a54a5236afa62a0fa2c97e39b52adb6cfe6811528af49c2888b196dece1df819a59e4b71f249455a585183d43b
2904 Ctrl.data = hexdata:5d469943c925e80019b2e5e7c0556cfef6e6184125a1e9f1455fe7df95f8efbb5298f033c7a34a0433af8c804d4d08c8
2905 Ctrl.prefix = hexprefix:746c73313320
2906 Ctrl.label = hexlabel:726573206d6173746572
2907 Output = 17fccc64a56ff0967de7552a4dbe131eba2fea98dab6ea1d8b53fa86ae73b6ba837d989080c2f3cb7199b533fcddca0f
2908
2909 # New TLS 1.3 session starts here
2910
2911 KDF = TLS13-KDF
2912 Ctrl.mode = mode:EXTRACT_ONLY
2913 Ctrl.digest = digest:SHA2-384
2914 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2915
2916 KDF = TLS13-KDF
2917 Ctrl.mode = mode:EXPAND_ONLY
2918 Ctrl.digest = digest:SHA2-384
2919 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2920 Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20
2921 Ctrl.prefix = hexprefix:746c73313320
2922 Ctrl.label = hexlabel:6320652074726166666963
2923 Output = 7b4fbea544f26b5a16a26b9b9b45a76531871daca970f56fe121de31a718abfca41c041d0c7a5da3c65e6635e40a53a5
2924
2925 KDF = TLS13-KDF
2926 Ctrl.mode = mode:EXPAND_ONLY
2927 Ctrl.digest = digest:SHA2-384
2928 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2929 Ctrl.data = hexdata:a6189f3e10d03aded1fc28843f6a903ecc311595a9b65dd9099dd7fe00a495be739865040a612f8050cff809f20e1b20
2930 Ctrl.prefix = hexprefix:746c73313320
2931 Ctrl.label = hexlabel:6520657870206d6173746572
2932 Output = bd94d381832c448f4ba15c98343152382b61903d0f4644ef19ce53a75507a3eae68cc24114aa67c6a6e42a20f9358e1a
2933
2934 KDF = TLS13-KDF
2935 Ctrl.mode = mode:EXTRACT_ONLY
2936 Ctrl.digest = digest:SHA2-384
2937 Ctrl.key = hexkey:6829094ea40dfe78cb9936cf95eff5888ebbdb087bb287b890ad2ab124f64d222e
2938 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
2939 Ctrl.prefix = hexprefix:746c73313320
2940 Ctrl.label = hexlabel:64657269766564
2941 Output = f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43
2942
2943 KDF = TLS13-KDF
2944 Ctrl.mode = mode:EXPAND_ONLY
2945 Ctrl.digest = digest:SHA2-384
2946 Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43
2947 Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b
2948 Ctrl.prefix = hexprefix:746c73313320
2949 Ctrl.label = hexlabel:632068732074726166666963
2950 Output = 11edee9dd7f7f70a1106b9db5096cb55acc0ddedbac1c042c9bbcc9ec95f60c7428af61fcb30f83e9f324a1d0833f743
2951
2952 KDF = TLS13-KDF
2953 Ctrl.mode = mode:EXPAND_ONLY
2954 Ctrl.digest = digest:SHA2-384
2955 Ctrl.key = hexkey:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43
2956 Ctrl.data = hexdata:b0c437bab8cc1d0cd8e0bf85f0b8d26f9e7585646b331a0c45065239dd1e7565b9988f7e8f8ea2912a015b2163481f3b
2957 Ctrl.prefix = hexprefix:746c73313320
2958 Ctrl.label = hexlabel:732068732074726166666963
2959 Output = 7836f550debcc3933937f7d04fc6a5d5150f220a5bd6ea6c743aa843027ea8c97220b79f746d08f8504a61f7b5815e11
2960
2961 KDF = TLS13-KDF
2962 Ctrl.mode = mode:EXTRACT_ONLY
2963 Ctrl.digest = digest:SHA2-384
2964 Ctrl.salt = hexsalt:f4559befac6c1502888c6f9c643a394d2e14431b87c7610308dacf7b51d391f3dcea4589e0f29a513b7cd545cbe90a43
2965 Ctrl.prefix = hexprefix:746c73313320
2966 Ctrl.label = hexlabel:64657269766564
2967 Output = aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02
2968
2969 KDF = TLS13-KDF
2970 Ctrl.mode = mode:EXPAND_ONLY
2971 Ctrl.digest = digest:SHA2-384
2972 Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02
2973 Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d
2974 Ctrl.prefix = hexprefix:746c73313320
2975 Ctrl.label = hexlabel:632061702074726166666963
2976 Output = b13cde3c6dce710537f6eaa538feef006710081d4f600e2fe3e54c82c217db99cb0d616b79b43f0a3b4c6d477f379432
2977
2978 KDF = TLS13-KDF
2979 Ctrl.mode = mode:EXPAND_ONLY
2980 Ctrl.digest = digest:SHA2-384
2981 Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02
2982 Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d
2983 Ctrl.prefix = hexprefix:746c73313320
2984 Ctrl.label = hexlabel:732061702074726166666963
2985 Output = f31d0fc7abc50b7b4e671eb15441b559d635f928b3fb406362107d6312aa2aee8e6edc5904f275e145bf699b43e91dc9
2986
2987 KDF = TLS13-KDF
2988 Ctrl.mode = mode:EXPAND_ONLY
2989 Ctrl.digest = digest:SHA2-384
2990 Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02
2991 Ctrl.data = hexdata:b006f4dfe30e7375c58ae7ab7309b10774466d1ce0f785b71ecf8d653e6a02767f29739b34f2f624b8cb8d074cc0808d
2992 Ctrl.prefix = hexprefix:746c73313320
2993 Ctrl.label = hexlabel:657870206d6173746572
2994 Output = 18dd5faaa96109c04f4f1ebb454b259aeedf288938c75bcb53213789d5efb450cb068e7fc82f8ddf934108390d1b8824
2995
2996 KDF = TLS13-KDF
2997 Ctrl.mode = mode:EXPAND_ONLY
2998 Ctrl.digest = digest:SHA2-384
2999 Ctrl.key = hexkey:aeac9809af9a91381fd637dcd94738985b2183e20f799ff8f8493feab9710f941ebc100c37e44938dad9cfa3b5952b02
3000 Ctrl.data = hexdata:097d40e52726a966258ad8860a005bfc09d00502ad4a8bd741188d95a1501bc2468bb4ace05aa6cccb3ce0664de814a6
3001 Ctrl.prefix = hexprefix:746c73313320
3002 Ctrl.label = hexlabel:726573206d6173746572
3003 Output = 3b5fc3f285bb93f59aa710cd294443a8e2835ebe170ef653222ca38bbacbff38251a836f8fd0705c9e734f547d89b5b0
3004
3005 # New TLS 1.3 session starts here
3006
3007 KDF = TLS13-KDF
3008 Ctrl.mode = mode:EXTRACT_ONLY
3009 Ctrl.digest = digest:SHA2-384
3010 Ctrl.key = hexkey:8d552361c11a65c87f2118e14bd4fb35b3a3191bb3ae6b4877e4d6a8ee7a221956f4
3011 Output = 4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30
3012
3013 KDF = TLS13-KDF
3014 Ctrl.mode = mode:EXPAND_ONLY
3015 Ctrl.digest = digest:SHA2-384
3016 Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30
3017 Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52
3018 Ctrl.prefix = hexprefix:746c73313320
3019 Ctrl.label = hexlabel:6320652074726166666963
3020 Output = b6aeb75145d044afb9091680cc3e1c94e0ad92994f5986e5cfb0441d12bad5be3727b6d41e16a395704fd30e4a04f28a
3021
3022 KDF = TLS13-KDF
3023 Ctrl.mode = mode:EXPAND_ONLY
3024 Ctrl.digest = digest:SHA2-384
3025 Ctrl.key = hexkey:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30
3026 Ctrl.data = hexdata:144f8d45a013c35156c2337c3ed5e888d19f9d52372e95e1d25b908cee682b6637ee17d627badaed40c8782e41790c52
3027 Ctrl.prefix = hexprefix:746c73313320
3028 Ctrl.label = hexlabel:6520657870206d6173746572
3029 Output = 9eaa4fb09fb6cd5c94c0ead11d065c0fe846bad38098b9afaa258682e3f9ab0a6f2c14fedec5a9733d08814ce2c9484f
3030
3031 KDF = TLS13-KDF
3032 Ctrl.mode = mode:EXTRACT_ONLY
3033 Ctrl.digest = digest:SHA2-384
3034 Ctrl.salt = hexsalt:4820ed67366026f4c3deb5709470ba3fd1101224f484195c6008c3e4a92282c60f008e5fa22a88e8d4cf238c0f634a30
3035 Ctrl.prefix = hexprefix:746c73313320
3036 Ctrl.label = hexlabel:64657269766564
3037 Output = fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0
3038
3039 KDF = TLS13-KDF
3040 Ctrl.mode = mode:EXPAND_ONLY
3041 Ctrl.digest = digest:SHA2-384
3042 Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0
3043 Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b
3044 Ctrl.prefix = hexprefix:746c73313320
3045 Ctrl.label = hexlabel:632068732074726166666963
3046 Output = 3edeed16646bfd7c54b088155f2fb9ecab99cc7db84f8c1a3db0cf0f6164d77e451dfaaab26f0b65c9cf88726aa84c90
3047
3048 KDF = TLS13-KDF
3049 Ctrl.mode = mode:EXPAND_ONLY
3050 Ctrl.digest = digest:SHA2-384
3051 Ctrl.key = hexkey:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0
3052 Ctrl.data = hexdata:40912a3cdc9623d86e6db201b56afe6a354335d9635b1c2478db75bb4a83554b3aef392205d0f226485db014ac22ad3b
3053 Ctrl.prefix = hexprefix:746c73313320
3054 Ctrl.label = hexlabel:732068732074726166666963
3055 Output = 3a74c1f904c563bdab90b0f5b5de4a444f0da7395df6fed82352af9233060904640d98dbad43dae0a99483d588d68ef0
3056
3057 KDF = TLS13-KDF
3058 Ctrl.mode = mode:EXTRACT_ONLY
3059 Ctrl.digest = digest:SHA2-384
3060 Ctrl.salt = hexsalt:fa9580b220e7aebc4bd623b9c2d402d060f47bfb32b8e86c4f69b6184282af4b513d58d7759397316e0e570c475d34b0
3061 Ctrl.prefix = hexprefix:746c73313320
3062 Ctrl.label = hexlabel:64657269766564
3063 Output = 4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7
3064
3065 KDF = TLS13-KDF
3066 Ctrl.mode = mode:EXPAND_ONLY
3067 Ctrl.digest = digest:SHA2-384
3068 Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7
3069 Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d
3070 Ctrl.prefix = hexprefix:746c73313320
3071 Ctrl.label = hexlabel:632061702074726166666963
3072 Output = b4b6d860927ac8b40e25fe6b813c7ea70ef4568528cad8ab1ebdd4854bcc0fe3b28786592dfd964e67eba564b1c554ea
3073
3074 KDF = TLS13-KDF
3075 Ctrl.mode = mode:EXPAND_ONLY
3076 Ctrl.digest = digest:SHA2-384
3077 Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7
3078 Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d
3079 Ctrl.prefix = hexprefix:746c73313320
3080 Ctrl.label = hexlabel:732061702074726166666963
3081 Output = 8cf769bed70425785e28d1e78129cd9eabef64327ebbd96ebaca547b0d28580f1db20ac110eef29d82ac40813f9a044b
3082
3083 KDF = TLS13-KDF
3084 Ctrl.mode = mode:EXPAND_ONLY
3085 Ctrl.digest = digest:SHA2-384
3086 Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7
3087 Ctrl.data = hexdata:61ff39f242bd6fee91ff507ba8bd39eba3616560202284a11c72a8c8cd5d80ce53c7a77135503c4a24544a62b47b933d
3088 Ctrl.prefix = hexprefix:746c73313320
3089 Ctrl.label = hexlabel:657870206d6173746572
3090 Output = 0aff8ca80517eb3391f25ad81a5eb9307637d352d07b5047190fc384ed1b536b52b0b25a8349d7c8bab3923cbe10f63c
3091
3092 KDF = TLS13-KDF
3093 Ctrl.mode = mode:EXPAND_ONLY
3094 Ctrl.digest = digest:SHA2-384
3095 Ctrl.key = hexkey:4a8758b949bd64907c664f24ef82deccd40ffe460279091ca07574f811f84fb80437755321f062764de435f14406b6c7
3096 Ctrl.data = hexdata:5ac100d7b27ab146f0eb4766005ce1b1b49ffc087991ccc06552c23076b009be34ec0523ed3c33836c6e4007de3e592d
3097 Ctrl.prefix = hexprefix:746c73313320
3098 Ctrl.label = hexlabel:726573206d6173746572
3099 Output = c68a76b70f6664359aed4a054ea30ce1f2e4a91b0fd99b1effc6969fd1d9be98a09f685e2aae7558a136185ab36e5e4f
3100
3101 # New TLS 1.3 session starts here
3102
3103 KDF = TLS13-KDF
3104 Ctrl.mode = mode:EXTRACT_ONLY
3105 Ctrl.digest = digest:SHA2-384
3106 Ctrl.key = hexkey:2ebcb08306728f71249a9c9ca9d53115ba0fd2cc0b63bf690f9236b2516a47d0696d
3107 Output = 38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465
3108
3109 KDF = TLS13-KDF
3110 Ctrl.mode = mode:EXPAND_ONLY
3111 Ctrl.digest = digest:SHA2-384
3112 Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465
3113 Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d
3114 Ctrl.prefix = hexprefix:746c73313320
3115 Ctrl.label = hexlabel:6320652074726166666963
3116 Output = f440521d6595c7177d167bb3516f896bf47d362ab140f55306b7da7a9df1fd936e0f619d0eb6806fc6d04437f1e86747
3117
3118 KDF = TLS13-KDF
3119 Ctrl.mode = mode:EXPAND_ONLY
3120 Ctrl.digest = digest:SHA2-384
3121 Ctrl.key = hexkey:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465
3122 Ctrl.data = hexdata:2a15af6fe2e7031563a612f2c99a05bacaff3c624238ef80d82e5af8579c169a40166d954f7784087bce56f39c26f55d
3123 Ctrl.prefix = hexprefix:746c73313320
3124 Ctrl.label = hexlabel:6520657870206d6173746572
3125 Output = cc9a09d1f6e7479fc48ac997d83f1a9af0d5301d10d8fab41bf0b29c1e464118e58dd7100f7633c0a59eeff50a5773ab
3126
3127 KDF = TLS13-KDF
3128 Ctrl.mode = mode:EXTRACT_ONLY
3129 Ctrl.digest = digest:SHA2-384
3130 Ctrl.salt = hexsalt:38368374565fbc9298eff41132e8e4a6468b9ce87b3138ac6007e078018960958494f7b56ac71a0c1dc39c7b62fa3465
3131 Ctrl.prefix = hexprefix:746c73313320
3132 Ctrl.label = hexlabel:64657269766564
3133 Output = 383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7
3134
3135 KDF = TLS13-KDF
3136 Ctrl.mode = mode:EXPAND_ONLY
3137 Ctrl.digest = digest:SHA2-384
3138 Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7
3139 Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1
3140 Ctrl.prefix = hexprefix:746c73313320
3141 Ctrl.label = hexlabel:632068732074726166666963
3142 Output = 86c7556537dad08499e20f9a424e0e1683af4a53617acb763881482b3f3cc78336246f81a1e5cc62cd699920eff0a9cb
3143
3144 KDF = TLS13-KDF
3145 Ctrl.mode = mode:EXPAND_ONLY
3146 Ctrl.digest = digest:SHA2-384
3147 Ctrl.key = hexkey:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7
3148 Ctrl.data = hexdata:3fe1067b88b96241527495f4ac60cf866692da7dda56bd39e4cccb6d615dc64dff6f519d3d3112ff2cf6b6b728835da1
3149 Ctrl.prefix = hexprefix:746c73313320
3150 Ctrl.label = hexlabel:732068732074726166666963
3151 Output = 67391f7c78f569458c5216784af513f5ea049e3d2b3a120fda04ec5d79b659067fc1f8bac821bfa65b8585c1d974919e
3152
3153 KDF = TLS13-KDF
3154 Ctrl.mode = mode:EXTRACT_ONLY
3155 Ctrl.digest = digest:SHA2-384
3156 Ctrl.salt = hexsalt:383461863a7cb4e697e2c49e991de737172fd2a66225e49e49fd640555e5bda70c0d4058a8b32af5ec3de74eb5fb98c7
3157 Ctrl.prefix = hexprefix:746c73313320
3158 Ctrl.label = hexlabel:64657269766564
3159 Output = 841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5
3160
3161 KDF = TLS13-KDF
3162 Ctrl.mode = mode:EXPAND_ONLY
3163 Ctrl.digest = digest:SHA2-384
3164 Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5
3165 Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544
3166 Ctrl.prefix = hexprefix:746c73313320
3167 Ctrl.label = hexlabel:632061702074726166666963
3168 Output = 96a17b111ac35dbb36ef4e581c96b4c6cae7e881adaf234c2455c1d8ad16089df1ad2e52141ef755b0476ccd618770fb
3169
3170 KDF = TLS13-KDF
3171 Ctrl.mode = mode:EXPAND_ONLY
3172 Ctrl.digest = digest:SHA2-384
3173 Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5
3174 Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544
3175 Ctrl.prefix = hexprefix:746c73313320
3176 Ctrl.label = hexlabel:732061702074726166666963
3177 Output = 98b00bc80a58a985dd722ee096df34e1be84f0bda2d57abe2b9f9c6852439805d0400e0f1b1647f38fdbe65f148ab708
3178
3179 KDF = TLS13-KDF
3180 Ctrl.mode = mode:EXPAND_ONLY
3181 Ctrl.digest = digest:SHA2-384
3182 Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5
3183 Ctrl.data = hexdata:504aa70ba600d023e5e809c4be7e6d9c102c15417b5d0f810c41d16bd692ece5e840236cd5b9c10055e67a7968f7f544
3184 Ctrl.prefix = hexprefix:746c73313320
3185 Ctrl.label = hexlabel:657870206d6173746572
3186 Output = 8b1a1cbae365cbb11dc43033954694ed7d380c6ebb2e7be69a6919f89e0508769f8ef8428a86b0448e5e89f07a7f2337
3187
3188 KDF = TLS13-KDF
3189 Ctrl.mode = mode:EXPAND_ONLY
3190 Ctrl.digest = digest:SHA2-384
3191 Ctrl.key = hexkey:841757ceebb2cd7ea33c7a6b54efa0f14ca4f5fd1a65da887dcd96feb35b1284737b6234202ad25aaecf6fb67d702af5
3192 Ctrl.data = hexdata:7e9a0c28e3f74322aba45bd272aaa50dc6b980ac6df6264673123bbacd366cf4c34b4f21d9c4175f88ca66e00b51ed4e
3193 Ctrl.prefix = hexprefix:746c73313320
3194 Ctrl.label = hexlabel:726573206d6173746572
3195 Output = 656905d7ea03b8b0d4b3205f8d6f8a0a94a38fb502f6cbd656856ea39ac1e56f6092a8cd4146bfccc34694cf933ccf5a
3196
3197 # New TLS 1.3 session starts here
3198
3199 KDF = TLS13-KDF
3200 Ctrl.mode = mode:EXTRACT_ONLY
3201 Ctrl.digest = digest:SHA2-384
3202 Ctrl.key = hexkey:f83d4d1b185c8048bf809417aff978f5a11e273f85f32b5d300023862311fb3d065c
3203 Output = 34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358
3204
3205 KDF = TLS13-KDF
3206 Ctrl.mode = mode:EXPAND_ONLY
3207 Ctrl.digest = digest:SHA2-384
3208 Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358
3209 Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60
3210 Ctrl.prefix = hexprefix:746c73313320
3211 Ctrl.label = hexlabel:6320652074726166666963
3212 Output = b1f6485f84452614abbc9747e660e6b55ecf118fce063aad511840adeb91c5f5fedc08098f5a74e41b6e5cf0ce23652a
3213
3214 KDF = TLS13-KDF
3215 Ctrl.mode = mode:EXPAND_ONLY
3216 Ctrl.digest = digest:SHA2-384
3217 Ctrl.key = hexkey:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358
3218 Ctrl.data = hexdata:51ff1b75137890323881e92e02f181b4bebc57a83d99962716e288ebe9407c052d13ca2f05e480b8188ff159713f7e60
3219 Ctrl.prefix = hexprefix:746c73313320
3220 Ctrl.label = hexlabel:6520657870206d6173746572
3221 Output = 12025b376c8629f261864e978feeff98ab1a1212e84c88248159bea4187210c012059fad3758651b37861bc550f3c0be
3222
3223 KDF = TLS13-KDF
3224 Ctrl.mode = mode:EXTRACT_ONLY
3225 Ctrl.digest = digest:SHA2-384
3226 Ctrl.salt = hexsalt:34d31b6d6e5fd67911f3acef72e9431ee39299a248ce7ce86a7b0f535a76b0a6a3fcf77b32427c2e9c60afca2505b358
3227 Ctrl.prefix = hexprefix:746c73313320
3228 Ctrl.label = hexlabel:64657269766564
3229 Output = b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564
3230
3231 KDF = TLS13-KDF
3232 Ctrl.mode = mode:EXPAND_ONLY
3233 Ctrl.digest = digest:SHA2-384
3234 Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564
3235 Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04
3236 Ctrl.prefix = hexprefix:746c73313320
3237 Ctrl.label = hexlabel:632068732074726166666963
3238 Output = 6aabce40a3acc0e953db1cb8b21e47d4644e108324aa4058f9ca2703da1c4500f78ad47287a441d13dbe1f5a98a97887
3239
3240 KDF = TLS13-KDF
3241 Ctrl.mode = mode:EXPAND_ONLY
3242 Ctrl.digest = digest:SHA2-384
3243 Ctrl.key = hexkey:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564
3244 Ctrl.data = hexdata:f0b08322d42922a77fbf3e4830aacfb34a7bf85ac255ae7d1f39ee39f9b07c2a88bc5e41912c6a97d0f54996df663e04
3245 Ctrl.prefix = hexprefix:746c73313320
3246 Ctrl.label = hexlabel:732068732074726166666963
3247 Output = 4d0f32ce9a86530a1f9cad218be9f38ecbd50f1deb30bf42b450e93bce059a98d25c1be9d918f6b1ca9ddcacdd9b4db8
3248
3249 KDF = TLS13-KDF
3250 Ctrl.mode = mode:EXTRACT_ONLY
3251 Ctrl.digest = digest:SHA2-384
3252 Ctrl.salt = hexsalt:b5d00844fc22b643dde3edc0454559eb01d33e57477ac980542aade6f8a3ccbf4502f0381489ed1fe8e74c966f1c3564
3253 Ctrl.prefix = hexprefix:746c73313320
3254 Ctrl.label = hexlabel:64657269766564
3255 Output = 979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68
3256
3257 KDF = TLS13-KDF
3258 Ctrl.mode = mode:EXPAND_ONLY
3259 Ctrl.digest = digest:SHA2-384
3260 Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68
3261 Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714
3262 Ctrl.prefix = hexprefix:746c73313320
3263 Ctrl.label = hexlabel:632061702074726166666963
3264 Output = cf3a30ab60be054d04ff82fd94bb296403a1f51b630ba13df261acea3a648f19f32777b2ad568c084c317401af7e6201
3265
3266 KDF = TLS13-KDF
3267 Ctrl.mode = mode:EXPAND_ONLY
3268 Ctrl.digest = digest:SHA2-384
3269 Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68
3270 Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714
3271 Ctrl.prefix = hexprefix:746c73313320
3272 Ctrl.label = hexlabel:732061702074726166666963
3273 Output = 86b6f7a7a937a30a1ef165da03141270f40f9b8bdb84bed8ca200984b7415e2f5ab2eb663a8ea4f70d4c5613318c4d7c
3274
3275 KDF = TLS13-KDF
3276 Ctrl.mode = mode:EXPAND_ONLY
3277 Ctrl.digest = digest:SHA2-384
3278 Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68
3279 Ctrl.data = hexdata:48f7b41404c75cc97a6f78ba395606e8efbf1d25a6d174835a45fdfc7debf3ebf5e8e5f264834804562ceaa748566714
3280 Ctrl.prefix = hexprefix:746c73313320
3281 Ctrl.label = hexlabel:657870206d6173746572
3282 Output = cf6b0c13f121942acd855da7f2658dfdc59c816290664f7e8c8750d38d961a87e663e6c59f5b89b8477738eeaa76dc40
3283
3284 KDF = TLS13-KDF
3285 Ctrl.mode = mode:EXPAND_ONLY
3286 Ctrl.digest = digest:SHA2-384
3287 Ctrl.key = hexkey:979a7a7cbaf194be9765a1a090454d7fcd1eee2908ffaa93b865504817177d29c6e10b1d59e559a73034c6f1f3021e68
3288 Ctrl.data = hexdata:8b958cce832b7cb2381a90cf82ebd72ee8a89cd804ffde338e707603ce544db3a11cd9afa317751b48d959c750047d88
3289 Ctrl.prefix = hexprefix:746c73313320
3290 Ctrl.label = hexlabel:726573206d6173746572
3291 Output = c947b9b68f77e4aef96ab3fe06f9214fecc7f6344b3558bfdd40dd3e6bbfcfe69cf0420f7a24998d8d387b6f85683038
3292
3293 # New TLS 1.3 session starts here
3294
3295 KDF = TLS13-KDF
3296 Ctrl.mode = mode:EXTRACT_ONLY
3297 Ctrl.digest = digest:SHA2-384
3298 Ctrl.key = hexkey:042e669b52a5e563597e050b84755a685dfc62dba6a393af0aa1cb4047c2ae7442ee
3299 Output = 4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa
3300
3301 KDF = TLS13-KDF
3302 Ctrl.mode = mode:EXPAND_ONLY
3303 Ctrl.digest = digest:SHA2-384
3304 Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa
3305 Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020
3306 Ctrl.prefix = hexprefix:746c73313320
3307 Ctrl.label = hexlabel:6320652074726166666963
3308 Output = 1779cfae5a472401c6df4971092f9e915b97d6dcf29e142dfbacff9c1781a8b8626d38296d7599a0de57593f3a7f7572
3309
3310 KDF = TLS13-KDF
3311 Ctrl.mode = mode:EXPAND_ONLY
3312 Ctrl.digest = digest:SHA2-384
3313 Ctrl.key = hexkey:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa
3314 Ctrl.data = hexdata:fe13fda946943a323e2c160b7cda76454ce96bf0e51456311d0ce4ca484145bf1b00b8f7d692fa3bd1dacce0bee4e020
3315 Ctrl.prefix = hexprefix:746c73313320
3316 Ctrl.label = hexlabel:6520657870206d6173746572
3317 Output = 337022f95da2b5ced71d41e35fd4d63c44270af18c51df8abd54943ec5a583a95b218fcce741384b826e3c0f3b34cb45
3318
3319 KDF = TLS13-KDF
3320 Ctrl.mode = mode:EXTRACT_ONLY
3321 Ctrl.digest = digest:SHA2-384
3322 Ctrl.salt = hexsalt:4b43ba7c9138e1fedc23f76a3ded5621c6e4d45cda9edfb7e950a2e494624a976def2ec03d53d8829801dddf17989bfa
3323 Ctrl.prefix = hexprefix:746c73313320
3324 Ctrl.label = hexlabel:64657269766564
3325 Output = 3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510
3326
3327 KDF = TLS13-KDF
3328 Ctrl.mode = mode:EXPAND_ONLY
3329 Ctrl.digest = digest:SHA2-384
3330 Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510
3331 Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4
3332 Ctrl.prefix = hexprefix:746c73313320
3333 Ctrl.label = hexlabel:632068732074726166666963
3334 Output = 83272868aa2517b5163422b3b93b0f97a34541b27ce5a771f702b9ae088fd73eab282db646f23d5ce499de0f0503b95d
3335
3336 KDF = TLS13-KDF
3337 Ctrl.mode = mode:EXPAND_ONLY
3338 Ctrl.digest = digest:SHA2-384
3339 Ctrl.key = hexkey:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510
3340 Ctrl.data = hexdata:a0bf8b6062a2de56aaab2b97e77f15bafc340bdb2b32e868959858d9e4b8b2da264aca4e7d16f6a58b14f6c4b42f97d4
3341 Ctrl.prefix = hexprefix:746c73313320
3342 Ctrl.label = hexlabel:732068732074726166666963
3343 Output = d4a42d79131a720358da9f9a8a4b56684f127f8e2cd0bb03b4fd23e519924696062d1288fb416ec0fa90530fef576dc4
3344
3345 KDF = TLS13-KDF
3346 Ctrl.mode = mode:EXTRACT_ONLY
3347 Ctrl.digest = digest:SHA2-384
3348 Ctrl.salt = hexsalt:3b763cfd81c1c7cbfe55cd3de78334a2eea6e3a70e539ab048b3fef93cd6ff0fe6ba8c351cafff3057fe39e00652a510
3349 Ctrl.prefix = hexprefix:746c73313320
3350 Ctrl.label = hexlabel:64657269766564
3351 Output = fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570
3352
3353 KDF = TLS13-KDF
3354 Ctrl.mode = mode:EXPAND_ONLY
3355 Ctrl.digest = digest:SHA2-384
3356 Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570
3357 Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97
3358 Ctrl.prefix = hexprefix:746c73313320
3359 Ctrl.label = hexlabel:632061702074726166666963
3360 Output = b85370eea397bbff07af997282e64d95d16bab298a884b0e076174f2c1731371100e219c9ebe0395786c7571bdb1250f
3361
3362 KDF = TLS13-KDF
3363 Ctrl.mode = mode:EXPAND_ONLY
3364 Ctrl.digest = digest:SHA2-384
3365 Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570
3366 Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97
3367 Ctrl.prefix = hexprefix:746c73313320
3368 Ctrl.label = hexlabel:732061702074726166666963
3369 Output = 058fcbc86aee05c1611daa116d823e4cbc90806048bc7c06818dc93f5a7cb88ffc556107da7cfdfd36322bdb46bac809
3370
3371 KDF = TLS13-KDF
3372 Ctrl.mode = mode:EXPAND_ONLY
3373 Ctrl.digest = digest:SHA2-384
3374 Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570
3375 Ctrl.data = hexdata:fe4cd2c6305e333fe3e1be7d554ccd18777112af181444ee9dbf08b27789d56442b9062ee9e4bc9d32d75a90df01aa97
3376 Ctrl.prefix = hexprefix:746c73313320
3377 Ctrl.label = hexlabel:657870206d6173746572
3378 Output = 8ed866879bdaa4df92512530bc5ae51fee9fa014a128296cc4fc160650ac76977f2a8c2f9531e0ad492fec186c980ef9
3379
3380 KDF = TLS13-KDF
3381 Ctrl.mode = mode:EXPAND_ONLY
3382 Ctrl.digest = digest:SHA2-384
3383 Ctrl.key = hexkey:fbd732c04b2e4c6a510cc909e676cce55615f951ca35b1d16692a1a4f597c65b48e5ebdbf342295c90c19ef966242570
3384 Ctrl.data = hexdata:57551aa889d3bd4633864a9975afbd649baffaa5608d3d3cdd7cb594f72de6af9b08f9b8fe0eb961275b07701a5dfef7
3385 Ctrl.prefix = hexprefix:746c73313320
3386 Ctrl.label = hexlabel:726573206d6173746572
3387 Output = 6d74d0e7f3add328e3197f3e3b0fb77db4557347aaf8cc0eb826ad3cf31aa2144f52d15008c6d40dc077ab8a50557757
3388
3389 # New TLS 1.3 session starts here
3390
3391 KDF = TLS13-KDF
3392 Ctrl.mode = mode:EXTRACT_ONLY
3393 Ctrl.digest = digest:SHA2-384
3394 Ctrl.key = hexkey:902e0cb930aa412f9ed919bb03ce94ffca2c0f59f0ab5e66695f65497162c41dfc2f
3395 Output = a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a
3396
3397 KDF = TLS13-KDF
3398 Ctrl.mode = mode:EXPAND_ONLY
3399 Ctrl.digest = digest:SHA2-384
3400 Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a
3401 Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728
3402 Ctrl.prefix = hexprefix:746c73313320
3403 Ctrl.label = hexlabel:6320652074726166666963
3404 Output = bd808dca2c7c0412abd5a747fb5fe5a1c644b43d8a8826fe11d48703448b38b9b6fe43f11241aef154fbd5e5e83e302d
3405
3406 KDF = TLS13-KDF
3407 Ctrl.mode = mode:EXPAND_ONLY
3408 Ctrl.digest = digest:SHA2-384
3409 Ctrl.key = hexkey:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a
3410 Ctrl.data = hexdata:a67f985ae3cb2f7ea12ecf1c3f7175226d34899ea48003633321697301a2fa788e92673fa9a9538c8f992f0ef0885728
3411 Ctrl.prefix = hexprefix:746c73313320
3412 Ctrl.label = hexlabel:6520657870206d6173746572
3413 Output = 19d1b4c9130572d7d4c5a8a81bfdde492455b63b2124f01c16d3b92a41467b2a58a63e1df7eeb85642dcb1591ae6c697
3414
3415 KDF = TLS13-KDF
3416 Ctrl.mode = mode:EXTRACT_ONLY
3417 Ctrl.digest = digest:SHA2-384
3418 Ctrl.salt = hexsalt:a0b05f92044e706d497a4fa2e739220a091407e52c4c58bda817a11ee67842f6bce21bf1fc96421d9917b9d1f0783b8a
3419 Ctrl.prefix = hexprefix:746c73313320
3420 Ctrl.label = hexlabel:64657269766564
3421 Output = b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2
3422
3423 KDF = TLS13-KDF
3424 Ctrl.mode = mode:EXPAND_ONLY
3425 Ctrl.digest = digest:SHA2-384
3426 Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2
3427 Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc
3428 Ctrl.prefix = hexprefix:746c73313320
3429 Ctrl.label = hexlabel:632068732074726166666963
3430 Output = 0a64d745563e72ffe3e5f7d1ad095cff283c0febc529ae317ae67ef0b5ed763f2749a1ccf932966eb13c7ea8916441f4
3431
3432 KDF = TLS13-KDF
3433 Ctrl.mode = mode:EXPAND_ONLY
3434 Ctrl.digest = digest:SHA2-384
3435 Ctrl.key = hexkey:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2
3436 Ctrl.data = hexdata:19bc6495e6322bf29e75002f1b519a95ca18790d13ed9473ee3805ea634047540a1c16eaa1713e60e38841431f7070fc
3437 Ctrl.prefix = hexprefix:746c73313320
3438 Ctrl.label = hexlabel:732068732074726166666963
3439 Output = 83136fc401f35789959110b7263dd754353aa97c8b9a0072f415220d86b92e9ab2d1020c18f605a9b367ac4940bebc9c
3440
3441 KDF = TLS13-KDF
3442 Ctrl.mode = mode:EXTRACT_ONLY
3443 Ctrl.digest = digest:SHA2-384
3444 Ctrl.salt = hexsalt:b2284374a83691c9f0f3d699faf8847ea9bad0bf3fd2467e6eb1537d9535e6db03b3b5efc828ad72b1a34bba1627eca2
3445 Ctrl.prefix = hexprefix:746c73313320
3446 Ctrl.label = hexlabel:64657269766564
3447 Output = 4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860
3448
3449 KDF = TLS13-KDF
3450 Ctrl.mode = mode:EXPAND_ONLY
3451 Ctrl.digest = digest:SHA2-384
3452 Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860
3453 Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36
3454 Ctrl.prefix = hexprefix:746c73313320
3455 Ctrl.label = hexlabel:632061702074726166666963
3456 Output = bf77e676173422a783ffde07e076541385aee04b82a6e3f26ea7249587b3596f68262e4c3ed4e6d56dfd75ed39512989
3457
3458 KDF = TLS13-KDF
3459 Ctrl.mode = mode:EXPAND_ONLY
3460 Ctrl.digest = digest:SHA2-384
3461 Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860
3462 Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36
3463 Ctrl.prefix = hexprefix:746c73313320
3464 Ctrl.label = hexlabel:732061702074726166666963
3465 Output = 31f8accd9f0f923c8b9f413840bd5f4a60b5693773022b78a25802e0e68f7ae33314dfc25ff2b1a1f32490df80c9e185
3466
3467 KDF = TLS13-KDF
3468 Ctrl.mode = mode:EXPAND_ONLY
3469 Ctrl.digest = digest:SHA2-384
3470 Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860
3471 Ctrl.data = hexdata:3b4922e38c531328520150f640ad82720a6eef4ea94e06ec4ab32276b2d901710cb585bd86f47e92c1c6cf39961daf36
3472 Ctrl.prefix = hexprefix:746c73313320
3473 Ctrl.label = hexlabel:657870206d6173746572
3474 Output = 488b7e09c0565137f22008362e7a4505f23ff1b24b0565322a11b6f4d3e1af7f06b8efdae18d74a7adee4e1e9753185c
3475
3476 KDF = TLS13-KDF
3477 Ctrl.mode = mode:EXPAND_ONLY
3478 Ctrl.digest = digest:SHA2-384
3479 Ctrl.key = hexkey:4c6a0ac8b5cd96e6b694bbdbdf64eb516305e92f150270bc80fea736e12fab48bb96d0307a90c7a906a679f5f55d7860
3480 Ctrl.data = hexdata:b8e14051b4e84bc66bd65601ed6b2e57e469e167e277e8c30c93bc52a6e836abad9b7ac6a81ecbd47ee9917a14154a2b
3481 Ctrl.prefix = hexprefix:746c73313320
3482 Ctrl.label = hexlabel:726573206d6173746572
3483 Output = e1f85e642615ceef410c6112339627607d3d1920ba168f5b10fed1a13a468401253df07323b826f156f0997bc584a937
3484
3485 # New TLS 1.3 session starts here
3486
3487 KDF = TLS13-KDF
3488 Ctrl.mode = mode:EXTRACT_ONLY
3489 Ctrl.digest = digest:SHA2-384
3490 Ctrl.key = hexkey:ce2820a53357bc83ebd26b54d8ad48f4137f914034368dc705bfe852c2d87553
3491 Output = 1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec
3492
3493 KDF = TLS13-KDF
3494 Ctrl.mode = mode:EXPAND_ONLY
3495 Ctrl.digest = digest:SHA2-384
3496 Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec
3497 Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d
3498 Ctrl.prefix = hexprefix:746c73313320
3499 Ctrl.label = hexlabel:6320652074726166666963
3500 Output = 53e8283806255b6eb3d1958fcf2b50d68e3226aab14b0fbd88529d6bfc6dcc88f90767aed25ba81baffa94e199ce8124
3501
3502 KDF = TLS13-KDF
3503 Ctrl.mode = mode:EXPAND_ONLY
3504 Ctrl.digest = digest:SHA2-384
3505 Ctrl.key = hexkey:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec
3506 Ctrl.data = hexdata:ee61912f8d2cb51a3458a799af5c31a8ea4b2f9585fa63e71447289b3b6c6d979663580e6b115a652fed485c30cc535d
3507 Ctrl.prefix = hexprefix:746c73313320
3508 Ctrl.label = hexlabel:6520657870206d6173746572
3509 Output = dcc274d12f153c7c23e02e5dfbafe90a65021a8100e09c891b790ea36092d6f694569fa5522ca823a7a6a026d25dd9b2
3510
3511 KDF = TLS13-KDF
3512 Ctrl.mode = mode:EXTRACT_ONLY
3513 Ctrl.digest = digest:SHA2-384
3514 Ctrl.key = hexkey:a65f8b90963feda2e77ac0d6c33dc068a9f7eb4ec9878de9a002fbb90ca7d23c
3515 Ctrl.salt = hexsalt:1aa52a5650ec46ab58a0e424ba92771077702ee242b752ee04036ca4ea43f16a092bbe2b5b09a4e34b98203e3b3ac0ec
3516 Ctrl.prefix = hexprefix:746c73313320
3517 Ctrl.label = hexlabel:64657269766564
3518 Output = c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a
3519
3520 KDF = TLS13-KDF
3521 Ctrl.mode = mode:EXPAND_ONLY
3522 Ctrl.digest = digest:SHA2-384
3523 Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a
3524 Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b
3525 Ctrl.prefix = hexprefix:746c73313320
3526 Ctrl.label = hexlabel:632068732074726166666963
3527 Output = 5e9bf5910954eabc3a4c659be466cd4b66252685a8f4daf2afc414568420613f0bc4d0269e0edf266aa9faa70761840b
3528
3529 KDF = TLS13-KDF
3530 Ctrl.mode = mode:EXPAND_ONLY
3531 Ctrl.digest = digest:SHA2-384
3532 Ctrl.key = hexkey:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a
3533 Ctrl.data = hexdata:0558822667fc051cb1864843b24c06eeb65c70754f56752808e33cf87ec64f9bffce395784df9940157b50bf01c11a1b
3534 Ctrl.prefix = hexprefix:746c73313320
3535 Ctrl.label = hexlabel:732068732074726166666963
3536 Output = d296e0b7ba4f6eb7257cdfe9ed87618cc116a192f24cc8a5226edb2cd9cde893f7478c94e8d0dba9d9326dd674955bf4
3537
3538 KDF = TLS13-KDF
3539 Ctrl.mode = mode:EXTRACT_ONLY
3540 Ctrl.digest = digest:SHA2-384
3541 Ctrl.salt = hexsalt:c57b7353740853e2f4534218383741dbff9b5006aeaefa590f4b771a65d24dc4ee25bf3bbb13ad6a3ed4eefb68d0ae6a
3542 Ctrl.prefix = hexprefix:746c73313320
3543 Ctrl.label = hexlabel:64657269766564
3544 Output = cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae
3545
3546 KDF = TLS13-KDF
3547 Ctrl.mode = mode:EXPAND_ONLY
3548 Ctrl.digest = digest:SHA2-384
3549 Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae
3550 Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397
3551 Ctrl.prefix = hexprefix:746c73313320
3552 Ctrl.label = hexlabel:632061702074726166666963
3553 Output = 0e3cfd61b1e5ce95dc37b01c872d90855ccebb98bd56702b1ec337163e63e3b133a9a6c7847a1d421776ccbdcae6a01f
3554
3555 KDF = TLS13-KDF
3556 Ctrl.mode = mode:EXPAND_ONLY
3557 Ctrl.digest = digest:SHA2-384
3558 Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae
3559 Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397
3560 Ctrl.prefix = hexprefix:746c73313320
3561 Ctrl.label = hexlabel:732061702074726166666963
3562 Output = d113ea4f795fd94788b782922c31c3dd1195287564a073590e17a61599da729c7f3a01aa777b1071f6cff7b69cadcf32
3563
3564 KDF = TLS13-KDF
3565 Ctrl.mode = mode:EXPAND_ONLY
3566 Ctrl.digest = digest:SHA2-384
3567 Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae
3568 Ctrl.data = hexdata:619091dadb4c82f4524ad838625aeeca25264b7e645eeafa95ac10d3c32cf76dbd965269bffab4d9fc2a8d30bf63e397
3569 Ctrl.prefix = hexprefix:746c73313320
3570 Ctrl.label = hexlabel:657870206d6173746572
3571 Output = 43943f7395babfbe3b327d5e9784e2082936189226af39b21b030e3e8c8244ee6aa4cc1e047df7a329793421c3006bc1
3572
3573 KDF = TLS13-KDF
3574 Ctrl.mode = mode:EXPAND_ONLY
3575 Ctrl.digest = digest:SHA2-384
3576 Ctrl.key = hexkey:cdafc4fc6f6a718db9e77867f647c517bd4d43ebd794f1c2b5253c0b4ebb71f56848f4335aae0772065ae67d02baddae
3577 Ctrl.data = hexdata:755c319f41259c93dd83f3a3003f8d5c6e56e3cc486bfff5f636b5f97fadc8470271ef3e209501ec48a872f3ca16f84e
3578 Ctrl.prefix = hexprefix:746c73313320
3579 Ctrl.label = hexlabel:726573206d6173746572
3580 Output = 6ad0e35cbf134d62e1ae57ba07288d0ce4774c0d2ca6faf06d8f18b3f2c290c6225be4f4a8df2016de2c0ccf63525ed3
3581
3582 # New TLS 1.3 session starts here
3583
3584 KDF = TLS13-KDF
3585 Ctrl.mode = mode:EXTRACT_ONLY
3586 Ctrl.digest = digest:SHA2-384
3587 Ctrl.key = hexkey:8bb4a1a37dcb14ff5b57c922a13dc730a745392240ce43df80b23e67aae5bc86
3588 Output = d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8
3589
3590 KDF = TLS13-KDF
3591 Ctrl.mode = mode:EXPAND_ONLY
3592 Ctrl.digest = digest:SHA2-384
3593 Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8
3594 Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3
3595 Ctrl.prefix = hexprefix:746c73313320
3596 Ctrl.label = hexlabel:6320652074726166666963
3597 Output = 7115918823a35c8ee8985966dfddc5be483db4029047296b3ddeb5c884712b5ddf27152a7f71e82a91e1420c7e4c25e8
3598
3599 KDF = TLS13-KDF
3600 Ctrl.mode = mode:EXPAND_ONLY
3601 Ctrl.digest = digest:SHA2-384
3602 Ctrl.key = hexkey:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8
3603 Ctrl.data = hexdata:7bd8dc442c15b7cccc4a88aa2346f7e1434c0043ccd7075ec8b049bfa40c2b9b8882dfed654d762ef01cdf4bf55002e3
3604 Ctrl.prefix = hexprefix:746c73313320
3605 Ctrl.label = hexlabel:6520657870206d6173746572
3606 Output = 3122eaea9244f61a733e2370e0689a47491e28ce3a2062224f0a8021f05eb5da22a5558dd7edcaf04821e483f84b5ba1
3607
3608 KDF = TLS13-KDF
3609 Ctrl.mode = mode:EXTRACT_ONLY
3610 Ctrl.digest = digest:SHA2-384
3611 Ctrl.key = hexkey:3edd347353ab8965bdb38e823004df6824a653329946620417a1857d56900efc
3612 Ctrl.salt = hexsalt:d2fe919797167c4b36f093d59244ff4ab455ccb59ea6ab2991789c049c2a110902c3f0c1dddb2b28b41013a13b223ab8
3613 Ctrl.prefix = hexprefix:746c73313320
3614 Ctrl.label = hexlabel:64657269766564
3615 Output = 1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff
3616
3617 KDF = TLS13-KDF
3618 Ctrl.mode = mode:EXPAND_ONLY
3619 Ctrl.digest = digest:SHA2-384
3620 Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff
3621 Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa
3622 Ctrl.prefix = hexprefix:746c73313320
3623 Ctrl.label = hexlabel:632068732074726166666963
3624 Output = 2a795383e320e478b78f195b5f5b7477dfea13bb23da34eebae22dd12857ed33757486a9fc237d8a37ac1c09feb07bd9
3625
3626 KDF = TLS13-KDF
3627 Ctrl.mode = mode:EXPAND_ONLY
3628 Ctrl.digest = digest:SHA2-384
3629 Ctrl.key = hexkey:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff
3630 Ctrl.data = hexdata:29cfd57bd578514558e2e168e4c665759eded30d761e14d3cbc2123c2f38c63380e5f4a0d8c5895ab58f7af7bb16fbaa
3631 Ctrl.prefix = hexprefix:746c73313320
3632 Ctrl.label = hexlabel:732068732074726166666963
3633 Output = a51643b6c42b43f517e002decaf41823a10b717d525d55ed6996ef1ccff055c75218dec36815473fa5289c85bb301019
3634
3635 KDF = TLS13-KDF
3636 Ctrl.mode = mode:EXTRACT_ONLY
3637 Ctrl.digest = digest:SHA2-384
3638 Ctrl.salt = hexsalt:1edc8c10871598074baf38600a4a5927da7aa6256ea691fb1d026872ad751a1542726307c415af6c44121e37b86c81ff
3639 Ctrl.prefix = hexprefix:746c73313320
3640 Ctrl.label = hexlabel:64657269766564
3641 Output = 3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e
3642
3643 KDF = TLS13-KDF
3644 Ctrl.mode = mode:EXPAND_ONLY
3645 Ctrl.digest = digest:SHA2-384
3646 Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e
3647 Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568
3648 Ctrl.prefix = hexprefix:746c73313320
3649 Ctrl.label = hexlabel:632061702074726166666963
3650 Output = 3ac8206a7f9e819c76ddd72bcd07397f64d9f698c4d75ec1d8ef610e9027c462d2cadf55d227a8c7b4eb63ab2012e827
3651
3652 KDF = TLS13-KDF
3653 Ctrl.mode = mode:EXPAND_ONLY
3654 Ctrl.digest = digest:SHA2-384
3655 Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e
3656 Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568
3657 Ctrl.prefix = hexprefix:746c73313320
3658 Ctrl.label = hexlabel:732061702074726166666963
3659 Output = 691e1db0137f5a54d4f51a8d6c2a89ebbbb0000cf81ddd5d08682416db9f48309d6b19819ba07e1860e34edecee4e23d
3660
3661 KDF = TLS13-KDF
3662 Ctrl.mode = mode:EXPAND_ONLY
3663 Ctrl.digest = digest:SHA2-384
3664 Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e
3665 Ctrl.data = hexdata:605880f06229184763495b328496ba313882a8edccf956602713cf86fead2894e4339a0c6d8062073e781fc729336568
3666 Ctrl.prefix = hexprefix:746c73313320
3667 Ctrl.label = hexlabel:657870206d6173746572
3668 Output = 5c32c8fcb2e90cdfd5d86cef427b828fc162371236b3e39c4812deda4038cdbbb4bde6859a502f54acfb482666fd4295
3669
3670 KDF = TLS13-KDF
3671 Ctrl.mode = mode:EXPAND_ONLY
3672 Ctrl.digest = digest:SHA2-384
3673 Ctrl.key = hexkey:3934b26badf5af9470de9dee4dfcb1addc69ea237c902291817e08c1032748a9315f579e42066cb86d16cb2cffbba24e
3674 Ctrl.data = hexdata:b21112193c9c5604a544f95c0325d94041ec595f46a9a4cbba0a8c72501ac72ad8ed1d8fb17f82e0b288144d6f0f1d53
3675 Ctrl.prefix = hexprefix:746c73313320
3676 Ctrl.label = hexlabel:726573206d6173746572
3677 Output = 77538d76ba22a23215ee93ef07f542f7a7bc43f77af5da3395688f8b8d81afa2c47952db8a0f2da2435d3e340411b0f7
3678
3679 # New TLS 1.3 session starts here
3680
3681 KDF = TLS13-KDF
3682 Ctrl.mode = mode:EXTRACT_ONLY
3683 Ctrl.digest = digest:SHA2-384
3684 Ctrl.key = hexkey:def2b619233e04b1dfe39ef92ae061791a84974c71921819697f86a255342b38
3685 Output = de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0
3686
3687 KDF = TLS13-KDF
3688 Ctrl.mode = mode:EXPAND_ONLY
3689 Ctrl.digest = digest:SHA2-384
3690 Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0
3691 Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37
3692 Ctrl.prefix = hexprefix:746c73313320
3693 Ctrl.label = hexlabel:6320652074726166666963
3694 Output = e539e7e8b3a065a4a40ffc7e8c8c70eedaccf7fa14a28b18503865805f7590ae7e9c550fae2d493d932a85e9fbe18f22
3695
3696 KDF = TLS13-KDF
3697 Ctrl.mode = mode:EXPAND_ONLY
3698 Ctrl.digest = digest:SHA2-384
3699 Ctrl.key = hexkey:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0
3700 Ctrl.data = hexdata:705c00dd0ad91ec54a86e311ef7931ad61d6b14c2c75411e95d7f3a80a21cc2b5a19b396e1147bf56dd3ee10dcf18d37
3701 Ctrl.prefix = hexprefix:746c73313320
3702 Ctrl.label = hexlabel:6520657870206d6173746572
3703 Output = 418e41f54f7fead42d623e9f40be68812fefa50c19b4cf4268b2dd4bd206414597d0af720242f1667cf4cdce325bb3f6
3704
3705 KDF = TLS13-KDF
3706 Ctrl.mode = mode:EXTRACT_ONLY
3707 Ctrl.digest = digest:SHA2-384
3708 Ctrl.key = hexkey:63505c479ea4544899a17a09ac19abc706d3ac60126d3239d19710926184a6d9
3709 Ctrl.salt = hexsalt:de59d25fddb6ebeab4dbcfb55c5f7c24f2d15910da8c3463dd69241139e88c09d51f59a7aaeeeb4f08459f3360be3fa0
3710 Ctrl.prefix = hexprefix:746c73313320
3711 Ctrl.label = hexlabel:64657269766564
3712 Output = f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06
3713
3714 KDF = TLS13-KDF
3715 Ctrl.mode = mode:EXPAND_ONLY
3716 Ctrl.digest = digest:SHA2-384
3717 Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06
3718 Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab
3719 Ctrl.prefix = hexprefix:746c73313320
3720 Ctrl.label = hexlabel:632068732074726166666963
3721 Output = f0f2c238ef72dff22e63bc018c41a1061fb8ca7755ac416ba3df5e8280faa21c84c07a8f0ac9f1ee6e50a6e56fa39377
3722
3723 KDF = TLS13-KDF
3724 Ctrl.mode = mode:EXPAND_ONLY
3725 Ctrl.digest = digest:SHA2-384
3726 Ctrl.key = hexkey:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06
3727 Ctrl.data = hexdata:0000487cdfa6107c6b08d4d64e353585b30bc45414b7f5066e4c8dd6c9a80d3c9d5c204d664f4e43fa0842a462f4faab
3728 Ctrl.prefix = hexprefix:746c73313320
3729 Ctrl.label = hexlabel:732068732074726166666963
3730 Output = 718cf52c40760e4ec4455b42ba829b7decbe1d6e89e36e74b86e09df090ad2a2f9ad7cf896317cb4803e332a828c9aa9
3731
3732 KDF = TLS13-KDF
3733 Ctrl.mode = mode:EXTRACT_ONLY
3734 Ctrl.digest = digest:SHA2-384
3735 Ctrl.salt = hexsalt:f7d0595a4a3b71cd6714376580e90e54f3be9f78c04e5708093931f01759b6283a9157ab9b32f322abf9795ebf18fe06
3736 Ctrl.prefix = hexprefix:746c73313320
3737 Ctrl.label = hexlabel:64657269766564
3738 Output = 613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059
3739
3740 KDF = TLS13-KDF
3741 Ctrl.mode = mode:EXPAND_ONLY
3742 Ctrl.digest = digest:SHA2-384
3743 Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059
3744 Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575
3745 Ctrl.prefix = hexprefix:746c73313320
3746 Ctrl.label = hexlabel:632061702074726166666963
3747 Output = 333d43099efea0bb1c294fe4a34660bf4534f0af983c31723044363b6bbecccdba09d9702234db04534dee31a4ed0ab1
3748
3749 KDF = TLS13-KDF
3750 Ctrl.mode = mode:EXPAND_ONLY
3751 Ctrl.digest = digest:SHA2-384
3752 Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059
3753 Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575
3754 Ctrl.prefix = hexprefix:746c73313320
3755 Ctrl.label = hexlabel:732061702074726166666963
3756 Output = 68f85f1e025f9d3924be5327ce57b9abc4b7a078c20fa0ea513e7996af69723cece7ffa748f6034a66be7eae5e18068d
3757
3758 KDF = TLS13-KDF
3759 Ctrl.mode = mode:EXPAND_ONLY
3760 Ctrl.digest = digest:SHA2-384
3761 Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059
3762 Ctrl.data = hexdata:2e3407a8e3f146036fbd35c1633f83daaf4f8e9bdc9e067f75d5b56d8201175b7b05f267db7940e0db534b57e037d575
3763 Ctrl.prefix = hexprefix:746c73313320
3764 Ctrl.label = hexlabel:657870206d6173746572
3765 Output = 2f71d6f423bd523b8a94e2ccc9f653a63594dfa030fdaa3796540075035f73bbe2d89f85af2de61462c22104c03ffa87
3766
3767 KDF = TLS13-KDF
3768 Ctrl.mode = mode:EXPAND_ONLY
3769 Ctrl.digest = digest:SHA2-384
3770 Ctrl.key = hexkey:613b33b466defd69c2fb8ae637aa2034be4807a6676599f768db22a69669f2befc0a9732c286c880fcd6a04bd0da4059
3771 Ctrl.data = hexdata:ba106fffdb82b75330da7132de828b1b032fad4878c7ab70acdffa4a76163ecdec8d25202715b78901e87a910f7e3b34
3772 Ctrl.prefix = hexprefix:746c73313320
3773 Ctrl.label = hexlabel:726573206d6173746572
3774 Output = 202803c8237412f20263b428932afcb5d8a7dcdd7fa147ea2af95a7dd091bf0d79686a6710f572bc868d2f533a488a6f
3775
3776 # New TLS 1.3 session starts here
3777
3778 KDF = TLS13-KDF
3779 Ctrl.mode = mode:EXTRACT_ONLY
3780 Ctrl.digest = digest:SHA2-384
3781 Ctrl.key = hexkey:a357ab62ad6eaf90426fe7a2cee0659583acbe423a17771690895b26aefd62a8
3782 Output = c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d
3783
3784 KDF = TLS13-KDF
3785 Ctrl.mode = mode:EXPAND_ONLY
3786 Ctrl.digest = digest:SHA2-384
3787 Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d
3788 Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549
3789 Ctrl.prefix = hexprefix:746c73313320
3790 Ctrl.label = hexlabel:6320652074726166666963
3791 Output = 40093dc6b48667da9b412bf718217bf25b4405a4d1c759af797c78ae25443def12be155d1954edd4216cf62a422fa4cf
3792
3793 KDF = TLS13-KDF
3794 Ctrl.mode = mode:EXPAND_ONLY
3795 Ctrl.digest = digest:SHA2-384
3796 Ctrl.key = hexkey:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d
3797 Ctrl.data = hexdata:ab0bb35f9586beaf843e44af363e8e0c49cc9820f063cefb1f8e20191bec2b3558fd51760dec17bbc299bf205292e549
3798 Ctrl.prefix = hexprefix:746c73313320
3799 Ctrl.label = hexlabel:6520657870206d6173746572
3800 Output = 0b4f7ee9c8801b7cdbfbe064322d4879272b730e395b9c7e2bf8a07f99b101dc37687b993e4519d0d0ec607823c2a118
3801
3802 KDF = TLS13-KDF
3803 Ctrl.mode = mode:EXTRACT_ONLY
3804 Ctrl.digest = digest:SHA2-384
3805 Ctrl.key = hexkey:6b2ddbec771dbaf2c1de74c1de6f4ca391de63011ef8a5bd05c7fa716ee02cd1
3806 Ctrl.salt = hexsalt:c5cae95fcebb3eec27fc88654a2679cf600071d2a25a34fe7f34732415e922eb9a1de0f6db357026d3dfdadc5cb36b8d
3807 Ctrl.prefix = hexprefix:746c73313320
3808 Ctrl.label = hexlabel:64657269766564
3809 Output = 58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8
3810
3811 KDF = TLS13-KDF
3812 Ctrl.mode = mode:EXPAND_ONLY
3813 Ctrl.digest = digest:SHA2-384
3814 Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8
3815 Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d
3816 Ctrl.prefix = hexprefix:746c73313320
3817 Ctrl.label = hexlabel:632068732074726166666963
3818 Output = dd489530beb209f2562b86413baabdbc052b2024ab7fb70a31e5e0e65f9c959034a6889f8b042c005ac132c879c40dc7
3819
3820 KDF = TLS13-KDF
3821 Ctrl.mode = mode:EXPAND_ONLY
3822 Ctrl.digest = digest:SHA2-384
3823 Ctrl.key = hexkey:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8
3824 Ctrl.data = hexdata:671f55d398118eab16f4a2a87970615a7b37aa47b9fd935945a9a6da724c1f27dc4eefb2b123cbdee091c26985f81b7d
3825 Ctrl.prefix = hexprefix:746c73313320
3826 Ctrl.label = hexlabel:732068732074726166666963
3827 Output = 973c20837584cb79bd35bcfbe34d3eafd36e5280f7547d92b794c446bf578be38688f734eed942ae8c1de6864af496e4
3828
3829 KDF = TLS13-KDF
3830 Ctrl.mode = mode:EXTRACT_ONLY
3831 Ctrl.digest = digest:SHA2-384
3832 Ctrl.salt = hexsalt:58fb050686d06d7199031657d3332f0b9a5e64059a48a88d07c6c2775df17ebbe71a2c8e0d81abc7e87fd0fd96aae4f8
3833 Ctrl.prefix = hexprefix:746c73313320
3834 Ctrl.label = hexlabel:64657269766564
3835 Output = b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971
3836
3837 KDF = TLS13-KDF
3838 Ctrl.mode = mode:EXPAND_ONLY
3839 Ctrl.digest = digest:SHA2-384
3840 Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971
3841 Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5
3842 Ctrl.prefix = hexprefix:746c73313320
3843 Ctrl.label = hexlabel:632061702074726166666963
3844 Output = 763af37257c1d8fc3620127669c779ec2cb8433e4108ff797f71fec1e90364a0ee0ad9c272308ea8951866c44cb7ac0a
3845
3846 KDF = TLS13-KDF
3847 Ctrl.mode = mode:EXPAND_ONLY
3848 Ctrl.digest = digest:SHA2-384
3849 Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971
3850 Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5
3851 Ctrl.prefix = hexprefix:746c73313320
3852 Ctrl.label = hexlabel:732061702074726166666963
3853 Output = 3f1f4aaf11b3b30b5d76fcd077900a5dabdad92980bed0f3f0de6495c9ccf2c58aea08f7745b7b6c0cc3829b048c89de
3854
3855 KDF = TLS13-KDF
3856 Ctrl.mode = mode:EXPAND_ONLY
3857 Ctrl.digest = digest:SHA2-384
3858 Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971
3859 Ctrl.data = hexdata:1788d205772075ae39032c56c28abe25262c5cc2642304fe3ed25958b9ca0905144f6e9a140c043e7e2822087d9e81f5
3860 Ctrl.prefix = hexprefix:746c73313320
3861 Ctrl.label = hexlabel:657870206d6173746572
3862 Output = f5fb64671edfb74aa85a061cd845945a93281d09badfcdca81a3f29bce743fa784536c8a259b9c7af667f783554a9700
3863
3864 KDF = TLS13-KDF
3865 Ctrl.mode = mode:EXPAND_ONLY
3866 Ctrl.digest = digest:SHA2-384
3867 Ctrl.key = hexkey:b7a8660e5b5dd7d85695d6b00655a25af851d956d93be87d970172651a808f115fccb155535121a56fba6a6a9c197971
3868 Ctrl.data = hexdata:629e6112e7d0812e590a7b0dabc0a72b5a8539df1ca809a5f6ea8fe3ff35caf5a2bf0761232d97f0331e65f8ef2f28f5
3869 Ctrl.prefix = hexprefix:746c73313320
3870 Ctrl.label = hexlabel:726573206d6173746572
3871 Output = 984e97a983945c49ac2f6482855771f514688d8dafe4e8a4d4438f90aa3a76dae0fa027ffb189d736ce13a9bd64c9d7f
3872
3873 # New TLS 1.3 session starts here
3874
3875 KDF = TLS13-KDF
3876 Ctrl.mode = mode:EXTRACT_ONLY
3877 Ctrl.digest = digest:SHA2-384
3878 Ctrl.key = hexkey:02a241afe7072dc28fddc66987e22a710a5f2c3460766d55d5af58d549bd8f21
3879 Output = ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894
3880
3881 KDF = TLS13-KDF
3882 Ctrl.mode = mode:EXPAND_ONLY
3883 Ctrl.digest = digest:SHA2-384
3884 Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894
3885 Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d
3886 Ctrl.prefix = hexprefix:746c73313320
3887 Ctrl.label = hexlabel:6320652074726166666963
3888 Output = 93c085d9eb42edcb69274adc8c04fd4ee074672c99c1e44ff7ce4f0b3c3c0d56875845d2b148ebd1558547141cd35200
3889
3890 KDF = TLS13-KDF
3891 Ctrl.mode = mode:EXPAND_ONLY
3892 Ctrl.digest = digest:SHA2-384
3893 Ctrl.key = hexkey:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894
3894 Ctrl.data = hexdata:a911360d1d4f3bbd671908701106913fd281436de65cc2b9645e2cdccd31452cde589ccbbe41d926d3b82d468c2e812d
3895 Ctrl.prefix = hexprefix:746c73313320
3896 Ctrl.label = hexlabel:6520657870206d6173746572
3897 Output = 0a5265d6097424d190572a4c7110f43097ea10056af875f74be4f02b82adf1de4dc7b90423e550bb0f0100ca2f0fcda5
3898
3899 KDF = TLS13-KDF
3900 Ctrl.mode = mode:EXTRACT_ONLY
3901 Ctrl.digest = digest:SHA2-384
3902 Ctrl.key = hexkey:1426c851a7872eb25a197b7e58410871f0760e81345e67a1ffb6459f7b621f05
3903 Ctrl.salt = hexsalt:ef81b12b65b731fa750705c7799ec296cf4f3218bc34a3ef5819a6857aece0fd608e27f1589ce09a9fa72f941d304894
3904 Ctrl.prefix = hexprefix:746c73313320
3905 Ctrl.label = hexlabel:64657269766564
3906 Output = 8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910
3907
3908 KDF = TLS13-KDF
3909 Ctrl.mode = mode:EXPAND_ONLY
3910 Ctrl.digest = digest:SHA2-384
3911 Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910
3912 Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186
3913 Ctrl.prefix = hexprefix:746c73313320
3914 Ctrl.label = hexlabel:632068732074726166666963
3915 Output = 13d2a5aa1e375e769e4062d829c0df66a8138357e460adbfe859fcd09252dec37e93076a225b9aa51569f0a60960f425
3916
3917 KDF = TLS13-KDF
3918 Ctrl.mode = mode:EXPAND_ONLY
3919 Ctrl.digest = digest:SHA2-384
3920 Ctrl.key = hexkey:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910
3921 Ctrl.data = hexdata:5492f38f35ca8254b8b50e45dba0f9eca6e5b4fd1275d80984e67cbc4c3377f1ed734c46a1a53fd774f9d10de7cb8186
3922 Ctrl.prefix = hexprefix:746c73313320
3923 Ctrl.label = hexlabel:732068732074726166666963
3924 Output = 3c05d6e0733946fbb7fbbec7cfc6a1a647d8313c14ee7f3d0de15c29ad56cda0cdfa171a5b312cc7318c12a8fac80206
3925
3926 KDF = TLS13-KDF
3927 Ctrl.mode = mode:EXTRACT_ONLY
3928 Ctrl.digest = digest:SHA2-384
3929 Ctrl.salt = hexsalt:8751149d301adca9db725b867e22ceb4be056cd16aa43ac55307d1ffae4f656cf43678bff88057e65a90871b8a2a9910
3930 Ctrl.prefix = hexprefix:746c73313320
3931 Ctrl.label = hexlabel:64657269766564
3932 Output = dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc
3933
3934 KDF = TLS13-KDF
3935 Ctrl.mode = mode:EXPAND_ONLY
3936 Ctrl.digest = digest:SHA2-384
3937 Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc
3938 Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f
3939 Ctrl.prefix = hexprefix:746c73313320
3940 Ctrl.label = hexlabel:632061702074726166666963
3941 Output = bfa7282e1e5e7396743994a1b7708bed617b20a2d1f8514e28e9322187e7afce7ea133881ecf305e0aeacbe972835ce1
3942
3943 KDF = TLS13-KDF
3944 Ctrl.mode = mode:EXPAND_ONLY
3945 Ctrl.digest = digest:SHA2-384
3946 Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc
3947 Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f
3948 Ctrl.prefix = hexprefix:746c73313320
3949 Ctrl.label = hexlabel:732061702074726166666963
3950 Output = 91eca687ecf6db1613aab6b8bc60b118a4e6e98b94afb48638efa00717451310cefa5a533867281b7624ecbdd7614deb
3951
3952 KDF = TLS13-KDF
3953 Ctrl.mode = mode:EXPAND_ONLY
3954 Ctrl.digest = digest:SHA2-384
3955 Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc
3956 Ctrl.data = hexdata:c8456dec887407791bff92fc9a929b94139e90837c778d61735f85d057d2b59b45a57535368c78fbac10e6440a46af6f
3957 Ctrl.prefix = hexprefix:746c73313320
3958 Ctrl.label = hexlabel:657870206d6173746572
3959 Output = 1b1e6b3a2e33d3616a5a41368993d80a7ff4ebfbd3973fa6bb6582a13bceb21f3085dd7b0a731bc03ea931dd668549f8
3960
3961 KDF = TLS13-KDF
3962 Ctrl.mode = mode:EXPAND_ONLY
3963 Ctrl.digest = digest:SHA2-384
3964 Ctrl.key = hexkey:dbcbe0371453d2d7794e18fb951d16e587046b1c8672b8975985067b8826e3174b18ec1a622d104d2349fbe7cf516acc
3965 Ctrl.data = hexdata:4e14e5e218a29c7d70a83bb39b782d2c9ba5a2ba856e8963bacb4fc1aaa7d376e16175cbeb17634f90225a2f8483b2ed
3966 Ctrl.prefix = hexprefix:746c73313320
3967 Ctrl.label = hexlabel:726573206d6173746572
3968 Output = 50ceeded13db2c364b44c976d708b7fee57eec0998c85eacc05c2b0a3b4cafeda1642751f78530c433f689ee4a23d4e3
3969
3970 # New TLS 1.3 session starts here
3971
3972 KDF = TLS13-KDF
3973 Ctrl.mode = mode:EXTRACT_ONLY
3974 Ctrl.digest = digest:SHA2-384
3975 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
3976
3977 KDF = TLS13-KDF
3978 Ctrl.mode = mode:EXPAND_ONLY
3979 Ctrl.digest = digest:SHA2-384
3980 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
3981 Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104
3982 Ctrl.prefix = hexprefix:746c73313320
3983 Ctrl.label = hexlabel:6320652074726166666963
3984 Output = 9bd2371a1c4e8850f6d52eadfd088cc380c8f76612fcde4ac4a6605a6ae5117820ebe108273f6533cdeea942bcb3ab6a
3985
3986 KDF = TLS13-KDF
3987 Ctrl.mode = mode:EXPAND_ONLY
3988 Ctrl.digest = digest:SHA2-384
3989 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
3990 Ctrl.data = hexdata:bb156178fd7d06e40789668fe93b4432d7e52c0294f11eb2f64c5bd24836115c7034b403a453976f51d699a348e64104
3991 Ctrl.prefix = hexprefix:746c73313320
3992 Ctrl.label = hexlabel:6520657870206d6173746572
3993 Output = 71b365f40805bd7a810d704512c6f17110589d9585580324d9cfceff6f81f4eceb2128fa295f9b236fe5fee4629e1859
3994
3995 KDF = TLS13-KDF
3996 Ctrl.mode = mode:EXTRACT_ONLY
3997 Ctrl.digest = digest:SHA2-384
3998 Ctrl.key = hexkey:83945a53ffb26b51f21f69d75c414309e5155fa030723c1c38cffe89cb04edb6
3999 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4000 Ctrl.prefix = hexprefix:746c73313320
4001 Ctrl.label = hexlabel:64657269766564
4002 Output = 12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1
4003
4004 KDF = TLS13-KDF
4005 Ctrl.mode = mode:EXPAND_ONLY
4006 Ctrl.digest = digest:SHA2-384
4007 Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1
4008 Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e
4009 Ctrl.prefix = hexprefix:746c73313320
4010 Ctrl.label = hexlabel:632068732074726166666963
4011 Output = 20832548d9ca0fa619833e866639df7412ac7c3906e8076c6e4553a2e56fa8703b1727d64015cb6aad020e8b5d889a6b
4012
4013 KDF = TLS13-KDF
4014 Ctrl.mode = mode:EXPAND_ONLY
4015 Ctrl.digest = digest:SHA2-384
4016 Ctrl.key = hexkey:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1
4017 Ctrl.data = hexdata:00589f3587b9fd9e27cd4e411568bf56df30a6a0d969e88eec4944b5b442d2cd7188c1b11e78912824bf6f48db8dd30e
4018 Ctrl.prefix = hexprefix:746c73313320
4019 Ctrl.label = hexlabel:732068732074726166666963
4020 Output = ab2f7ea9aaf2573370c6b46e929910cab6da6a0aebb236b337e5241e9c5226be3b423bfde3f06b34a7560d98885c8c54
4021
4022 KDF = TLS13-KDF
4023 Ctrl.mode = mode:EXTRACT_ONLY
4024 Ctrl.digest = digest:SHA2-384
4025 Ctrl.salt = hexsalt:12c2bb4946770fc0378134cb2cb3504b44724a2fc10d80bd691b42ea5a77370888af2cc8832564214dabc967fab153b1
4026 Ctrl.prefix = hexprefix:746c73313320
4027 Ctrl.label = hexlabel:64657269766564
4028 Output = 2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d
4029
4030 KDF = TLS13-KDF
4031 Ctrl.mode = mode:EXPAND_ONLY
4032 Ctrl.digest = digest:SHA2-384
4033 Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d
4034 Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9
4035 Ctrl.prefix = hexprefix:746c73313320
4036 Ctrl.label = hexlabel:632061702074726166666963
4037 Output = 2217a5a433ed108d3fda94ed78632222806baa2c3f16b0b95534760ae0bd7403d8f9d95f47888b2f2b0b080b3b046d5c
4038
4039 KDF = TLS13-KDF
4040 Ctrl.mode = mode:EXPAND_ONLY
4041 Ctrl.digest = digest:SHA2-384
4042 Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d
4043 Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9
4044 Ctrl.prefix = hexprefix:746c73313320
4045 Ctrl.label = hexlabel:732061702074726166666963
4046 Output = 3c32294e5dafebf41e4b45f2ff7f70b925c2ea78d1ab0d31f8cf813d7ac47b766809519cac70c5b3bba389e33a04e6f4
4047
4048 KDF = TLS13-KDF
4049 Ctrl.mode = mode:EXPAND_ONLY
4050 Ctrl.digest = digest:SHA2-384
4051 Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d
4052 Ctrl.data = hexdata:a6a0c99dc81a74aedf37284ef07701cea224293ea00dc688ef3ed30368c811a4a5c3cd4e7a2a969539bf7bfeb79253e9
4053 Ctrl.prefix = hexprefix:746c73313320
4054 Ctrl.label = hexlabel:657870206d6173746572
4055 Output = f92f95ee85dadda7467b4a402c877c746d170a986a18ffe13a7263f11a74e4322d567ecca89d0e5dda4f624aac0101ba
4056
4057 KDF = TLS13-KDF
4058 Ctrl.mode = mode:EXPAND_ONLY
4059 Ctrl.digest = digest:SHA2-384
4060 Ctrl.key = hexkey:2a3381ce1639af02a64ac0735edfc729dc4019696fe7d4f9464ab7cd7a9978436cbca4461d19e93a3aaad1f7dad6c36d
4061 Ctrl.data = hexdata:4ad8bec778fc2c32c98470e27d4151126e2a215a32cdd2a688e47717e5fa7490b586d2c4fb54e0996417ccdf189fbe73
4062 Ctrl.prefix = hexprefix:746c73313320
4063 Ctrl.label = hexlabel:726573206d6173746572
4064 Output = 517a3f7ef3d51098512ba68b0066deed4a6f3f016d78949e79dadb1ab730beb84d556b31c8c1eb7d741cccfd12313049
4065
4066 # New TLS 1.3 session starts here
4067
4068 KDF = TLS13-KDF
4069 Ctrl.mode = mode:EXTRACT_ONLY
4070 Ctrl.digest = digest:SHA2-384
4071 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4072
4073 KDF = TLS13-KDF
4074 Ctrl.mode = mode:EXPAND_ONLY
4075 Ctrl.digest = digest:SHA2-384
4076 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4077 Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9
4078 Ctrl.prefix = hexprefix:746c73313320
4079 Ctrl.label = hexlabel:6320652074726166666963
4080 Output = d3fc95dacd1c4ed05b0d0f11ea7128f309c7dc81ab7d732b7333d4e6347189923e44ee2a0b4047fcd502f7e74edef55d
4081
4082 KDF = TLS13-KDF
4083 Ctrl.mode = mode:EXPAND_ONLY
4084 Ctrl.digest = digest:SHA2-384
4085 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4086 Ctrl.data = hexdata:ce8a273136c4c91b175a57e7b27eb2929a31e3410e9c5b8b7dfa442f5459e59222d6dbea6f1d0e5b7b8d8bcae28b58c9
4087 Ctrl.prefix = hexprefix:746c73313320
4088 Ctrl.label = hexlabel:6520657870206d6173746572
4089 Output = fa6c3df3027a0711fe712c3e43886eb56b0f26894a8203c5a1a3a7813977ccf6668ff1e2d94bca987e6fb169e6f47b85
4090
4091 KDF = TLS13-KDF
4092 Ctrl.mode = mode:EXTRACT_ONLY
4093 Ctrl.digest = digest:SHA2-384
4094 Ctrl.key = hexkey:d57947df07774b69399f726359860d5f20ab3b23c64446386c2370defcdc915e
4095 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4096 Ctrl.prefix = hexprefix:746c73313320
4097 Ctrl.label = hexlabel:64657269766564
4098 Output = e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138
4099
4100 KDF = TLS13-KDF
4101 Ctrl.mode = mode:EXPAND_ONLY
4102 Ctrl.digest = digest:SHA2-384
4103 Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138
4104 Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8
4105 Ctrl.prefix = hexprefix:746c73313320
4106 Ctrl.label = hexlabel:632068732074726166666963
4107 Output = bfc1f429408ebc49b9ae80a36e1f354e695351c24c002fd96059763b06ac6db3c2169b4af955ac03dd431cd4aa5269f9
4108
4109 KDF = TLS13-KDF
4110 Ctrl.mode = mode:EXPAND_ONLY
4111 Ctrl.digest = digest:SHA2-384
4112 Ctrl.key = hexkey:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138
4113 Ctrl.data = hexdata:9e7c01ccd11887a65a50be6bd9ca2263fe02a5fa483579d0e139faea00e920b12ef044fa1c3a29480217ccbba6fff0b8
4114 Ctrl.prefix = hexprefix:746c73313320
4115 Ctrl.label = hexlabel:732068732074726166666963
4116 Output = 3ae6b72885417b225a3c4f92ebf8e3f7d33f968f44ec51edbdd628d867432adbdc672579d857bcc5a575a646e3622904
4117
4118 KDF = TLS13-KDF
4119 Ctrl.mode = mode:EXTRACT_ONLY
4120 Ctrl.digest = digest:SHA2-384
4121 Ctrl.salt = hexsalt:e87f946ab1726ab5e911df8b14f6393db1c72caa512e3d235847a271ae1b4d8643ff19b393710b67961eca39cebcf138
4122 Ctrl.prefix = hexprefix:746c73313320
4123 Ctrl.label = hexlabel:64657269766564
4124 Output = a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab
4125
4126 KDF = TLS13-KDF
4127 Ctrl.mode = mode:EXPAND_ONLY
4128 Ctrl.digest = digest:SHA2-384
4129 Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab
4130 Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db
4131 Ctrl.prefix = hexprefix:746c73313320
4132 Ctrl.label = hexlabel:632061702074726166666963
4133 Output = b48a4caac858a953f1b5f9019484fb4fea955b533865db740fbaf945392d3bac0d0f4038d2283e00838dcdbdbdf2d9b0
4134
4135 KDF = TLS13-KDF
4136 Ctrl.mode = mode:EXPAND_ONLY
4137 Ctrl.digest = digest:SHA2-384
4138 Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab
4139 Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db
4140 Ctrl.prefix = hexprefix:746c73313320
4141 Ctrl.label = hexlabel:732061702074726166666963
4142 Output = f54b230bd2fb82bdb0eefde4368177383e5d104ec4e6ab71ff129e356807737ed9d522d6014ac56bad4ae23cad76e8b7
4143
4144 KDF = TLS13-KDF
4145 Ctrl.mode = mode:EXPAND_ONLY
4146 Ctrl.digest = digest:SHA2-384
4147 Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab
4148 Ctrl.data = hexdata:6b301e7a7b3f3d960a620ca6c0a8855c7806cdee61e8c3344330c15c023f76fc31996ced8b35beee2c492c910f2dc2db
4149 Ctrl.prefix = hexprefix:746c73313320
4150 Ctrl.label = hexlabel:657870206d6173746572
4151 Output = e9c305cafa53d3bb189013492fc6e40f01fd194304aea30fe73b8322161edf4a39e6530c3904cb5bd8fa8644ece55a2a
4152
4153 KDF = TLS13-KDF
4154 Ctrl.mode = mode:EXPAND_ONLY
4155 Ctrl.digest = digest:SHA2-384
4156 Ctrl.key = hexkey:a92245795eac1334ddd246d3857de343813f59bb2eaf78dc8e92dcc61926b89d5252e357289485573c693da5b7a0b3ab
4157 Ctrl.data = hexdata:5e28ee7474db3de8996894fb8285af4469349a0cc7cca47544b0b7c7663dd3ea7399ad26f054a75f4f0a9260447f4030
4158 Ctrl.prefix = hexprefix:746c73313320
4159 Ctrl.label = hexlabel:726573206d6173746572
4160 Output = be0b885a296f266b0f50dc53f78b27ebac7292f627b3658bc4a95607529f5864d47e25c848363c0ab5dcd83193fd62cc
4161
4162 # New TLS 1.3 session starts here
4163
4164 KDF = TLS13-KDF
4165 Ctrl.mode = mode:EXTRACT_ONLY
4166 Ctrl.digest = digest:SHA2-384
4167 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4168
4169 KDF = TLS13-KDF
4170 Ctrl.mode = mode:EXPAND_ONLY
4171 Ctrl.digest = digest:SHA2-384
4172 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4173 Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce
4174 Ctrl.prefix = hexprefix:746c73313320
4175 Ctrl.label = hexlabel:6320652074726166666963
4176 Output = 3e67e81d98d6a17439294130cb14383aeca788251a609bb97e7c2b81f53c195fb5f95a6133d014083b5e2c3a9d04c1e2
4177
4178 KDF = TLS13-KDF
4179 Ctrl.mode = mode:EXPAND_ONLY
4180 Ctrl.digest = digest:SHA2-384
4181 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4182 Ctrl.data = hexdata:53c45ce0fa2644a0a532fc5e73272a655bca78e483d86e872c521cf5a0a75a34b9f546f4b9a56e8a2c3a52525b0ddcce
4183 Ctrl.prefix = hexprefix:746c73313320
4184 Ctrl.label = hexlabel:6520657870206d6173746572
4185 Output = d02ae01d3bb7e72d99f32ff7561e1243576bd37ea06b3c8a31e991c92b169f647541fa5eba74086891b6436489dae045
4186
4187 KDF = TLS13-KDF
4188 Ctrl.mode = mode:EXTRACT_ONLY
4189 Ctrl.digest = digest:SHA2-384
4190 Ctrl.key = hexkey:eaef8daa591f860e4e4693a39a01a246790c3e26c6545a9831a69550bbb87b91
4191 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4192 Ctrl.prefix = hexprefix:746c73313320
4193 Ctrl.label = hexlabel:64657269766564
4194 Output = 6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a
4195
4196 KDF = TLS13-KDF
4197 Ctrl.mode = mode:EXPAND_ONLY
4198 Ctrl.digest = digest:SHA2-384
4199 Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a
4200 Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c
4201 Ctrl.prefix = hexprefix:746c73313320
4202 Ctrl.label = hexlabel:632068732074726166666963
4203 Output = e1f668956b8f85ffc5516b300c29f26d0af9a3403982dc75e3994a6a5cf105e891567737dcee9cfd48457c948059e411
4204
4205 KDF = TLS13-KDF
4206 Ctrl.mode = mode:EXPAND_ONLY
4207 Ctrl.digest = digest:SHA2-384
4208 Ctrl.key = hexkey:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a
4209 Ctrl.data = hexdata:16fd0b738388236a90949eb344161ae277b5851169ba636cc83614c0b88f800d69eca40d3a93a9b284ee9dacb1cc197c
4210 Ctrl.prefix = hexprefix:746c73313320
4211 Ctrl.label = hexlabel:732068732074726166666963
4212 Output = 852e3d5b12fadfbbf3defe048a14ac51401299d39c92e0c359b8ff9a3c34335d1d0bb6881b2c30435248c4fa341033e3
4213
4214 KDF = TLS13-KDF
4215 Ctrl.mode = mode:EXTRACT_ONLY
4216 Ctrl.digest = digest:SHA2-384
4217 Ctrl.salt = hexsalt:6f06af2ecb2262d77a9a6a8e94cbacca3645cefa3dd9f23e4bbcc59042a1ac46029950f894f1b96fbdb8c926375d107a
4218 Ctrl.prefix = hexprefix:746c73313320
4219 Ctrl.label = hexlabel:64657269766564
4220 Output = 566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f
4221
4222 KDF = TLS13-KDF
4223 Ctrl.mode = mode:EXPAND_ONLY
4224 Ctrl.digest = digest:SHA2-384
4225 Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f
4226 Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1
4227 Ctrl.prefix = hexprefix:746c73313320
4228 Ctrl.label = hexlabel:632061702074726166666963
4229 Output = 307f12a3c070fb00f706a4bf6d7492d5b3c1e4eea713d14ab5d52324237eeb75f585b6b278df896614f64a9119e750fe
4230
4231 KDF = TLS13-KDF
4232 Ctrl.mode = mode:EXPAND_ONLY
4233 Ctrl.digest = digest:SHA2-384
4234 Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f
4235 Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1
4236 Ctrl.prefix = hexprefix:746c73313320
4237 Ctrl.label = hexlabel:732061702074726166666963
4238 Output = cf098b49f302e84c11aec463638b22ada6083de98e319903a934d114613084d6c162e4c8d26522ef8cdd45c515a7c74b
4239
4240 KDF = TLS13-KDF
4241 Ctrl.mode = mode:EXPAND_ONLY
4242 Ctrl.digest = digest:SHA2-384
4243 Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f
4244 Ctrl.data = hexdata:852395eb84730bac2c1a09f3843a6e0705fb66924953f48ecabe9a0d3c73c1933c8f99efb0ca9cbb8b2dbbc966fb5bd1
4245 Ctrl.prefix = hexprefix:746c73313320
4246 Ctrl.label = hexlabel:657870206d6173746572
4247 Output = 9def86f445a25c8458ab71af0030fa4b1aa44858adb4875702ea521bd6cb2272fb6938b52bb3842963755bb0658ccad7
4248
4249 KDF = TLS13-KDF
4250 Ctrl.mode = mode:EXPAND_ONLY
4251 Ctrl.digest = digest:SHA2-384
4252 Ctrl.key = hexkey:566e81b068476abf14a8495f49b34441ffd488d1252c0d0140a437ed8a42ca0532311ac7117510481bd5b1b4427bdf8f
4253 Ctrl.data = hexdata:80c10c6944df45bb77135b12af17738a5625802faf9c3fc22600f18969f147a141e94e131eca654ad86c491d1d98a9ec
4254 Ctrl.prefix = hexprefix:746c73313320
4255 Ctrl.label = hexlabel:726573206d6173746572
4256 Output = 7931cc9028395f8b1392e398358dffa95f2cea2804ddd3d1c0c477d6373fbd48be6c5e4d971d5707e0674a97c512cdba
4257
4258 # New TLS 1.3 session starts here
4259
4260 KDF = TLS13-KDF
4261 Ctrl.mode = mode:EXTRACT_ONLY
4262 Ctrl.digest = digest:SHA2-384
4263 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4264
4265 KDF = TLS13-KDF
4266 Ctrl.mode = mode:EXPAND_ONLY
4267 Ctrl.digest = digest:SHA2-384
4268 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4269 Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b
4270 Ctrl.prefix = hexprefix:746c73313320
4271 Ctrl.label = hexlabel:6320652074726166666963
4272 Output = 2571b9bc3d01f14a1e509764092de227e2ab28b5faf70661bfcd79de6374367d4bf90ad6f3bc0f01e12b61ed4943f042
4273
4274 KDF = TLS13-KDF
4275 Ctrl.mode = mode:EXPAND_ONLY
4276 Ctrl.digest = digest:SHA2-384
4277 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4278 Ctrl.data = hexdata:4d4855b455ea510c22bd621486b43c6cd12d28af2c17cb0bfe7c5df2e94d56c9d1c43d591d39572018322cc8210ae12b
4279 Ctrl.prefix = hexprefix:746c73313320
4280 Ctrl.label = hexlabel:6520657870206d6173746572
4281 Output = 09cd4219de326e48bdf79d2d88689877cff7941715bd37aa992e638eb8998a9b79dc689e11215c7681809205ed1eabff
4282
4283 KDF = TLS13-KDF
4284 Ctrl.mode = mode:EXTRACT_ONLY
4285 Ctrl.digest = digest:SHA2-384
4286 Ctrl.key = hexkey:aadfb50d4a29c09e7058dbaba4a90ea3a0aa37de17275c9b89176f442d6e4b06
4287 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4288 Ctrl.prefix = hexprefix:746c73313320
4289 Ctrl.label = hexlabel:64657269766564
4290 Output = 45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448
4291
4292 KDF = TLS13-KDF
4293 Ctrl.mode = mode:EXPAND_ONLY
4294 Ctrl.digest = digest:SHA2-384
4295 Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448
4296 Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291
4297 Ctrl.prefix = hexprefix:746c73313320
4298 Ctrl.label = hexlabel:632068732074726166666963
4299 Output = 21456e5662e2067c7beb09079a7e12e4b27a3721e3047571a87d2da45267dafd1c6af9d62d212d802ed69cd69ed63067
4300
4301 KDF = TLS13-KDF
4302 Ctrl.mode = mode:EXPAND_ONLY
4303 Ctrl.digest = digest:SHA2-384
4304 Ctrl.key = hexkey:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448
4305 Ctrl.data = hexdata:81f8bb49b27cc25f4062ddee4794fc7e3c583dfbdf160eb9b4a39de5f7fdca2c83c8842ed18dc93db6b4556504a72291
4306 Ctrl.prefix = hexprefix:746c73313320
4307 Ctrl.label = hexlabel:732068732074726166666963
4308 Output = b2e69b45e4a926ce6895f59af91efd9b2edd0e5338452bd772247f432ca294380b6e494fd4e5321f013787036225b9ac
4309
4310 KDF = TLS13-KDF
4311 Ctrl.mode = mode:EXTRACT_ONLY
4312 Ctrl.digest = digest:SHA2-384
4313 Ctrl.salt = hexsalt:45ffc3730b02754071604360ff8689c372e0e63abb5665e1a1799f91dc79f04ad87ab4cb589205224ca810a8cf872448
4314 Ctrl.prefix = hexprefix:746c73313320
4315 Ctrl.label = hexlabel:64657269766564
4316 Output = 06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00
4317
4318 KDF = TLS13-KDF
4319 Ctrl.mode = mode:EXPAND_ONLY
4320 Ctrl.digest = digest:SHA2-384
4321 Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00
4322 Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd
4323 Ctrl.prefix = hexprefix:746c73313320
4324 Ctrl.label = hexlabel:632061702074726166666963
4325 Output = 3b6af39d0f782e9e14102c259584a84e22b8f01cb8bcc474b7682d03f896905bb5080db4818fb2f5e036d48f8ff9f829
4326
4327 KDF = TLS13-KDF
4328 Ctrl.mode = mode:EXPAND_ONLY
4329 Ctrl.digest = digest:SHA2-384
4330 Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00
4331 Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd
4332 Ctrl.prefix = hexprefix:746c73313320
4333 Ctrl.label = hexlabel:732061702074726166666963
4334 Output = cf0d58f7bfc58fc46eb87dd8201b1ec59da4fe4fde9e864e295d5c1ca11a1c80cbda554637c8b244df0dde1f171408b1
4335
4336 KDF = TLS13-KDF
4337 Ctrl.mode = mode:EXPAND_ONLY
4338 Ctrl.digest = digest:SHA2-384
4339 Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00
4340 Ctrl.data = hexdata:f359cee8145326f8588220d19274068b16166021b07a371b66955a5504695254ad30b2c0daa5a6ee97a59d338af19ebd
4341 Ctrl.prefix = hexprefix:746c73313320
4342 Ctrl.label = hexlabel:657870206d6173746572
4343 Output = 0585f4818b8203525986415b4a253901f80040cbd62bd081009b14788a01f71aa05ef9b38b2cc15eb09cdbba82e4381b
4344
4345 KDF = TLS13-KDF
4346 Ctrl.mode = mode:EXPAND_ONLY
4347 Ctrl.digest = digest:SHA2-384
4348 Ctrl.key = hexkey:06deb1755458ed01f6e53ca640eb2d4c6f42641221fb50e64de8e3a2466691222cc6a21bfcc3a2e1a6fd631174b0bb00
4349 Ctrl.data = hexdata:8fbf37769af8301a6d6067348b7b4d30b2da212dba16cd83f4bfd9da83964053c37eec6954ad77259ba77d69a074e13e
4350 Ctrl.prefix = hexprefix:746c73313320
4351 Ctrl.label = hexlabel:726573206d6173746572
4352 Output = 74075af4eef3b6d0bd14ebcc1a30aa4800c426b197945dac99d359bf655e3f60facf22dc20bd7b835d9fce8054d5dbad
4353
4354 # New TLS 1.3 session starts here
4355
4356 KDF = TLS13-KDF
4357 Ctrl.mode = mode:EXTRACT_ONLY
4358 Ctrl.digest = digest:SHA2-384
4359 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4360
4361 KDF = TLS13-KDF
4362 Ctrl.mode = mode:EXPAND_ONLY
4363 Ctrl.digest = digest:SHA2-384
4364 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4365 Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e
4366 Ctrl.prefix = hexprefix:746c73313320
4367 Ctrl.label = hexlabel:6320652074726166666963
4368 Output = 0f76f5af5ab1ce245943313fdc5f78aca0277e27fae95fb12b57469d485bb6612b35b9795cfb8bbda734c8b5291dc35e
4369
4370 KDF = TLS13-KDF
4371 Ctrl.mode = mode:EXPAND_ONLY
4372 Ctrl.digest = digest:SHA2-384
4373 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4374 Ctrl.data = hexdata:d43bb2adb7ad63a04e40fd5390e7cc7ba0ed8953c2cda92f4383ed8e3d2632a48dda67b9a54eee831ed7f2e2a9f99c5e
4375 Ctrl.prefix = hexprefix:746c73313320
4376 Ctrl.label = hexlabel:6520657870206d6173746572
4377 Output = 7d40656445a89b8a03a7ccaca413d9438d8a7b434812b6d141b2089464953accbc4cace5c124c3038a558d0b59e7915d
4378
4379 KDF = TLS13-KDF
4380 Ctrl.mode = mode:EXTRACT_ONLY
4381 Ctrl.digest = digest:SHA2-384
4382 Ctrl.key = hexkey:ad2cfa585abc0d2ca5db71c0d1a765e78b59cda0cf3b5eab80731a99a951072b
4383 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4384 Ctrl.prefix = hexprefix:746c73313320
4385 Ctrl.label = hexlabel:64657269766564
4386 Output = c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31
4387
4388 KDF = TLS13-KDF
4389 Ctrl.mode = mode:EXPAND_ONLY
4390 Ctrl.digest = digest:SHA2-384
4391 Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31
4392 Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690
4393 Ctrl.prefix = hexprefix:746c73313320
4394 Ctrl.label = hexlabel:632068732074726166666963
4395 Output = ac3b6e92e1f973f82b29e283bfaccce9c5f4c16e2d885b49fbde0e537cdee5718377ea7117e0add2ab997a7c12357858
4396
4397 KDF = TLS13-KDF
4398 Ctrl.mode = mode:EXPAND_ONLY
4399 Ctrl.digest = digest:SHA2-384
4400 Ctrl.key = hexkey:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31
4401 Ctrl.data = hexdata:73f2b0896bc0c24dde3b4f01b3285eed02f78633f1bd910ff5f9a331b6495d70d1fb06610a312f3a60d9f6a7a5f39690
4402 Ctrl.prefix = hexprefix:746c73313320
4403 Ctrl.label = hexlabel:732068732074726166666963
4404 Output = 35127fae2fdfcfc744578ac51994e1d6140cb215cecc1172f052c2626a03edfc9c0b270326313272b1a7a82a45495cbf
4405
4406 KDF = TLS13-KDF
4407 Ctrl.mode = mode:EXTRACT_ONLY
4408 Ctrl.digest = digest:SHA2-384
4409 Ctrl.salt = hexsalt:c859ebeb69d7621864780cd992f00c87f7902c5f23d16c780ffb3baa9d7e6b33aff77ab0811886bb9aa43f4229bcfe31
4410 Ctrl.prefix = hexprefix:746c73313320
4411 Ctrl.label = hexlabel:64657269766564
4412 Output = f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65
4413
4414 KDF = TLS13-KDF
4415 Ctrl.mode = mode:EXPAND_ONLY
4416 Ctrl.digest = digest:SHA2-384
4417 Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65
4418 Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75
4419 Ctrl.prefix = hexprefix:746c73313320
4420 Ctrl.label = hexlabel:632061702074726166666963
4421 Output = 006523da7c759a9664b0a29c6d4d6c3f24a5f1f0642874f6f260b3617514dc933703f8e21be3d79246511d6eb0602fa8
4422
4423 KDF = TLS13-KDF
4424 Ctrl.mode = mode:EXPAND_ONLY
4425 Ctrl.digest = digest:SHA2-384
4426 Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65
4427 Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75
4428 Ctrl.prefix = hexprefix:746c73313320
4429 Ctrl.label = hexlabel:732061702074726166666963
4430 Output = 56c42d1105ac8073316e6be3efd459539bf8c9fe8b55f24895d643f2d5a6e882a9334e7a3e8e7092072e62d6c67ba038
4431
4432 KDF = TLS13-KDF
4433 Ctrl.mode = mode:EXPAND_ONLY
4434 Ctrl.digest = digest:SHA2-384
4435 Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65
4436 Ctrl.data = hexdata:79f1027369f4af0a5d5b84b5083ab2dbd1244139aaf648bea9d3e03abcff938aa78670aa9f12e0e160c3eda36f65ab75
4437 Ctrl.prefix = hexprefix:746c73313320
4438 Ctrl.label = hexlabel:657870206d6173746572
4439 Output = 40c01edda9d1bb545623f56ddd05fd9c788b7eacd667bbb3916ae0d71c1235f3b8943fbedae9447b1c9492e2d5806f07
4440
4441 KDF = TLS13-KDF
4442 Ctrl.mode = mode:EXPAND_ONLY
4443 Ctrl.digest = digest:SHA2-384
4444 Ctrl.key = hexkey:f14ec4e75c444e149c8528c1d86424b0d0ec6de8af14a0045443a5aa462d09e24c346060a26721d7f337297fcdb73e65
4445 Ctrl.data = hexdata:f782fce708c7fb5bf48303d42e38c4c3598b4c82e186b424cd2e6a4514a58da02a6e472e04981d9235a996fa82de748e
4446 Ctrl.prefix = hexprefix:746c73313320
4447 Ctrl.label = hexlabel:726573206d6173746572
4448 Output = 6d2a9e1c4f7a07f51af877f2e301ddf37c2c7deae30947c53c076e7b20dd20dd137724f62706b35ba3dd02fe1bbc6771
4449
4450 # New TLS 1.3 session starts here
4451
4452 KDF = TLS13-KDF
4453 Ctrl.mode = mode:EXTRACT_ONLY
4454 Ctrl.digest = digest:SHA2-384
4455 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4456
4457 KDF = TLS13-KDF
4458 Ctrl.mode = mode:EXPAND_ONLY
4459 Ctrl.digest = digest:SHA2-384
4460 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4461 Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb
4462 Ctrl.prefix = hexprefix:746c73313320
4463 Ctrl.label = hexlabel:6320652074726166666963
4464 Output = 0930f5fe2f1a7651534350db7cbf81a30d90d6acf11ee7054fb1fe03ba6f1657a5452f1e0c8aec106e682bf3ce319d9d
4465
4466 KDF = TLS13-KDF
4467 Ctrl.mode = mode:EXPAND_ONLY
4468 Ctrl.digest = digest:SHA2-384
4469 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4470 Ctrl.data = hexdata:07db069260fd2ea0cc174c1bbbb2b685d090ff14eb1a1e750a55e633ec6eae8d8eb30c38864b4c8cff92f8e14fba6deb
4471 Ctrl.prefix = hexprefix:746c73313320
4472 Ctrl.label = hexlabel:6520657870206d6173746572
4473 Output = 9a64292070a6ea9704cd7117bfcbe7c6378c9c63ed0c0f997cfb518db5f87ca1006e1eb374a3b9515138e9b39774218f
4474
4475 KDF = TLS13-KDF
4476 Ctrl.mode = mode:EXTRACT_ONLY
4477 Ctrl.digest = digest:SHA2-384
4478 Ctrl.key = hexkey:371954308edaeefb9e4abddcfc514a9c812bb34dfbcfcb6cea1d2246a62427d5
4479 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4480 Ctrl.prefix = hexprefix:746c73313320
4481 Ctrl.label = hexlabel:64657269766564
4482 Output = 0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c
4483
4484 KDF = TLS13-KDF
4485 Ctrl.mode = mode:EXPAND_ONLY
4486 Ctrl.digest = digest:SHA2-384
4487 Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c
4488 Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2
4489 Ctrl.prefix = hexprefix:746c73313320
4490 Ctrl.label = hexlabel:632068732074726166666963
4491 Output = 43d49b8255b120ed5e58ec8a6e8af25a9744bcf09f49385df6fc1568165241349fc546d4f0fb5c8024453b96df6dd2e1
4492
4493 KDF = TLS13-KDF
4494 Ctrl.mode = mode:EXPAND_ONLY
4495 Ctrl.digest = digest:SHA2-384
4496 Ctrl.key = hexkey:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c
4497 Ctrl.data = hexdata:50543ddbf93cb27df7d958cc31bc88a74e459bc19ad3a2454436618b5145ca1dbe921c164e8453194e94b79cf0b5a0d2
4498 Ctrl.prefix = hexprefix:746c73313320
4499 Ctrl.label = hexlabel:732068732074726166666963
4500 Output = 3d9858bf41c9e22fc524227a645f3782fbee662c900b2fb1888427a72117ac0fb1e013162bff6bbaa3f5f1547eec7be2
4501
4502 KDF = TLS13-KDF
4503 Ctrl.mode = mode:EXTRACT_ONLY
4504 Ctrl.digest = digest:SHA2-384
4505 Ctrl.salt = hexsalt:0b4028bb1c50c64620b0595cb2c77a43d4d729245d0502a00c76740cc195e320b13086af43cd21ecbcbe7d926fca496c
4506 Ctrl.prefix = hexprefix:746c73313320
4507 Ctrl.label = hexlabel:64657269766564
4508 Output = 9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474
4509
4510 KDF = TLS13-KDF
4511 Ctrl.mode = mode:EXPAND_ONLY
4512 Ctrl.digest = digest:SHA2-384
4513 Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474
4514 Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1
4515 Ctrl.prefix = hexprefix:746c73313320
4516 Ctrl.label = hexlabel:632061702074726166666963
4517 Output = 64477d25734889a7062ccd36d73e3ae3ce4a416efc4ca6e625b79052a1db24c285e34c8cdf31656c8323ab9ce44ad4df
4518
4519 KDF = TLS13-KDF
4520 Ctrl.mode = mode:EXPAND_ONLY
4521 Ctrl.digest = digest:SHA2-384
4522 Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474
4523 Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1
4524 Ctrl.prefix = hexprefix:746c73313320
4525 Ctrl.label = hexlabel:732061702074726166666963
4526 Output = e0036e688f3a556a15ffe19fe2795913d9f499ffd3919d9107ae062066b53f5395486bee26e8f9892616e2c99cced28d
4527
4528 KDF = TLS13-KDF
4529 Ctrl.mode = mode:EXPAND_ONLY
4530 Ctrl.digest = digest:SHA2-384
4531 Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474
4532 Ctrl.data = hexdata:4b857ace793fce3accfb9444de7aee6803e0decdd3f457bef0b1d4dd6447359eeaf3c9a284622aa0731b7cd888897bd1
4533 Ctrl.prefix = hexprefix:746c73313320
4534 Ctrl.label = hexlabel:657870206d6173746572
4535 Output = 2c1f8cd1719ce51ff646c6fc92a5763ec5ff6902400dd012bf880087370033b00650ba4ae3b3681881d6cc591ed5641c
4536
4537 KDF = TLS13-KDF
4538 Ctrl.mode = mode:EXPAND_ONLY
4539 Ctrl.digest = digest:SHA2-384
4540 Ctrl.key = hexkey:9a758229844cc9b3de5cf554bc5984b959269773f937deefd0ee58ed0d719a978b7d16a7770d23510b27978a70281474
4541 Ctrl.data = hexdata:43fbbfe6d001f7ac624624c609ba92441e04aa4c0fef40654b82e01b72a791e80618e175d22fe6b5ab5c178f7667e867
4542 Ctrl.prefix = hexprefix:746c73313320
4543 Ctrl.label = hexlabel:726573206d6173746572
4544 Output = a2495c69d4cc3b35dbfee989ae9455415705935a77651a37385b67908eaed40c071208755018bec80a6c34bd64406710
4545
4546 # New TLS 1.3 session starts here
4547
4548 KDF = TLS13-KDF
4549 Ctrl.mode = mode:EXTRACT_ONLY
4550 Ctrl.digest = digest:SHA2-384
4551 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4552
4553 KDF = TLS13-KDF
4554 Ctrl.mode = mode:EXPAND_ONLY
4555 Ctrl.digest = digest:SHA2-384
4556 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4557 Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5
4558 Ctrl.prefix = hexprefix:746c73313320
4559 Ctrl.label = hexlabel:6320652074726166666963
4560 Output = ad0645846c685bc37094123403a2a7f7caec78e687b185e1496f655d254f3bcffd04bc29e2b2dc04d8ec8e9f11ddfcf4
4561
4562 KDF = TLS13-KDF
4563 Ctrl.mode = mode:EXPAND_ONLY
4564 Ctrl.digest = digest:SHA2-384
4565 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4566 Ctrl.data = hexdata:e7b076d704091b4080952316270481f229c5e7bcffcecbe6eaa9c418230419dbd442fbfa6c89d12c8ba0090f89d90de5
4567 Ctrl.prefix = hexprefix:746c73313320
4568 Ctrl.label = hexlabel:6520657870206d6173746572
4569 Output = ba83f794ed25e29fe7aeff5b542457fc3e90e4c3acc980110ba95a2e4652afedb25787b265972892002369b894516231
4570
4571 KDF = TLS13-KDF
4572 Ctrl.mode = mode:EXTRACT_ONLY
4573 Ctrl.digest = digest:SHA2-384
4574 Ctrl.key = hexkey:0b8a848caaab3159494881a4dd372009485dafc170fc11648bfe829f9001dc63
4575 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4576 Ctrl.prefix = hexprefix:746c73313320
4577 Ctrl.label = hexlabel:64657269766564
4578 Output = f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18
4579
4580 KDF = TLS13-KDF
4581 Ctrl.mode = mode:EXPAND_ONLY
4582 Ctrl.digest = digest:SHA2-384
4583 Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18
4584 Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755
4585 Ctrl.prefix = hexprefix:746c73313320
4586 Ctrl.label = hexlabel:632068732074726166666963
4587 Output = 3a3c7ba28192268cb293a348092bcda2d8b60428b3c3a0bb4317d0ed5a1111a3054f4aa514beb79e31121e91965e9e80
4588
4589 KDF = TLS13-KDF
4590 Ctrl.mode = mode:EXPAND_ONLY
4591 Ctrl.digest = digest:SHA2-384
4592 Ctrl.key = hexkey:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18
4593 Ctrl.data = hexdata:7f892b8cb527cf479711cd127c69152c6ef32aae37a48b6e4160c04190adbc6b8bbaff775ab8edb59284d1c86d277755
4594 Ctrl.prefix = hexprefix:746c73313320
4595 Ctrl.label = hexlabel:732068732074726166666963
4596 Output = 731e40db136f53384be606574f940d789c5be823c28727d46817b628ee9b836696d50d064298f89ee80d2adfc092ce72
4597
4598 KDF = TLS13-KDF
4599 Ctrl.mode = mode:EXTRACT_ONLY
4600 Ctrl.digest = digest:SHA2-384
4601 Ctrl.salt = hexsalt:f5b03496a24c3331f58bf6a3435abc614b796bcaef11b65f104ce3855261b20b7a07b1592f025bc8ec2d9b5f35644e18
4602 Ctrl.prefix = hexprefix:746c73313320
4603 Ctrl.label = hexlabel:64657269766564
4604 Output = 509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071
4605
4606 KDF = TLS13-KDF
4607 Ctrl.mode = mode:EXPAND_ONLY
4608 Ctrl.digest = digest:SHA2-384
4609 Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071
4610 Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90
4611 Ctrl.prefix = hexprefix:746c73313320
4612 Ctrl.label = hexlabel:632061702074726166666963
4613 Output = cd593873f98049f9729edb4562ca7cc434142f633a098c0119be0931cdb78d084d3daa01d7a46526d1d2fc1b04b918b2
4614
4615 KDF = TLS13-KDF
4616 Ctrl.mode = mode:EXPAND_ONLY
4617 Ctrl.digest = digest:SHA2-384
4618 Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071
4619 Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90
4620 Ctrl.prefix = hexprefix:746c73313320
4621 Ctrl.label = hexlabel:732061702074726166666963
4622 Output = 38b5ff48b24cfd296919ecb290f774f02a56d247430c8cdb4615d1a4d9c80ae08fef8a4f5c06d1d566ce34dcbbd8f9c4
4623
4624 KDF = TLS13-KDF
4625 Ctrl.mode = mode:EXPAND_ONLY
4626 Ctrl.digest = digest:SHA2-384
4627 Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071
4628 Ctrl.data = hexdata:d71bf2f002c654eccad8225a97d877ea38f40b67dd30040658419e9caf579d8ae349883f5299bf54aba0f61d971b7f90
4629 Ctrl.prefix = hexprefix:746c73313320
4630 Ctrl.label = hexlabel:657870206d6173746572
4631 Output = 6a25ad33e7a00d1fd2336d16c00068e0ac0bdb155b2035248cd9c10c4d8f7806adc26a34fcefe4cf958351d8af04454e
4632
4633 KDF = TLS13-KDF
4634 Ctrl.mode = mode:EXPAND_ONLY
4635 Ctrl.digest = digest:SHA2-384
4636 Ctrl.key = hexkey:509df878e86b4eb004ea2ac7228d26612ff3f284ca112a039390e12ffef7270c84adaf41451e75699ae08dc2efa02071
4637 Ctrl.data = hexdata:377bd75f1a7f42975c10046c29884917dc101db1b42d0b56ae55f3fe64b19ad9b4538fb70d99cf4e48d23787538f1542
4638 Ctrl.prefix = hexprefix:746c73313320
4639 Ctrl.label = hexlabel:726573206d6173746572
4640 Output = 73b00fb31a4c8f1e2db8ae1dcab522b0db44b1cbee4c2bb79cf59df1818c516dbbc5f060c3235a2baab8b285c5947cfe
4641
4642 # New TLS 1.3 session starts here
4643
4644 KDF = TLS13-KDF
4645 Ctrl.mode = mode:EXTRACT_ONLY
4646 Ctrl.digest = digest:SHA2-384
4647 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4648
4649 KDF = TLS13-KDF
4650 Ctrl.mode = mode:EXPAND_ONLY
4651 Ctrl.digest = digest:SHA2-384
4652 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4653 Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a
4654 Ctrl.prefix = hexprefix:746c73313320
4655 Ctrl.label = hexlabel:6320652074726166666963
4656 Output = bb79c15599851619e575397c9e10951c49c840f30ec15e3320f600be6eac5d899bc1236f170254ce292765e853cc0459
4657
4658 KDF = TLS13-KDF
4659 Ctrl.mode = mode:EXPAND_ONLY
4660 Ctrl.digest = digest:SHA2-384
4661 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4662 Ctrl.data = hexdata:d12079d043237f25e320c42aa4f189e013b2301cd2cae46709b3fc236b1b55052948e90cd57dd3346974dabe61a0e28a
4663 Ctrl.prefix = hexprefix:746c73313320
4664 Ctrl.label = hexlabel:6520657870206d6173746572
4665 Output = 9acbe9f41e06ae8f628277e9bf5f3cc8bb35586ccc1be1e0ab73199c674e156a3d72940e77f6df3c8e07728bc9c75ff6
4666
4667 KDF = TLS13-KDF
4668 Ctrl.mode = mode:EXTRACT_ONLY
4669 Ctrl.digest = digest:SHA2-384
4670 Ctrl.key = hexkey:7ed65de5e19dae7c8ecbcfe1c85cedda4c0e0320bbfa863cf8f7123a45b7454b
4671 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4672 Ctrl.prefix = hexprefix:746c73313320
4673 Ctrl.label = hexlabel:64657269766564
4674 Output = 2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f
4675
4676 KDF = TLS13-KDF
4677 Ctrl.mode = mode:EXPAND_ONLY
4678 Ctrl.digest = digest:SHA2-384
4679 Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f
4680 Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174
4681 Ctrl.prefix = hexprefix:746c73313320
4682 Ctrl.label = hexlabel:632068732074726166666963
4683 Output = 8097220d31a4dd82ceefcf40e805b314f9b7f25b246da9397a1417379e8ee08ee9f41dda7081945a7c1a6eb4a6a09296
4684
4685 KDF = TLS13-KDF
4686 Ctrl.mode = mode:EXPAND_ONLY
4687 Ctrl.digest = digest:SHA2-384
4688 Ctrl.key = hexkey:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f
4689 Ctrl.data = hexdata:99ffe011dc3a2f66aa5db47f4cbef2e2bf4619b4d25a830f859b13dbb1f8c1ae6007bf27616e9c45d8adae4d98c8e174
4690 Ctrl.prefix = hexprefix:746c73313320
4691 Ctrl.label = hexlabel:732068732074726166666963
4692 Output = 1fc2a842d11076c62432ddbc065a73c7a022d65cc382aefc74ebc07b95cff1dba2422cbd5ddf7e47ce9f9738c8deb5d1
4693
4694 KDF = TLS13-KDF
4695 Ctrl.mode = mode:EXTRACT_ONLY
4696 Ctrl.digest = digest:SHA2-384
4697 Ctrl.salt = hexsalt:2beb905b5a41a4b60b903ec139a6dbd1c45ce4d31ff3af34b73ad31dec77838777b0ed0c62c816863982939bce20ff2f
4698 Ctrl.prefix = hexprefix:746c73313320
4699 Ctrl.label = hexlabel:64657269766564
4700 Output = 60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1
4701
4702 KDF = TLS13-KDF
4703 Ctrl.mode = mode:EXPAND_ONLY
4704 Ctrl.digest = digest:SHA2-384
4705 Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1
4706 Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6
4707 Ctrl.prefix = hexprefix:746c73313320
4708 Ctrl.label = hexlabel:632061702074726166666963
4709 Output = 0eaef4e848bbd1927ff4263a9a6cf67ea1dd0c00af88cc00e31714387fe5706a2415fdc939a6167cbdc89fd9133ccca1
4710
4711 KDF = TLS13-KDF
4712 Ctrl.mode = mode:EXPAND_ONLY
4713 Ctrl.digest = digest:SHA2-384
4714 Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1
4715 Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6
4716 Ctrl.prefix = hexprefix:746c73313320
4717 Ctrl.label = hexlabel:732061702074726166666963
4718 Output = ed0cce2c375b1690d5940de879205a6c859cc81904c1f9da882ba559bfb8fbcd7b24b3a6f58947d21a8023aced8ae156
4719
4720 KDF = TLS13-KDF
4721 Ctrl.mode = mode:EXPAND_ONLY
4722 Ctrl.digest = digest:SHA2-384
4723 Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1
4724 Ctrl.data = hexdata:b207273145e7c5e17f9f088f23e271166d822b7d1850efe3641015560379312cef900012ae06bd1b97c423a6f4cacfe6
4725 Ctrl.prefix = hexprefix:746c73313320
4726 Ctrl.label = hexlabel:657870206d6173746572
4727 Output = 03f29110d0c506ff9306ef46b3ef76366fa5fc9e28f6aff85272bba972ba93590326b11677a4b9e5c320db84888a2b5d
4728
4729 KDF = TLS13-KDF
4730 Ctrl.mode = mode:EXPAND_ONLY
4731 Ctrl.digest = digest:SHA2-384
4732 Ctrl.key = hexkey:60651bc199972f8e1b97a2286d744bc9f5832cf28191ac6ce09135ca3ce3f2bd09e8b98052da27a1c5b1a425b5785de1
4733 Ctrl.data = hexdata:6c6c915c1256ed57209751aa4850daa7454819858a0fedb12c373a7037abc50c7b547cdfd32c33cb8f6138c088165e61
4734 Ctrl.prefix = hexprefix:746c73313320
4735 Ctrl.label = hexlabel:726573206d6173746572
4736 Output = 52abe73f22784e9e5af068f7f3ded581bc5950c1a0923a0ea47a3357f8bfcf7f071b3178ec320a91f82286a81bfa3c43
4737
4738 # New TLS 1.3 session starts here
4739
4740 KDF = TLS13-KDF
4741 Ctrl.mode = mode:EXTRACT_ONLY
4742 Ctrl.digest = digest:SHA2-384
4743 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4744
4745 KDF = TLS13-KDF
4746 Ctrl.mode = mode:EXPAND_ONLY
4747 Ctrl.digest = digest:SHA2-384
4748 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4749 Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7
4750 Ctrl.prefix = hexprefix:746c73313320
4751 Ctrl.label = hexlabel:6320652074726166666963
4752 Output = 40bff2dcbdee9a8b61f55017319943a546398712bb8a966ce898169d5802f49db9e5358a41ad2f2aef4897853267e92d
4753
4754 KDF = TLS13-KDF
4755 Ctrl.mode = mode:EXPAND_ONLY
4756 Ctrl.digest = digest:SHA2-384
4757 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4758 Ctrl.data = hexdata:3cf57a8d291350ce24d8633b603e2f0c515bc01c62540ad48a0abee30a49492cc3aa0e5a46fb514ea7af86f0ad0079f7
4759 Ctrl.prefix = hexprefix:746c73313320
4760 Ctrl.label = hexlabel:6520657870206d6173746572
4761 Output = 954fb227097f71dcbd9acea908bcefab365bafeb4f0fbe1185511c75fa9d5cf935e2d9e3f0ac3a4327931a6cf0e142b5
4762
4763 KDF = TLS13-KDF
4764 Ctrl.mode = mode:EXTRACT_ONLY
4765 Ctrl.digest = digest:SHA2-384
4766 Ctrl.key = hexkey:1bfc5d5773f74aa53facc022cd186a00cabb76e156d2ea1abfb0f4889f4c129d
4767 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4768 Ctrl.prefix = hexprefix:746c73313320
4769 Ctrl.label = hexlabel:64657269766564
4770 Output = f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7
4771
4772 KDF = TLS13-KDF
4773 Ctrl.mode = mode:EXPAND_ONLY
4774 Ctrl.digest = digest:SHA2-384
4775 Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7
4776 Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e
4777 Ctrl.prefix = hexprefix:746c73313320
4778 Ctrl.label = hexlabel:632068732074726166666963
4779 Output = 31d469f1dc7fe92aa00eae4bc9ce3f625b00add7194bd40ed1e2ea8fc1ea653b458002ad4f7644e80c2dd9ad2c4930e3
4780
4781 KDF = TLS13-KDF
4782 Ctrl.mode = mode:EXPAND_ONLY
4783 Ctrl.digest = digest:SHA2-384
4784 Ctrl.key = hexkey:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7
4785 Ctrl.data = hexdata:10bd98a2468a46f79b5e797a93e153d64cbaacc2b7b52fb62c492d695bd230c758fc290a504161f0f2372ead3f4eda2e
4786 Ctrl.prefix = hexprefix:746c73313320
4787 Ctrl.label = hexlabel:732068732074726166666963
4788 Output = 50a9866eff7c6875dff61dba25eab5d6fa4f73b4be5dd257fa6697f987c5fd2cd7e45c539939611f9255e99708a8763c
4789
4790 KDF = TLS13-KDF
4791 Ctrl.mode = mode:EXTRACT_ONLY
4792 Ctrl.digest = digest:SHA2-384
4793 Ctrl.salt = hexsalt:f2821923edba8641e31acd28f2c3617dc88aa10831fc605387ccbdfa1c5ede00e6df4a13c75d9ede1d8296ea24a92ed7
4794 Ctrl.prefix = hexprefix:746c73313320
4795 Ctrl.label = hexlabel:64657269766564
4796 Output = 4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93
4797
4798 KDF = TLS13-KDF
4799 Ctrl.mode = mode:EXPAND_ONLY
4800 Ctrl.digest = digest:SHA2-384
4801 Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93
4802 Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5
4803 Ctrl.prefix = hexprefix:746c73313320
4804 Ctrl.label = hexlabel:632061702074726166666963
4805 Output = 4e48ccc5baf9fef7faca6b6488554afecdfe95aafe1735ad7132dfca679a398cb292072a20b3d654e77d4f4088c3c442
4806
4807 KDF = TLS13-KDF
4808 Ctrl.mode = mode:EXPAND_ONLY
4809 Ctrl.digest = digest:SHA2-384
4810 Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93
4811 Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5
4812 Ctrl.prefix = hexprefix:746c73313320
4813 Ctrl.label = hexlabel:732061702074726166666963
4814 Output = b6216139c37365152a9212fd9c1c196722aed27e18f9e3d7b1e85b4a4c1138a1b1067b232047bb64b87b3f929678e920
4815
4816 KDF = TLS13-KDF
4817 Ctrl.mode = mode:EXPAND_ONLY
4818 Ctrl.digest = digest:SHA2-384
4819 Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93
4820 Ctrl.data = hexdata:c0c2d49e4fe8e5b14d557020548dec84b474bab505ef5e9e46c9ba774653286da331debce0b20d45bf216ae2e14879c5
4821 Ctrl.prefix = hexprefix:746c73313320
4822 Ctrl.label = hexlabel:657870206d6173746572
4823 Output = e6613af88be1d9293810ab50aad497da17e5225f7b8a164101220eb6550a244400b4da5b452e9b9e1a23d97c0af675bd
4824
4825 KDF = TLS13-KDF
4826 Ctrl.mode = mode:EXPAND_ONLY
4827 Ctrl.digest = digest:SHA2-384
4828 Ctrl.key = hexkey:4dbdcccdd2385d8b13dc59db55873d94524331a127e73e88cbcfec756a5b535ae7d7dd8ff73d48cd85fba01b66022b93
4829 Ctrl.data = hexdata:f3344607473544b81c603c2e454a746a8a4be1c160de9e179d3a18d7992e8e81b26e614915194a49559a5af162266469
4830 Ctrl.prefix = hexprefix:746c73313320
4831 Ctrl.label = hexlabel:726573206d6173746572
4832 Output = f736aaa47bf602b96fa971f98110c76919b88e460cb9e0dc6ed39135e204638b3c00ed9bc5e7e4f66c90339a515cc76e
4833
4834 # New TLS 1.3 session starts here
4835
4836 KDF = TLS13-KDF
4837 Ctrl.mode = mode:EXTRACT_ONLY
4838 Ctrl.digest = digest:SHA2-384
4839 Output = 7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4840
4841 KDF = TLS13-KDF
4842 Ctrl.mode = mode:EXPAND_ONLY
4843 Ctrl.digest = digest:SHA2-384
4844 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4845 Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe
4846 Ctrl.prefix = hexprefix:746c73313320
4847 Ctrl.label = hexlabel:6320652074726166666963
4848 Output = 9c5f3f76bd2ec1e2cce62de12f6502c3588e52585d1cb2d35d4b4ca80cb98acd77b545275fd1021118c41b13ec14faca
4849
4850 KDF = TLS13-KDF
4851 Ctrl.mode = mode:EXPAND_ONLY
4852 Ctrl.digest = digest:SHA2-384
4853 Ctrl.key = hexkey:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4854 Ctrl.data = hexdata:1b49e91af94aa5b311518149a28aba1a0f22dfefb7e9cb1e38cae86451cbcebda3f94193398ae2b109831fc4ce3b6dfe
4855 Ctrl.prefix = hexprefix:746c73313320
4856 Ctrl.label = hexlabel:6520657870206d6173746572
4857 Output = a4a4fe8b35f44a35be31b532937514de2f79a7fa0db63241463ec04be6eb2e56288d579af1160c12d5218e42c921cfb3
4858
4859 KDF = TLS13-KDF
4860 Ctrl.mode = mode:EXTRACT_ONLY
4861 Ctrl.digest = digest:SHA2-384
4862 Ctrl.key = hexkey:219eb41da6bbbe2f14de92589983c15c6b84119ce6c515f32d1850835d73e8d6
4863 Ctrl.salt = hexsalt:7ee8206f5570023e6dc7519eb1073bc4e791ad37b5c382aa10ba18e2357e716971f9362f2c2fe2a76bfd78dfec4ea9b5
4864 Ctrl.prefix = hexprefix:746c73313320
4865 Ctrl.label = hexlabel:64657269766564
4866 Output = 431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717
4867
4868 KDF = TLS13-KDF
4869 Ctrl.mode = mode:EXPAND_ONLY
4870 Ctrl.digest = digest:SHA2-384
4871 Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717
4872 Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d
4873 Ctrl.prefix = hexprefix:746c73313320
4874 Ctrl.label = hexlabel:632068732074726166666963
4875 Output = 9cd9027a2964c3b088f7f7b870b1fe8a490f08951228e28dbddd6fcece8871d4f76d087caf4eea780707d4094f7c6d3c
4876
4877 KDF = TLS13-KDF
4878 Ctrl.mode = mode:EXPAND_ONLY
4879 Ctrl.digest = digest:SHA2-384
4880 Ctrl.key = hexkey:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717
4881 Ctrl.data = hexdata:5b83ca74e83eacdda37b6a858e8bc05af8723e926ede3af9306a5d5057242b4cec28cfc092b31096ef52856ddec7d96d
4882 Ctrl.prefix = hexprefix:746c73313320
4883 Ctrl.label = hexlabel:732068732074726166666963
4884 Output = 77e5a6b8b7f8ecd805953b2fe7a0e71ede9216d09a6d7f82aecc9bf30c60039c7571164d192f5a1df0a4960afe8cc0d8
4885
4886 KDF = TLS13-KDF
4887 Ctrl.mode = mode:EXTRACT_ONLY
4888 Ctrl.digest = digest:SHA2-384
4889 Ctrl.salt = hexsalt:431b7156622cc17132aa45139f01c9516abd140a5b15f7bac80be758f3447e7a31213aa83c6fc6e84436447b3c4dc717
4890 Ctrl.prefix = hexprefix:746c73313320
4891 Ctrl.label = hexlabel:64657269766564
4892 Output = 6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907
4893
4894 KDF = TLS13-KDF
4895 Ctrl.mode = mode:EXPAND_ONLY
4896 Ctrl.digest = digest:SHA2-384
4897 Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907
4898 Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7
4899 Ctrl.prefix = hexprefix:746c73313320
4900 Ctrl.label = hexlabel:632061702074726166666963
4901 Output = be7f1f64963b74fff1aaecb5c9983692d1f2bb3dd71feeddd9f890eeda29d311793ded08b7bd9c4399e5bc20c5ec7d81
4902
4903 KDF = TLS13-KDF
4904 Ctrl.mode = mode:EXPAND_ONLY
4905 Ctrl.digest = digest:SHA2-384
4906 Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907
4907 Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7
4908 Ctrl.prefix = hexprefix:746c73313320
4909 Ctrl.label = hexlabel:732061702074726166666963
4910 Output = eec520009350bd7c53c88bc30bb65e94bdb5a883dd386a454a557c457db49eb3d2725daaa7152fd893fd6367bff5c533
4911
4912 KDF = TLS13-KDF
4913 Ctrl.mode = mode:EXPAND_ONLY
4914 Ctrl.digest = digest:SHA2-384
4915 Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907
4916 Ctrl.data = hexdata:95033d93b572219981af9a974d9cc2d78cde24fb39e13766c304c53597843ff54ab0c91fa6174611b16da5271dce79c7
4917 Ctrl.prefix = hexprefix:746c73313320
4918 Ctrl.label = hexlabel:657870206d6173746572
4919 Output = 0c529fb71c21986c91c4f2d47b5502065ba9ac2ac65559f1db6e1a09b9b36b6f4cbed7bb347a690b5b23c76f77afc6b5
4920
4921 KDF = TLS13-KDF
4922 Ctrl.mode = mode:EXPAND_ONLY
4923 Ctrl.digest = digest:SHA2-384
4924 Ctrl.key = hexkey:6547c5bdc85b07b114ba5146f6eba34092ac27625897146b922d56da379a41bf8011fa8d2e88fa02065677fc7c930907
4925 Ctrl.data = hexdata:5371106674e76ed37b98539d231b84a663abe1818125034e91b2debc4280ba942381c0426e338d43951e5206a09f30d2
4926 Ctrl.prefix = hexprefix:746c73313320
4927 Ctrl.label = hexlabel:726573206d6173746572
4928 Output = 7eacca12e407d32a062bc0aabbcbc9d32953cd50b131fcc63d34e5a4b200347098001b6e43c28a68705edac3c967285b
4929
4930 Title = TLS13-KDF bad mode test
4931
4932 KDF = TLS13-KDF
4933 Ctrl.mode = mode:EXTRACT_AND_EXPAND
4934 Ctrl.digest = digest:SHA256
4935 Result = KDF_CTRL_ERROR
4936
+3
-3
test/recipes/30-test_evp_data/evppkey_kdf_scrypt.txt less more
00 #
1 # Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
1 # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
22 #
33 # Licensed under the Apache License 2.0 (the "License"). You may not use
44 # this file except in compliance with the License. You can obtain a copy
5656 PKEYKDF = scrypt
5757 Ctrl.pass = pass:pleaseletmein
5858 Ctrl.salt = salt:SodiumChloride
59 Ctrl.N = N:1048576
59 Ctrl.N = n:2097152
6060 Ctrl.r = r:8
6161 Ctrl.p = p:1
62 Result = INTERNAL_ERROR
62 Result = KDF_DERIVE_ERROR
+12
-0
test/recipes/30-test_evp_data/evppkey_sm2.txt less more
5252 Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197
5353 Output = "The floofy bunnies hop at midnight"
5454
55 # Test with an C1y value < 32 bytes in length (self generated)
56 Availablein = default
57 Decrypt = SM2_key1
58 Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6
59 Output = "Hello World"
60
61 # Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated)
62 Availablein = default
63 Decrypt = SM2_key1
64 Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533
65 Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah."
66
5567 # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface
5668 # is capable of creating a signature without failing, but it does not say
5769 # anything about the generated signature being valid, nor does it test the
+32
-0
test/recipes/30-test_prov_config.t less more
0 #! /usr/bin/env perl
1 # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
2 #
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
7
8
9 use OpenSSL::Test::Simple;
10 use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir/;
11 use OpenSSL::Test::Utils;
12
13 BEGIN {
14 setup("test_prov_config");
15 }
16
17 use lib srctop_dir('Configurations');
18 use lib bldtop_dir('.');
19
20 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
21
22 plan tests => 2;
23
24 ok(run(test(["prov_config_test", srctop_file("test", "default.cnf")])),
25 "running prov_config_test default.cnf");
26 SKIP: {
27 skip "Skipping FIPS test in this build", 1 if $no_fips;
28
29 ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf")])),
30 "running prov_config_test fips.cnf");
31 }
+2
-2
test/recipes/80-test_cipherbytes.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11 #
2 # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
33 #
44 # Licensed under the Apache License 2.0 (the "License"). You may not use
55 # this file except in compliance with the License. You can obtain a copy
+2
-2
test/recipes/80-test_cipherlist.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11 #
2 # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
33 #
44 # Licensed under the Apache License 2.0 (the "License"). You may not use
55 # this file except in compliance with the License. You can obtain a copy
+2
-2
test/recipes/80-test_ciphername.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11 #
2 # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
2 # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
33 # Copyright 2017 BaishanCloud. All rights reserved.
44 #
55 # Licensed under the Apache License 2.0 (the "License"). You may not use
+1
-1
test/recipes/90-test_includes.t less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 use strict;
33 use warnings;
+10
-7
test/rsa_sp800_56b_test.c less more
00 /*
1 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
103103 return ret;
104104 }
105105
106 /* Check that small rsa exponents are allowed in non FIPS mode */
106107 static int test_check_public_exponent(void)
107108 {
108109 int ret = 0;
109110 BIGNUM *e = NULL;
110111
111112 ret = TEST_ptr(e = BN_new())
112 /* e is too small */
113 && TEST_true(BN_set_word(e, 65535))
113 /* e is too small will fail */
114 && TEST_true(BN_set_word(e, 1))
114115 && TEST_false(ossl_rsa_check_public_exponent(e))
115116 /* e is even will fail */
116117 && TEST_true(BN_set_word(e, 65536))
117118 && TEST_false(ossl_rsa_check_public_exponent(e))
118119 /* e is ok */
120 && TEST_true(BN_set_word(e, 3))
121 && TEST_true(ossl_rsa_check_public_exponent(e))
122 && TEST_true(BN_set_word(e, 17))
123 && TEST_true(ossl_rsa_check_public_exponent(e))
119124 && TEST_true(BN_set_word(e, 65537))
120125 && TEST_true(ossl_rsa_check_public_exponent(e))
121 /* e = 2^256 is too big */
126 /* e = 2^256 + 1 is ok */
122127 && TEST_true(BN_lshift(e, BN_value_one(), 256))
123 && TEST_false(ossl_rsa_check_public_exponent(e))
124 /* e = 2^256-1 is odd and in range */
125 && TEST_true(BN_sub(e, e, BN_value_one()))
128 && TEST_true(BN_add(e, e, BN_value_one()))
126129 && TEST_true(ossl_rsa_check_public_exponent(e));
127130 BN_free(e);
128131 return ret;
+1
-1
test/sm2_internal_test.c less more
182182 if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len))
183183 goto done;
184184
185 if (!TEST_true(ossl_sm2_plaintext_size(key, digest, ctext_len, &ptext_len))
185 if (!TEST_true(ossl_sm2_plaintext_size(ctext, ctext_len, &ptext_len))
186186 || !TEST_int_eq(ptext_len, msg_len))
187187 goto done;
188188
+3
-0
test/smime-certs/ca.cnf less more
00 #
11 # OpenSSL example configuration file for automated certificate creation.
22 #
3
4 # Comment out the next line to ignore configuration errors
5 config_diagnostics = 1
36
47 # This definition stops the following lines choking if HOME or CN
58 # is undefined.
+20
-20
test/sslapitest.c less more
69046904 } info_cb_states[][60] = {
69056905 {
69066906 /* TLSv1.2 server followed by resumption */
6907 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6908 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
6907 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
6908 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
69096909 {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
69106910 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
69116911 {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
69126912 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
69136913 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
69146914 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
6915 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
6915 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"},
69166916 {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
69176917 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
69186918 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
69196919 {SSL_CB_EXIT, NULL}, {0, NULL},
69206920 }, {
69216921 /* TLSv1.2 client followed by resumption */
6922 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6922 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
69236923 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
69246924 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
69256925 {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
69266926 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
69276927 {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
69286928 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
6929 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6929 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
69306930 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
69316931 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
69326932 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
69336933 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
69346934 }, {
69356935 /* TLSv1.3 server followed by resumption */
6936 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6937 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
6936 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
6937 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
69386938 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
6939 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
6939 {SSL_CB_LOOP, "TWSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
69406940 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
69416941 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_LOOP, "TWST"},
69426942 {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
6943 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6944 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
6943 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
6944 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
69456945 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
69466946 {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"},
69476947 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
69486948 {SSL_CB_LOOP, "TWST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
69496949 }, {
69506950 /* TLSv1.3 client followed by resumption */
6951 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6951 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
69526952 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
69536953 {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
69546954 {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
69556955 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
6956 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
6957 {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "},
6958 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
6956 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
6957 {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"},
6958 {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL},
69596959 {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
6960 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
6960 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
69616961 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
69626962 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
69636963 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
6964 {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
6964 {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "TRST"},
69656965 {SSL_CB_EXIT, NULL}, {0, NULL},
69666966 }, {
69676967 /* TLSv1.3 server, early_data */
6968 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6969 {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
6968 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
6969 {SSL_CB_LOOP, "PINIT"}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
69706970 {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
69716971 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
69726972 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
69756975 {SSL_CB_EXIT, NULL}, {0, NULL},
69766976 }, {
69776977 /* TLSv1.3 client, early_data */
6978 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
6978 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT"},
69796979 {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
69806980 {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
69816981 {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
69826982 {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
69836983 {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
69846984 {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
6985 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "},
6985 {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "SSLOK"}, {SSL_CB_LOOP, "SSLOK"},
69866986 {SSL_CB_LOOP, "TRST"}, {SSL_CB_EXIT, NULL}, {0, NULL},
69876987 }, {
69886988 {0, NULL},
+7
-0
test/sysdefault.cnf less more
00 # Configuration file to test system default SSL configuration
1
2 # Comment out the next line to ignore configuration errors
3 config_diagnostics = 1
14
25 openssl_conf = default_conf
36
47 [ default_conf ]
58
69 ssl_conf = ssl_sect
10 oid_section = oid_sect
11
12 [oid_sect]
13 new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1
714
815 [ssl_sect]
916
+56
-1
test/x509_internal_test.c less more
00 /*
1 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
1 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
22 *
33 * Licensed under the Apache License 2.0 (the "License"). You may not use
44 * this file except in compliance with the License. You can obtain a copy
4747 return good;
4848 }
4949
50 typedef struct {
51 const char *ipasc;
52 const char *data;
53 int length;
54 } IP_TESTDATA;
55
56 static IP_TESTDATA a2i_ipaddress_tests[] = {
57 {"127.0.0.1", "\x7f\x00\x00\x01", 4},
58 {"1.2.3.4", "\x01\x02\x03\x04", 4},
59 {"1.2.3.255", "\x01\x02\x03\xff", 4},
60 {"1.2.3", NULL, 0},
61 {"1.2.3 .4", NULL, 0},
62
63 {"::1", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16},
64 {"1:1:1:1:1:1:1:1", "\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01", 16},
65 {"2001:db8::ff00:42:8329", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\xff\x00\x00\x42\x83\x29", 16},
66 {"1:1:1:1:1:1:1:1.test", NULL, 0},
67 {":::1", NULL, 0},
68 {"2001::123g", NULL, 0},
69
70 {"example.test", NULL, 0},
71 {"", NULL, 0},
72
73 {"1.2.3.4 ", "\x01\x02\x03\x04", 4},
74 {" 1.2.3.4", "\x01\x02\x03\x04", 4},
75 {" 1.2.3.4 ", "\x01\x02\x03\x04", 4},
76 {"1.2.3.4.example.test", NULL, 0},
77 };
78
79
80 static int test_a2i_ipaddress(int idx)
81 {
82 int good = 1;
83 ASN1_OCTET_STRING *ip;
84 int len = a2i_ipaddress_tests[idx].length;
85
86 ip = a2i_IPADDRESS(a2i_ipaddress_tests[idx].ipasc);
87 if (len == 0) {
88 if (!TEST_ptr_null(ip)) {
89 good = 0;
90 TEST_note("'%s' should not be parsed as IP address", a2i_ipaddress_tests[idx].ipasc);
91 }
92 } else {
93 if (!TEST_ptr(ip)
94 || !TEST_int_eq(ASN1_STRING_length(ip), len)
95 || !TEST_mem_eq(ASN1_STRING_get0_data(ip), len,
96 a2i_ipaddress_tests[idx].data, len)) {
97 good = 0;
98 }
99 }
100 ASN1_OCTET_STRING_free(ip);
101 return good;
102 }
103
50104 int setup_tests(void)
51105 {
52106 ADD_TEST(test_standard_exts);
107 ADD_ALL_TESTS(test_a2i_ipaddress, OSSL_NELEM(a2i_ipaddress_tests));
53108 return 1;
54109 }
+6
-4
test/x509_time_test.c less more
381381
382382 /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
383383 if (t != NULL && x509_format_tests[idx].expected_string) {
384 if (!TEST_str_eq((const char *)t->data,
385 x509_format_tests[idx].expected_string)) {
386 TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n",
387 idx, x509_format_tests[idx].expected_string, t->data);
384 if (!TEST_mem_eq((const char *)t->data, t->length,
385 x509_format_tests[idx].expected_string,
386 strlen(x509_format_tests[idx].expected_string))) {
387 TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n",
388 idx, x509_format_tests[idx].expected_string, t->length,
389 t->data);
388390 goto out;
389391 }
390392 }
+74
-40
util/add-depends.pl less more
2222 my $debug = $ENV{ADD_DEPENDS_DEBUG};
2323 my $buildfile = $config{build_file};
2424 my $build_mtime = (stat($buildfile))[9];
25 my $configdata_mtime = (stat('configdata.pm'))[9];
2526 my $rebuild = 0;
2627 my $depext = $target{dep_extension} || ".d";
2728 my @depfiles =
2930 grep {
3031 # This grep has side effects. Not only does if check the existence
3132 # of the dependency file given in $_, but it also checks if it's
32 # newer than the build file, and if it is, sets $rebuild.
33 # newer than the build file or older than configdata.pm, and if it
34 # is, sets $rebuild.
3335 my @st = stat($_);
34 $rebuild = 1 if @st && $st[9] > $build_mtime;
36 $rebuild = 1
37 if @st && ($st[9] > $build_mtime || $st[9] < $configdata_mtime);
3538 scalar @st > 0; # Determines the grep result
3639 }
3740 map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
6871 keys %{$unified_info{generate}};
6972
7073 my %procedures = (
71 'gcc' => undef, # gcc style dependency files needs no mods
74 'gcc' =>
75 sub {
76 (my $objfile = shift) =~ s|\.d$|.o|i;
77 my $line = shift;
78
79 # Remove the original object file
80 $line =~ s|^.*\.o: | |;
81 # All we got now is a dependency, shave off surrounding spaces
82 $line =~ s/^\s+//;
83 $line =~ s/\s+$//;
84 # Also, shave off any continuation
85 $line =~ s/\s*\\$//;
86
87 # Split the line into individual header files, and keep those
88 # that exist in some form
89 my @headers;
90 for (split(/\s+/, $line)) {
91 my $x = rel2abs($_);
92
93 if (!$depconv_cache{$x}) {
94 if (-f $x) {
95 $depconv_cache{$x} = $_;
96 }
97 }
98
99 if ($depconv_cache{$x}) {
100 push @headers, $_;
101 } else {
102 print STDERR "DEBUG[$producer]: ignoring $objfile <- $line\n"
103 if $debug;
104 }
105 }
106 return ($objfile, join(' ', @headers)) if @headers;
107 return undef;
108 },
72109 'makedepend' =>
73110 sub {
74111 # makedepend, in its infinite wisdom, wants to have the object file
148185 # mappings for generated headers, we only need to deal
149186 # with the source tree.
150187 if ($dep =~ s|^\Q$abs_srcdir_shaved\E([\.>\]])?|$srcdir_shaved$1|i) {
151 $depconv_cache{$line} = $dep;
188 # Also check that the header actually exists
189 if (-f $line) {
190 $depconv_cache{$line} = $dep;
191 }
152192 }
153193 }
154194 return ($objfile, $depconv_cache{$line})
200240 # mappings for generated headers, we only need to deal
201241 # with the source tree.
202242 if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) {
203 $depconv_cache{$tail} = $dep;
243 # Also check that the header actually exists
244 if (-f $line) {
245 $depconv_cache{$tail} = $dep;
246 }
204247 }
205248 }
206249 return ($objfile, '"'.$depconv_cache{$tail}.'"')
246289 # mappings for generated headers, we only need to deal
247290 # with the source tree.
248291 if ($dep =~ s|^\Q$abs_srcdir\E\\|\$(SRCDIR)\\|i) {
249 $depconv_cache{$tail} = $dep;
292 # Also check that the header actually exists
293 if (-f $line) {
294 $depconv_cache{$tail} = $dep;
295 }
250296 }
251297 }
252298 return ($objfile, '"'.$depconv_cache{$tail}.'"')
259305 },
260306 );
261307 my %continuations = (
262 'gcc' => undef,
308 'gcc' => "\\",
263309 'makedepend' => "\\",
264310 'VMS C' => "-",
265311 'VC' => "\\",
275321 my $buildfile_new = "$buildfile-$$";
276322
277323 my %collect = ();
278 if (defined $procedure) {
279 foreach my $depfile (@depfiles) {
280 open IDEP,$depfile or die "Trying to read $depfile: $!\n";
281 while (<IDEP>) {
282 s|\R$||; # The better chomp
283 my ($target, $deps) = $procedure->($depfile, $_);
284 $collect{$target}->{$deps} = 1 if defined $target;
285 }
286 close IDEP;
324 foreach my $depfile (@depfiles) {
325 open IDEP,$depfile or die "Trying to read $depfile: $!\n";
326 while (<IDEP>) {
327 s|\R$||; # The better chomp
328 my ($target, $deps) = $procedure->($depfile, $_);
329 $collect{$target}->{$deps} = 1 if defined $target;
287330 }
331 close IDEP;
288332 }
289333
290334 open IBF, $buildfile or die "Trying to read $buildfile: $!\n";
297341
298342 print OBF "# DO NOT DELETE THIS LINE -- make depend depends on it.\n";
299343
300 if (defined $procedure) {
301 foreach my $target (sort keys %collect) {
302 my $prefix = $target . ' :';
303 my @deps = sort keys %{$collect{$target}};
304
305 while (@deps) {
306 my $buf = $prefix;
307 $prefix = '';
308
309 while (@deps && ($buf eq ''
310 || length($buf) + length($deps[0]) <= 77)) {
311 $buf .= ' ' . shift @deps;
312 }
313 $buf .= ' '.$continuation if @deps;
314
315 print OBF $buf,"\n" or die "Trying to print: $!\n"
344 foreach my $target (sort keys %collect) {
345 my $prefix = $target . ' :';
346 my @deps = sort keys %{$collect{$target}};
347
348 while (@deps) {
349 my $buf = $prefix;
350 $prefix = '';
351
352 while (@deps && ($buf eq ''
353 || length($buf) + length($deps[0]) <= 77)) {
354 $buf .= ' ' . shift @deps;
316355 }
317 }
318 } else {
319 foreach my $depfile (@depfiles) {
320 open IDEP,$depfile or die "Trying to read $depfile: $!\n";
321 while (<IDEP>) {
322 print OBF or die "Trying to print: $!\n";
323 }
324 close IDEP;
356 $buf .= ' '.$continuation if @deps;
357
358 print OBF $buf,"\n" or die "Trying to print: $!\n"
325359 }
326360 }
327361
+1
-1
util/check-format.pl less more
0 #!/usr/bin/perl
0 #! /usr/bin/env perl
11 #
22 # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
33 # Copyright Siemens AG 2019-2020
+1
-1
util/echo.pl less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 use strict;
33 use warnings;
+2
-2
util/fips-checksums.sh less more
1414 | openssl sha256 -r \
1515 | sed -e "s| \\*stdin| $f|"
1616 ;;
17 *.pl )
17 *.pl )
1818 cat "$f" \
1919 | $HERE/lang-compress.pl 'perl' \
2020 | openssl sha256 -r \
2121 | sed -e "s| \\*stdin| $f|"
2222 ;;
23 *.S )
23 *.S )
2424 cat "$f" \
2525 | $HERE/lang-compress.pl 'S' \
2626 | openssl sha256 -r \
+1
-1
util/fix-deprecation less more
0 #! /usr/bin/perl
0 #! /usr/bin/env perl
11
22 use strict;
33 use warnings;
+2
-2
util/perl/OpenSSL/Template.pm less more
2121
2222 =over 4
2323
24 =item -
24 =item *
2525
2626 The template perl code delimiters (given with the C<DELIMITER> option)
2727 are set to C<{-> and C<-}> by default.
2828
29 =item -
29 =item *
3030
3131 A few extra functions are offered to be used by the template perl code, see
3232 L</Functions>.
+5
-5
util/perl/OpenSSL/config.pm less more
2121 # These control our behavior.
2222 my $DRYRUN;
2323 my $VERBOSE;
24 my $WHERE = dirname($0);
2425 my $WAIT = 1;
25 my $WHERE = dirname($0);
2626
2727 # Machine type, etc., used to determine the platform
2828 my $MACHINE;
451451 [ 'ppc-apple-rhapsody', { target => "rhapsody-ppc" } ],
452452 [ 'ppc-apple-darwin.*',
453453 sub {
454 my $KERNEL_BITS = $ENV{KERNEL_BITS};
454 my $KERNEL_BITS = $ENV{KERNEL_BITS} // '';
455455 my $ISA64 = `sysctl -n hw.optional.64bitops 2>/dev/null`;
456456 if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) {
457457 print <<EOF;
467467 ],
468468 [ 'i.86-apple-darwin.*',
469469 sub {
470 my $KERNEL_BITS = $ENV{KERNEL_BITS};
470 my $KERNEL_BITS = $ENV{KERNEL_BITS} // '';
471471 my $ISA64 = `sysctl -n hw.optional.x86_64 2>/dev/null`;
472472 if ( $ISA64 == 1 && $KERNEL_BITS eq '' ) {
473473 print <<EOF;
483483 ],
484484 [ 'x86_64-apple-darwin.*',
485485 sub {
486 my $KERNEL_BITS = $ENV{KERNEL_BITS};
486 my $KERNEL_BITS = $ENV{KERNEL_BITS} // '';
487487 return { target => "darwin-i386" } if $KERNEL_BITS eq '32';
488488
489489 print <<EOF;
531531 ],
532532 [ 'ppc64-.*-linux2',
533533 sub {
534 my $KERNEL_BITS = $ENV{KERNEL_BITS};
534 my $KERNEL_BITS = $ENV{KERNEL_BITS} // '';
535535 if ( $KERNEL_BITS eq '' ) {
536536 print <<EOF;
537537 WARNING! To build 64-bit package, do this: