From e05513b5aec24f88012b6e3034115b6bc915356a Mon Sep 17 00:00:00 2001
From: Tim Condon <0xTim@users.noreply.github.com>
Date: Wed, 21 Feb 2024 12:11:05 +0000
Subject: [PATCH] Update BoringSSL (#134)
* Update vend script
* Fix ASM script
* Update BoringSSL
* Update RSA key
* Adjust whitespace and add explicit access modifier
* Update README header
---------
Co-authored-by: Paul
---
Package.swift | 15 +-
README.md | 34 +-
.../CJWTKitBoringSSL/crypto/asn1/a_gentm.c | 12 +-
.../CJWTKitBoringSSL/crypto/asn1/a_mbstr.c | 18 +-
.../CJWTKitBoringSSL/crypto/asn1/a_strex.c | 43 +-
.../CJWTKitBoringSSL/crypto/asn1/a_strnid.c | 10 +-
Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c | 37 +-
Sources/CJWTKitBoringSSL/crypto/asn1/a_type.c | 20 +-
.../CJWTKitBoringSSL/crypto/asn1/a_utctm.c | 17 +-
.../CJWTKitBoringSSL/crypto/asn1/asn1_lib.c | 14 +-
.../CJWTKitBoringSSL/crypto/asn1/internal.h | 13 +-
.../CJWTKitBoringSSL/crypto/asn1/posix_time.c | 91 +-
.../CJWTKitBoringSSL/crypto/asn1/tasn_dec.c | 6 +-
.../CJWTKitBoringSSL/crypto/asn1/tasn_enc.c | 7 +-
.../CJWTKitBoringSSL/crypto/asn1/tasn_new.c | 17 +-
.../CJWTKitBoringSSL/crypto/base64/base64.c | 7 +-
Sources/CJWTKitBoringSSL/crypto/bio/bio.c | 41 +-
Sources/CJWTKitBoringSSL/crypto/bio/bio_mem.c | 15 +-
Sources/CJWTKitBoringSSL/crypto/bio/connect.c | 19 +-
.../crypto/{x509/x_info.c => bio/errno.c} | 66 +-
Sources/CJWTKitBoringSSL/crypto/bio/fd.c | 54 +-
Sources/CJWTKitBoringSSL/crypto/bio/file.c | 31 +-
.../CJWTKitBoringSSL/crypto/bio/internal.h | 22 +-
Sources/CJWTKitBoringSSL/crypto/bio/pair.c | 5 +-
Sources/CJWTKitBoringSSL/crypto/bio/socket.c | 8 +-
.../crypto/bio/socket_helper.c | 13 +-
.../crypto/bn_extra/convert.c | 8 +
Sources/CJWTKitBoringSSL/crypto/buf/buf.c | 12 +-
.../CJWTKitBoringSSL/crypto/bytestring/ber.c | 15 +-
.../CJWTKitBoringSSL/crypto/bytestring/cbb.c | 54 +-
.../CJWTKitBoringSSL/crypto/bytestring/cbs.c | 2 +-
.../crypto/bytestring/internal.h | 22 -
.../crypto/bytestring/unicode.c | 18 +-
.../crypto/chacha/chacha-armv4-ios.ios.arm.S | 87 +-
.../chacha/chacha-armv4-linux.linux.arm.S | 87 +-
.../chacha/chacha-armv8-ios.ios.aarch64.S | 46 +-
.../chacha/chacha-armv8-linux.linux.aarch64.S | 54 +-
.../chacha/chacha-x86-linux.linux.x86.S | 17 +-
.../chacha/chacha-x86_64-linux.linux.x86_64.S | 88 +-
.../chacha/chacha-x86_64-mac.mac.x86_64.S | 71 +-
.../CJWTKitBoringSSL/crypto/chacha/chacha.c | 55 +-
.../CJWTKitBoringSSL/crypto/chacha/internal.h | 61 +-
.../aes128gcmsiv-x86_64-linux.linux.x86_64.S | 101 +-
.../aes128gcmsiv-x86_64-mac.mac.x86_64.S | 101 +-
.../chacha20_poly1305_armv8-ios.ios.aarch64.S | 18 +-
...cha20_poly1305_armv8-linux.linux.aarch64.S | 18 +-
...cha20_poly1305_x86_64-linux.linux.x86_64.S | 25 +-
.../chacha20_poly1305_x86_64-mac.mac.x86_64.S | 25 +-
.../crypto/cipher_extra/e_aesgcmsiv.c | 72 +-
.../crypto/cipher_extra/e_des.c | 43 +-
Sources/CJWTKitBoringSSL/crypto/conf/conf.c | 193 +-
.../CJWTKitBoringSSL/crypto/conf/internal.h | 6 +-
.../crypto/cpu_aarch64_apple.c | 2 -
.../crypto/cpu_aarch64_freebsd.c | 62 -
.../crypto/cpu_aarch64_fuchsia.c | 1 -
.../crypto/cpu_aarch64_linux.c | 2 -
.../crypto/cpu_aarch64_openbsd.c | 1 -
.../crypto/cpu_aarch64_sysreg.c | 93 +
.../CJWTKitBoringSSL/crypto/cpu_aarch64_win.c | 2 +-
Sources/CJWTKitBoringSSL/crypto/cpu_arm.c | 38 -
.../CJWTKitBoringSSL/crypto/cpu_arm_freebsd.c | 1 -
.../CJWTKitBoringSSL/crypto/cpu_arm_linux.c | 2 -
Sources/CJWTKitBoringSSL/crypto/cpu_intel.c | 6 +-
Sources/CJWTKitBoringSSL/crypto/crypto.c | 11 +
.../crypto/curve25519/asm/x25519-asm-arm.S | 18 +-
.../crypto/curve25519/curve25519.c | 95 +-
.../curve25519/curve25519_64_adx.c} | 8 +-
.../crypto/curve25519/curve25519_tables.h | 10226 +++++-----------
.../crypto/curve25519/internal.h | 32 +-
.../crypto/curve25519/spake25519.c | 3 +-
Sources/CJWTKitBoringSSL/crypto/des/des.c | 213 +-
.../CJWTKitBoringSSL/crypto/des/internal.h | 119 +-
.../crypto/dh_extra/dh_asn1.c | 4 +
.../CJWTKitBoringSSL/crypto/dh_extra/params.c | 5 +
Sources/CJWTKitBoringSSL/crypto/dsa/dsa.c | 17 +-
.../CJWTKitBoringSSL/crypto/dsa/internal.h | 20 +
.../crypto/ec_extra/ec_asn1.c | 182 +-
.../crypto/ec_extra/ec_derive.c | 7 +-
.../crypto/ec_extra/hash_to_curve.c | 52 +-
.../crypto/ec_extra/internal.h | 10 +-
.../CJWTKitBoringSSL/crypto/engine/engine.c | 10 +-
Sources/CJWTKitBoringSSL/crypto/err/err.c | 44 +-
.../CJWTKitBoringSSL/crypto/err/err_data.c | 585 +-
Sources/CJWTKitBoringSSL/crypto/evp/evp.c | 53 +-
Sources/CJWTKitBoringSSL/crypto/evp/evp_ctx.c | 7 +-
Sources/CJWTKitBoringSSL/crypto/evp/p_ec.c | 11 +-
.../CJWTKitBoringSSL/crypto/evp/p_ec_asn1.c | 10 +-
Sources/CJWTKitBoringSSL/crypto/evp/p_hkdf.c | 3 +-
Sources/CJWTKitBoringSSL/crypto/evp/p_rsa.c | 4 +-
Sources/CJWTKitBoringSSL/crypto/evp/pbkdf.c | 6 +-
Sources/CJWTKitBoringSSL/crypto/evp/print.c | 13 +-
Sources/CJWTKitBoringSSL/crypto/evp/scrypt.c | 4 +-
Sources/CJWTKitBoringSSL/crypto/ex_data.c | 6 +-
.../aesni-gcm-x86_64-linux.linux.x86_64.S | 27 +-
.../aesni-gcm-x86_64-mac.mac.x86_64.S | 25 +-
.../fipsmodule/aesni-x86-linux.linux.x86.S | 17 +-
.../aesni-x86_64-linux.linux.x86_64.S | 216 +-
.../fipsmodule/aesni-x86_64-mac.mac.x86_64.S | 216 +-
.../fipsmodule/aesv8-armv7-ios.ios.arm.S | 18 +-
.../fipsmodule/aesv8-armv7-linux.linux.arm.S | 18 +-
.../fipsmodule/aesv8-armv8-ios.ios.aarch64.S | 18 +-
.../aesv8-armv8-linux.linux.aarch64.S | 18 +-
.../aesv8-gcm-armv8-ios.ios.aarch64.S | 18 +-
.../aesv8-gcm-armv8-linux.linux.aarch64.S | 18 +-
.../fipsmodule/armv4-mont-ios.ios.arm.S | 67 +-
.../fipsmodule/armv4-mont-linux.linux.arm.S | 61 +-
.../fipsmodule/armv8-mont-ios.ios.aarch64.S | 18 +-
.../armv8-mont-linux.linux.aarch64.S | 18 +-
.../fipsmodule/bn-586-linux.linux.x86.S | 17 +-
.../fipsmodule/bn-armv8-ios.ios.aarch64.S | 18 +-
.../fipsmodule/bn-armv8-linux.linux.aarch64.S | 18 +-
.../crypto/fipsmodule/bn/add.c | 10 +-
.../crypto/fipsmodule/bn/bn.c | 2 +-
.../crypto/fipsmodule/bn/bytes.c | 43 +-
.../crypto/fipsmodule/bn/ctx.c | 2 +-
.../crypto/fipsmodule/bn/div.c | 17 +-
.../crypto/fipsmodule/bn/exponentiation.c | 6 +-
.../crypto/fipsmodule/bn/gcd.c | 42 +-
.../crypto/fipsmodule/bn/generic.c | 51 +-
.../crypto/fipsmodule/bn/internal.h | 69 +-
.../crypto/fipsmodule/bn/montgomery.c | 61 +-
.../crypto/fipsmodule/bn/montgomery_inv.c | 67 +-
.../crypto/fipsmodule/bn/mul.c | 8 +-
.../crypto/fipsmodule/bn/prime.c | 9 +-
.../crypto/fipsmodule/bn/random.c | 10 +-
.../crypto/fipsmodule/bn/rsaz_exp.c | 14 +-
.../fipsmodule/bsaes-armv7-ios.ios.arm.S | 19 +-
.../fipsmodule/bsaes-armv7-linux.linux.arm.S | 19 +-
.../crypto/fipsmodule/cipher/cipher.c | 13 +-
.../crypto/fipsmodule/cipher/e_aes.c | 35 +-
.../crypto/fipsmodule/cipher/e_aesccm.c | 93 +-
.../fipsmodule/co-586-linux.linux.x86.S | 17 +-
.../crypto/fipsmodule/delocate.h | 11 +-
.../crypto/fipsmodule/dh/check.c | 45 +-
.../crypto/fipsmodule/dh/dh.c | 65 +-
.../crypto/fipsmodule/dh/internal.h | 9 +
.../crypto/fipsmodule/digest/digest.c | 4 +
.../crypto/fipsmodule/ec/builtin_curves.h | 277 +
.../crypto/fipsmodule/ec/ec.c | 577 +-
.../crypto/fipsmodule/ec/ec_key.c | 31 +-
.../crypto/fipsmodule/ec/ec_montgomery.c | 76 +-
.../crypto/fipsmodule/ec/felem.c | 30 +-
.../crypto/fipsmodule/ec/internal.h | 101 +-
.../crypto/fipsmodule/ec/oct.c | 35 +-
.../crypto/fipsmodule/ec/p224-64.c | 16 +-
.../crypto/fipsmodule/ec/p256-nistz.c | 30 +-
.../crypto/fipsmodule/ec/p256.c | 15 +-
.../crypto/fipsmodule/ec/scalar.c | 48 +-
.../crypto/fipsmodule/ec/simple.c | 38 +-
.../crypto/fipsmodule/ec/simple_mul.c | 16 +-
.../crypto/fipsmodule/ec/wnaf.c | 17 +-
.../crypto/fipsmodule/ecdsa/ecdsa.c | 2 +-
.../fipsmodule/ghash-armv4-ios.ios.arm.S | 18 +-
.../fipsmodule/ghash-armv4-linux.linux.arm.S | 18 +-
.../ghash-neon-armv8-ios.ios.aarch64.S | 18 +-
.../ghash-neon-armv8-linux.linux.aarch64.S | 18 +-
.../ghash-ssse3-x86-linux.linux.x86.S | 17 +-
.../ghash-ssse3-x86_64-linux.linux.x86_64.S | 21 +-
.../ghash-ssse3-x86_64-mac.mac.x86_64.S | 21 +-
.../fipsmodule/ghash-x86-linux.linux.x86.S | 17 +-
.../ghash-x86_64-linux.linux.x86_64.S | 39 +-
.../fipsmodule/ghash-x86_64-mac.mac.x86_64.S | 38 +-
.../fipsmodule/ghashv8-armv7-ios.ios.arm.S | 18 +-
.../ghashv8-armv7-linux.linux.arm.S | 18 +-
.../ghashv8-armv8-ios.ios.aarch64.S | 18 +-
.../ghashv8-armv8-linux.linux.aarch64.S | 18 +-
.../fipsmodule/md5-586-linux.linux.x86.S | 17 +-
.../md5-x86_64-linux.linux.x86_64.S | 18 +-
.../fipsmodule/md5-x86_64-mac.mac.x86_64.S | 18 +-
.../p256-armv8-asm-ios.ios.aarch64.S | 18 +-
.../p256-armv8-asm-linux.linux.aarch64.S | 18 +-
.../p256-x86_64-asm-linux.linux.x86_64.S | 84 +-
.../p256-x86_64-asm-mac.mac.x86_64.S | 84 +-
.../p256_beeu-armv8-asm-ios.ios.aarch64.S | 18 +-
.../p256_beeu-armv8-asm-linux.linux.aarch64.S | 18 +-
.../p256_beeu-x86_64-asm-linux.linux.x86_64.S | 18 +-
.../p256_beeu-x86_64-asm-mac.mac.x86_64.S | 18 +-
.../crypto/fipsmodule/rand/fork_detect.c | 84 +-
.../crypto/fipsmodule/rand/fork_detect.h | 17 +
.../crypto/fipsmodule/rand/internal.h | 28 +-
.../crypto/fipsmodule/rand/rand.c | 29 +-
.../crypto/fipsmodule/rand/urandom.c | 31 +-
.../rdrand-x86_64-linux.linux.x86_64.S | 23 +-
.../fipsmodule/rdrand-x86_64-mac.mac.x86_64.S | 23 +-
.../crypto/fipsmodule/rsa/blinding.c | 3 +-
.../crypto/fipsmodule/rsa/internal.h | 55 +
.../crypto/fipsmodule/rsa/rsa.c | 4 +-
.../crypto/fipsmodule/rsa/rsa_impl.c | 92 +-
.../fipsmodule/rsaz-avx2-linux.linux.x86_64.S | 33 +-
.../fipsmodule/rsaz-avx2-mac.mac.x86_64.S | 33 +-
.../crypto/fipsmodule/self_check/fips.c | 3 +-
.../crypto/fipsmodule/self_check/self_check.c | 66 +-
.../service_indicator/service_indicator.c | 11 +-
.../crypto/fipsmodule/sha/internal.h | 159 +-
.../crypto/fipsmodule/sha/sha1.c | 94 +-
.../crypto/fipsmodule/sha/sha256.c | 44 +-
.../crypto/fipsmodule/sha/sha512.c | 37 +-
.../fipsmodule/sha1-586-linux.linux.x86.S | 17 +-
.../fipsmodule/sha1-armv4-large-ios.ios.arm.S | 79 +-
.../sha1-armv4-large-linux.linux.arm.S | 75 +-
.../fipsmodule/sha1-armv8-ios.ios.aarch64.S | 39 +-
.../sha1-armv8-linux.linux.aarch64.S | 47 +-
.../sha1-x86_64-linux.linux.x86_64.S | 80 +-
.../fipsmodule/sha1-x86_64-mac.mac.x86_64.S | 77 +-
.../fipsmodule/sha256-586-linux.linux.x86.S | 17 +-
.../fipsmodule/sha256-armv4-ios.ios.arm.S | 209 +-
.../fipsmodule/sha256-armv4-linux.linux.arm.S | 209 +-
.../fipsmodule/sha256-armv8-ios.ios.aarch64.S | 43 +-
.../sha256-armv8-linux.linux.aarch64.S | 51 +-
.../sha256-x86_64-linux.linux.x86_64.S | 67 +-
.../fipsmodule/sha256-x86_64-mac.mac.x86_64.S | 64 +-
.../fipsmodule/sha512-586-linux.linux.x86.S | 17 +-
.../fipsmodule/sha512-armv4-ios.ios.arm.S | 70 +-
.../fipsmodule/sha512-armv4-linux.linux.arm.S | 68 +-
.../fipsmodule/sha512-armv8-ios.ios.aarch64.S | 44 +-
.../sha512-armv8-linux.linux.aarch64.S | 52 +-
.../sha512-x86_64-linux.linux.x86_64.S | 45 +-
.../fipsmodule/sha512-x86_64-mac.mac.x86_64.S | 44 +-
.../fipsmodule/vpaes-armv7-ios.ios.arm.S | 18 +-
.../fipsmodule/vpaes-armv7-linux.linux.arm.S | 18 +-
.../fipsmodule/vpaes-armv8-ios.ios.aarch64.S | 18 +-
.../vpaes-armv8-linux.linux.aarch64.S | 18 +-
.../fipsmodule/vpaes-x86-linux.linux.x86.S | 17 +-
.../vpaes-x86_64-linux.linux.x86_64.S | 51 +-
.../fipsmodule/vpaes-x86_64-mac.mac.x86_64.S | 51 +-
.../fipsmodule/x86-mont-linux.linux.x86.S | 17 +-
.../x86_64-mont-linux.linux.x86_64.S | 74 +-
.../fipsmodule/x86_64-mont-mac.mac.x86_64.S | 75 +-
.../x86_64-mont5-linux.linux.x86_64.S | 43 +-
.../fipsmodule/x86_64-mont5-mac.mac.x86_64.S | 43 +-
Sources/CJWTKitBoringSSL/crypto/hpke/hpke.c | 7 +
.../crypto/hrss/asm/poly_rq_mul.S | 11 +-
Sources/CJWTKitBoringSSL/crypto/internal.h | 470 +-
.../CJWTKitBoringSSL/crypto/keccak/internal.h | 70 +
.../crypto/{kyber => keccak}/keccak.c | 173 +-
.../CJWTKitBoringSSL/crypto/kyber/internal.h | 47 +-
Sources/CJWTKitBoringSSL/crypto/kyber/kyber.c | 68 +-
Sources/CJWTKitBoringSSL/crypto/lhash/lhash.c | 9 +-
Sources/CJWTKitBoringSSL/crypto/mem.c | 65 +-
Sources/CJWTKitBoringSSL/crypto/obj/obj.c | 121 +-
Sources/CJWTKitBoringSSL/crypto/obj/obj_dat.h | 3 -
.../CJWTKitBoringSSL/crypto/pem/pem_info.c | 31 +
.../crypto/pkcs7/pkcs7_x509.c | 6 +-
.../CJWTKitBoringSSL/crypto/pkcs8/internal.h | 6 +-
.../CJWTKitBoringSSL/crypto/pkcs8/p5_pbev2.c | 6 +-
Sources/CJWTKitBoringSSL/crypto/pkcs8/pkcs8.c | 20 +-
.../crypto/pkcs8/pkcs8_x509.c | 35 +-
.../crypto/poly1305/poly1305_arm_asm.S | 18 +-
.../CJWTKitBoringSSL/crypto/pool/internal.h | 1 +
Sources/CJWTKitBoringSSL/crypto/pool/pool.c | 9 +-
.../crypto/rand_extra/deterministic.c | 13 +-
.../crypto/rand_extra/forkunsafe.c | 4 +
.../crypto/rand_extra/getentropy.c | 52 +
.../crypto/rand_extra/{fuchsia.c => ios.c} | 16 +-
.../trusty.c} | 27 +-
.../crypto/rand_extra/windows.c | 60 +-
Sources/CJWTKitBoringSSL/crypto/refcount.c | 1 -
.../crypto/rsa_extra/rsa_crypt.c | 4 +-
Sources/CJWTKitBoringSSL/crypto/spx/address.c | 101 +
Sources/CJWTKitBoringSSL/crypto/spx/address.h | 50 +
Sources/CJWTKitBoringSSL/crypto/spx/fors.c | 133 +
Sources/CJWTKitBoringSSL/crypto/spx/fors.h | 54 +
.../CJWTKitBoringSSL/crypto/spx/internal.h | 79 +
Sources/CJWTKitBoringSSL/crypto/spx/merkle.c | 150 +
Sources/CJWTKitBoringSSL/crypto/spx/merkle.h | 61 +
Sources/CJWTKitBoringSSL/crypto/spx/params.h | 71 +
Sources/CJWTKitBoringSSL/crypto/spx/spx.c | 139 +
.../CJWTKitBoringSSL/crypto/spx/spx_util.c | 53 +
.../CJWTKitBoringSSL/crypto/spx/spx_util.h | 44 +
Sources/CJWTKitBoringSSL/crypto/spx/thash.c | 136 +
Sources/CJWTKitBoringSSL/crypto/spx/thash.h | 70 +
Sources/CJWTKitBoringSSL/crypto/spx/wots.c | 135 +
Sources/CJWTKitBoringSSL/crypto/spx/wots.h | 45 +
Sources/CJWTKitBoringSSL/crypto/stack/stack.c | 222 +-
Sources/CJWTKitBoringSSL/crypto/thread_none.c | 8 -
.../CJWTKitBoringSSL/crypto/thread_pthread.c | 41 +-
Sources/CJWTKitBoringSSL/crypto/thread_win.c | 31 +-
.../crypto/trust_token/pmbtoken.c | 64 +-
.../crypto/trust_token/trust_token.c | 9 +-
.../crypto/trust_token/voprf.c | 245 +-
.../CJWTKitBoringSSL/crypto/x509/algorithm.c | 3 +-
.../CJWTKitBoringSSL/crypto/x509/asn1_gen.c | 2 -
Sources/CJWTKitBoringSSL/crypto/x509/by_dir.c | 46 +-
.../CJWTKitBoringSSL/crypto/x509/by_file.c | 57 +-
.../crypto/{x509v3 => x509}/ext_dat.h | 0
.../CJWTKitBoringSSL/crypto/x509/internal.h | 278 +-
Sources/CJWTKitBoringSSL/crypto/x509/policy.c | 8 +-
.../CJWTKitBoringSSL/crypto/x509/rsa_pss.c | 8 +-
Sources/CJWTKitBoringSSL/crypto/x509/t_crl.c | 2 +-
Sources/CJWTKitBoringSSL/crypto/x509/t_req.c | 5 +-
Sources/CJWTKitBoringSSL/crypto/x509/t_x509.c | 4 +-
.../crypto/{x509v3 => x509}/v3_akey.c | 2 +-
.../crypto/{x509v3 => x509}/v3_akeya.c | 4 +-
.../crypto/{x509v3 => x509}/v3_alt.c | 16 +-
.../crypto/{x509v3 => x509}/v3_bcons.c | 2 +-
.../crypto/{x509v3 => x509}/v3_bitst.c | 2 +-
.../crypto/{x509v3 => x509}/v3_conf.c | 2 -
.../crypto/{x509v3 => x509}/v3_cpols.c | 2 +-
.../crypto/{x509v3 => x509}/v3_crld.c | 3 +-
.../crypto/{x509v3 => x509}/v3_enum.c | 1 +
.../crypto/{x509v3 => x509}/v3_extku.c | 2 +-
.../crypto/{x509v3 => x509}/v3_genn.c | 24 +-
.../crypto/{x509v3 => x509}/v3_ia5.c | 2 +-
.../crypto/{x509v3 => x509}/v3_info.c | 10 +-
.../crypto/{x509v3 => x509}/v3_int.c | 2 +-
.../crypto/{x509v3 => x509}/v3_lib.c | 5 +-
.../crypto/{x509v3 => x509}/v3_ncons.c | 4 +-
.../crypto/{x509v3 => x509}/v3_ocsp.c | 2 +-
.../crypto/{x509v3 => x509}/v3_pcons.c | 2 +-
.../crypto/{x509v3 => x509}/v3_pmaps.c | 2 +-
.../crypto/{x509v3 => x509}/v3_prn.c | 7 +-
.../crypto/{x509v3 => x509}/v3_purp.c | 433 +-
.../crypto/{x509v3 => x509}/v3_skey.c | 3 +-
.../crypto/{x509v3 => x509}/v3_utl.c | 38 +-
.../CJWTKitBoringSSL/crypto/x509/x509_att.c | 67 +-
.../CJWTKitBoringSSL/crypto/x509/x509_cmp.c | 103 +-
.../CJWTKitBoringSSL/crypto/x509/x509_d2.c | 4 +-
.../CJWTKitBoringSSL/crypto/x509/x509_ext.c | 1 -
.../CJWTKitBoringSSL/crypto/x509/x509_lu.c | 363 +-
.../CJWTKitBoringSSL/crypto/x509/x509_req.c | 52 +-
.../CJWTKitBoringSSL/crypto/x509/x509_trs.c | 177 +-
.../CJWTKitBoringSSL/crypto/x509/x509_v3.c | 1 -
.../CJWTKitBoringSSL/crypto/x509/x509_vfy.c | 1280 +-
.../CJWTKitBoringSSL/crypto/x509/x509_vpm.c | 308 +-
.../CJWTKitBoringSSL/crypto/x509/x509name.c | 34 +-
.../CJWTKitBoringSSL/crypto/x509/x509spki.c | 2 +-
Sources/CJWTKitBoringSSL/crypto/x509/x_crl.c | 174 +-
Sources/CJWTKitBoringSSL/crypto/x509/x_name.c | 15 +-
Sources/CJWTKitBoringSSL/crypto/x509/x_pkey.c | 111 -
.../CJWTKitBoringSSL/crypto/x509/x_pubkey.c | 96 +-
Sources/CJWTKitBoringSSL/crypto/x509/x_spki.c | 2 +
Sources/CJWTKitBoringSSL/crypto/x509/x_x509.c | 5 +-
.../CJWTKitBoringSSL/crypto/x509/x_x509a.c | 12 +-
.../CJWTKitBoringSSL/crypto/x509v3/internal.h | 197 -
Sources/CJWTKitBoringSSL/hash.txt | 2 +-
.../include/CJWTKitBoringSSL.h | 20 +-
.../include/CJWTKitBoringSSL_arm_arch.h | 144 +-
.../include/CJWTKitBoringSSL_asm_base.h | 206 +
.../include/CJWTKitBoringSSL_asn1.h | 5 +
.../include/CJWTKitBoringSSL_base.h | 128 +-
.../include/CJWTKitBoringSSL_bio.h | 42 +-
.../include/CJWTKitBoringSSL_bn.h | 19 +-
...JWTKitBoringSSL_boringssl_prefix_symbols.h | 708 +-
...itBoringSSL_boringssl_prefix_symbols_asm.h | 234 +-
.../include/CJWTKitBoringSSL_bytestring.h | 22 +
.../include/CJWTKitBoringSSL_chacha.h | 6 +
.../include/CJWTKitBoringSSL_cipher.h | 1 +
.../include/CJWTKitBoringSSL_conf.h | 5 +-
.../include/CJWTKitBoringSSL_curve25519.h | 4 +-
.../include/CJWTKitBoringSSL_des.h | 13 -
.../include/CJWTKitBoringSSL_dh.h | 5 +-
.../include/CJWTKitBoringSSL_dsa.h | 21 -
.../include/CJWTKitBoringSSL_ec.h | 83 +-
.../include/CJWTKitBoringSSL_ec_key.h | 25 +-
.../include/CJWTKitBoringSSL_evp.h | 20 +-
.../include/CJWTKitBoringSSL_ex_data.h | 9 +-
.../include/CJWTKitBoringSSL_hpke.h | 8 +-
.../include/CJWTKitBoringSSL_kyber.h | 44 +-
.../include/CJWTKitBoringSSL_mem.h | 19 +-
.../include/CJWTKitBoringSSL_obj.h | 6 +-
.../include/CJWTKitBoringSSL_opensslconf.h | 1 +
.../include/CJWTKitBoringSSL_pem.h | 24 +-
.../include/CJWTKitBoringSSL_posix_time.h | 51 +
.../include/CJWTKitBoringSSL_rand.h | 32 +-
.../include/CJWTKitBoringSSL_rsa.h | 90 +-
.../include/CJWTKitBoringSSL_sha.h | 23 +-
.../include/CJWTKitBoringSSL_span.h | 86 +-
.../include/CJWTKitBoringSSL_stack.h | 446 +-
.../include/CJWTKitBoringSSL_target.h | 226 +
.../include/CJWTKitBoringSSL_thread.h | 28 -
.../include/CJWTKitBoringSSL_time.h | 25 +-
.../include/CJWTKitBoringSSL_x509.h | 3757 ++++--
.../include/CJWTKitBoringSSL_x509v3.h | 1062 +-
.../include/CJWTKitBoringSSL_x509v3_errors.h | 124 +
.../include/boringssl_prefix_symbols_nasm.inc | 468 +-
.../fiat/asm/fiat_curve25519_adx_mul.S | 183 +
.../fiat/asm/fiat_curve25519_adx_square.S | 151 +
.../third_party/fiat/asm/fiat_p256_adx_mul.S | 183 +
.../third_party/fiat/asm/fiat_p256_adx_sqr.S | 172 +
.../third_party/fiat/curve25519_64_adx.h | 693 ++
.../third_party/fiat/p256_64.h | 21 +
Sources/JWTKit/RSA/RSAKey.swift | 16 +-
scripts/build-asm.py | 9 +-
scripts/vendor-boringssl.sh | 56 +-
384 files changed, 17283 insertions(+), 19874 deletions(-)
rename Sources/CJWTKitBoringSSL/crypto/{x509/x_info.c => bio/errno.c} (79%)
delete mode 100644 Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_freebsd.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_sysreg.c
delete mode 100644 Sources/CJWTKitBoringSSL/crypto/cpu_arm.c
rename Sources/CJWTKitBoringSSL/{include/CJWTKitBoringSSL_dtls1.h => crypto/curve25519/curve25519_64_adx.c} (82%)
create mode 100644 Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/builtin_curves.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/keccak/internal.h
rename Sources/CJWTKitBoringSSL/crypto/{kyber => keccak}/keccak.c (66%)
create mode 100644 Sources/CJWTKitBoringSSL/crypto/rand_extra/getentropy.c
rename Sources/CJWTKitBoringSSL/crypto/rand_extra/{fuchsia.c => ios.c} (79%)
rename Sources/CJWTKitBoringSSL/crypto/{cpu_arm_openbsd.c => rand_extra/trusty.c} (61%)
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/address.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/address.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/fors.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/fors.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/internal.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/merkle.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/merkle.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/params.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/spx.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/spx_util.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/spx_util.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/thash.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/thash.h
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/wots.c
create mode 100644 Sources/CJWTKitBoringSSL/crypto/spx/wots.h
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/ext_dat.h (100%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_akey.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_akeya.c (98%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_alt.c (97%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_bcons.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_bitst.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_conf.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_cpols.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_crld.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_enum.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_extku.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_genn.c (94%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_ia5.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_info.c (97%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_int.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_lib.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_ncons.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_ocsp.c (98%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_pcons.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_pmaps.c (99%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_prn.c (97%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_purp.c (63%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_skey.c (98%)
rename Sources/CJWTKitBoringSSL/crypto/{x509v3 => x509}/v3_utl.c (97%)
delete mode 100644 Sources/CJWTKitBoringSSL/crypto/x509/x_pkey.c
delete mode 100644 Sources/CJWTKitBoringSSL/crypto/x509v3/internal.h
create mode 100644 Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_asm_base.h
create mode 100644 Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_posix_time.h
create mode 100644 Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_target.h
create mode 100644 Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_x509v3_errors.h
create mode 100644 Sources/CJWTKitBoringSSL/third_party/fiat/asm/fiat_curve25519_adx_mul.S
create mode 100644 Sources/CJWTKitBoringSSL/third_party/fiat/asm/fiat_curve25519_adx_square.S
create mode 100644 Sources/CJWTKitBoringSSL/third_party/fiat/asm/fiat_p256_adx_mul.S
create mode 100644 Sources/CJWTKitBoringSSL/third_party/fiat/asm/fiat_p256_adx_sqr.S
create mode 100644 Sources/CJWTKitBoringSSL/third_party/fiat/curve25519_64_adx.h
diff --git a/Package.swift b/Package.swift
index b0c9985a..e774c719 100644
--- a/Package.swift
+++ b/Package.swift
@@ -1,13 +1,22 @@
// swift-tools-version:5.6
import PackageDescription
+// This package contains a vendored copy of BoringSSL. For ease of tracking
+// down problems with the copy of BoringSSL in use, we include a copy of the
+// commit hash of the revision of BoringSSL included in the given release.
+// This is also reproduced in a file called hash.txt in the
+// Sources/CCryptoBoringSSL directory. The source repository is at
+// https://boringssl.googlesource.com/boringssl.
+//
+// BoringSSL Commit: 58a318edc892a595a5b043359a5d441869158699
+
let package = Package(
name: "jwt-kit",
platforms: [
.macOS(.v10_15),
.iOS(.v13),
.tvOS(.v13),
- .watchOS(.v6)
+ .watchOS(.v6),
],
products: [
.library(name: "JWTKit", targets: ["JWTKit"]),
@@ -16,7 +25,7 @@ let package = Package(
MANGLE_END */
],
dependencies: [
- .package(url: "https://github.com/apple/swift-crypto.git", "2.0.0" ..< "4.0.0")
+ .package(url: "https://github.com/apple/swift-crypto.git", "2.0.0" ..< "4.0.0"),
],
targets: [
.target(name: "CJWTKitBoringSSL"),
@@ -28,5 +37,5 @@ let package = Package(
.target(name: "JWTKit"),
]),
],
- cxxLanguageStandard: .cxx11
+ cxxLanguageStandard: .cxx11
)
diff --git a/README.md b/README.md
index 0bef7035..6e72253b 100644
--- a/README.md
+++ b/README.md
@@ -1,23 +1,19 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c
index bbe04fb7..a4d1b564 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_gentm.c
@@ -58,8 +58,9 @@
#include
#include
#include
-#include
+#include
+#include
#include
#include
@@ -123,9 +124,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
}
char buf[16];
- BIO_snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
- data.tm_year + 1900, data.tm_mon + 1, data.tm_mday, data.tm_hour,
- data.tm_min, data.tm_sec);
+ int ret = snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ",
+ data.tm_year + 1900, data.tm_mon + 1, data.tm_mday,
+ data.tm_hour, data.tm_min, data.tm_sec);
+ if (ret != (int)(sizeof(buf) - 1)) {
+ abort(); // |snprintf| should neither truncate nor write fewer bytes.
+ }
int free_s = 0;
if (s == NULL) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c
index cc163ff1..efc0b6c6 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_mbstr.c
@@ -97,22 +97,22 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
int error;
switch (inform) {
case MBSTRING_BMP:
- decode_func = cbs_get_ucs2_be;
+ decode_func = CBS_get_ucs2_be;
error = ASN1_R_INVALID_BMPSTRING;
break;
case MBSTRING_UNIV:
- decode_func = cbs_get_utf32_be;
+ decode_func = CBS_get_utf32_be;
error = ASN1_R_INVALID_UNIVERSALSTRING;
break;
case MBSTRING_UTF8:
- decode_func = cbs_get_utf8;
+ decode_func = CBS_get_utf8;
error = ASN1_R_INVALID_UTF8STRING;
break;
case MBSTRING_ASC:
- decode_func = cbs_get_latin1;
+ decode_func = CBS_get_latin1;
error = ERR_R_INTERNAL_ERROR; // Latin-1 inputs are never invalid.
break;
@@ -162,7 +162,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
}
nchar++;
- utf8_len += cbb_get_utf8_len(c);
+ utf8_len += CBB_get_utf8_len(c);
if (maxsize > 0 && nchar > (size_t)maxsize) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
ERR_add_error_dataf("maxsize=%zu", (size_t)maxsize);
@@ -178,7 +178,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
// Now work out output format and string type
int str_type;
- int (*encode_func)(CBB *, uint32_t) = cbb_add_latin1;
+ int (*encode_func)(CBB *, uint32_t) = CBB_add_latin1;
size_t size_estimate = nchar;
int outform = MBSTRING_ASC;
if (mask & B_ASN1_PRINTABLESTRING) {
@@ -190,17 +190,17 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in,
} else if (mask & B_ASN1_BMPSTRING) {
str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP;
- encode_func = cbb_add_ucs2_be;
+ encode_func = CBB_add_ucs2_be;
size_estimate = 2 * nchar;
} else if (mask & B_ASN1_UNIVERSALSTRING) {
str_type = V_ASN1_UNIVERSALSTRING;
- encode_func = cbb_add_utf32_be;
+ encode_func = CBB_add_utf32_be;
size_estimate = 4 * nchar;
outform = MBSTRING_UNIV;
} else if (mask & B_ASN1_UTF8STRING) {
str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8;
- encode_func = cbb_add_utf8;
+ encode_func = CBB_add_utf8;
size_estimate = utf8_len;
} else {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS);
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c
index 7b44a9ab..df2982d0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strex.c
@@ -68,6 +68,7 @@
#include
#include "../bytestring/internal.h"
+#include "../internal.h"
#include "internal.h"
@@ -89,18 +90,18 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
char buf[16]; // Large enough for "\\W01234567".
unsigned char u8 = (unsigned char)c;
if (c > 0xffff) {
- BIO_snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
+ snprintf(buf, sizeof(buf), "\\W%08" PRIX32, c);
} else if (c > 0xff) {
- BIO_snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
+ snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c);
} else if ((flags & ASN1_STRFLGS_ESC_MSB) && c > 0x7f) {
- BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+ snprintf(buf, sizeof(buf), "\\%02X", c);
} else if ((flags & ASN1_STRFLGS_ESC_CTRL) && is_control_character(c)) {
- BIO_snprintf(buf, sizeof(buf), "\\%02X", c);
+ snprintf(buf, sizeof(buf), "\\%02X", c);
} else if (flags & ASN1_STRFLGS_ESC_2253) {
// See RFC 2253, sections 2.4 and 4.
if (c == '\\' || c == '"') {
// Quotes and backslashes are always escaped, quoted or not.
- BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+ snprintf(buf, sizeof(buf), "\\%c", (int)c);
} else if (c == ',' || c == '+' || c == '<' || c == '>' || c == ';' ||
(is_first && (c == ' ' || c == '#')) ||
(is_last && (c == ' '))) {
@@ -111,13 +112,13 @@ static int do_esc_char(uint32_t c, unsigned long flags, char *do_quotes,
}
return maybe_write(out, &u8, 1) ? 1 : -1;
}
- BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+ snprintf(buf, sizeof(buf), "\\%c", (int)c);
} else {
return maybe_write(out, &u8, 1) ? 1 : -1;
}
} else if ((flags & ESC_FLAGS) && c == '\\') {
// If any escape flags are set, also escape backslashes.
- BIO_snprintf(buf, sizeof(buf), "\\%c", (int)c);
+ snprintf(buf, sizeof(buf), "\\%c", (int)c);
} else {
return maybe_write(out, &u8, 1) ? 1 : -1;
}
@@ -137,19 +138,19 @@ static int do_buf(const unsigned char *buf, int buflen, int encoding,
int get_char_error;
switch (encoding) {
case MBSTRING_UNIV:
- get_char = cbs_get_utf32_be;
+ get_char = CBS_get_utf32_be;
get_char_error = ASN1_R_INVALID_UNIVERSALSTRING;
break;
case MBSTRING_BMP:
- get_char = cbs_get_ucs2_be;
+ get_char = CBS_get_ucs2_be;
get_char_error = ASN1_R_INVALID_BMPSTRING;
break;
case MBSTRING_ASC:
- get_char = cbs_get_latin1;
+ get_char = CBS_get_latin1;
get_char_error = ERR_R_INTERNAL_ERROR; // Should not be possible.
break;
case MBSTRING_UTF8:
- get_char = cbs_get_utf8;
+ get_char = CBS_get_utf8;
get_char_error = ASN1_R_INVALID_UTF8STRING;
break;
default:
@@ -172,7 +173,7 @@ static int do_buf(const unsigned char *buf, int buflen, int encoding,
uint8_t utf8_buf[6];
CBB utf8_cbb;
CBB_init_fixed(&utf8_cbb, utf8_buf, sizeof(utf8_buf));
- if (!cbb_add_utf8(&utf8_cbb, c)) {
+ if (!CBB_add_utf8(&utf8_cbb, c)) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
return 1;
}
@@ -238,22 +239,8 @@ static int do_dump(unsigned long flags, BIO *out, const ASN1_STRING *str) {
// Placing the ASN1_STRING in a temporary ASN1_TYPE allows the DER encoding
// to readily obtained.
ASN1_TYPE t;
- t.type = str->type;
- // Negative INTEGER and ENUMERATED values are the only case where
- // |ASN1_STRING| and |ASN1_TYPE| types do not match.
- //
- // TODO(davidben): There are also some type fields which, in |ASN1_TYPE|, do
- // not correspond to |ASN1_STRING|. It is unclear whether those are allowed
- // in |ASN1_STRING| at all, or what the space of allowed types is.
- // |ASN1_item_ex_d2i| will never produce such a value so, for now, we say
- // this is an invalid input. But this corner of the library in general
- // should be more robust.
- if (t.type == V_ASN1_NEG_INTEGER) {
- t.type = V_ASN1_INTEGER;
- } else if (t.type == V_ASN1_NEG_ENUMERATED) {
- t.type = V_ASN1_ENUMERATED;
- }
- t.value.asn1_string = (ASN1_STRING *)str;
+ OPENSSL_memset(&t, 0, sizeof(ASN1_TYPE));
+ asn1_type_set0_string(&t, (ASN1_STRING *)str);
unsigned char *der_buf = NULL;
int der_len = i2d_ASN1_TYPE(&t, &der_buf);
if (der_len < 0) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c
index 5a2c85cd..5643c0de 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_strnid.c
@@ -72,7 +72,7 @@
DEFINE_LHASH_OF(ASN1_STRING_TABLE)
static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
-static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX string_tables_lock = CRYPTO_MUTEX_INIT;
void ASN1_STRING_set_default_mask(unsigned long mask) {}
@@ -176,11 +176,11 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) {
return tbl;
}
- CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock);
+ CRYPTO_MUTEX_lock_read(&string_tables_lock);
if (string_tables != NULL) {
tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
}
- CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock);
+ CRYPTO_MUTEX_unlock_read(&string_tables_lock);
// Note returning |tbl| without the lock is only safe because
// |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
// wish to support that, this function must copy the result under a lock.
@@ -196,7 +196,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
}
int ret = 0;
- CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock);
+ CRYPTO_MUTEX_lock_write(&string_tables_lock);
if (string_tables == NULL) {
string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
@@ -232,7 +232,7 @@ int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
ret = 1;
err:
- CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock);
+ CRYPTO_MUTEX_unlock_write(&string_tables_lock);
return ret;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c
index 56b2c50b..2fff03ef 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_time.c
@@ -55,12 +55,13 @@
* [including the GNU Public Licence.] */
#include
-#include
+#include
#include
#include
#include
+#include
#include
#include
@@ -82,6 +83,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time) {
return ASN1_TIME_adj(s, time, 0, 0);
}
+static int fits_in_utc_time(const struct tm *tm) {
+ return 50 <= tm->tm_year && tm->tm_year < 150;
+}
+
ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
long offset_sec) {
struct tm tm;
@@ -95,7 +100,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, int offset_day,
return NULL;
}
}
- if ((tm.tm_year >= 50) && (tm.tm_year < 150)) {
+ if (fits_in_utc_time(&tm)) {
return ASN1_UTCTIME_adj(s, posix_time, offset_day, offset_sec);
}
return ASN1_GENERALIZEDTIME_adj(s, posix_time, offset_day, offset_sec);
@@ -171,6 +176,34 @@ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) {
ASN1_GENERALIZEDTIME_set_string(s, str);
}
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) {
+ CBS cbs;
+ CBS_init(&cbs, (const uint8_t*)str, strlen(str));
+ int type;
+ struct tm tm;
+ if (CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
+ /*allow_timezone_offset=*/0)) {
+ type = V_ASN1_UTCTIME;
+ } else if (CBS_parse_generalized_time(&cbs, &tm,
+ /*allow_timezone_offset=*/0)) {
+ type = V_ASN1_GENERALIZEDTIME;
+ if (fits_in_utc_time(&tm)) {
+ type = V_ASN1_UTCTIME;
+ CBS_skip(&cbs, 2);
+ }
+ } else {
+ return 0;
+ }
+
+ if (s != NULL) {
+ if (!ASN1_STRING_set(s, CBS_data(&cbs), CBS_len(&cbs))) {
+ return 0;
+ }
+ s->type = type;
+ }
+ return 1;
+}
+
static int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *t,
int allow_timezone_offset) {
if (t == NULL) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_type.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_type.c
index 223554bc..69a7f6ad 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_type.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_type.c
@@ -56,7 +56,8 @@
#include
-#include
+#include
+
#include
#include
#include
@@ -89,6 +90,23 @@ const void *asn1_type_value_as_pointer(const ASN1_TYPE *a) {
}
}
+void asn1_type_set0_string(ASN1_TYPE *a, ASN1_STRING *str) {
+ // |ASN1_STRING| types are almost the same as |ASN1_TYPE| types, except that
+ // the negative flag is not reflected into |ASN1_TYPE|.
+ int type = str->type;
+ if (type == V_ASN1_NEG_INTEGER) {
+ type = V_ASN1_INTEGER;
+ } else if (type == V_ASN1_NEG_ENUMERATED) {
+ type = V_ASN1_ENUMERATED;
+ }
+
+ // These types are not |ASN1_STRING| types and use a different
+ // representation when stored in |ASN1_TYPE|.
+ assert(type != V_ASN1_NULL && type != V_ASN1_OBJECT &&
+ type != V_ASN1_BOOLEAN);
+ ASN1_TYPE_set(a, type, str);
+}
+
void asn1_type_cleanup(ASN1_TYPE *a) {
switch (a->type) {
case V_ASN1_NULL:
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/a_utctm.c b/Sources/CJWTKitBoringSSL/crypto/asn1/a_utctm.c
index a59ea6d6..f9ee96f2 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/a_utctm.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/a_utctm.c
@@ -58,8 +58,9 @@
#include
#include
#include
-#include
+#include
+#include
#include
#include
@@ -83,11 +84,14 @@ int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) {
}
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) {
+ // Although elsewhere we allow timezone offsets with UTCTime, to be compatible
+ // with some existing misissued certificates, this function is used to
+ // construct new certificates and can be stricter.
size_t len = strlen(str);
CBS cbs;
CBS_init(&cbs, (const uint8_t *)str, len);
if (!CBS_parse_utc_time(&cbs, /*out_tm=*/NULL,
- /*allow_timezone_offset=*/1)) {
+ /*allow_timezone_offset=*/0)) {
return 0;
}
if (s != NULL) {
@@ -121,9 +125,12 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, int64_t posix_time, int offset_d
}
char buf[14];
- BIO_snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
- data.tm_year % 100, data.tm_mon + 1, data.tm_mday, data.tm_hour,
- data.tm_min, data.tm_sec);
+ int ret = snprintf(buf, sizeof(buf), "%02d%02d%02d%02d%02d%02dZ",
+ data.tm_year % 100, data.tm_mon + 1, data.tm_mday,
+ data.tm_hour, data.tm_min, data.tm_sec);
+ if (ret != (int)(sizeof(buf) - 1)) {
+ abort(); // |snprintf| should neither truncate nor write fewer bytes.
+ }
int free_s = 0;
if (s == NULL) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/asn1_lib.c b/Sources/CJWTKitBoringSSL/crypto/asn1/asn1_lib.c
index 69aeda04..d34f1eed 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/asn1_lib.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/asn1_lib.c
@@ -102,6 +102,15 @@ OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE)
+// Limit |ASN1_STRING|s to 64 MiB of data. Most of this module, as well as
+// downstream code, does not correctly handle overflow. We cap string fields
+// more tightly than strictly necessary to fit in |int|. This is not expected to
+// impact real world uses of this field.
+//
+// In particular, this limit is small enough that the bit count of a BIT STRING
+// comfortably fits in an |int|, with room for arithmetic.
+#define ASN1_STRING_MAX (64 * 1024 * 1024)
+
static void asn1_put_length(unsigned char **pp, int length);
int ASN1_get_object(const unsigned char **inp, long *out_len, int *out_tag,
@@ -273,9 +282,8 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) {
len = (size_t)len_s;
}
- // |ASN1_STRING| cannot represent strings that exceed |int|, and we must
- // reserve space for a trailing NUL below.
- if (len > INT_MAX || len + 1 < len) {
+ static_assert(ASN1_STRING_MAX < INT_MAX, "len will not overflow int");
+ if (len > ASN1_STRING_MAX) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/internal.h b/Sources/CJWTKitBoringSSL/crypto/asn1/internal.h
index aa247893..d9c358b0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/internal.h
@@ -76,18 +76,12 @@ extern "C" {
// returned. On failure NULL is returned.
OPENSSL_EXPORT struct tm *OPENSSL_gmtime(const time_t *time, struct tm *result);
-// OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
-// a time_t value in |out|. One is returned on success, zero is returned on
-// failure. It is a failure if the converted time can not be represented in a
-// time_t, or if the tm contains out of range values.
-OPENSSL_EXPORT int OPENSSL_timegm(const struct tm *tm, time_t *out);
-
// OPENSSL_gmtime_adj returns one on success, and updates |tm| by adding
// |offset_day| days and |offset_sec| seconds. It returns zero on failure. |tm|
// must be in the range of year 0000 to 9999 both before and after the update or
// a failure will be returned.
OPENSSL_EXPORT int OPENSSL_gmtime_adj(struct tm *tm, int offset_day,
- long offset_sec);
+ int64_t offset_sec);
// OPENSSL_gmtime_diff calculates the difference between |from| and |to|. It
// returns one, and outputs the difference as a number of days and seconds in
@@ -210,6 +204,10 @@ void asn1_encoding_clear(ASN1_ENCODING *enc);
// a pointer.
const void *asn1_type_value_as_pointer(const ASN1_TYPE *a);
+// asn1_type_set0_string sets |a|'s value to the object represented by |str| and
+// takes ownership of |str|.
+void asn1_type_set0_string(ASN1_TYPE *a, ASN1_STRING *str);
+
// asn1_type_cleanup releases memory associated with |a|'s value, without
// freeing |a| itself.
void asn1_type_cleanup(ASN1_TYPE *a);
@@ -256,7 +254,6 @@ typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
typedef struct ASN1_EXTERN_FUNCS_st {
ASN1_ex_new_func *asn1_ex_new;
ASN1_ex_free_func *asn1_ex_free;
- ASN1_ex_free_func *asn1_ex_clear;
ASN1_ex_d2i *asn1_ex_d2i;
ASN1_ex_i2d *asn1_ex_i2d;
} ASN1_EXTERN_FUNCS;
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/posix_time.c b/Sources/CJWTKitBoringSSL/crypto/asn1/posix_time.c
index 3fd00166..3deaf582 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/posix_time.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/posix_time.c
@@ -15,7 +15,7 @@
// Time conversion to/from POSIX time_t and struct tm, with no support
// for time zones other than UTC
-#include
+#include
#include
#include
@@ -26,12 +26,12 @@
#include "internal.h"
#define SECS_PER_HOUR (60 * 60)
-#define SECS_PER_DAY (24 * SECS_PER_HOUR)
+#define SECS_PER_DAY (INT64_C(24) * SECS_PER_HOUR)
// Is a year/month/day combination valid, in the range from year 0000
// to 9999?
-static int is_valid_date(int year, int month, int day) {
+static int is_valid_date(int64_t year, int64_t month, int64_t day) {
if (day < 1 || month < 1 || year < 0 || year > 9999) {
return 0;
}
@@ -62,7 +62,7 @@ static int is_valid_date(int year, int month, int day) {
// Is a time valid? Leap seconds of 60 are not considered valid, as
// the POSIX time in seconds does not include them.
-static int is_valid_time(int hours, int minutes, int seconds) {
+static int is_valid_time(int64_t hours, int64_t minutes, int64_t seconds) {
if (hours < 0 || minutes < 0 || seconds < 0 || hours > 23 || minutes > 59 ||
seconds > 59) {
return 0;
@@ -70,17 +70,22 @@ static int is_valid_time(int hours, int minutes, int seconds) {
return 1;
}
-// Is a int64 time representing a time within our expected range?
-static int is_valid_epoch_time(int64_t time) {
- // 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC
- return (int64_t)-62167219200 <= time && time <= (int64_t)253402300799;
+// 0000-01-01 00:00:00 UTC
+#define MIN_POSIX_TIME INT64_C(-62167219200)
+// 9999-12-31 23:59:59 UTC
+#define MAX_POSIX_TIME INT64_C(253402300799)
+
+// Is an int64 time within our expected range?
+static int is_valid_posix_time(int64_t time) {
+ return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
}
// Inspired by algorithms presented in
// https://howardhinnant.github.io/date_algorithms.html
// (Public Domain)
-static int posix_time_from_utc(int year, int month, int day, int hours,
- int minutes, int seconds, int64_t *out_time) {
+static int posix_time_from_utc(int64_t year, int64_t month, int64_t day,
+ int64_t hours, int64_t minutes, int64_t seconds,
+ int64_t *out_time) {
if (!is_valid_date(year, month, day) ||
!is_valid_time(hours, minutes, seconds)) {
return 0;
@@ -108,7 +113,7 @@ static int posix_time_from_utc(int year, int month, int day, int hours,
static int utc_from_posix_time(int64_t time, int *out_year, int *out_month,
int *out_day, int *out_hours, int *out_minutes,
int *out_seconds) {
- if (!is_valid_epoch_time(time)) {
+ if (!is_valid_posix_time(time)) {
return 0;
}
int64_t days = time / SECS_PER_DAY;
@@ -143,19 +148,21 @@ static int utc_from_posix_time(int64_t time, int *out_year, int *out_month,
}
int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) {
- return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
- tm->tm_hour, tm->tm_min, tm->tm_sec, out);
+ return posix_time_from_utc(tm->tm_year + INT64_C(1900),
+ tm->tm_mon + INT64_C(1), tm->tm_mday, tm->tm_hour,
+ tm->tm_min, tm->tm_sec, out);
}
int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) {
- memset(out_tm, 0, sizeof(struct tm));
- if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,
- &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,
- &out_tm->tm_sec)) {
+ struct tm tmp_tm = {0};
+ if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
+ &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min,
+ &tmp_tm.tm_sec)) {
return 0;
}
- out_tm->tm_year -= 1900;
- out_tm->tm_mon -= 1;
+ tmp_tm.tm_year -= 1900;
+ tmp_tm.tm_mon -= 1;
+ *out_tm = tmp_tm;
return 1;
}
@@ -187,43 +194,47 @@ struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
return out_tm;
}
-int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) {
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec) {
int64_t posix_time;
- if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
- tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time)) {
+ if (!OPENSSL_tm_to_posix(tm, &posix_time)) {
+ return 0;
+ }
+ static_assert(INT_MAX <= INT64_MAX / SECS_PER_DAY,
+ "day offset in seconds cannot overflow");
+ static_assert(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY,
+ "addition cannot overflow");
+ static_assert(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY,
+ "addition cannot underflow");
+ posix_time += offset_day * SECS_PER_DAY;
+ if (posix_time > 0 && offset_sec > INT64_MAX - posix_time) {
return 0;
}
- if (!utc_from_posix_time(
- posix_time + (int64_t)off_day * SECS_PER_DAY + offset_sec,
- &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour, &tm->tm_min,
- &tm->tm_sec)) {
+ if (posix_time < 0 && offset_sec < INT64_MIN - posix_time) {
+ return 0;
+ }
+ posix_time += offset_sec;
+
+ if (!OPENSSL_posix_to_tm(posix_time, tm)) {
return 0;
}
- tm->tm_year -= 1900;
- tm->tm_mon -= 1;
return 1;
}
int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
const struct tm *to) {
- int64_t time_to;
- if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1, to->tm_mday,
- to->tm_hour, to->tm_min, to->tm_sec, &time_to)) {
- return 0;
- }
- int64_t time_from;
- if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,
- from->tm_mday, from->tm_hour, from->tm_min,
- from->tm_sec, &time_from)) {
+ int64_t time_to, time_from;
+ if (!OPENSSL_tm_to_posix(to, &time_to) ||
+ !OPENSSL_tm_to_posix(from, &time_from)) {
return 0;
}
+ // Times are in range, so these calculations can not overflow.
+ static_assert(SECS_PER_DAY <= INT_MAX, "seconds per day does not fit in int");
+ static_assert((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX,
+ "range of valid POSIX times, in days, does not fit in int");
int64_t timediff = time_to - time_from;
int64_t daydiff = timediff / SECS_PER_DAY;
timediff %= SECS_PER_DAY;
- if (daydiff > INT_MAX || daydiff < INT_MIN) {
- return 0;
- }
*out_secs = (int)timediff;
*out_days = (int)daydiff;
return 1;
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_dec.c b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_dec.c
index cea065e5..f086174c 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_dec.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_dec.c
@@ -850,7 +850,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, long len,
if (utype == V_ASN1_BMPSTRING) {
while (CBS_len(&cbs) != 0) {
uint32_t c;
- if (!cbs_get_ucs2_be(&cbs, &c)) {
+ if (!CBS_get_ucs2_be(&cbs, &c)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING);
goto err;
}
@@ -859,7 +859,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, long len,
if (utype == V_ASN1_UNIVERSALSTRING) {
while (CBS_len(&cbs) != 0) {
uint32_t c;
- if (!cbs_get_utf32_be(&cbs, &c)) {
+ if (!CBS_get_utf32_be(&cbs, &c)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING);
goto err;
}
@@ -868,7 +868,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, long len,
if (utype == V_ASN1_UTF8STRING) {
while (CBS_len(&cbs) != 0) {
uint32_t c;
- if (!cbs_get_utf8(&cbs, &c)) {
+ if (!CBS_get_utf8(&cbs, &c)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UTF8STRING);
goto err;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_enc.c b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_enc.c
index afdcf228..dc7760dd 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_enc.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_enc.c
@@ -452,14 +452,9 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
return 1;
}
- if (sk_ASN1_VALUE_num(sk) > ((size_t)-1) / sizeof(DER_ENC)) {
- OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
- return 0;
- }
-
int ret = 0;
unsigned char *const buf = OPENSSL_malloc(skcontlen);
- DER_ENC *encoded = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*encoded));
+ DER_ENC *encoded = OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded));
if (encoded == NULL || buf == NULL) {
goto err;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_new.c b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_new.c
index ee7c7ec9..7176d85d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_new.c
+++ b/Sources/CJWTKitBoringSSL/crypto/asn1/tasn_new.c
@@ -127,11 +127,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) {
return 1;
}
}
- *pval = OPENSSL_malloc(it->size);
+ *pval = OPENSSL_zalloc(it->size);
if (!*pval) {
goto memerr;
}
- OPENSSL_memset(*pval, 0, it->size);
asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) {
goto auxerr2;
@@ -151,11 +150,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) {
return 1;
}
}
- *pval = OPENSSL_malloc(it->size);
+ *pval = OPENSSL_zalloc(it->size);
if (!*pval) {
goto memerr;
}
- OPENSSL_memset(*pval, 0, it->size);
asn1_refcount_set_one(pval, it);
asn1_enc_init(pval, it);
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
@@ -185,16 +183,9 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) {
}
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) {
- const ASN1_EXTERN_FUNCS *ef;
-
switch (it->itype) {
case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
- if (ef && ef->asn1_ex_clear) {
- ef->asn1_ex_clear(pval, it);
- } else {
- *pval = NULL;
- }
+ *pval = NULL;
break;
case ASN1_ITYPE_PRIMITIVE:
@@ -276,7 +267,7 @@ static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) {
}
switch (utype) {
case V_ASN1_OBJECT:
- *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+ *pval = (ASN1_VALUE *)OBJ_get_undef();
return 1;
case V_ASN1_BOOLEAN:
diff --git a/Sources/CJWTKitBoringSSL/crypto/base64/base64.c b/Sources/CJWTKitBoringSSL/crypto/base64/base64.c
index c22f0ba0..ad345d70 100644
--- a/Sources/CJWTKitBoringSSL/crypto/base64/base64.c
+++ b/Sources/CJWTKitBoringSSL/crypto/base64/base64.c
@@ -121,12 +121,7 @@ int EVP_EncodedLength(size_t *out_len, size_t len) {
}
EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) {
- EVP_ENCODE_CTX *ret = OPENSSL_malloc(sizeof(EVP_ENCODE_CTX));
- if (ret == NULL) {
- return NULL;
- }
- OPENSSL_memset(ret, 0, sizeof(EVP_ENCODE_CTX));
- return ret;
+ return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
}
void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/bio.c b/Sources/CJWTKitBoringSSL/crypto/bio/bio.c
index a1353e59..05c491c7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/bio.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/bio.c
@@ -69,16 +69,19 @@
#include "../internal.h"
+static CRYPTO_EX_DATA_CLASS g_ex_data_class =
+ CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
+
BIO *BIO_new(const BIO_METHOD *method) {
- BIO *ret = OPENSSL_malloc(sizeof(BIO));
+ BIO *ret = OPENSSL_zalloc(sizeof(BIO));
if (ret == NULL) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(BIO));
ret->method = method;
ret->shutdown = 1;
ret->references = 1;
+ CRYPTO_new_ex_data(&ret->ex_data);
if (method->create != NULL && !method->create(ret)) {
OPENSSL_free(ret);
@@ -102,6 +105,7 @@ int BIO_free(BIO *bio) {
bio->method->destroy(bio);
}
+ CRYPTO_free_ex_data(&g_ex_data_class, bio, &bio->ex_data);
OPENSSL_free(bio);
}
return 1;
@@ -341,11 +345,11 @@ int BIO_set_close(BIO *bio, int close_flag) {
return (int)BIO_ctrl(bio, BIO_CTRL_SET_CLOSE, close_flag, NULL);
}
-OPENSSL_EXPORT size_t BIO_number_read(const BIO *bio) {
+OPENSSL_EXPORT uint64_t BIO_number_read(const BIO *bio) {
return bio->num_read;
}
-OPENSSL_EXPORT size_t BIO_number_written(const BIO *bio) {
+OPENSSL_EXPORT uint64_t BIO_number_written(const BIO *bio) {
return bio->num_write;
}
@@ -628,23 +632,22 @@ void BIO_set_retry_special(BIO *bio) {
int BIO_set_write_buffer_size(BIO *bio, int buffer_size) { return 0; }
-static struct CRYPTO_STATIC_MUTEX g_index_lock = CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX g_index_lock = CRYPTO_MUTEX_INIT;
static int g_index = BIO_TYPE_START;
int BIO_get_new_index(void) {
- CRYPTO_STATIC_MUTEX_lock_write(&g_index_lock);
+ CRYPTO_MUTEX_lock_write(&g_index_lock);
// If |g_index| exceeds 255, it will collide with the flags bits.
int ret = g_index > 255 ? -1 : g_index++;
- CRYPTO_STATIC_MUTEX_unlock_write(&g_index_lock);
+ CRYPTO_MUTEX_unlock_write(&g_index_lock);
return ret;
}
BIO_METHOD *BIO_meth_new(int type, const char *name) {
- BIO_METHOD *method = OPENSSL_malloc(sizeof(BIO_METHOD));
+ BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD));
if (method == NULL) {
return NULL;
}
- OPENSSL_memset(method, 0, sizeof(BIO_METHOD));
method->type = type;
method->name = name;
return method;
@@ -706,3 +709,23 @@ int BIO_meth_set_puts(BIO_METHOD *method, int (*puts)(BIO *, const char *)) {
// Ignore the parameter. We implement |BIO_puts| using |BIO_write|.
return 1;
}
+
+int BIO_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_unused *unused,
+ CRYPTO_EX_dup *dup_unused,
+ CRYPTO_EX_free *free_func) {
+ int index;
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
+ free_func)) {
+ return -1;
+ }
+ return index;
+}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data) {
+ return CRYPTO_set_ex_data(&bio->ex_data, idx, data);
+}
+
+void *BIO_get_ex_data(const BIO *bio, int idx) {
+ return CRYPTO_get_ex_data(&bio->ex_data, idx);
+}
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/bio_mem.c b/Sources/CJWTKitBoringSSL/crypto/bio/bio_mem.c
index 8e1e6385..695b3f3a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/bio_mem.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/bio_mem.c
@@ -206,7 +206,6 @@ static int mem_gets(BIO *bio, char *buf, int size) {
static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
long ret = 1;
- char **pptr;
BUF_MEM *b = (BUF_MEM *)bio->ptr;
@@ -232,8 +231,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
case BIO_CTRL_INFO:
ret = (long)b->length;
if (ptr != NULL) {
- pptr = (char **)ptr;
- *pptr = (char *)&b->data[0];
+ char **pptr = ptr;
+ *pptr = b->data;
}
break;
case BIO_C_SET_BUF_MEM:
@@ -243,8 +242,8 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
break;
case BIO_C_GET_BUF_MEM_PTR:
if (ptr != NULL) {
- pptr = (char **)ptr;
- *pptr = (char *)b;
+ BUF_MEM **pptr = ptr;
+ *pptr = b;
}
break;
case BIO_CTRL_GET_CLOSE:
@@ -294,15 +293,15 @@ int BIO_mem_contents(const BIO *bio, const uint8_t **out_contents,
}
long BIO_get_mem_data(BIO *bio, char **contents) {
- return BIO_ctrl(bio, BIO_CTRL_INFO, 0, (char *) contents);
+ return BIO_ctrl(bio, BIO_CTRL_INFO, 0, contents);
}
int BIO_get_mem_ptr(BIO *bio, BUF_MEM **out) {
- return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, (char *) out);
+ return (int)BIO_ctrl(bio, BIO_C_GET_BUF_MEM_PTR, 0, out);
}
int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) {
- return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, (char *) b);
+ return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM, take_ownership, b);
}
int BIO_set_mem_eof_return(BIO *bio, int eof_value) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/connect.c b/Sources/CJWTKitBoringSSL/crypto/bio/connect.c
index 8301c553..83ea556d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/connect.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/connect.c
@@ -56,7 +56,7 @@
#include
-#if !defined(OPENSSL_TRUSTY)
+#if !defined(OPENSSL_NO_SOCK)
#include
#include
@@ -233,7 +233,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
BIO_clear_retry_flags(bio);
ret = connect(bio->num, (struct sockaddr*) &c->them, c->them_length);
if (ret < 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_flags(bio, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY));
c->state = BIO_CONN_S_BLOCKED_CONNECT;
bio->retry_reason = BIO_RR_CONNECT;
@@ -252,7 +252,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
case BIO_CONN_S_BLOCKED_CONNECT:
i = bio_sock_error(bio->num);
if (i) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_flags(bio, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY));
c->state = BIO_CONN_S_BLOCKED_CONNECT;
bio->retry_reason = BIO_RR_CONNECT;
@@ -296,13 +296,10 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) {
}
static BIO_CONNECT *BIO_CONNECT_new(void) {
- BIO_CONNECT *ret = OPENSSL_malloc(sizeof(BIO_CONNECT));
-
+ BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT));
if (ret == NULL) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT));
-
ret->state = BIO_CONN_S_BEFORE;
return ret;
}
@@ -366,7 +363,7 @@ static int conn_read(BIO *bio, char *out, int out_len) {
ret = (int)recv(bio->num, out, out_len, 0);
BIO_clear_retry_flags(bio);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_retry_read(bio);
}
}
@@ -390,7 +387,7 @@ static int conn_write(BIO *bio, const char *in, int in_len) {
ret = (int)send(bio->num, in, in_len, 0);
BIO_clear_retry_flags(bio);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_retry_write(bio);
}
}
@@ -532,7 +529,7 @@ int BIO_set_conn_port(BIO *bio, const char *port_str) {
int BIO_set_conn_int_port(BIO *bio, const int *port) {
char buf[DECIMAL_SIZE(int) + 1];
- BIO_snprintf(buf, sizeof(buf), "%d", *port);
+ snprintf(buf, sizeof(buf), "%d", *port);
return BIO_set_conn_port(bio, buf);
}
@@ -544,4 +541,4 @@ int BIO_do_connect(BIO *bio) {
return (int)BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NULL);
}
-#endif // OPENSSL_TRUSTY
+#endif // OPENSSL_NO_SOCK
diff --git a/Sources/CJWTKitBoringSSL/crypto/x509/x_info.c b/Sources/CJWTKitBoringSSL/crypto/bio/errno.c
similarity index 79%
rename from Sources/CJWTKitBoringSSL/crypto/x509/x_info.c
rename to Sources/CJWTKitBoringSSL/crypto/bio/errno.c
index 2c09033b..5fdb4e01 100644
--- a/Sources/CJWTKitBoringSSL/crypto/x509/x_info.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/errno.c
@@ -54,47 +54,39 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#include
+#include
-#include
-#include
-#include
-#include
+#include
-X509_INFO *X509_INFO_new(void) {
- X509_INFO *ret = NULL;
+#include "internal.h"
- ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
- if (ret == NULL) {
- return NULL;
- }
-
- ret->enc_cipher.cipher = NULL;
- ret->enc_len = 0;
- ret->enc_data = NULL;
-
- ret->x509 = NULL;
- ret->crl = NULL;
- ret->x_pkey = NULL;
- return ret;
-}
-void X509_INFO_free(X509_INFO *x) {
- if (x == NULL) {
- return;
+int bio_errno_should_retry(int return_value) {
+ if (return_value != -1) {
+ return 0;
}
- if (x->x509 != NULL) {
- X509_free(x->x509);
- }
- if (x->crl != NULL) {
- X509_CRL_free(x->crl);
- }
- if (x->x_pkey != NULL) {
- X509_PKEY_free(x->x_pkey);
- }
- if (x->enc_data != NULL) {
- OPENSSL_free(x->enc_data);
- }
- OPENSSL_free(x);
+ return
+#ifdef EWOULDBLOCK
+ errno == EWOULDBLOCK ||
+#endif
+#ifdef ENOTCONN
+ errno == ENOTCONN ||
+#endif
+#ifdef EINTR
+ errno == EINTR ||
+#endif
+#ifdef EAGAIN
+ errno == EAGAIN ||
+#endif
+#ifdef EPROTO
+ errno == EPROTO ||
+#endif
+#ifdef EINPROGRESS
+ errno == EINPROGRESS ||
+#endif
+#ifdef EALREADY
+ errno == EALREADY ||
+#endif
+ 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/fd.c b/Sources/CJWTKitBoringSSL/crypto/bio/fd.c
index 5cae4ce9..5bd52b6a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/fd.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/fd.c
@@ -56,7 +56,7 @@
#include
-#if !defined(OPENSSL_TRUSTY)
+#if !defined(OPENSSL_NO_POSIX_IO)
#include
#include
@@ -65,9 +65,6 @@
#include
#else
#include
-OPENSSL_MSVC_PRAGMA(warning(push, 3))
-#include
-OPENSSL_MSVC_PRAGMA(warning(pop))
#endif
#include
@@ -77,59 +74,18 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
#include "../internal.h"
-static int bio_fd_non_fatal_error(int err) {
- if (
-#ifdef EWOULDBLOCK
- err == EWOULDBLOCK ||
-#endif
-#ifdef WSAEWOULDBLOCK
- err == WSAEWOULDBLOCK ||
-#endif
-#ifdef ENOTCONN
- err == ENOTCONN ||
-#endif
-#ifdef EINTR
- err == EINTR ||
-#endif
-#ifdef EAGAIN
- err == EAGAIN ||
-#endif
-#ifdef EPROTO
- err == EPROTO ||
-#endif
-#ifdef EINPROGRESS
- err == EINPROGRESS ||
-#endif
-#ifdef EALREADY
- err == EALREADY ||
-#endif
- 0) {
- return 1;
- }
- return 0;
-}
-
#if defined(OPENSSL_WINDOWS)
- #define BORINGSSL_ERRNO (int)GetLastError()
#define BORINGSSL_CLOSE _close
#define BORINGSSL_LSEEK _lseek
#define BORINGSSL_READ _read
#define BORINGSSL_WRITE _write
#else
- #define BORINGSSL_ERRNO errno
#define BORINGSSL_CLOSE close
#define BORINGSSL_LSEEK lseek
#define BORINGSSL_READ read
#define BORINGSSL_WRITE write
#endif
-int bio_fd_should_retry(int i) {
- if (i == -1) {
- return bio_fd_non_fatal_error(BORINGSSL_ERRNO);
- }
- return 0;
-}
-
BIO *BIO_new_fd(int fd, int close_flag) {
BIO *ret = BIO_new(BIO_s_fd());
if (ret == NULL) {
@@ -161,7 +117,7 @@ static int fd_read(BIO *b, char *out, int outl) {
ret = (int)BORINGSSL_READ(b->num, out, outl);
BIO_clear_retry_flags(b);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_errno_should_retry(ret)) {
BIO_set_retry_read(b);
}
}
@@ -173,7 +129,7 @@ static int fd_write(BIO *b, const char *in, int inl) {
int ret = (int)BORINGSSL_WRITE(b->num, in, inl);
BIO_clear_retry_flags(b);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_errno_should_retry(ret)) {
BIO_set_retry_write(b);
}
}
@@ -268,6 +224,8 @@ static const BIO_METHOD methods_fdp = {
const BIO_METHOD *BIO_s_fd(void) { return &methods_fdp; }
+#endif // OPENSSL_NO_POSIX_IO
+
int BIO_set_fd(BIO *bio, int fd, int close_flag) {
return (int)BIO_int_ctrl(bio, BIO_C_SET_FD, close_flag, fd);
}
@@ -275,5 +233,3 @@ int BIO_set_fd(BIO *bio, int fd, int close_flag) {
int BIO_get_fd(BIO *bio, int *out_fd) {
return (int)BIO_ctrl(bio, BIO_C_GET_FD, 0, (char *) out_fd);
}
-
-#endif // OPENSSL_TRUSTY
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/file.c b/Sources/CJWTKitBoringSSL/crypto/bio/file.c
index 0bd15df5..d1e3dc8e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/file.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/file.c
@@ -73,8 +73,6 @@
#include
-#if !defined(OPENSSL_TRUSTY)
-
#include
#include
#include
@@ -89,11 +87,20 @@
#define BIO_FP_WRITE 0x04
#define BIO_FP_APPEND 0x08
+#if !defined(OPENSSL_NO_FILESYSTEM)
+#define fopen_if_available fopen
+#else
+static FILE *fopen_if_available(const char *path, const char *mode) {
+ errno = ENOENT;
+ return NULL;
+}
+#endif
+
BIO *BIO_new_file(const char *filename, const char *mode) {
BIO *ret;
FILE *file;
- file = fopen(filename, mode);
+ file = fopen_if_available(filename, mode);
if (file == NULL) {
OPENSSL_PUT_SYSTEM_ERROR();
@@ -172,7 +179,6 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
long ret = 1;
FILE *fp = (FILE *)b->ptr;
FILE **fpp;
- char p[4];
switch (cmd) {
case BIO_CTRL_RESET:
@@ -197,27 +203,28 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
case BIO_C_SET_FILENAME:
file_free(b);
b->shutdown = (int)num & BIO_CLOSE;
+ const char *mode;
if (num & BIO_FP_APPEND) {
if (num & BIO_FP_READ) {
- OPENSSL_strlcpy(p, "a+", sizeof(p));
+ mode = "a+";
} else {
- OPENSSL_strlcpy(p, "a", sizeof(p));
+ mode = "a";
}
} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) {
- OPENSSL_strlcpy(p, "r+", sizeof(p));
+ mode = "r+";
} else if (num & BIO_FP_WRITE) {
- OPENSSL_strlcpy(p, "w", sizeof(p));
+ mode = "w";
} else if (num & BIO_FP_READ) {
- OPENSSL_strlcpy(p, "r", sizeof(p));
+ mode = "r";
} else {
OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE);
ret = 0;
break;
}
- fp = fopen(ptr, p);
+ fp = fopen_if_available(ptr, mode);
if (fp == NULL) {
OPENSSL_PUT_SYSTEM_ERROR();
- ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+ ERR_add_error_data(5, "fopen('", ptr, "','", mode, "')");
OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB);
ret = 0;
break;
@@ -310,5 +317,3 @@ long BIO_tell(BIO *bio) { return BIO_ctrl(bio, BIO_C_FILE_TELL, 0, NULL); }
long BIO_seek(BIO *bio, long offset) {
return BIO_ctrl(bio, BIO_C_FILE_SEEK, offset, NULL);
}
-
-#endif // OPENSSL_TRUSTY
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/internal.h b/Sources/CJWTKitBoringSSL/crypto/bio/internal.h
index 41fed663..883da413 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/internal.h
@@ -59,6 +59,7 @@
#include
+#if !defined(OPENSSL_NO_SOCK)
#if !defined(OPENSSL_WINDOWS)
#if defined(OPENSSL_PNACL)
// newlib uses u_short in socket.h without defining it.
@@ -72,13 +73,16 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
OPENSSL_MSVC_PRAGMA(warning(pop))
typedef int socklen_t;
#endif
+#endif // !OPENSSL_NO_SOCK
#if defined(__cplusplus)
extern "C" {
#endif
-// BIO_ip_and_port_to_socket_and_addr creates a socket and fills in |*out_addr|
+#if !defined(OPENSSL_NO_SOCK)
+
+// bio_ip_and_port_to_socket_and_addr creates a socket and fills in |*out_addr|
// and |*out_addr_length| with the correct values for connecting to |hostname|
// on |port_str|. It returns one on success or zero on error.
int bio_ip_and_port_to_socket_and_addr(int *out_sock,
@@ -87,21 +91,27 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
const char *hostname,
const char *port_str);
-// BIO_socket_nbio sets whether |sock| is non-blocking. It returns one on
+// bio_socket_nbio sets whether |sock| is non-blocking. It returns one on
// success and zero otherwise.
int bio_socket_nbio(int sock, int on);
-// BIO_clear_socket_error clears the last system socket error.
+// bio_clear_socket_error clears the last system socket error.
//
// TODO(fork): remove all callers of this.
void bio_clear_socket_error(void);
-// BIO_sock_error returns the last socket error on |sock|.
+// bio_sock_error returns the last socket error on |sock|.
int bio_sock_error(int sock);
-// BIO_fd_should_retry returns non-zero if |return_value| indicates an error
+// bio_socket_should_retry returns non-zero if |return_value| indicates an error
+// and the last socket error indicates that it's non-fatal.
+int bio_socket_should_retry(int return_value);
+
+#endif // !OPENSSL_NO_SOCK
+
+// bio_errno_should_retry returns non-zero if |return_value| indicates an error
// and |errno| indicates that it's non-fatal.
-int bio_fd_should_retry(int return_value);
+int bio_errno_should_retry(int return_value);
#if defined(__cplusplus)
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/pair.c b/Sources/CJWTKitBoringSSL/crypto/bio/pair.c
index 1dbf9953..3473881d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/pair.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/pair.c
@@ -81,13 +81,10 @@ struct bio_bio_st {
};
static int bio_new(BIO *bio) {
- struct bio_bio_st *b;
-
- b = OPENSSL_malloc(sizeof *b);
+ struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b);
if (b == NULL) {
return 0;
}
- OPENSSL_memset(b, 0, sizeof(struct bio_bio_st));
b->size = 17 * 1024; // enough for one TLS record (just a default)
bio->ptr = b;
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/socket.c b/Sources/CJWTKitBoringSSL/crypto/bio/socket.c
index c5ad850f..cccd218b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/socket.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/socket.c
@@ -56,7 +56,7 @@
#include
-#if !defined(OPENSSL_TRUSTY)
+#if !defined(OPENSSL_NO_SOCK)
#include
#include
@@ -104,7 +104,7 @@ static int sock_read(BIO *b, char *out, int outl) {
#endif
BIO_clear_retry_flags(b);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_retry_read(b);
}
}
@@ -120,7 +120,7 @@ static int sock_write(BIO *b, const char *in, int inl) {
#endif
BIO_clear_retry_flags(b);
if (ret <= 0) {
- if (bio_fd_should_retry(ret)) {
+ if (bio_socket_should_retry(ret)) {
BIO_set_retry_write(b);
}
}
@@ -186,4 +186,4 @@ BIO *BIO_new_socket(int fd, int close_flag) {
return ret;
}
-#endif // OPENSSL_TRUSTY
+#endif // OPENSSL_NO_SOCK
diff --git a/Sources/CJWTKitBoringSSL/crypto/bio/socket_helper.c b/Sources/CJWTKitBoringSSL/crypto/bio/socket_helper.c
index 3ed79ada..31b48839 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bio/socket_helper.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bio/socket_helper.c
@@ -20,7 +20,7 @@
#include
#include
-#if !defined(OPENSSL_TRUSTY)
+#if !defined(OPENSSL_NO_SOCK)
#include
#include
@@ -121,4 +121,13 @@ int bio_sock_error(int sock) {
return error;
}
-#endif // OPENSSL_TRUSTY
+int bio_socket_should_retry(int return_value) {
+#if defined(OPENSSL_WINDOWS)
+ return return_value == -1 && WSAGetLastError() == WSAEWOULDBLOCK;
+#else
+ // On POSIX platforms, sockets and fds are the same.
+ return bio_errno_should_retry(return_value);
+#endif
+}
+
+#endif // OPENSSL_NO_SOCK
diff --git a/Sources/CJWTKitBoringSSL/crypto/bn_extra/convert.c b/Sources/CJWTKitBoringSSL/crypto/bn_extra/convert.c
index 3dcfbeeb..6f9b4ac7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bn_extra/convert.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bn_extra/convert.c
@@ -455,3 +455,11 @@ int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) {
}
return len;
}
+
+int BN_bn2lebinpad(const BIGNUM *in, uint8_t *out, int len) {
+ if (len < 0 ||
+ !BN_bn2le_padded(out, (size_t)len, in)) {
+ return -1;
+ }
+ return len;
+}
diff --git a/Sources/CJWTKitBoringSSL/crypto/buf/buf.c b/Sources/CJWTKitBoringSSL/crypto/buf/buf.c
index fcc5ffb5..97b03d6a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/buf/buf.c
+++ b/Sources/CJWTKitBoringSSL/crypto/buf/buf.c
@@ -64,17 +64,7 @@
#include "../internal.h"
-BUF_MEM *BUF_MEM_new(void) {
- BUF_MEM *ret;
-
- ret = OPENSSL_malloc(sizeof(BUF_MEM));
- if (ret == NULL) {
- return NULL;
- }
-
- OPENSSL_memset(ret, 0, sizeof(BUF_MEM));
- return ret;
-}
+BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); }
void BUF_MEM_free(BUF_MEM *buf) {
if (buf == NULL) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/bytestring/ber.c b/Sources/CJWTKitBoringSSL/crypto/bytestring/ber.c
index bccb61ab..50fd125b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bytestring/ber.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bytestring/ber.c
@@ -18,13 +18,10 @@
#include
#include "internal.h"
-#include "../internal.h"
-// kMaxDepth is a just a sanity limit. The code should be such that the length
-// of the input being processes always decreases. None the less, a very large
-// input could otherwise cause the stack to overflow.
-static const uint32_t kMaxDepth = 2048;
+// kMaxDepth limits the recursion depth to avoid overflowing the stack.
+static const uint32_t kMaxDepth = 128;
// is_string_type returns one if |tag| is a string type and zero otherwise. It
// ignores the constructed bit.
@@ -56,13 +53,11 @@ static int is_string_type(CBS_ASN1_TAG tag) {
// found. The value of |orig_in| is not changed. It returns one on success (i.e.
// |*ber_found| was set) and zero on error.
static int cbs_find_ber(const CBS *orig_in, int *ber_found, uint32_t depth) {
- CBS in;
-
if (depth > kMaxDepth) {
return 0;
}
- CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
+ CBS in = *orig_in;
*ber_found = 0;
while (CBS_len(&in) > 0) {
@@ -87,6 +82,10 @@ static int cbs_find_ber(const CBS *orig_in, int *ber_found, uint32_t depth) {
!cbs_find_ber(&contents, ber_found, depth + 1)) {
return 0;
}
+ if (*ber_found) {
+ // We already found BER. No need to continue parsing.
+ return 1;
+ }
}
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/bytestring/cbb.c b/Sources/CJWTKitBoringSSL/crypto/bytestring/cbb.c
index 4f6daec3..6a7a7472 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bytestring/cbb.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bytestring/cbb.c
@@ -155,6 +155,29 @@ static struct cbb_buffer_st *cbb_get_base(CBB *cbb) {
return &cbb->u.base;
}
+static void cbb_on_error(CBB *cbb) {
+ // Due to C's lack of destructors and |CBB|'s auto-flushing API, a failing
+ // |CBB|-taking function may leave a dangling pointer to a child |CBB|. As a
+ // result, the convention is callers may not write to |CBB|s that have failed.
+ // But, as a safety measure, we lock the |CBB| into an error state. Once the
+ // error bit is set, |cbb->child| will not be read.
+ //
+ // TODO(davidben): This still isn't quite ideal. A |CBB| function *outside*
+ // this file may originate an error while the |CBB| points to a local child.
+ // In that case we don't set the error bit and are reliant on the error
+ // convention. Perhaps we allow |CBB_cleanup| on child |CBB|s and make every
+ // child's |CBB_cleanup| set the error bit if unflushed. That will be
+ // convenient for C++ callers, but very tedious for C callers. So C callers
+ // perhaps should get a |CBB_on_error| function that can be, less tediously,
+ // stuck in a |goto err| block.
+ cbb_get_base(cbb)->error = 1;
+
+ // Clearing the pointer is not strictly necessary, but GCC's dangling pointer
+ // warning does not know |cbb->child| will not be read once |error| is set
+ // above.
+ cbb->child = NULL;
+}
+
// CBB_flush recurses and then writes out any pending length prefix. The
// current length of the underlying base is taken to be the length of the
// length-prefixed data.
@@ -244,7 +267,7 @@ int CBB_flush(CBB *cbb) {
return 1;
err:
- base->error = 1;
+ cbb_on_error(cbb);
return 0;
}
@@ -420,7 +443,7 @@ static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) {
// |v| must fit in |len_len| bytes.
if (v != 0) {
- cbb_get_base(cbb)->error = 1;
+ cbb_on_error(cbb);
return 0;
}
@@ -479,7 +502,7 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) {
CBB child;
if (!CBB_add_asn1(cbb, &child, tag)) {
- return 0;
+ goto err;
}
int started = 0;
@@ -493,21 +516,25 @@ int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) {
// If the high bit is set, add a padding byte to make it
// unsigned.
if ((byte & 0x80) && !CBB_add_u8(&child, 0)) {
- return 0;
+ goto err;
}
started = 1;
}
if (!CBB_add_u8(&child, byte)) {
- return 0;
+ goto err;
}
}
// 0 is encoded as a single 0, not the empty string.
if (!started && !CBB_add_u8(&child, 0)) {
- return 0;
+ goto err;
}
return CBB_flush(cbb);
+
+err:
+ cbb_on_error(cbb);
+ return 0;
}
int CBB_add_asn1_int64(CBB *cbb, int64_t value) {
@@ -529,14 +556,18 @@ int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) {
CBB child;
if (!CBB_add_asn1(cbb, &child, tag)) {
- return 0;
+ goto err;
}
for (int i = start; i >= 0; i--) {
if (!CBB_add_u8(&child, bytes[i])) {
- return 0;
+ goto err;
}
}
return CBB_flush(cbb);
+
+err:
+ cbb_on_error(cbb);
+ return 0;
}
int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
@@ -544,6 +575,7 @@ int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&child, data, data_len) ||
!CBB_flush(cbb)) {
+ cbb_on_error(cbb);
return 0;
}
@@ -555,6 +587,7 @@ int CBB_add_asn1_bool(CBB *cbb, int value) {
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) ||
!CBB_add_u8(&child, value != 0 ? 0xff : 0) ||
!CBB_flush(cbb)) {
+ cbb_on_error(cbb);
return 0;
}
@@ -649,16 +682,13 @@ int CBB_flush_asn1_set_of(CBB *cbb) {
if (num_children < 2) {
return 1; // Nothing to do. This is the common case for X.509.
}
- if (num_children > ((size_t)-1) / sizeof(CBS)) {
- return 0; // Overflow.
- }
// Parse out the children and sort. We alias them into a copy of so they
// remain valid as we rewrite |cbb|.
int ret = 0;
size_t buf_len = CBB_len(cbb);
uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
- CBS *children = OPENSSL_malloc(num_children * sizeof(CBS));
+ CBS *children = OPENSSL_calloc(num_children, sizeof(CBS));
if (buf == NULL || children == NULL) {
goto err;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/bytestring/cbs.c b/Sources/CJWTKitBoringSSL/crypto/bytestring/cbs.c
index 8c2ca0ee..2ca3c562 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bytestring/cbs.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bytestring/cbs.c
@@ -694,7 +694,7 @@ int CBS_is_unsigned_asn1_integer(const CBS *cbs) {
static int add_decimal(CBB *out, uint64_t v) {
char buf[DECIMAL_SIZE(uint64_t) + 1];
- BIO_snprintf(buf, sizeof(buf), "%" PRIu64, v);
+ snprintf(buf, sizeof(buf), "%" PRIu64, v);
return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/bytestring/internal.h b/Sources/CJWTKitBoringSSL/crypto/bytestring/internal.h
index 17652cf5..a417fbc1 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bytestring/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/bytestring/internal.h
@@ -67,28 +67,6 @@ OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out,
int CBB_finish_i2d(CBB *cbb, uint8_t **outp);
-// Unicode utilities.
-
-// The following functions read one Unicode code point from |cbs| with the
-// corresponding encoding and store it in |*out|. They return one on success and
-// zero on error.
-OPENSSL_EXPORT int cbs_get_utf8(CBS *cbs, uint32_t *out);
-OPENSSL_EXPORT int cbs_get_latin1(CBS *cbs, uint32_t *out);
-OPENSSL_EXPORT int cbs_get_ucs2_be(CBS *cbs, uint32_t *out);
-OPENSSL_EXPORT int cbs_get_utf32_be(CBS *cbs, uint32_t *out);
-
-// cbb_get_utf8_len returns the number of bytes needed to represent |u| in
-// UTF-8.
-OPENSSL_EXPORT size_t cbb_get_utf8_len(uint32_t u);
-
-// The following functions encode |u| to |cbb| with the corresponding
-// encoding. They return one on success and zero on error.
-OPENSSL_EXPORT int cbb_add_utf8(CBB *cbb, uint32_t u);
-OPENSSL_EXPORT int cbb_add_latin1(CBB *cbb, uint32_t u);
-OPENSSL_EXPORT int cbb_add_ucs2_be(CBB *cbb, uint32_t u);
-OPENSSL_EXPORT int cbb_add_utf32_be(CBB *cbb, uint32_t u);
-
-
#if defined(__cplusplus)
} // extern C
#endif
diff --git a/Sources/CJWTKitBoringSSL/crypto/bytestring/unicode.c b/Sources/CJWTKitBoringSSL/crypto/bytestring/unicode.c
index 683edf77..1f12378b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/bytestring/unicode.c
+++ b/Sources/CJWTKitBoringSSL/crypto/bytestring/unicode.c
@@ -38,7 +38,7 @@ static int is_valid_code_point(uint32_t v) {
// TOP_BITS returns a byte with the top |n| bits set.
#define TOP_BITS(n) ((uint8_t)~BOTTOM_BITS(8 - (n)))
-int cbs_get_utf8(CBS *cbs, uint32_t *out) {
+int CBS_get_utf8(CBS *cbs, uint32_t *out) {
uint8_t c;
if (!CBS_get_u8(cbs, &c)) {
return 0;
@@ -80,7 +80,7 @@ int cbs_get_utf8(CBS *cbs, uint32_t *out) {
return 1;
}
-int cbs_get_latin1(CBS *cbs, uint32_t *out) {
+int CBS_get_latin1(CBS *cbs, uint32_t *out) {
uint8_t c;
if (!CBS_get_u8(cbs, &c)) {
return 0;
@@ -89,7 +89,7 @@ int cbs_get_latin1(CBS *cbs, uint32_t *out) {
return 1;
}
-int cbs_get_ucs2_be(CBS *cbs, uint32_t *out) {
+int CBS_get_ucs2_be(CBS *cbs, uint32_t *out) {
// Note UCS-2 (used by BMPString) does not support surrogates.
uint16_t c;
if (!CBS_get_u16(cbs, &c) ||
@@ -100,11 +100,11 @@ int cbs_get_ucs2_be(CBS *cbs, uint32_t *out) {
return 1;
}
-int cbs_get_utf32_be(CBS *cbs, uint32_t *out) {
+int CBS_get_utf32_be(CBS *cbs, uint32_t *out) {
return CBS_get_u32(cbs, out) && is_valid_code_point(*out);
}
-size_t cbb_get_utf8_len(uint32_t u) {
+size_t CBB_get_utf8_len(uint32_t u) {
if (u <= 0x7f) {
return 1;
}
@@ -117,7 +117,7 @@ size_t cbb_get_utf8_len(uint32_t u) {
return 4;
}
-int cbb_add_utf8(CBB *cbb, uint32_t u) {
+int CBB_add_utf8(CBB *cbb, uint32_t u) {
if (!is_valid_code_point(u)) {
return 0;
}
@@ -142,14 +142,14 @@ int cbb_add_utf8(CBB *cbb, uint32_t u) {
return 0;
}
-int cbb_add_latin1(CBB *cbb, uint32_t u) {
+int CBB_add_latin1(CBB *cbb, uint32_t u) {
return u <= 0xff && CBB_add_u8(cbb, (uint8_t)u);
}
-int cbb_add_ucs2_be(CBB *cbb, uint32_t u) {
+int CBB_add_ucs2_be(CBB *cbb, uint32_t u) {
return u <= 0xffff && is_valid_code_point(u) && CBB_add_u16(cbb, (uint16_t)u);
}
-int cbb_add_utf32_be(CBB *cbb, uint32_t u) {
+int CBB_add_utf32_be(CBB *cbb, uint32_t u) {
return is_valid_code_point(u) && CBB_add_u32(cbb, u);
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-ios.ios.arm.S
index 40890f0e..56cbd4cc 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -39,49 +31,19 @@ Lsigma:
.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 @ endian-neutral
Lone:
.long 1,0,0,0
-#if __ARM_MAX_ARCH__>=7
-LOPENSSL_armcap:
-.word OPENSSL_armcap_P-LChaCha20_ctr32
-#else
-.word -1
-#endif
-.globl _ChaCha20_ctr32
-.private_extern _ChaCha20_ctr32
+.globl _ChaCha20_ctr32_nohw
+.private_extern _ChaCha20_ctr32_nohw
#ifdef __thumb2__
-.thumb_func _ChaCha20_ctr32
+.thumb_func _ChaCha20_ctr32_nohw
#endif
.align 5
-_ChaCha20_ctr32:
-LChaCha20_ctr32:
+_ChaCha20_ctr32_nohw:
ldr r12,[sp,#0] @ pull pointer to counter and nonce
stmdb sp!,{r0,r1,r2,r4-r11,lr}
-#if __ARM_ARCH__<7 && !defined(__thumb2__)
- sub r14,pc,#16 @ _ChaCha20_ctr32
-#else
- adr r14,LChaCha20_ctr32
-#endif
- cmp r2,#0 @ len==0?
-#ifdef __thumb2__
- itt eq
-#endif
- addeq sp,sp,#4*3
- beq Lno_data
-#if __ARM_MAX_ARCH__>=7
- cmp r2,#192 @ test len
- bls Lshort
- ldr r4,[r14,#-32]
- ldr r4,[r14,r4]
-# ifdef __APPLE__
- ldr r4,[r4]
-# endif
- tst r4,#ARMV7_NEON
- bne LChaCha20_neon
-Lshort:
-#endif
+ adr r14,Lsigma
ldmia r12,{r4,r5,r6,r7} @ load counter and nonce
sub sp,sp,#4*(16) @ off-load area
- sub r14,r14,#64 @ Lsigma
stmdb sp!,{r4,r5,r6,r7} @ copy counter and nonce
ldmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} @ load key
ldmia r14,{r0,r1,r2,r3} @ load sigma
@@ -242,8 +204,8 @@ Loop:
ldr r8,[sp,#4*(0)] @ load key material
ldr r9,[sp,#4*(1)]
-#if __ARM_ARCH__>=6 || !defined(__ARMEB__)
-# if __ARM_ARCH__<7
+#if __ARM_ARCH>=6 || !defined(__ARMEB__)
+# if __ARM_ARCH<7
orr r10,r12,r14
tst r10,#3 @ are input and output aligned?
ldr r10,[sp,#4*(2)]
@@ -269,7 +231,7 @@ Loop:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r0,r0
rev r1,r1
rev r2,r2
@@ -306,7 +268,7 @@ Loop:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r4,r4
rev r5,r5
rev r6,r6
@@ -351,7 +313,7 @@ Loop:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r0,r0
rev r1,r1
rev r2,r2
@@ -393,7 +355,7 @@ Loop:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r4,r4
rev r5,r5
rev r6,r6
@@ -424,7 +386,7 @@ Loop:
bhi Loop_outer
beq Ldone
-# if __ARM_ARCH__<7
+# if __ARM_ARCH<7
b Ltail
.align 4
@@ -432,7 +394,7 @@ Lunaligned:@ unaligned endian-neutral path
cmp r11,#64 @ restore flags
# endif
#endif
-#if __ARM_ARCH__<7
+#if __ARM_ARCH<7
ldr r11,[sp,#4*(3)]
add r0,r0,r8 @ accumulate key material
add r1,r1,r9
@@ -808,21 +770,21 @@ Loop_tail:
Ldone:
add sp,sp,#4*(32+3)
-Lno_data:
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
#if __ARM_MAX_ARCH__>=7
+.globl _ChaCha20_ctr32_neon
+.private_extern _ChaCha20_ctr32_neon
#ifdef __thumb2__
-.thumb_func ChaCha20_neon
+.thumb_func _ChaCha20_ctr32_neon
#endif
.align 5
-ChaCha20_neon:
+_ChaCha20_ctr32_neon:
ldr r12,[sp,#0] @ pull pointer to counter and nonce
stmdb sp!,{r0,r1,r2,r4-r11,lr}
-LChaCha20_neon:
adr r14,Lsigma
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI spec says so
stmdb sp!,{r0,r1,r2,r3}
@@ -1491,17 +1453,8 @@ Ldone_neon:
add sp,sp,#4*(16+3)
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
-.comm _OPENSSL_armcap_P,4
-.non_lazy_symbol_pointer
-OPENSSL_armcap_P:
-.indirect_symbol _OPENSSL_armcap_P
-.long 0
-#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-linux.linux.arm.S
index 25b94f8f..80f9f36b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv4-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -39,47 +31,17 @@
.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 @ endian-neutral
.Lone:
.long 1,0,0,0
-#if __ARM_MAX_ARCH__>=7
-.LOPENSSL_armcap:
-.word OPENSSL_armcap_P-.LChaCha20_ctr32
-#else
-.word -1
-#endif
-.globl ChaCha20_ctr32
-.hidden ChaCha20_ctr32
-.type ChaCha20_ctr32,%function
+.globl ChaCha20_ctr32_nohw
+.hidden ChaCha20_ctr32_nohw
+.type ChaCha20_ctr32_nohw,%function
.align 5
-ChaCha20_ctr32:
-.LChaCha20_ctr32:
+ChaCha20_ctr32_nohw:
ldr r12,[sp,#0] @ pull pointer to counter and nonce
stmdb sp!,{r0,r1,r2,r4-r11,lr}
-#if __ARM_ARCH__<7 && !defined(__thumb2__)
- sub r14,pc,#16 @ ChaCha20_ctr32
-#else
- adr r14,.LChaCha20_ctr32
-#endif
- cmp r2,#0 @ len==0?
-#ifdef __thumb2__
- itt eq
-#endif
- addeq sp,sp,#4*3
- beq .Lno_data
-#if __ARM_MAX_ARCH__>=7
- cmp r2,#192 @ test len
- bls .Lshort
- ldr r4,[r14,#-32]
- ldr r4,[r14,r4]
-# ifdef __APPLE__
- ldr r4,[r4]
-# endif
- tst r4,#ARMV7_NEON
- bne .LChaCha20_neon
-.Lshort:
-#endif
+ adr r14,.Lsigma
ldmia r12,{r4,r5,r6,r7} @ load counter and nonce
sub sp,sp,#4*(16) @ off-load area
- sub r14,r14,#64 @ .Lsigma
stmdb sp!,{r4,r5,r6,r7} @ copy counter and nonce
ldmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} @ load key
ldmia r14,{r0,r1,r2,r3} @ load sigma
@@ -240,8 +202,8 @@ ChaCha20_ctr32:
ldr r8,[sp,#4*(0)] @ load key material
ldr r9,[sp,#4*(1)]
-#if __ARM_ARCH__>=6 || !defined(__ARMEB__)
-# if __ARM_ARCH__<7
+#if __ARM_ARCH>=6 || !defined(__ARMEB__)
+# if __ARM_ARCH<7
orr r10,r12,r14
tst r10,#3 @ are input and output aligned?
ldr r10,[sp,#4*(2)]
@@ -267,7 +229,7 @@ ChaCha20_ctr32:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r0,r0
rev r1,r1
rev r2,r2
@@ -304,7 +266,7 @@ ChaCha20_ctr32:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r4,r4
rev r5,r5
rev r6,r6
@@ -349,7 +311,7 @@ ChaCha20_ctr32:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r0,r0
rev r1,r1
rev r2,r2
@@ -391,7 +353,7 @@ ChaCha20_ctr32:
# endif
ldrhs r10,[r12,#-8]
ldrhs r11,[r12,#-4]
-# if __ARM_ARCH__>=6 && defined(__ARMEB__)
+# if __ARM_ARCH>=6 && defined(__ARMEB__)
rev r4,r4
rev r5,r5
rev r6,r6
@@ -422,7 +384,7 @@ ChaCha20_ctr32:
bhi .Loop_outer
beq .Ldone
-# if __ARM_ARCH__<7
+# if __ARM_ARCH<7
b .Ltail
.align 4
@@ -430,7 +392,7 @@ ChaCha20_ctr32:
cmp r11,#64 @ restore flags
# endif
#endif
-#if __ARM_ARCH__<7
+#if __ARM_ARCH<7
ldr r11,[sp,#4*(3)]
add r0,r0,r8 @ accumulate key material
add r1,r1,r9
@@ -806,19 +768,19 @@ ChaCha20_ctr32:
.Ldone:
add sp,sp,#4*(32+3)
-.Lno_data:
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
-.size ChaCha20_ctr32,.-ChaCha20_ctr32
+.size ChaCha20_ctr32_nohw,.-ChaCha20_ctr32_nohw
#if __ARM_MAX_ARCH__>=7
.arch armv7-a
.fpu neon
-.type ChaCha20_neon,%function
+.globl ChaCha20_ctr32_neon
+.hidden ChaCha20_ctr32_neon
+.type ChaCha20_ctr32_neon,%function
.align 5
-ChaCha20_neon:
+ChaCha20_ctr32_neon:
ldr r12,[sp,#0] @ pull pointer to counter and nonce
stmdb sp!,{r0,r1,r2,r4-r11,lr}
-.LChaCha20_neon:
adr r14,.Lsigma
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI spec says so
stmdb sp!,{r0,r1,r2,r3}
@@ -1486,14 +1448,9 @@ ChaCha20_neon:
vldmia sp,{d8,d9,d10,d11,d12,d13,d14,d15}
add sp,sp,#4*(16+3)
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc}
-.size ChaCha20_neon,.-ChaCha20_neon
-.comm OPENSSL_armcap_P,4,4
-#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
+.size ChaCha20_ctr32_neon,.-ChaCha20_ctr32_neon
#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-ios.ios.aarch64.S
index e61082da..bcbc0fe8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-ios.ios.aarch64.S
@@ -3,22 +3,11 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
-
-.private_extern _OPENSSL_armcap_P
-
.section __TEXT,__const
.align 5
@@ -31,25 +20,11 @@ Lone:
.text
-.globl _ChaCha20_ctr32
-.private_extern _ChaCha20_ctr32
+.globl _ChaCha20_ctr32_nohw
+.private_extern _ChaCha20_ctr32_nohw
.align 5
-_ChaCha20_ctr32:
- AARCH64_VALID_CALL_TARGET
- cbz x2,Labort
-#if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10
- adrp x5,:pg_hi21_nc:_OPENSSL_armcap_P
-#else
- adrp x5,_OPENSSL_armcap_P@PAGE
-#endif
- cmp x2,#192
- b.lo Lshort
- ldr w17,[x5,_OPENSSL_armcap_P@PAGEOFF]
- tst w17,#ARMV7_NEON
- b.ne ChaCha20_neon
-
-Lshort:
+_ChaCha20_ctr32_nohw:
AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
@@ -264,7 +239,6 @@ Loop:
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
AARCH64_VALIDATE_LINK_REGISTER
-Labort:
ret
.align 4
@@ -324,9 +298,11 @@ Loop_tail:
ret
+.globl _ChaCha20_ctr32_neon
+.private_extern _ChaCha20_ctr32_neon
.align 5
-ChaCha20_neon:
+_ChaCha20_ctr32_neon:
AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
@@ -1991,11 +1967,7 @@ Ldone_512_neon:
AARCH64_VALIDATE_LINK_REGISTER
ret
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-linux.linux.aarch64.S
index 389e545a..cb282cf4 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-armv8-linux.linux.aarch64.S
@@ -3,22 +3,11 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
-
-.hidden OPENSSL_armcap_P
-
.section .rodata
.align 5
@@ -31,25 +20,11 @@
.text
-.globl ChaCha20_ctr32
-.hidden ChaCha20_ctr32
-.type ChaCha20_ctr32,%function
+.globl ChaCha20_ctr32_nohw
+.hidden ChaCha20_ctr32_nohw
+.type ChaCha20_ctr32_nohw,%function
.align 5
-ChaCha20_ctr32:
- AARCH64_VALID_CALL_TARGET
- cbz x2,.Labort
-#if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10
- adrp x5,:pg_hi21_nc:OPENSSL_armcap_P
-#else
- adrp x5,OPENSSL_armcap_P
-#endif
- cmp x2,#192
- b.lo .Lshort
- ldr w17,[x5,:lo12:OPENSSL_armcap_P]
- tst w17,#ARMV7_NEON
- b.ne ChaCha20_neon
-
-.Lshort:
+ChaCha20_ctr32_nohw:
AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
@@ -264,7 +239,6 @@ ChaCha20_ctr32:
ldp x27,x28,[x29,#80]
ldp x29,x30,[sp],#96
AARCH64_VALIDATE_LINK_REGISTER
-.Labort:
ret
.align 4
@@ -322,11 +296,13 @@ ChaCha20_ctr32:
ldp x29,x30,[sp],#96
AARCH64_VALIDATE_LINK_REGISTER
ret
-.size ChaCha20_ctr32,.-ChaCha20_ctr32
+.size ChaCha20_ctr32_nohw,.-ChaCha20_ctr32_nohw
-.type ChaCha20_neon,%function
+.globl ChaCha20_ctr32_neon
+.hidden ChaCha20_ctr32_neon
+.type ChaCha20_ctr32_neon,%function
.align 5
-ChaCha20_neon:
+ChaCha20_ctr32_neon:
AARCH64_SIGN_LINK_REGISTER
stp x29,x30,[sp,#-96]!
add x29,sp,#0
@@ -820,7 +796,7 @@ ChaCha20_neon:
ldp x29,x30,[sp],#96
AARCH64_VALIDATE_LINK_REGISTER
ret
-.size ChaCha20_neon,.-ChaCha20_neon
+.size ChaCha20_ctr32_neon,.-ChaCha20_ctr32_neon
.type ChaCha20_512_neon,%function
.align 5
ChaCha20_512_neon:
@@ -1991,11 +1967,7 @@ ChaCha20_512_neon:
AARCH64_VALIDATE_LINK_REGISTER
ret
.size ChaCha20_512_neon,.-ChaCha20_512_neon
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86-linux.linux.x86.S
index c3aeca53..5f906df7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl ChaCha20_ctr32
.hidden ChaCha20_ctr32
@@ -979,11 +972,7 @@ ChaCha20_ssse3:
.byte 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32
.byte 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111
.byte 114,103,62,0
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-linux.linux.x86_64.S
index 3a0c66a0..88e7df37 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-linux.linux.x86_64.S
@@ -3,21 +3,11 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
-.extern OPENSSL_ia32cap_P
-.hidden OPENSSL_ia32cap_P
-
.section .rodata
.align 64
.Lzero:
@@ -49,18 +39,13 @@
.long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
.byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.text
-.globl ChaCha20_ctr32
-.hidden ChaCha20_ctr32
-.type ChaCha20_ctr32,@function
+.globl ChaCha20_ctr32_nohw
+.hidden ChaCha20_ctr32_nohw
+.type ChaCha20_ctr32_nohw,@function
.align 64
-ChaCha20_ctr32:
+ChaCha20_ctr32_nohw:
.cfi_startproc
- cmpq $0,%rdx
- je .Lno_data
- movq OPENSSL_ia32cap_P+4(%rip),%r10
- testl $512,%r10d
- jnz .LChaCha20_ssse3
-
+_CET_ENDBR
pushq %rbx
.cfi_adjust_cfa_offset 8
.cfi_offset rbx,-16
@@ -335,20 +320,18 @@ ChaCha20_ctr32:
leaq (%rsi),%rsp
.cfi_adjust_cfa_offset -136
.Lno_data:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
-.size ChaCha20_ctr32,.-ChaCha20_ctr32
-.type ChaCha20_ssse3,@function
+.size ChaCha20_ctr32_nohw,.-ChaCha20_ctr32_nohw
+.globl ChaCha20_ctr32_ssse3
+.hidden ChaCha20_ctr32_ssse3
+.type ChaCha20_ctr32_ssse3,@function
.align 32
-ChaCha20_ssse3:
-.LChaCha20_ssse3:
+ChaCha20_ctr32_ssse3:
.cfi_startproc
+_CET_ENDBR
movq %rsp,%r9
.cfi_def_cfa_register r9
- cmpq $128,%rdx
- ja .LChaCha20_4x
-
-.Ldo_sse3_after_all:
subq $64+8,%rsp
movdqa .Lsigma(%rip),%xmm0
movdqu (%rcx),%xmm1
@@ -472,28 +455,19 @@ ChaCha20_ssse3:
leaq (%r9),%rsp
.cfi_def_cfa_register rsp
.Lssse3_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
-.size ChaCha20_ssse3,.-ChaCha20_ssse3
-.type ChaCha20_4x,@function
+.size ChaCha20_ctr32_ssse3,.-ChaCha20_ctr32_ssse3
+.globl ChaCha20_ctr32_ssse3_4x
+.hidden ChaCha20_ctr32_ssse3_4x
+.type ChaCha20_ctr32_ssse3_4x,@function
.align 32
-ChaCha20_4x:
-.LChaCha20_4x:
+ChaCha20_ctr32_ssse3_4x:
.cfi_startproc
+_CET_ENDBR
movq %rsp,%r9
.cfi_def_cfa_register r9
movq %r10,%r11
- shrq $32,%r10
- testq $32,%r10
- jnz .LChaCha20_8x
- cmpq $192,%rdx
- ja .Lproceed4x
-
- andq $71303168,%r11
- cmpq $4194304,%r11
- je .Ldo_sse3_after_all
-
-.Lproceed4x:
subq $0x140+8,%rsp
movdqa .Lsigma(%rip),%xmm11
movdqu (%rcx),%xmm15
@@ -1024,14 +998,16 @@ ChaCha20_4x:
leaq (%r9),%rsp
.cfi_def_cfa_register rsp
.L4x_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
-.size ChaCha20_4x,.-ChaCha20_4x
-.type ChaCha20_8x,@function
+.size ChaCha20_ctr32_ssse3_4x,.-ChaCha20_ctr32_ssse3_4x
+.globl ChaCha20_ctr32_avx2
+.hidden ChaCha20_ctr32_avx2
+.type ChaCha20_ctr32_avx2,@function
.align 32
-ChaCha20_8x:
-.LChaCha20_8x:
+ChaCha20_ctr32_avx2:
.cfi_startproc
+_CET_ENDBR
movq %rsp,%r9
.cfi_def_cfa_register r9
subq $0x280+8,%rsp
@@ -1630,13 +1606,9 @@ ChaCha20_8x:
leaq (%r9),%rsp
.cfi_def_cfa_register rsp
.L8x_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
-.size ChaCha20_8x,.-ChaCha20_8x
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
+.size ChaCha20_ctr32_avx2,.-ChaCha20_ctr32_avx2
#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-mac.mac.x86_64.S
index a88d6375..959944d9 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha-x86_64-mac.mac.x86_64.S
@@ -3,20 +3,11 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
-
-
.section __DATA,__const
.p2align 6
L$zero:
@@ -48,18 +39,13 @@ L$sixteen:
.long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
.byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.text
-.globl _ChaCha20_ctr32
-.private_extern _ChaCha20_ctr32
+.globl _ChaCha20_ctr32_nohw
+.private_extern _ChaCha20_ctr32_nohw
.p2align 6
-_ChaCha20_ctr32:
-
- cmpq $0,%rdx
- je L$no_data
- movq _OPENSSL_ia32cap_P+4(%rip),%r10
- testl $512,%r10d
- jnz L$ChaCha20_ssse3
+_ChaCha20_ctr32_nohw:
+_CET_ENDBR
pushq %rbx
pushq %rbp
@@ -328,20 +314,18 @@ L$done:
leaq (%rsi),%rsp
L$no_data:
- .byte 0xf3,0xc3
+ ret
+.globl _ChaCha20_ctr32_ssse3
+.private_extern _ChaCha20_ctr32_ssse3
.p2align 5
-ChaCha20_ssse3:
-L$ChaCha20_ssse3:
+_ChaCha20_ctr32_ssse3:
+_CET_ENDBR
movq %rsp,%r9
- cmpq $128,%rdx
- ja L$ChaCha20_4x
-
-L$do_sse3_after_all:
subq $64+8,%rsp
movdqa L$sigma(%rip),%xmm0
movdqu (%rcx),%xmm1
@@ -465,28 +449,19 @@ L$done_ssse3:
leaq (%r9),%rsp
L$ssse3_epilogue:
- .byte 0xf3,0xc3
+ ret
+.globl _ChaCha20_ctr32_ssse3_4x
+.private_extern _ChaCha20_ctr32_ssse3_4x
.p2align 5
-ChaCha20_4x:
-L$ChaCha20_4x:
+_ChaCha20_ctr32_ssse3_4x:
+_CET_ENDBR
movq %rsp,%r9
movq %r10,%r11
- shrq $32,%r10
- testq $32,%r10
- jnz L$ChaCha20_8x
- cmpq $192,%rdx
- ja L$proceed4x
-
- andq $71303168,%r11
- cmpq $4194304,%r11
- je L$do_sse3_after_all
-
-L$proceed4x:
subq $0x140+8,%rsp
movdqa L$sigma(%rip),%xmm11
movdqu (%rcx),%xmm15
@@ -1017,14 +992,16 @@ L$done4x:
leaq (%r9),%rsp
L$4x_epilogue:
- .byte 0xf3,0xc3
+ ret
+.globl _ChaCha20_ctr32_avx2
+.private_extern _ChaCha20_ctr32_avx2
.p2align 5
-ChaCha20_8x:
-L$ChaCha20_8x:
+_ChaCha20_ctr32_avx2:
+_CET_ENDBR
movq %rsp,%r9
subq $0x280+8,%rsp
@@ -1623,13 +1600,9 @@ L$done8x:
leaq (%r9),%rsp
L$8x_epilogue:
- .byte 0xf3,0xc3
+ ret
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha.c b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha.c
index 54359688..3bbd6500 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/chacha.c
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/chacha.c
@@ -60,7 +60,40 @@ void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
OPENSSL_memcpy(&out[16], &x[12], sizeof(uint32_t) * 4);
}
-#if defined(CHACHA20_ASM)
+#if defined(CHACHA20_ASM_NOHW)
+static void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]) {
+#if defined(CHACHA20_ASM_NEON)
+ if (ChaCha20_ctr32_neon_capable(in_len)) {
+ ChaCha20_ctr32_neon(out, in, in_len, key, counter);
+ return;
+ }
+#endif
+#if defined(CHACHA20_ASM_AVX2)
+ if (ChaCha20_ctr32_avx2_capable(in_len)) {
+ ChaCha20_ctr32_avx2(out, in, in_len, key, counter);
+ return;
+ }
+#endif
+#if defined(CHACHA20_ASM_SSSE3_4X)
+ if (ChaCha20_ctr32_ssse3_4x_capable(in_len)) {
+ ChaCha20_ctr32_ssse3_4x(out, in, in_len, key, counter);
+ return;
+ }
+#endif
+#if defined(CHACHA20_ASM_SSSE3)
+ if (ChaCha20_ctr32_ssse3_capable(in_len)) {
+ ChaCha20_ctr32_ssse3(out, in, in_len, key, counter);
+ return;
+ }
+#endif
+ if (in_len > 0) {
+ ChaCha20_ctr32_nohw(out, in, in_len, key, counter);
+ }
+}
+#endif
+
+#if defined(CHACHA20_ASM) || defined(CHACHA20_ASM_NOHW)
void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
const uint8_t key[32], const uint8_t nonce[12],
@@ -91,7 +124,25 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
}
#endif
- ChaCha20_ctr32(out, in, in_len, key_ptr, counter_nonce);
+ while (in_len > 0) {
+ // The assembly functions do not have defined overflow behavior. While
+ // overflow is almost always a bug in the caller, we prefer our functions to
+ // behave the same across platforms, so divide into multiple calls to avoid
+ // this case.
+ uint64_t todo = 64 * ((UINT64_C(1) << 32) - counter_nonce[0]);
+ if (todo > in_len) {
+ todo = in_len;
+ }
+
+ ChaCha20_ctr32(out, in, (size_t)todo, key_ptr, counter_nonce);
+ in += todo;
+ out += todo;
+ in_len -= todo;
+
+ // We're either done and will next break out of the loop, or we stopped at
+ // the wraparound point and the counter should continue at zero.
+ counter_nonce[0] = 0;
+ }
}
#else
diff --git a/Sources/CJWTKitBoringSSL/crypto/chacha/internal.h b/Sources/CJWTKitBoringSSL/crypto/chacha/internal.h
index 367378cc..7c401cd0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/chacha/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/chacha/internal.h
@@ -17,6 +17,8 @@
#include
+#include "../internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -27,16 +29,67 @@ extern "C" {
void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
const uint8_t nonce[16]);
-#if !defined(OPENSSL_NO_ASM) && \
- (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
- defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86)
+
#define CHACHA20_ASM
-// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
+#elif !defined(OPENSSL_NO_ASM) && \
+ (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
+
+#define CHACHA20_ASM_NOHW
+
+#define CHACHA20_ASM_NEON
+OPENSSL_INLINE int ChaCha20_ctr32_neon_capable(size_t len) {
+ return (len >= 192) && CRYPTO_is_NEON_capable();
+}
+void ChaCha20_ctr32_neon(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]);
+#elif !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
+#define CHACHA20_ASM_NOHW
+
+#define CHACHA20_ASM_AVX2
+OPENSSL_INLINE int ChaCha20_ctr32_avx2_capable(size_t len) {
+ return (len > 128) && CRYPTO_is_AVX2_capable();
+}
+void ChaCha20_ctr32_avx2(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]);
+
+#define CHACHA20_ASM_SSSE3_4X
+OPENSSL_INLINE int ChaCha20_ctr32_ssse3_4x_capable(size_t len) {
+ int capable = (len > 128) && CRYPTO_is_SSSE3_capable();
+ int faster = (len > 192) || !CRYPTO_cpu_perf_is_like_silvermont();
+ return capable && faster;
+}
+void ChaCha20_ctr32_ssse3_4x(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]);
+
+#define CHACHA20_ASM_SSSE3
+OPENSSL_INLINE int ChaCha20_ctr32_ssse3_capable(size_t len) {
+ return (len > 128) && CRYPTO_is_SSSE3_capable();
+}
+void ChaCha20_ctr32_ssse3(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]);
+#endif
+
+#if defined(CHACHA20_ASM)
+// ChaCha20_ctr32 encrypts |in_len| bytes from |in| and writes the result to
+// |out|. If |in| and |out| alias, they must be equal.
+//
+// |counter[0]| is the initial 32-bit block counter, and the remainder is the
+// 96-bit nonce. If the counter overflows, the output is undefined. The function
+// will produce output, but the output may vary by machine and may not be
+// self-consistent. (On some architectures, the assembly implements a mix of
+// 64-bit and 32-bit counters.)
void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
const uint32_t key[8], const uint32_t counter[4]);
#endif
+#if defined(CHACHA20_ASM_NOHW)
+// ChaCha20_ctr32_nohw is like |ChaCha20_ctr32| except |in_len| must be nonzero.
+void ChaCha20_ctr32_nohw(uint8_t *out, const uint8_t *in, size_t in_len,
+ const uint32_t key[8], const uint32_t counter[4]);
+#endif
+
#if defined(__cplusplus)
} // extern C
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S
index 8a454ee5..9d72b5d4 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.section .rodata
.align 16
@@ -71,7 +64,7 @@ GFMUL:
vpxor %xmm4,%xmm3,%xmm2
vpxor %xmm5,%xmm2,%xmm0
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size GFMUL, .-GFMUL
.globl aesgcmsiv_htable_init
@@ -80,6 +73,7 @@ GFMUL:
.align 16
aesgcmsiv_htable_init:
.cfi_startproc
+_CET_ENDBR
vmovdqa (%rsi),%xmm0
vmovdqa %xmm0,%xmm1
vmovdqa %xmm0,(%rdi)
@@ -97,7 +91,7 @@ aesgcmsiv_htable_init:
vmovdqa %xmm0,96(%rdi)
call GFMUL
vmovdqa %xmm0,112(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aesgcmsiv_htable_init, .-aesgcmsiv_htable_init
.globl aesgcmsiv_htable6_init
@@ -106,6 +100,7 @@ aesgcmsiv_htable_init:
.align 16
aesgcmsiv_htable6_init:
.cfi_startproc
+_CET_ENDBR
vmovdqa (%rsi),%xmm0
vmovdqa %xmm0,%xmm1
vmovdqa %xmm0,(%rdi)
@@ -119,7 +114,7 @@ aesgcmsiv_htable6_init:
vmovdqa %xmm0,64(%rdi)
call GFMUL
vmovdqa %xmm0,80(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aesgcmsiv_htable6_init, .-aesgcmsiv_htable6_init
.globl aesgcmsiv_htable_polyval
@@ -128,9 +123,10 @@ aesgcmsiv_htable6_init:
.align 16
aesgcmsiv_htable_polyval:
.cfi_startproc
+_CET_ENDBR
testq %rdx,%rdx
jnz .Lhtable_polyval_start
- .byte 0xf3,0xc3
+ ret
.Lhtable_polyval_start:
vzeroall
@@ -336,7 +332,7 @@ aesgcmsiv_htable_polyval:
vmovdqu %xmm1,(%rcx)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aesgcmsiv_htable_polyval,.-aesgcmsiv_htable_polyval
.globl aesgcmsiv_polyval_horner
@@ -345,9 +341,10 @@ aesgcmsiv_htable_polyval:
.align 16
aesgcmsiv_polyval_horner:
.cfi_startproc
+_CET_ENDBR
testq %rcx,%rcx
jnz .Lpolyval_horner_start
- .byte 0xf3,0xc3
+ ret
.Lpolyval_horner_start:
@@ -369,7 +366,7 @@ aesgcmsiv_polyval_horner:
vmovdqa %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aesgcmsiv_polyval_horner,.-aesgcmsiv_polyval_horner
.globl aes128gcmsiv_aes_ks
@@ -378,6 +375,7 @@ aesgcmsiv_polyval_horner:
.align 16
aes128gcmsiv_aes_ks:
.cfi_startproc
+_CET_ENDBR
vmovdqu (%rdi),%xmm1
vmovdqa %xmm1,(%rsi)
@@ -425,7 +423,7 @@ aes128gcmsiv_aes_ks:
vpxor %xmm3,%xmm1,%xmm1
vpxor %xmm2,%xmm1,%xmm1
vmovdqa %xmm1,32(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_aes_ks,.-aes128gcmsiv_aes_ks
.globl aes256gcmsiv_aes_ks
@@ -434,6 +432,7 @@ aes128gcmsiv_aes_ks:
.align 16
aes256gcmsiv_aes_ks:
.cfi_startproc
+_CET_ENDBR
vmovdqu (%rdi),%xmm1
vmovdqu 16(%rdi),%xmm3
vmovdqa %xmm1,(%rsi)
@@ -473,7 +472,7 @@ aes256gcmsiv_aes_ks:
vpxor %xmm4,%xmm1,%xmm1
vpxor %xmm2,%xmm1,%xmm1
vmovdqa %xmm1,32(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.globl aes128gcmsiv_aes_ks_enc_x1
.hidden aes128gcmsiv_aes_ks_enc_x1
@@ -481,6 +480,7 @@ aes256gcmsiv_aes_ks:
.align 16
aes128gcmsiv_aes_ks_enc_x1:
.cfi_startproc
+_CET_ENDBR
vmovdqa (%rcx),%xmm1
vmovdqa 0(%rdi),%xmm4
@@ -614,7 +614,7 @@ aes128gcmsiv_aes_ks_enc_x1:
vmovdqa %xmm4,0(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_aes_ks_enc_x1,.-aes128gcmsiv_aes_ks_enc_x1
.globl aes128gcmsiv_kdf
@@ -623,6 +623,7 @@ aes128gcmsiv_aes_ks_enc_x1:
.align 16
aes128gcmsiv_kdf:
.cfi_startproc
+_CET_ENDBR
@@ -707,7 +708,7 @@ aes128gcmsiv_kdf:
vmovdqa %xmm10,16(%rsi)
vmovdqa %xmm11,32(%rsi)
vmovdqa %xmm12,48(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_kdf,.-aes128gcmsiv_kdf
.globl aes128gcmsiv_enc_msg_x4
@@ -716,9 +717,10 @@ aes128gcmsiv_kdf:
.align 16
aes128gcmsiv_enc_msg_x4:
.cfi_startproc
+_CET_ENDBR
testq %r8,%r8
jnz .L128_enc_msg_x4_start
- .byte 0xf3,0xc3
+ ret
.L128_enc_msg_x4_start:
pushq %r12
@@ -886,7 +888,7 @@ aes128gcmsiv_enc_msg_x4:
popq %r12
.cfi_adjust_cfa_offset -8
.cfi_restore %r12
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_enc_msg_x4,.-aes128gcmsiv_enc_msg_x4
.globl aes128gcmsiv_enc_msg_x8
@@ -895,9 +897,10 @@ aes128gcmsiv_enc_msg_x4:
.align 16
aes128gcmsiv_enc_msg_x8:
.cfi_startproc
+_CET_ENDBR
testq %r8,%r8
jnz .L128_enc_msg_x8_start
- .byte 0xf3,0xc3
+ ret
.L128_enc_msg_x8_start:
pushq %r12
@@ -1147,7 +1150,7 @@ aes128gcmsiv_enc_msg_x8:
popq %r12
.cfi_adjust_cfa_offset -8
.cfi_restore %r12
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_enc_msg_x8,.-aes128gcmsiv_enc_msg_x8
.globl aes128gcmsiv_dec
@@ -1156,21 +1159,23 @@ aes128gcmsiv_enc_msg_x8:
.align 16
aes128gcmsiv_dec:
.cfi_startproc
+_CET_ENDBR
testq $~15,%r9
jnz .L128_dec_start
- .byte 0xf3,0xc3
+ ret
.L128_dec_start:
vzeroupper
vmovdqa (%rdx),%xmm0
+
+
+ vmovdqu 16(%rdx),%xmm15
+ vpor OR_MASK(%rip),%xmm15,%xmm15
movq %rdx,%rax
leaq 32(%rax),%rax
leaq 32(%rcx),%rcx
-
- vmovdqu (%rdi,%r9,1),%xmm15
- vpor OR_MASK(%rip),%xmm15,%xmm15
andq $~15,%r9
@@ -1639,7 +1644,7 @@ aes128gcmsiv_dec:
.L128_dec_out:
vmovdqu %xmm0,(%rdx)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_dec, .-aes128gcmsiv_dec
.globl aes128gcmsiv_ecb_enc_block
@@ -1648,6 +1653,7 @@ aes128gcmsiv_dec:
.align 16
aes128gcmsiv_ecb_enc_block:
.cfi_startproc
+_CET_ENDBR
vmovdqa (%rdi),%xmm1
vpxor (%rdx),%xmm1,%xmm1
@@ -1664,7 +1670,7 @@ aes128gcmsiv_ecb_enc_block:
vmovdqa %xmm1,(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes128gcmsiv_ecb_enc_block,.-aes128gcmsiv_ecb_enc_block
.globl aes256gcmsiv_aes_ks_enc_x1
@@ -1673,6 +1679,7 @@ aes128gcmsiv_ecb_enc_block:
.align 16
aes256gcmsiv_aes_ks_enc_x1:
.cfi_startproc
+_CET_ENDBR
vmovdqa con1(%rip),%xmm0
vmovdqa mask(%rip),%xmm15
vmovdqa (%rdi),%xmm8
@@ -1847,7 +1854,7 @@ aes256gcmsiv_aes_ks_enc_x1:
vmovdqu %xmm1,224(%rdx)
vmovdqa %xmm8,(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_aes_ks_enc_x1,.-aes256gcmsiv_aes_ks_enc_x1
.globl aes256gcmsiv_ecb_enc_block
@@ -1856,6 +1863,7 @@ aes256gcmsiv_aes_ks_enc_x1:
.align 16
aes256gcmsiv_ecb_enc_block:
.cfi_startproc
+_CET_ENDBR
vmovdqa (%rdi),%xmm1
vpxor (%rdx),%xmm1,%xmm1
vaesenc 16(%rdx),%xmm1,%xmm1
@@ -1873,7 +1881,7 @@ aes256gcmsiv_ecb_enc_block:
vaesenc 208(%rdx),%xmm1,%xmm1
vaesenclast 224(%rdx),%xmm1,%xmm1
vmovdqa %xmm1,(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_ecb_enc_block,.-aes256gcmsiv_ecb_enc_block
.globl aes256gcmsiv_enc_msg_x4
@@ -1882,9 +1890,10 @@ aes256gcmsiv_ecb_enc_block:
.align 16
aes256gcmsiv_enc_msg_x4:
.cfi_startproc
+_CET_ENDBR
testq %r8,%r8
jnz .L256_enc_msg_x4_start
- .byte 0xf3,0xc3
+ ret
.L256_enc_msg_x4_start:
movq %r8,%r10
@@ -2074,7 +2083,7 @@ aes256gcmsiv_enc_msg_x4:
jne .L256_enc_msg_x4_loop2
.L256_enc_msg_x4_out:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_enc_msg_x4,.-aes256gcmsiv_enc_msg_x4
.globl aes256gcmsiv_enc_msg_x8
@@ -2083,9 +2092,10 @@ aes256gcmsiv_enc_msg_x4:
.align 16
aes256gcmsiv_enc_msg_x8:
.cfi_startproc
+_CET_ENDBR
testq %r8,%r8
jnz .L256_enc_msg_x8_start
- .byte 0xf3,0xc3
+ ret
.L256_enc_msg_x8_start:
@@ -2362,7 +2372,7 @@ aes256gcmsiv_enc_msg_x8:
jnz .L256_enc_msg_x8_loop2
.L256_enc_msg_x8_out:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_enc_msg_x8,.-aes256gcmsiv_enc_msg_x8
@@ -2372,21 +2382,23 @@ aes256gcmsiv_enc_msg_x8:
.align 16
aes256gcmsiv_dec:
.cfi_startproc
+_CET_ENDBR
testq $~15,%r9
jnz .L256_dec_start
- .byte 0xf3,0xc3
+ ret
.L256_dec_start:
vzeroupper
vmovdqa (%rdx),%xmm0
+
+
+ vmovdqu 16(%rdx),%xmm15
+ vpor OR_MASK(%rip),%xmm15,%xmm15
movq %rdx,%rax
leaq 32(%rax),%rax
leaq 32(%rcx),%rcx
-
- vmovdqu (%rdi,%r9,1),%xmm15
- vpor OR_MASK(%rip),%xmm15,%xmm15
andq $~15,%r9
@@ -2923,7 +2935,7 @@ aes256gcmsiv_dec:
.L256_dec_out:
vmovdqu %xmm0,(%rdx)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_dec, .-aes256gcmsiv_dec
.globl aes256gcmsiv_kdf
@@ -2932,6 +2944,7 @@ aes256gcmsiv_dec:
.align 16
aes256gcmsiv_kdf:
.cfi_startproc
+_CET_ENDBR
@@ -3074,14 +3087,10 @@ aes256gcmsiv_kdf:
vmovdqa %xmm11,48(%rsi)
vmovdqa %xmm12,64(%rsi)
vmovdqa %xmm13,80(%rsi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes256gcmsiv_kdf, .-aes256gcmsiv_kdf
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S
index efc3ae7a..b320a6c5 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/aes128gcmsiv-x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.section __DATA,__const
.p2align 4
@@ -71,7 +64,7 @@ GFMUL:
vpxor %xmm4,%xmm3,%xmm2
vpxor %xmm5,%xmm2,%xmm0
- .byte 0xf3,0xc3
+ ret
.globl _aesgcmsiv_htable_init
@@ -80,6 +73,7 @@ GFMUL:
.p2align 4
_aesgcmsiv_htable_init:
+_CET_ENDBR
vmovdqa (%rsi),%xmm0
vmovdqa %xmm0,%xmm1
vmovdqa %xmm0,(%rdi)
@@ -97,7 +91,7 @@ _aesgcmsiv_htable_init:
vmovdqa %xmm0,96(%rdi)
call GFMUL
vmovdqa %xmm0,112(%rdi)
- .byte 0xf3,0xc3
+ ret
.globl _aesgcmsiv_htable6_init
@@ -106,6 +100,7 @@ _aesgcmsiv_htable_init:
.p2align 4
_aesgcmsiv_htable6_init:
+_CET_ENDBR
vmovdqa (%rsi),%xmm0
vmovdqa %xmm0,%xmm1
vmovdqa %xmm0,(%rdi)
@@ -119,7 +114,7 @@ _aesgcmsiv_htable6_init:
vmovdqa %xmm0,64(%rdi)
call GFMUL
vmovdqa %xmm0,80(%rdi)
- .byte 0xf3,0xc3
+ ret
.globl _aesgcmsiv_htable_polyval
@@ -128,9 +123,10 @@ _aesgcmsiv_htable6_init:
.p2align 4
_aesgcmsiv_htable_polyval:
+_CET_ENDBR
testq %rdx,%rdx
jnz L$htable_polyval_start
- .byte 0xf3,0xc3
+ ret
L$htable_polyval_start:
vzeroall
@@ -336,7 +332,7 @@ L$htable_polyval_out:
vmovdqu %xmm1,(%rcx)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.globl _aesgcmsiv_polyval_horner
@@ -345,9 +341,10 @@ L$htable_polyval_out:
.p2align 4
_aesgcmsiv_polyval_horner:
+_CET_ENDBR
testq %rcx,%rcx
jnz L$polyval_horner_start
- .byte 0xf3,0xc3
+ ret
L$polyval_horner_start:
@@ -369,7 +366,7 @@ L$polyval_horner_loop:
vmovdqa %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_aes_ks
@@ -378,6 +375,7 @@ L$polyval_horner_loop:
.p2align 4
_aes128gcmsiv_aes_ks:
+_CET_ENDBR
vmovdqu (%rdi),%xmm1
vmovdqa %xmm1,(%rsi)
@@ -425,7 +423,7 @@ L$ks128_loop:
vpxor %xmm3,%xmm1,%xmm1
vpxor %xmm2,%xmm1,%xmm1
vmovdqa %xmm1,32(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_aes_ks
@@ -434,6 +432,7 @@ L$ks128_loop:
.p2align 4
_aes256gcmsiv_aes_ks:
+_CET_ENDBR
vmovdqu (%rdi),%xmm1
vmovdqu 16(%rdi),%xmm3
vmovdqa %xmm1,(%rsi)
@@ -473,7 +472,7 @@ L$ks256_loop:
vpxor %xmm4,%xmm1,%xmm1
vpxor %xmm2,%xmm1,%xmm1
vmovdqa %xmm1,32(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_aes_ks_enc_x1
.private_extern _aes128gcmsiv_aes_ks_enc_x1
@@ -481,6 +480,7 @@ L$ks256_loop:
.p2align 4
_aes128gcmsiv_aes_ks_enc_x1:
+_CET_ENDBR
vmovdqa (%rcx),%xmm1
vmovdqa 0(%rdi),%xmm4
@@ -614,7 +614,7 @@ _aes128gcmsiv_aes_ks_enc_x1:
vmovdqa %xmm4,0(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_kdf
@@ -623,6 +623,7 @@ _aes128gcmsiv_aes_ks_enc_x1:
.p2align 4
_aes128gcmsiv_kdf:
+_CET_ENDBR
@@ -707,7 +708,7 @@ _aes128gcmsiv_kdf:
vmovdqa %xmm10,16(%rsi)
vmovdqa %xmm11,32(%rsi)
vmovdqa %xmm12,48(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_enc_msg_x4
@@ -716,9 +717,10 @@ _aes128gcmsiv_kdf:
.p2align 4
_aes128gcmsiv_enc_msg_x4:
+_CET_ENDBR
testq %r8,%r8
jnz L$128_enc_msg_x4_start
- .byte 0xf3,0xc3
+ ret
L$128_enc_msg_x4_start:
pushq %r12
@@ -882,7 +884,7 @@ L$128_enc_msg_x4_out:
popq %r12
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_enc_msg_x8
@@ -891,9 +893,10 @@ L$128_enc_msg_x4_out:
.p2align 4
_aes128gcmsiv_enc_msg_x8:
+_CET_ENDBR
testq %r8,%r8
jnz L$128_enc_msg_x8_start
- .byte 0xf3,0xc3
+ ret
L$128_enc_msg_x8_start:
pushq %r12
@@ -1137,7 +1140,7 @@ L$128_enc_msg_x8_out:
popq %r12
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_dec
@@ -1146,21 +1149,23 @@ L$128_enc_msg_x8_out:
.p2align 4
_aes128gcmsiv_dec:
+_CET_ENDBR
testq $~15,%r9
jnz L$128_dec_start
- .byte 0xf3,0xc3
+ ret
L$128_dec_start:
vzeroupper
vmovdqa (%rdx),%xmm0
+
+
+ vmovdqu 16(%rdx),%xmm15
+ vpor OR_MASK(%rip),%xmm15,%xmm15
movq %rdx,%rax
leaq 32(%rax),%rax
leaq 32(%rcx),%rcx
-
- vmovdqu (%rdi,%r9,1),%xmm15
- vpor OR_MASK(%rip),%xmm15,%xmm15
andq $~15,%r9
@@ -1629,7 +1634,7 @@ L$128_dec_loop2:
L$128_dec_out:
vmovdqu %xmm0,(%rdx)
- .byte 0xf3,0xc3
+ ret
.globl _aes128gcmsiv_ecb_enc_block
@@ -1638,6 +1643,7 @@ L$128_dec_out:
.p2align 4
_aes128gcmsiv_ecb_enc_block:
+_CET_ENDBR
vmovdqa (%rdi),%xmm1
vpxor (%rdx),%xmm1,%xmm1
@@ -1654,7 +1660,7 @@ _aes128gcmsiv_ecb_enc_block:
vmovdqa %xmm1,(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_aes_ks_enc_x1
@@ -1663,6 +1669,7 @@ _aes128gcmsiv_ecb_enc_block:
.p2align 4
_aes256gcmsiv_aes_ks_enc_x1:
+_CET_ENDBR
vmovdqa con1(%rip),%xmm0
vmovdqa mask(%rip),%xmm15
vmovdqa (%rdi),%xmm8
@@ -1837,7 +1844,7 @@ _aes256gcmsiv_aes_ks_enc_x1:
vmovdqu %xmm1,224(%rdx)
vmovdqa %xmm8,(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_ecb_enc_block
@@ -1846,6 +1853,7 @@ _aes256gcmsiv_aes_ks_enc_x1:
.p2align 4
_aes256gcmsiv_ecb_enc_block:
+_CET_ENDBR
vmovdqa (%rdi),%xmm1
vpxor (%rdx),%xmm1,%xmm1
vaesenc 16(%rdx),%xmm1,%xmm1
@@ -1863,7 +1871,7 @@ _aes256gcmsiv_ecb_enc_block:
vaesenc 208(%rdx),%xmm1,%xmm1
vaesenclast 224(%rdx),%xmm1,%xmm1
vmovdqa %xmm1,(%rsi)
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_enc_msg_x4
@@ -1872,9 +1880,10 @@ _aes256gcmsiv_ecb_enc_block:
.p2align 4
_aes256gcmsiv_enc_msg_x4:
+_CET_ENDBR
testq %r8,%r8
jnz L$256_enc_msg_x4_start
- .byte 0xf3,0xc3
+ ret
L$256_enc_msg_x4_start:
movq %r8,%r10
@@ -2064,7 +2073,7 @@ L$256_enc_msg_x4_loop2:
jne L$256_enc_msg_x4_loop2
L$256_enc_msg_x4_out:
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_enc_msg_x8
@@ -2073,9 +2082,10 @@ L$256_enc_msg_x4_out:
.p2align 4
_aes256gcmsiv_enc_msg_x8:
+_CET_ENDBR
testq %r8,%r8
jnz L$256_enc_msg_x8_start
- .byte 0xf3,0xc3
+ ret
L$256_enc_msg_x8_start:
@@ -2352,7 +2362,7 @@ L$256_enc_msg_x8_loop2:
jnz L$256_enc_msg_x8_loop2
L$256_enc_msg_x8_out:
- .byte 0xf3,0xc3
+ ret
@@ -2362,21 +2372,23 @@ L$256_enc_msg_x8_out:
.p2align 4
_aes256gcmsiv_dec:
+_CET_ENDBR
testq $~15,%r9
jnz L$256_dec_start
- .byte 0xf3,0xc3
+ ret
L$256_dec_start:
vzeroupper
vmovdqa (%rdx),%xmm0
+
+
+ vmovdqu 16(%rdx),%xmm15
+ vpor OR_MASK(%rip),%xmm15,%xmm15
movq %rdx,%rax
leaq 32(%rax),%rax
leaq 32(%rcx),%rcx
-
- vmovdqu (%rdi,%r9,1),%xmm15
- vpor OR_MASK(%rip),%xmm15,%xmm15
andq $~15,%r9
@@ -2913,7 +2925,7 @@ L$256_dec_loop2:
L$256_dec_out:
vmovdqu %xmm0,(%rdx)
- .byte 0xf3,0xc3
+ ret
.globl _aes256gcmsiv_kdf
@@ -2922,6 +2934,7 @@ L$256_dec_out:
.p2align 4
_aes256gcmsiv_kdf:
+_CET_ENDBR
@@ -3064,13 +3077,9 @@ _aes256gcmsiv_kdf:
vmovdqa %xmm11,48(%rsi)
vmovdqa %xmm12,64(%rsi)
vmovdqa %xmm13,80(%rsi)
- .byte 0xf3,0xc3
+ ret
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S
index 64433052..1bf3e6ed 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
.section __TEXT,__const
@@ -3016,11 +3008,7 @@ Lopen_128_hash_64:
b Lopen_128_hash_64
.cfi_endproc
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S
index 4d5cd208..d6b708d7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
.section .rodata
@@ -3016,11 +3008,7 @@ chacha20_poly1305_open:
b .Lopen_128_hash_64
.cfi_endproc
.size chacha20_poly1305_open,.-chacha20_poly1305_open
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S
index 89d6abdd..ce54f9cf 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.extern OPENSSL_ia32cap_P
.hidden OPENSSL_ia32cap_P
@@ -113,7 +106,7 @@ poly_hash_ad_internal:
adcq %r9,%r11
adcq $0,%r12
- .byte 0xf3,0xc3
+ ret
.Lhash_ad_loop:
cmpq $16,%r8
@@ -222,7 +215,7 @@ poly_hash_ad_internal:
.Lhash_ad_done:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size poly_hash_ad_internal, .-poly_hash_ad_internal
@@ -232,6 +225,7 @@ poly_hash_ad_internal:
.align 64
chacha20_poly1305_open:
.cfi_startproc
+_CET_ENDBR
pushq %rbp
.cfi_adjust_cfa_offset 8
.cfi_offset %rbp,-16
@@ -1870,7 +1864,7 @@ chacha20_poly1305_open:
popq %rbp
.cfi_adjust_cfa_offset -8
.cfi_restore %rbp
- .byte 0xf3,0xc3
+ ret
.Lopen_sse_128:
.cfi_restore_state
@@ -2117,6 +2111,7 @@ chacha20_poly1305_open:
.align 64
chacha20_poly1305_seal:
.cfi_startproc
+_CET_ENDBR
pushq %rbp
.cfi_adjust_cfa_offset 8
.cfi_offset %rbp,-16
@@ -3935,7 +3930,7 @@ process_extra_in_trailer:
popq %rbp
.cfi_adjust_cfa_offset -8
.cfi_restore %rbp
- .byte 0xf3,0xc3
+ ret
.Lseal_sse_128:
.cfi_restore_state
@@ -8923,10 +8918,6 @@ chacha20_poly1305_seal_avx2:
.cfi_endproc
.size chacha20_poly1305_seal_avx2, .-chacha20_poly1305_seal_avx2
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S
index 300770d6..cdf80d5c 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/chacha20_poly1305_x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
@@ -112,7 +105,7 @@ L$poly_fast_tls_ad:
adcq %r9,%r11
adcq $0,%r12
- .byte 0xf3,0xc3
+ ret
L$hash_ad_loop:
cmpq $16,%r8
@@ -221,7 +214,7 @@ L$hash_ad_tail_loop:
L$hash_ad_done:
- .byte 0xf3,0xc3
+ ret
@@ -231,6 +224,7 @@ L$hash_ad_done:
.p2align 6
_chacha20_poly1305_open:
+_CET_ENDBR
pushq %rbp
pushq %rbx
@@ -1855,7 +1849,7 @@ L$open_sse_finalize:
popq %rbp
- .byte 0xf3,0xc3
+ ret
L$open_sse_128:
@@ -2102,6 +2096,7 @@ L$open_sse_128_xor_hash:
.p2align 6
_chacha20_poly1305_seal:
+_CET_ENDBR
pushq %rbp
pushq %rbx
@@ -3906,7 +3901,7 @@ L$do_length_block:
popq %rbp
- .byte 0xf3,0xc3
+ ret
L$seal_sse_128:
@@ -8879,10 +8874,6 @@ L$seal_avx2_exit:
jmp L$seal_sse_tail_16
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c
index 6450c453..2cce1bde 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_aesgcmsiv.c
@@ -126,16 +126,16 @@ extern void aesgcmsiv_htable_polyval(const uint8_t htable[16 * 8],
uint8_t in_out_poly[16]);
// aes128gcmsiv_dec decrypts |in_len| & ~15 bytes from |out| and writes them to
-// |in|. (The full value of |in_len| is still used to find the authentication
-// tag appended to the ciphertext, however, so must not be pre-masked.)
+// |in|. |in| and |out| may be equal, but must not otherwise alias.
//
-// |in| and |out| may be equal, but must not otherwise overlap.
+// |in_out_calculated_tag_and_scratch|, on entry, must contain:
+// 1. The current value of the calculated tag, which will be updated during
+// decryption and written back to the beginning of this buffer on exit.
+// 2. The claimed tag, which is needed to derive counter values.
//
-// While decrypting, it updates the POLYVAL value found at the beginning of
-// |in_out_calculated_tag_and_scratch| and writes the updated value back before
-// return. During executation, it may use the whole of this space for other
-// purposes. In order to decrypt and update the POLYVAL value, it uses the
-// expanded key from |key| and the table of powers in |htable|.
+// While decrypting, the whole of |in_out_calculated_tag_and_scratch| may be
+// used for other purposes. In order to decrypt and update the POLYVAL value, it
+// uses the expanded key from |key| and the table of powers in |htable|.
extern void aes128gcmsiv_dec(const uint8_t *in, uint8_t *out,
uint8_t in_out_calculated_tag_and_scratch[16 * 8],
const uint8_t htable[16 * 6],
@@ -393,14 +393,10 @@ static int aead_aes_gcm_siv_asm_seal_scatter(
return 1;
}
-// TODO(martinkr): Add aead_aes_gcm_siv_asm_open_gather. N.B. aes128gcmsiv_dec
-// expects ciphertext and tag in a contiguous buffer.
-
-static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
- size_t *out_len, size_t max_out_len,
- const uint8_t *nonce, size_t nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *ad, size_t ad_len) {
+static int aead_aes_gcm_siv_asm_open_gather(
+ const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
+ size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
+ size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
const uint64_t ad_len_64 = ad_len;
if (ad_len_64 >= (UINT64_C(1) << 61)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
@@ -408,8 +404,8 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
const uint64_t in_len_64 = in_len;
- if (in_len < EVP_AEAD_AES_GCM_SIV_TAG_LEN ||
- in_len_64 > (UINT64_C(1) << 36) + AES_BLOCK_SIZE) {
+ if (in_len_64 > UINT64_C(1) << 36 ||
+ in_tag_len != EVP_AEAD_AES_GCM_SIV_TAG_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
@@ -420,13 +416,6 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
}
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
- const size_t plaintext_len = in_len - EVP_AEAD_AES_GCM_SIV_TAG_LEN;
- const uint8_t *const given_tag = in + plaintext_len;
-
- if (max_out_len < plaintext_len) {
- OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
- return 0;
- }
alignas(16) uint64_t record_auth_key[2];
alignas(16) uint64_t record_enc_key[4];
@@ -459,27 +448,27 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
alignas(16) uint8_t htable[16 * 6];
aesgcmsiv_htable6_init(htable, (const uint8_t *)record_auth_key);
+ // aes[128|256]gcmsiv_dec needs access to the claimed tag. So it's put into
+ // its scratch space.
+ memcpy(calculated_tag + 16, in_tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN);
if (gcm_siv_ctx->is_128_bit) {
- aes128gcmsiv_dec(in, out, calculated_tag, htable, &expanded_key,
- plaintext_len);
+ aes128gcmsiv_dec(in, out, calculated_tag, htable, &expanded_key, in_len);
} else {
- aes256gcmsiv_dec(in, out, calculated_tag, htable, &expanded_key,
- plaintext_len);
+ aes256gcmsiv_dec(in, out, calculated_tag, htable, &expanded_key, in_len);
}
- if (plaintext_len & 15) {
+ if (in_len & 15) {
aead_aes_gcm_siv_asm_crypt_last_block(gcm_siv_ctx->is_128_bit, out, in,
- plaintext_len, given_tag,
- &expanded_key);
+ in_len, in_tag, &expanded_key);
OPENSSL_memset(scratch, 0, sizeof(scratch));
- OPENSSL_memcpy(scratch, out + (plaintext_len & ~15), plaintext_len & 15);
+ OPENSSL_memcpy(scratch, out + (in_len & ~15), in_len & 15);
aesgcmsiv_polyval_horner(calculated_tag, (const uint8_t *)record_auth_key,
scratch, 1);
}
uint8_t length_block[16];
CRYPTO_store_u64_le(length_block, ad_len * 8);
- CRYPTO_store_u64_le(length_block + 8, plaintext_len * 8);
+ CRYPTO_store_u64_le(length_block + 8, in_len * 8);
aesgcmsiv_polyval_horner(calculated_tag, (const uint8_t *)record_auth_key,
length_block, 1);
@@ -495,13 +484,12 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
aes256gcmsiv_ecb_enc_block(calculated_tag, calculated_tag, &expanded_key);
}
- if (CRYPTO_memcmp(calculated_tag, given_tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN) !=
+ if (CRYPTO_memcmp(calculated_tag, in_tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN) !=
0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
- *out_len = in_len - EVP_AEAD_AES_GCM_SIV_TAG_LEN;
return 1;
}
@@ -515,9 +503,9 @@ static const EVP_AEAD aead_aes_128_gcm_siv_asm = {
aead_aes_gcm_siv_asm_init,
NULL /* init_with_direction */,
aead_aes_gcm_siv_asm_cleanup,
- aead_aes_gcm_siv_asm_open,
+ NULL /* open */,
aead_aes_gcm_siv_asm_seal_scatter,
- NULL /* open_gather */,
+ aead_aes_gcm_siv_asm_open_gather,
NULL /* get_iv */,
NULL /* tag_len */,
};
@@ -532,9 +520,9 @@ static const EVP_AEAD aead_aes_256_gcm_siv_asm = {
aead_aes_gcm_siv_asm_init,
NULL /* init_with_direction */,
aead_aes_gcm_siv_asm_cleanup,
- aead_aes_gcm_siv_asm_open,
+ NULL /* open */,
aead_aes_gcm_siv_asm_seal_scatter,
- NULL /* open_gather */,
+ aead_aes_gcm_siv_asm_open_gather,
NULL /* get_iv */,
NULL /* tag_len */,
};
@@ -647,8 +635,8 @@ static void gcm_siv_polyval(
}
uint8_t length_block[16];
- CRYPTO_store_u64_le(length_block, ad_len * 8);
- CRYPTO_store_u64_le(length_block + 8, in_len * 8);
+ CRYPTO_store_u64_le(length_block, ((uint64_t) ad_len) * 8);
+ CRYPTO_store_u64_le(length_block + 8, ((uint64_t) in_len) * 8);
CRYPTO_POLYVAL_update_blocks(&polyval_ctx, length_block,
sizeof(length_block));
diff --git a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_des.c b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_des.c
index 76b0998a..dbefb571 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_des.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cipher_extra/e_des.c
@@ -58,6 +58,7 @@
#include
#include
+#include "../des/internal.h"
#include "../fipsmodule/cipher/internal.h"
#include "internal.h"
@@ -71,20 +72,15 @@ typedef struct {
static int des_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-
- DES_set_key(deskey, &dat->ks.ks);
+ DES_set_key_ex(key, &dat->ks.ks);
return 1;
}
static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t in_len) {
EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
-
- DES_ncbc_encrypt(in, out, in_len, &dat->ks.ks, (DES_cblock *)ctx->iv,
- ctx->encrypt);
-
+ DES_ncbc_encrypt_ex(in, out, in_len, &dat->ks.ks, ctx->iv, ctx->encrypt);
return 1;
}
@@ -113,8 +109,7 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
EVP_DES_KEY *dat = (EVP_DES_KEY *)ctx->cipher_data;
for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) {
- DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
- &dat->ks.ks, ctx->encrypt);
+ DES_ecb_encrypt_ex(in + i, out + i, &dat->ks.ks, ctx->encrypt);
}
return 1;
}
@@ -144,23 +139,18 @@ typedef struct {
static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
-
- DES_set_key(&deskey[0], &dat->ks.ks[0]);
- DES_set_key(&deskey[1], &dat->ks.ks[1]);
- DES_set_key(&deskey[2], &dat->ks.ks[2]);
-
+ DES_set_key_ex(key, &dat->ks.ks[0]);
+ DES_set_key_ex(key + 8, &dat->ks.ks[1]);
+ DES_set_key_ex(key + 16, &dat->ks.ks[2]);
return 1;
}
static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) {
DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
-
- DES_ede3_cbc_encrypt(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1],
- &dat->ks.ks[2], (DES_cblock *)ctx->iv, ctx->encrypt);
-
+ DES_ede3_cbc_encrypt_ex(in, out, in_len, &dat->ks.ks[0], &dat->ks.ks[1],
+ &dat->ks.ks[2], ctx->iv, ctx->encrypt);
return 1;
}
@@ -182,13 +172,11 @@ const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; }
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
-
- DES_set_key(&deskey[0], &dat->ks.ks[0]);
- DES_set_key(&deskey[1], &dat->ks.ks[1]);
- DES_set_key(&deskey[0], &dat->ks.ks[2]);
-
+ // 2-DES is 3-DES with the first key used twice.
+ DES_set_key_ex(key, &dat->ks.ks[0]);
+ DES_set_key_ex(key + 8, &dat->ks.ks[1]);
+ DES_set_key_ex(key, &dat->ks.ks[2]);
return 1;
}
@@ -217,9 +205,8 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) {
- DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i),
- &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2],
- ctx->encrypt);
+ DES_ecb3_encrypt_ex(in + i, out + i, &dat->ks.ks[0], &dat->ks.ks[1],
+ &dat->ks.ks[2], ctx->encrypt);
}
return 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/conf/conf.c b/Sources/CJWTKitBoringSSL/crypto/conf/conf.c
index a0c17ac8..4d9768ba 100644
--- a/Sources/CJWTKitBoringSSL/crypto/conf/conf.c
+++ b/Sources/CJWTKitBoringSSL/crypto/conf/conf.c
@@ -70,126 +70,117 @@
#include "../internal.h"
+struct conf_section_st {
+ char *name;
+ // values contains non-owning pointers to the values in the section.
+ STACK_OF(CONF_VALUE) *values;
+};
+
static const char kDefaultSectionName[] = "default";
+static uint32_t conf_section_hash(const CONF_SECTION *s) {
+ return OPENSSL_strhash(s->name);
+}
+
+static int conf_section_cmp(const CONF_SECTION *a, const CONF_SECTION *b) {
+ return strcmp(a->name, b->name);
+}
+
static uint32_t conf_value_hash(const CONF_VALUE *v) {
- const uint32_t section_hash = v->section ? OPENSSL_strhash(v->section) : 0;
- const uint32_t name_hash = v->name ? OPENSSL_strhash(v->name) : 0;
+ const uint32_t section_hash = OPENSSL_strhash(v->section);
+ const uint32_t name_hash = OPENSSL_strhash(v->name);
return (section_hash << 2) ^ name_hash;
}
static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) {
- int i;
-
- if (a->section != b->section) {
- i = strcmp(a->section, b->section);
- if (i) {
- return i;
- }
+ int cmp = strcmp(a->section, b->section);
+ if (cmp != 0) {
+ return cmp;
}
- if (a->name != NULL && b->name != NULL) {
- return strcmp(a->name, b->name);
- } else if (a->name == b->name) {
- return 0;
- } else {
- return (a->name == NULL) ? -1 : 1;
- }
+ return strcmp(a->name, b->name);
}
CONF *NCONF_new(void *method) {
- CONF *conf;
-
if (method != NULL) {
return NULL;
}
- conf = OPENSSL_malloc(sizeof(CONF));
+ CONF *conf = OPENSSL_malloc(sizeof(CONF));
if (conf == NULL) {
return NULL;
}
- conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
- if (conf->data == NULL) {
- OPENSSL_free(conf);
+ conf->sections = lh_CONF_SECTION_new(conf_section_hash, conf_section_cmp);
+ conf->values = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
+ if (conf->sections == NULL || conf->values == NULL) {
+ NCONF_free(conf);
return NULL;
}
return conf;
}
-CONF_VALUE *CONF_VALUE_new(void) {
- CONF_VALUE *v = OPENSSL_malloc(sizeof(CONF_VALUE));
- if (!v) {
- return NULL;
- }
- OPENSSL_memset(v, 0, sizeof(CONF_VALUE));
- return v;
-}
+CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); }
-static void value_free_contents(CONF_VALUE *value) {
- OPENSSL_free(value->section);
- if (value->name) {
- OPENSSL_free(value->name);
- OPENSSL_free(value->value);
- } else {
- // TODO(davidben): When |value->name| is NULL, |CONF_VALUE| is actually an
- // entirely different structure. This is fragile and confusing. Make a
- // proper |CONF_SECTION| type that doesn't require this.
- sk_CONF_VALUE_free((STACK_OF(CONF_VALUE) *)value->value);
+static void value_free(CONF_VALUE *value) {
+ if (value == NULL) {
+ return;
}
+ OPENSSL_free(value->section);
+ OPENSSL_free(value->name);
+ OPENSSL_free(value->value);
+ OPENSSL_free(value);
}
-static void value_free(CONF_VALUE *value) {
- if (value != NULL) {
- value_free_contents(value);
- OPENSSL_free(value);
+static void section_free(CONF_SECTION *section) {
+ if (section == NULL) {
+ return;
}
+ OPENSSL_free(section->name);
+ sk_CONF_VALUE_free(section->values);
+ OPENSSL_free(section);
}
static void value_free_arg(CONF_VALUE *value, void *arg) { value_free(value); }
+static void section_free_arg(CONF_SECTION *section, void *arg) {
+ section_free(section);
+}
+
void NCONF_free(CONF *conf) {
- if (conf == NULL || conf->data == NULL) {
+ if (conf == NULL) {
return;
}
- lh_CONF_VALUE_doall_arg(conf->data, value_free_arg, NULL);
- lh_CONF_VALUE_free(conf->data);
+ lh_CONF_SECTION_doall_arg(conf->sections, section_free_arg, NULL);
+ lh_CONF_SECTION_free(conf->sections);
+ lh_CONF_VALUE_doall_arg(conf->values, value_free_arg, NULL);
+ lh_CONF_VALUE_free(conf->values);
OPENSSL_free(conf);
}
-static CONF_VALUE *NCONF_new_section(const CONF *conf, const char *section) {
- STACK_OF(CONF_VALUE) *sk = NULL;
- int ok = 0;
- CONF_VALUE *v = NULL, *old_value;
-
- sk = sk_CONF_VALUE_new_null();
- v = CONF_VALUE_new();
- if (sk == NULL || v == NULL) {
- goto err;
+static CONF_SECTION *NCONF_new_section(const CONF *conf, const char *section) {
+ CONF_SECTION *s = OPENSSL_malloc(sizeof(CONF_SECTION));
+ if (!s) {
+ return NULL;
}
- v->section = OPENSSL_strdup(section);
- if (v->section == NULL) {
+ s->name = OPENSSL_strdup(section);
+ s->values = sk_CONF_VALUE_new_null();
+ if (s->name == NULL || s->values == NULL) {
goto err;
}
- v->name = NULL;
- v->value = (char *)sk;
-
- if (!lh_CONF_VALUE_insert(conf->data, &old_value, v)) {
+ CONF_SECTION *old_section;
+ if (!lh_CONF_SECTION_insert(conf->sections, &old_section, s)) {
goto err;
}
- value_free(old_value);
- ok = 1;
+ section_free(old_section);
+ return s;
err:
- if (!ok) {
- sk_CONF_VALUE_free(sk);
- OPENSSL_free(v);
- v = NULL;
- }
- return v;
+ section_free(s);
+ return NULL;
}
static int str_copy(CONF *conf, char *section, char **pto, char *from) {
@@ -261,21 +252,20 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) {
return 0;
}
-static CONF_VALUE *get_section(const CONF *conf, const char *section) {
- CONF_VALUE template;
-
+static CONF_SECTION *get_section(const CONF *conf, const char *section) {
+ CONF_SECTION template;
OPENSSL_memset(&template, 0, sizeof(template));
- template.section = (char *) section;
- return lh_CONF_VALUE_retrieve(conf->data, &template);
+ template.name = (char *) section;
+ return lh_CONF_SECTION_retrieve(conf->sections, &template);
}
const STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
const char *section) {
- const CONF_VALUE *section_value = get_section(conf, section);
- if (section_value == NULL) {
+ const CONF_SECTION *section_obj = get_section(conf, section);
+ if (section_obj == NULL) {
return NULL;
}
- return (STACK_OF(CONF_VALUE)*) section_value->value;
+ return section_obj->values;
}
const char *NCONF_get_string(const CONF *conf, const char *section,
@@ -287,30 +277,35 @@ const char *NCONF_get_string(const CONF *conf, const char *section,
}
OPENSSL_memset(&template, 0, sizeof(template));
- template.section = (char *) section;
- template.name = (char *) name;
- value = lh_CONF_VALUE_retrieve(conf->data, &template);
+ template.section = (char *)section;
+ template.name = (char *)name;
+ value = lh_CONF_VALUE_retrieve(conf->values, &template);
if (value == NULL) {
return NULL;
}
return value->value;
}
-static int add_string(const CONF *conf, CONF_VALUE *section,
+static int add_string(const CONF *conf, CONF_SECTION *section,
CONF_VALUE *value) {
- STACK_OF(CONF_VALUE) *section_stack = (STACK_OF(CONF_VALUE)*) section->value;
- CONF_VALUE *old_value;
+ value->section = OPENSSL_strdup(section->name);
+ if (value->section == NULL) {
+ return 0;
+ }
- value->section = OPENSSL_strdup(section->section);
- if (!sk_CONF_VALUE_push(section_stack, value)) {
+ if (!sk_CONF_VALUE_push(section->values, value)) {
return 0;
}
- if (!lh_CONF_VALUE_insert(conf->data, &old_value, value)) {
+ CONF_VALUE *old_value;
+ if (!lh_CONF_VALUE_insert(conf->values, &old_value, value)) {
+ // Remove |value| from |section->values|, so we do not leave a dangling
+ // pointer.
+ sk_CONF_VALUE_pop(section->values);
return 0;
}
if (old_value != NULL) {
- (void)sk_CONF_VALUE_delete_ptr(section_stack, old_value);
+ (void)sk_CONF_VALUE_delete_ptr(section->values, old_value);
value_free(old_value);
}
@@ -387,7 +382,7 @@ static void clear_comments(CONF *conf, char *p) {
}
}
-static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
+int NCONF_load_bio(CONF *conf, BIO *in, long *out_error_line) {
static const size_t CONFBUFSIZE = 512;
int bufnum = 0, i, ii;
BUF_MEM *buff = NULL;
@@ -395,8 +390,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
int again;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
- CONF_VALUE *v = NULL, *tv;
- CONF_VALUE *sv = NULL;
+ CONF_VALUE *v = NULL;
+ CONF_SECTION *sv = NULL;
char *section = NULL, *buf;
char *start, *psection, *pname;
@@ -547,6 +542,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
goto err;
}
+ CONF_SECTION *tv;
if (strcmp(psection, section) != 0) {
if ((tv = get_section(conf, psection)) == NULL) {
tv = NCONF_new_section(conf, psection);
@@ -574,14 +570,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) {
if (out_error_line != NULL) {
*out_error_line = eline;
}
- BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
+ snprintf(btmp, sizeof btmp, "%ld", eline);
ERR_add_error_data(2, "line ", btmp);
-
- if (v != NULL) {
- OPENSSL_free(v->name);
- OPENSSL_free(v->value);
- OPENSSL_free(v);
- }
+ value_free(v);
return 0;
}
@@ -594,16 +585,12 @@ int NCONF_load(CONF *conf, const char *filename, long *out_error_line) {
return 0;
}
- ret = def_load_bio(conf, in, out_error_line);
+ ret = NCONF_load_bio(conf, in, out_error_line);
BIO_free(in);
return ret;
}
-int NCONF_load_bio(CONF *conf, BIO *bio, long *out_error_line) {
- return def_load_bio(conf, bio, out_error_line);
-}
-
int CONF_parse_list(const char *list, char sep, int remove_whitespace,
int (*list_cb)(const char *elem, size_t len, void *usr),
void *arg) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/conf/internal.h b/Sources/CJWTKitBoringSSL/crypto/conf/internal.h
index 8c2c8915..e3de0e3e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/conf/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/conf/internal.h
@@ -24,10 +24,14 @@ extern "C" {
#endif
+typedef struct conf_section_st CONF_SECTION;
+
+DEFINE_LHASH_OF(CONF_SECTION)
DEFINE_LHASH_OF(CONF_VALUE)
struct conf_st {
- LHASH_OF(CONF_VALUE) *data;
+ LHASH_OF(CONF_VALUE) *values;
+ LHASH_OF(CONF_SECTION) *sections;
};
// CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|.
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_apple.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_apple.c
index d302bc86..a44a8ee0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_apple.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_apple.c
@@ -23,8 +23,6 @@
#include
-extern uint32_t OPENSSL_armcap_P;
-
static int has_hw_feature(const char *name) {
int value;
size_t len = sizeof(value);
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_freebsd.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_freebsd.c
deleted file mode 100644
index 6e242a03..00000000
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_freebsd.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* Copyright (c) 2022, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#include "internal.h"
-
-#if defined(OPENSSL_AARCH64) && defined(OPENSSL_FREEBSD) && \
- !defined(OPENSSL_STATIC_ARMCAP)
-
-#include
-#include
-
-#include
-
-extern uint32_t OPENSSL_armcap_P;
-
-// ID_AA64ISAR0_*_VAL are defined starting FreeBSD 13.0. When FreeBSD
-// 12.x is out of support, these compatibility macros can be removed.
-
-#ifndef ID_AA64ISAR0_AES_VAL
-#define ID_AA64ISAR0_AES_VAL ID_AA64ISAR0_AES
-#endif
-#ifndef ID_AA64ISAR0_SHA1_VAL
-#define ID_AA64ISAR0_SHA1_VAL ID_AA64ISAR0_SHA1
-#endif
-#ifndef ID_AA64ISAR0_SHA2_VAL
-#define ID_AA64ISAR0_SHA2_VAL ID_AA64ISAR0_SHA2
-#endif
-
-void OPENSSL_cpuid_setup(void) {
- uint64_t id_aa64isar0 = READ_SPECIALREG(id_aa64isar0_el1);
-
- OPENSSL_armcap_P |= ARMV7_NEON;
-
- if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE) {
- OPENSSL_armcap_P |= ARMV8_AES;
- }
- if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_PMULL) {
- OPENSSL_armcap_P |= ARMV8_PMULL;
- }
- if (ID_AA64ISAR0_SHA1_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA1_BASE) {
- OPENSSL_armcap_P |= ARMV8_SHA1;
- }
- if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE) {
- OPENSSL_armcap_P |= ARMV8_SHA256;
- }
- if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_512) {
- OPENSSL_armcap_P |= ARMV8_SHA512;
- }
-}
-
-#endif // OPENSSL_AARCH64 && OPENSSL_FREEBSD && !OPENSSL_STATIC_ARMCAP
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_fuchsia.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_fuchsia.c
index 1f3b31a3..7763b4dc 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_fuchsia.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_fuchsia.c
@@ -23,7 +23,6 @@
#include
-extern uint32_t OPENSSL_armcap_P;
void OPENSSL_cpuid_setup(void) {
uint32_t hwcap;
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_linux.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_linux.c
index 9389d8c2..6cf8a9fa 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_linux.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_linux.c
@@ -22,8 +22,6 @@
#include
-extern uint32_t OPENSSL_armcap_P;
-
void OPENSSL_cpuid_setup(void) {
unsigned long hwcap = getauxval(AT_HWCAP);
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_openbsd.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_openbsd.c
index 19441ea2..5c6c99ee 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_openbsd.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_openbsd.c
@@ -25,7 +25,6 @@
#include "internal.h"
-extern uint32_t OPENSSL_armcap_P;
void OPENSSL_cpuid_setup(void) {
int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_sysreg.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_sysreg.c
new file mode 100644
index 00000000..1f1aed42
--- /dev/null
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_sysreg.c
@@ -0,0 +1,93 @@
+/* Copyright (c) 2023, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "internal.h"
+
+// While Arm system registers are normally not available to userspace, FreeBSD
+// expects userspace to simply read them. It traps the reads and fills in CPU
+// capabilities.
+#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_STATIC_ARMCAP) && \
+ (defined(ANDROID_BAREMETAL) || defined(OPENSSL_FREEBSD))
+
+#include
+
+#define ID_AA64PFR0_EL1_ADVSIMD 5
+
+#define ID_AA64ISAR0_EL1_AES 1
+#define ID_AA64ISAR0_EL1_SHA1 2
+#define ID_AA64ISAR0_EL1_SHA2 3
+
+#define NBITS_ID_FIELD 4
+
+#define READ_SYSREG(name) \
+ ({ \
+ uint64_t _r; \
+ __asm__("mrs %0, " name : "=r"(_r)); \
+ _r; \
+ })
+
+static unsigned get_id_field(uint64_t reg, unsigned field) {
+ return (reg >> (field * NBITS_ID_FIELD)) & ((1 << NBITS_ID_FIELD) - 1);
+}
+
+static int get_signed_id_field(uint64_t reg, unsigned field) {
+ unsigned value = get_id_field(reg, field);
+ if (value & (1 << (NBITS_ID_FIELD - 1))) {
+ return (int)(value | (UINT64_MAX << NBITS_ID_FIELD));
+ } else {
+ return (int)value;
+ }
+}
+
+static uint32_t read_armcap(void) {
+ uint32_t armcap = ARMV7_NEON;
+
+ uint64_t id_aa64pfr0_el1 = READ_SYSREG("id_aa64pfr0_el1");
+
+ if (get_signed_id_field(id_aa64pfr0_el1, ID_AA64PFR0_EL1_ADVSIMD) < 0) {
+ // If AdvSIMD ("NEON") is missing, don't report other features either.
+ // This matches OpenSSL.
+ return 0;
+ }
+
+ uint64_t id_aa64isar0_el1 = READ_SYSREG("id_aa64isar0_el1");
+
+ unsigned aes = get_id_field(id_aa64isar0_el1, ID_AA64ISAR0_EL1_AES);
+ if (aes > 0) {
+ armcap |= ARMV8_AES;
+ }
+ if (aes > 1) {
+ armcap |= ARMV8_PMULL;
+ }
+
+ unsigned sha1 = get_id_field(id_aa64isar0_el1, ID_AA64ISAR0_EL1_SHA1);
+ if (sha1 > 0) {
+ armcap |= ARMV8_SHA1;
+ }
+
+ unsigned sha2 = get_id_field(id_aa64isar0_el1, ID_AA64ISAR0_EL1_SHA2);
+ if (sha2 > 0) {
+ armcap |= ARMV8_SHA256;
+ }
+ if (sha2 > 1) {
+ armcap |= ARMV8_SHA512;
+ }
+
+ return armcap;
+}
+
+void OPENSSL_cpuid_setup(void) { OPENSSL_armcap_P |= read_armcap(); }
+
+#endif // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP &&
+ // (ANDROID_BAREMETAL || OPENSSL_FREEBSD)
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_win.c b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_win.c
index a67ff364..8a510e33 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_win.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_aarch64_win.c
@@ -22,7 +22,7 @@
#include
-extern uint32_t OPENSSL_armcap_P;
+
void OPENSSL_cpuid_setup(void) {
// We do not need to check for the presence of NEON, as Armv8-A always has it
OPENSSL_armcap_P |= ARMV7_NEON;
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_arm.c b/Sources/CJWTKitBoringSSL/crypto/cpu_arm.c
deleted file mode 100644
index 1d1b5867..00000000
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_arm.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#include "internal.h"
-
-#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
- !defined(OPENSSL_STATIC_ARMCAP)
-
-#include
-
-
-extern uint32_t OPENSSL_armcap_P;
-
-int CRYPTO_is_NEON_capable_at_runtime(void) {
- return (OPENSSL_armcap_P & ARMV7_NEON) != 0;
-}
-
-int CRYPTO_is_ARMv8_AES_capable_at_runtime(void) {
- return (OPENSSL_armcap_P & ARMV8_AES) != 0;
-}
-
-int CRYPTO_is_ARMv8_PMULL_capable_at_runtime(void) {
- return (OPENSSL_armcap_P & ARMV8_PMULL) != 0;
-}
-
-#endif /* (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) &&
- !defined(OPENSSL_STATIC_ARMCAP) */
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_arm_freebsd.c b/Sources/CJWTKitBoringSSL/crypto/cpu_arm_freebsd.c
index 6e31b740..08241e7f 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_arm_freebsd.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_arm_freebsd.c
@@ -22,7 +22,6 @@
#include
#include
-extern uint32_t OPENSSL_armcap_P;
void OPENSSL_cpuid_setup(void) {
unsigned long hwcap = 0, hwcap2 = 0;
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_arm_linux.c b/Sources/CJWTKitBoringSSL/crypto/cpu_arm_linux.c
index 360985a4..d5013c52 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_arm_linux.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_arm_linux.c
@@ -95,8 +95,6 @@ static int read_file(char **out_ptr, size_t *out_len, const char *path) {
return ret;
}
-extern uint32_t OPENSSL_armcap_P;
-
static int g_needs_hwcap2_workaround;
void OPENSSL_cpuid_setup(void) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/cpu_intel.c b/Sources/CJWTKitBoringSSL/crypto/cpu_intel.c
index c061e57e..50915bbe 100644
--- a/Sources/CJWTKitBoringSSL/crypto/cpu_intel.c
+++ b/Sources/CJWTKitBoringSSL/crypto/cpu_intel.c
@@ -211,7 +211,8 @@ void OPENSSL_cpuid_setup(void) {
// Clear the XSAVE bit on Knights Landing to mimic Silvermont. This enables
// some Silvermont-specific codepaths which perform better. See OpenSSL
- // commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
+ // commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f and
+ // |CRYPTO_cpu_perf_is_like_silvermont|.
if ((eax & 0x0fff0ff0) == 0x00050670 /* Knights Landing */ ||
(eax & 0x0fff0ff0) == 0x00080650 /* Knights Mill (per SDE) */) {
ecx &= ~(1u << 26);
@@ -238,7 +239,8 @@ void OPENSSL_cpuid_setup(void) {
// Clear AVX2 and AVX512* bits.
//
// TODO(davidben): Should bits 17 and 26-28 also be cleared? Upstream
- // doesn't clear those.
+ // doesn't clear those. See the comments in
+ // |CRYPTO_hardware_supports_XSAVE|.
extended_features[0] &=
~((1u << 5) | (1u << 16) | (1u << 21) | (1u << 30) | (1u << 31));
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/crypto.c b/Sources/CJWTKitBoringSSL/crypto/crypto.c
index 6796db7a..7c4d275d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/crypto.c
+++ b/Sources/CJWTKitBoringSSL/crypto/crypto.c
@@ -78,6 +78,11 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
// This value must be explicitly initialized to zero. See similar comment above.
HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
+uint32_t OPENSSL_get_ia32cap(int idx) {
+ CRYPTO_library_init();
+ return OPENSSL_ia32cap_P[idx];
+}
+
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
#include
@@ -116,10 +121,16 @@ HIDDEN uint32_t OPENSSL_armcap_P =
HIDDEN uint32_t OPENSSL_armcap_P = 0;
uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
+ CRYPTO_library_init();
return &OPENSSL_armcap_P;
}
#endif
+uint32_t OPENSSL_get_armcap(void) {
+ CRYPTO_library_init();
+ return OPENSSL_armcap_P;
+}
+
#endif
#if defined(BORINGSSL_FIPS)
diff --git a/Sources/CJWTKitBoringSSL/crypto/curve25519/asm/x25519-asm-arm.S b/Sources/CJWTKitBoringSSL/crypto/curve25519/asm/x25519-asm-arm.S
index 80eee79d..e84cc8f8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/curve25519/asm/x25519-asm-arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/asm/x25519-asm-arm.S
@@ -19,17 +19,9 @@
* domain licensed but the standard ISC license is included above to keep
* licensing simple. */
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
-
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
+#include
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
.fpu neon
.text
@@ -2131,11 +2123,7 @@ mov sp,r12
vpop {q4,q5,q6,q7}
bx lr
-#endif /* !OPENSSL_NO_ASM && __ARMEL__ && __ELF__ */
-
-#if defined(__ELF__)
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif /* !OPENSSL_NO_ASM && OPENSSL_ARM && __ELF__ */
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519.c b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519.c
index 2a7ff6db..785267de 100644
--- a/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519.c
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519.c
@@ -19,8 +19,6 @@
//
// The field functions are shared by Ed25519 and X25519 where possible.
-#include
-
#include
#include
@@ -31,7 +29,6 @@
#include "internal.h"
#include "../internal.h"
-
// Various pre-computed constants.
#include "./curve25519_tables.h"
@@ -315,11 +312,6 @@ static void fe_copy_lt(fe_loose *h, const fe *f) {
static_assert(sizeof(fe_loose) == sizeof(fe), "fe and fe_loose mismatch");
OPENSSL_memmove(h, f, sizeof(fe));
}
-#if !defined(OPENSSL_SMALL)
-static void fe_copy_ll(fe_loose *h, const fe_loose *f) {
- OPENSSL_memmove(h, f, sizeof(fe_loose));
-}
-#endif // !defined(OPENSSL_SMALL)
static void fe_loose_invert(fe *out, const fe_loose *z) {
fe t0;
@@ -698,16 +690,6 @@ void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) {
fe_add(&r->T, &trZ, &trT);
}
-static uint8_t equal(signed char b, signed char c) {
- uint8_t ub = b;
- uint8_t uc = c;
- uint8_t x = ub ^ uc; // 0: yes; 1..255: no
- uint32_t y = x; // 0: yes; 1..255: no
- y -= 1; // 4294967295: yes; 0..254: no
- y >>= 31; // 1: yes; 0: no
- return y;
-}
-
static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) {
fe_cmov(&t->yplusx, &u->yplusx, b);
fe_cmov(&t->yminusx, &u->yminusx, b);
@@ -754,7 +736,7 @@ void x25519_ge_scalarmult_small_precomp(
ge_precomp_0(&e);
for (j = 1; j < 16; j++) {
- cmov(&e, &multiples[j-1], equal(index, j));
+ cmov(&e, &multiples[j-1], 1&constant_time_eq_w(index, j));
}
ge_cached cached;
@@ -776,35 +758,36 @@ void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
#else
-static uint8_t negative(signed char b) {
- uint32_t x = b;
- x >>= 31; // 1: yes; 0: no
- return x;
-}
+static void table_select(ge_precomp *t, const int pos, const signed char b) {
+ uint8_t bnegative = constant_time_msb_w(b);
+ uint8_t babs = b - ((bnegative & b) << 1);
-static void table_select(ge_precomp *t, int pos, signed char b) {
- ge_precomp minust;
- uint8_t bnegative = negative(b);
- uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+ uint8_t t_bytes[3][32] = {
+ {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}};
+#if defined(__clang__) // materialize for vectorization, 6% speedup
+ __asm__("" : "+m" (t_bytes) : /*no inputs*/);
+#endif
+ static_assert(sizeof(t_bytes) == sizeof(k25519Precomp[pos][0]), "");
+ for (int i = 0; i < 8; i++) {
+ constant_time_conditional_memxor(t_bytes, k25519Precomp[pos][i],
+ sizeof(t_bytes),
+ constant_time_eq_w(babs, 1 + i));
+ }
- ge_precomp_0(t);
- cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
- cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
- cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
- cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
- cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
- cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
- cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
- cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
- fe_copy_ll(&minust.yplusx, &t->yminusx);
- fe_copy_ll(&minust.yminusx, &t->yplusx);
+ fe yplusx, yminusx, xy2d;
+ fe_frombytes_strict(&yplusx, t_bytes[0]);
+ fe_frombytes_strict(&yminusx, t_bytes[1]);
+ fe_frombytes_strict(&xy2d, t_bytes[2]);
- // NOTE: the input table is canonical, but types don't encode it
- fe tmp;
- fe_carry(&tmp, &t->xy2d);
- fe_neg(&minust.xy2d, &tmp);
+ fe_copy_lt(&t->yplusx, &yplusx);
+ fe_copy_lt(&t->yminusx, &yminusx);
+ fe_copy_lt(&t->xy2d, &xy2d);
- cmov(t, &minust, bnegative);
+ ge_precomp minust;
+ fe_copy_lt(&minust.yplusx, &yminusx);
+ fe_copy_lt(&minust.yminusx, &yplusx);
+ fe_neg(&minust.xy2d, &xy2d);
+ cmov(t, &minust, bnegative>>7);
}
// h = a * B
@@ -814,6 +797,18 @@ static void table_select(ge_precomp *t, int pos, signed char b) {
// Preconditions:
// a[31] <= 127
void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
+#if defined(BORINGSSL_FE25519_ADX)
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() &&
+ CRYPTO_is_ADX_capable()) {
+ uint8_t t[4][32];
+ x25519_ge_scalarmult_base_adx(t, a);
+ fiat_25519_from_bytes(h->X.v, t[0]);
+ fiat_25519_from_bytes(h->Y.v, t[1]);
+ fiat_25519_from_bytes(h->Z.v, t[2]);
+ fiat_25519_from_bytes(h->T.v, t[3]);
+ return;
+ }
+#endif
signed char e[64];
signed char carry;
ge_p1p1 r;
@@ -916,7 +911,7 @@ void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) {
ge_cached selected;
ge_cached_0(&selected);
for (j = 0; j < 16; j++) {
- cmov_cached(&selected, &Ai[j], equal(j, index));
+ cmov_cached(&selected, &Ai[j], 1&constant_time_eq_w(index, j));
}
x25519_ge_add(&t, &u, &selected);
@@ -1911,6 +1906,8 @@ int ED25519_sign(uint8_t out_sig[64], const uint8_t *message,
x25519_sc_reduce(hram);
sc_muladd(out_sig + 32, hram, az, nonce);
+ // The signature is computed from the private key, but is public.
+ CONSTTIME_DECLASSIFY(out_sig, 64);
return 1;
}
@@ -1988,6 +1985,8 @@ void ED25519_keypair_from_seed(uint8_t out_public_key[32],
ge_p3 A;
x25519_ge_scalarmult_base(&A, az);
ge_p3_tobytes(out_public_key, &A);
+ // The public key is derived from the private key, but it is public.
+ CONSTTIME_DECLASSIFY(out_public_key, 32);
OPENSSL_memcpy(out_private_key, seed, 32);
OPENSSL_memcpy(out_private_key + 32, out_public_key, 32);
@@ -2083,6 +2082,12 @@ static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
x25519_NEON(out, scalar, point);
return;
}
+#elif defined(BORINGSSL_FE25519_ADX)
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() &&
+ CRYPTO_is_ADX_capable()) {
+ x25519_scalar_mult_adx(out, scalar, point);
+ return;
+ }
#endif
x25519_scalar_mult_generic(out, scalar, point);
diff --git a/Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_dtls1.h b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_64_adx.c
similarity index 82%
rename from Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_dtls1.h
rename to Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_64_adx.c
index 38ca801c..27689896 100644
--- a/Sources/CJWTKitBoringSSL/include/CJWTKitBoringSSL_dtls1.h
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_64_adx.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2015, Google Inc.
+/* Copyright (c) 2023, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -12,5 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-/* This header is provided in order to make compiling against code that expects
- OpenSSL easier. */
+#include "internal.h"
+#if defined(BORINGSSL_FE25519_ADX)
+#include "../../third_party/fiat/curve25519_64_adx.h"
+#endif
diff --git a/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_tables.h b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_tables.h
index ad1f036a..6636a36a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_tables.h
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/curve25519_tables.h
@@ -142,7493 +142,2885 @@ static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = {
#else
// k25519Precomp[i][j] = (j+1)*256^i*B
-static const ge_precomp k25519Precomp[32][8] = {
+const uint8_t k25519Precomp[32][8][3][32] = {
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1288382639258501, 245678601348599, 269427782077623,
- 1462984067271730, 137412439391563
-#else
- 25967493, 19198397, 29566455, 3660896, 54414519, 4014786,
- 27544626, 21800161, 61029707, 2047604
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 62697248952638, 204681361388450, 631292143396476,
- 338455783676468, 1213667448819585
-#else
- 54563134, 934261, 64385954, 3049989, 66381436, 9406985,
- 12720692, 5043384, 19500929, 18085054
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 301289933810280, 1259582250014073, 1422107436869536,
- 796239922652654, 1953934009299142
-#else
- 58370664, 4489569, 9688441, 18769238, 10184608, 21191052,
- 29287918, 11864899, 42594502, 29115885
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1380971894829527, 790832306631236, 2067202295274102,
- 1995808275510000, 1566530869037010
-#else
- 54292951, 20578084, 45527620, 11784319, 41753206, 30803714,
- 55390960, 29739860, 66750418, 23343128
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 463307831301544, 432984605774163, 1610641361907204,
- 750899048855000, 1894842303421586
-#else
- 45405608, 6903824, 27185491, 6451973, 37531140, 24000426,
- 51492312, 11189267, 40279186, 28235350
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 748439484463711, 1033211726465151, 1396005112841647,
- 1611506220286469, 1972177495910992
-#else
- 26966623, 11152617, 32442495, 15396054, 14353839, 20802097,
- 63980037, 24013313, 51636816, 29387734
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1601611775252272, 1720807796594148, 1132070835939856,
- 1260455018889551, 2147779492816911
-#else
- 15636272, 23865875, 24204772, 25642034, 616976, 16869170,
- 27787599, 18782243, 28944399, 32004408
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 316559037616741, 2177824224946892, 1459442586438991,
- 1461528397712656, 751590696113597
-#else
- 16568933, 4717097, 55552716, 32452109, 15682895, 21747389,
- 16354576, 21778470, 7689661, 11199574
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1850748884277385, 1200145853858453, 1068094770532492,
- 672251375690438, 1586055907191707
-#else
- 30464137, 27578307, 55329429, 17883566, 23220364, 15915852,
- 7512774, 10017326, 49359771, 23634074
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 934282339813791, 1846903124198670, 1172395437954843,
- 1007037127761661, 1830588347719256
-#else
- 50071967, 13921891, 10945806, 27521001, 27105051, 17470053,
- 38182653, 15006022, 3284568, 27277892
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1694390458783935, 1735906047636159, 705069562067493,
- 648033061693059, 696214010414170
-#else
- 23599295, 25248385, 55915199, 25867015, 13236773, 10506355,
- 7464579, 9656445, 13059162, 10374397
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1121406372216585, 192876649532226, 190294192191717,
- 1994165897297032, 2245000007398739
-#else
- 7798537, 16710257, 3033922, 2874086, 28997861, 2835604,
- 32406664, 29715387, 66467155, 33453106
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 769950342298419, 132954430919746, 844085933195555,
- 974092374476333, 726076285546016
-#else
- 10861363, 11473154, 27284546, 1981175, 37044515, 12577860,
- 32867885, 14515107, 51670560, 10819379
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 425251763115706, 608463272472562, 442562545713235,
- 837766094556764, 374555092627893
-#else
- 4708026, 6336745, 20377586, 9066809, 55836755, 6594695,
- 41455196, 12483687, 54440373, 5581305
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1086255230780037, 274979815921559, 1960002765731872,
- 929474102396301, 1190409889297339
-#else
- 19563141, 16186464, 37722007, 4097518, 10237984, 29206317,
- 28542349, 13850243, 43430843, 17738489
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1388594989461809, 316767091099457, 394298842192982,
- 1230079486801005, 1440737038838979
-#else
- 51736881, 20691677, 32573249, 4720197, 40672342, 5875510,
- 47920237, 18329612, 57289923, 21468654
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 7380825640100, 146210432690483, 304903576448906,
- 1198869323871120, 997689833219095
-#else
- 58559652, 109982, 15149363, 2178705, 22900618, 4543417, 3044240,
- 17864545, 1762327, 14866737
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1181317918772081, 114573476638901, 262805072233344,
- 265712217171332, 294181933805782
-#else
- 48909169, 17603008, 56635573, 1707277, 49922944, 3916100,
- 38872452, 3959420, 27914454, 4383652
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 665000864555967, 2065379846933859, 370231110385876,
- 350988370788628, 1233371373142985
-#else
- 5153727, 9909285, 1723747, 30776558, 30523604, 5516873,
- 19480852, 5230134, 43156425, 18378665
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2019367628972465, 676711900706637, 110710997811333,
- 1108646842542025, 517791959672113
-#else
- 36839857, 30090922, 7665485, 10083793, 28475525, 1649722,
- 20654025, 16520125, 30598449, 7715701
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 965130719900578, 247011430587952, 526356006571389,
- 91986625355052, 2157223321444601
-#else
- 28881826, 14381568, 9657904, 3680757, 46927229, 7843315,
- 35708204, 1370707, 29794553, 32145132
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2068619540119183, 1966274918058806, 957728544705549,
- 729906502578991, 159834893065166
-#else
- 14499471, 30824833, 33917750, 29299779, 28494861, 14271267,
- 30290735, 10876454, 33954766, 2381725
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2073601412052185, 31021124762708, 264500969797082,
- 248034690651703, 1030252227928288
-#else
- 59913433, 30899068, 52378708, 462250, 39384538, 3941371,
- 60872247, 3696004, 34808032, 15351954
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 551790716293402, 1989538725166328, 801169423371717,
- 2052451893578887, 678432056995012
-#else
- 27431194, 8222322, 16448760, 29646437, 48401861, 11938354,
- 34147463, 30583916, 29551812, 10109425
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1368953770187805, 790347636712921, 437508475667162,
- 2142576377050580, 1932081720066286
-#else
- 53451805, 20399000, 35825113, 11777097, 21447386, 6519384,
- 64730580, 31926875, 10092782, 28790261
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 953638594433374, 1092333936795051, 1419774766716690,
- 805677984380077, 859228993502513
-#else
- 27939166, 14210322, 4677035, 16277044, 44144402, 21156292,
- 34600109, 12005537, 49298737, 12803509
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1200766035879111, 20142053207432, 1465634435977050,
- 1645256912097844, 295121984874596
-#else
- 17228999, 17892808, 65875336, 300139, 65883994, 21839654,
- 30364212, 24516238, 18016356, 4397660
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1735718747031557, 1248237894295956, 1204753118328107,
- 976066523550493, 65943769534592
-#else
- 56150021, 25864224, 4776340, 18600194, 27850027, 17952220,
- 40489757, 14544524, 49631360, 982638
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1060098822528990, 1586825862073490, 212301317240126,
- 1975302711403555, 666724059764335
-#else
- 29253598, 15796703, 64244882, 23645547, 10057022, 3163536,
- 7332899, 29434304, 46061167, 9934962
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1091990273418756, 1572899409348578, 80968014455247,
- 306009358661350, 1520450739132526
-#else
- 5793284, 16271923, 42977250, 23438027, 29188559, 1206517,
- 52360934, 4559894, 36984942, 22656481
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1480517209436112, 1511153322193952, 1244343858991172,
- 304788150493241, 369136856496443
-#else
- 39464912, 22061425, 16282656, 22517939, 28414020, 18542168,
- 24191033, 4541697, 53770555, 5500567
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2151330273626164, 762045184746182, 1688074332551515,
- 823046109005759, 907602769079491
-#else
- 12650548, 32057319, 9052870, 11355358, 49428827, 25154267,
- 49678271, 12264342, 10874051, 13524335
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2047386910586836, 168470092900250, 1552838872594810,
- 340951180073789, 360819374702533
-#else
- 25556948, 30508442, 714650, 2510400, 23394682, 23139102,
- 33119037, 5080568, 44580805, 5376627
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1982622644432056, 2014393600336956, 128909208804214,
- 1617792623929191, 105294281913815
-#else
- 41020600, 29543379, 50095164, 30016803, 60382070, 1920896,
- 44787559, 24106988, 4535767, 1569007
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 980234343912898, 1712256739246056, 588935272190264,
- 204298813091998, 841798321043288
-#else
- 64853442, 14606629, 45416424, 25514613, 28430648, 8775819,
- 36614302, 3044289, 31848280, 12543772
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 197561292938973, 454817274782871, 1963754960082318,
- 2113372252160468, 971377527342673
-#else
- 45080285, 2943892, 35251351, 6777305, 13784462, 29262229,
- 39731668, 31491700, 7718481, 14474653
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 164699448829328, 3127451757672, 1199504971548753,
- 1766155447043652, 1899238924683527
-#else
- 2385296, 2454213, 44477544, 46602, 62670929, 17874016, 656964,
- 26317767, 24316167, 28300865
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 732262946680281, 1674412764227063, 2182456405662809,
- 1350894754474250, 558458873295247
-#else
- 13741529, 10911568, 33875447, 24950694, 46931033, 32521134,
- 33040650, 20129900, 46379407, 8321685
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2103305098582922, 1960809151316468, 715134605001343,
- 1454892949167181, 40827143824949
-#else
- 21060490, 31341688, 15712756, 29218333, 1639039, 10656336,
- 23845965, 21679594, 57124405, 608371
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1239289043050212, 1744654158124578, 758702410031698,
- 1796762995074688, 1603056663766
-#else
- 53436132, 18466845, 56219170, 25997372, 61071954, 11305546,
- 1123968, 26773855, 27229398, 23887
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2232056027107988, 987343914584615, 2115594492994461,
- 1819598072792159, 1119305654014850
-#else
- 43864724, 33260226, 55364135, 14712570, 37643165, 31524814,
- 12797023, 27114124, 65475458, 16678953
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 320153677847348, 939613871605645, 641883205761567,
- 1930009789398224, 329165806634126
-#else
- 37608244, 4770661, 51054477, 14001337, 7830047, 9564805,
- 65600720, 28759386, 49939598, 4904952
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 980930490474130, 1242488692177893, 1251446316964684,
- 1086618677993530, 1961430968465772
-#else
- 24059538, 14617003, 19037157, 18514524, 19766092, 18648003,
- 5169210, 16191880, 2128236, 29227599
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 276821765317453, 1536835591188030, 1305212741412361,
- 61473904210175, 2051377036983058
-#else
- 50127693, 4124965, 58568254, 22900634, 30336521, 19449185,
- 37302527, 916032, 60226322, 30567899
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 833449923882501, 1750270368490475, 1123347002068295,
- 185477424765687, 278090826653186
-#else
- 44477957, 12419371, 59974635, 26081060, 50629959, 16739174,
- 285431, 2763829, 15736322, 4143876
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 794524995833413, 1849907304548286, 53348672473145,
- 1272368559505217, 1147304168324779
-#else
- 2379333, 11839345, 62998462, 27565766, 11274297, 794957, 212801,
- 18959769, 23527083, 17096164
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1504846112759364, 1203096289004681, 562139421471418,
- 274333017451844, 1284344053775441
-#else
- 33431108, 22423954, 49269897, 17927531, 8909498, 8376530,
- 34483524, 4087880, 51919953, 19138217
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 483048732424432, 2116063063343382, 30120189902313,
- 292451576741007, 1156379271702225
-#else
- 1767664, 7197987, 53903638, 31531796, 54017513, 448825, 5799055,
- 4357868, 62334673, 17231393
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 928372153029038, 2147692869914564, 1455665844462196,
- 1986737809425946, 185207050258089
-#else
- 6721966, 13833823, 43585476, 32003117, 26354292, 21691111,
- 23365146, 29604700, 7390889, 2759800
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 137732961814206, 706670923917341, 1387038086865771,
- 1965643813686352, 1384777115696347
-#else
- 4409022, 2052381, 23373853, 10530217, 7676779, 20668478,
- 21302352, 29290375, 1244379, 20634787
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 481144981981577, 2053319313589856, 2065402289827512,
- 617954271490316, 1106602634668125
-#else
- 62687625, 7169618, 4982368, 30596842, 30256824, 30776892,
- 14086412, 9208236, 15886429, 16489664
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 696298019648792, 893299659040895, 1148636718636009,
- 26734077349617, 2203955659340681
-#else
- 1996056, 10375649, 14346367, 13311202, 60234729, 17116020,
- 53415665, 398368, 36502409, 32841498
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 657390353372855, 998499966885562, 991893336905797,
- 810470207106761, 343139804608786
-#else
- 41801399, 9795879, 64331450, 14878808, 33577029, 14780362,
- 13348553, 12076947, 36272402, 5113181
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 791736669492960, 934767652997115, 824656780392914,
- 1759463253018643, 361530362383518
-#else
- 49338080, 11797795, 31950843, 13929123, 41220562, 12288343,
- 36767763, 26218045, 13847710, 5387222
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2022541353055597, 2094700262587466, 1551008075025686,
- 242785517418164, 695985404963562
-#else
- 48526701, 30138214, 17824842, 31213466, 22744342, 23111821,
- 8763060, 3617786, 47508202, 10370990
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1287487199965223, 2215311941380308, 1552928390931986,
- 1664859529680196, 1125004975265243
-#else
- 20246567, 19185054, 22358228, 33010720, 18507282, 23140436,
- 14554436, 24808340, 32232923, 16763880
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 677434665154918, 989582503122485, 1817429540898386,
- 1052904935475344, 1143826298169798
-#else
- 9648486, 10094563, 26416693, 14745928, 36734546, 27081810,
- 11094160, 15689506, 3140038, 17044340
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 367266328308408, 318431188922404, 695629353755355,
- 634085657580832, 24581612564426
-#else
- 50948792, 5472694, 31895588, 4744994, 8823515, 10365685,
- 39884064, 9448612, 38334410, 366294
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 773360688841258, 1815381330538070, 363773437667376,
- 539629987070205, 783280434248437
-#else
- 19153450, 11523972, 56012374, 27051289, 42461232, 5420646,
- 28344573, 8041113, 719605, 11671788
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 180820816194166, 168937968377394, 748416242794470,
- 1227281252254508, 1567587861004268
-#else
- 8678006, 2694440, 60300850, 2517371, 4964326, 11152271,
- 51675948, 18287915, 27000812, 23358879
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 478775558583645, 2062896624554807, 699391259285399,
- 358099408427873, 1277310261461761
-#else
- 51950941, 7134311, 8639287, 30739555, 59873175, 10421741,
- 564065, 5336097, 6750977, 19033406
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1984740906540026, 1079164179400229, 1056021349262661,
- 1659958556483663, 1088529069025527
-#else
- 11836410, 29574944, 26297893, 16080799, 23455045, 15735944,
- 1695823, 24735310, 8169719, 16220347
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 580736401511151, 1842931091388998, 1177201471228238,
- 2075460256527244, 1301133425678027
-#else
- 48993007, 8653646, 17578566, 27461813, 59083086, 17541668,
- 55964556, 30926767, 61118155, 19388398
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1515728832059182, 1575261009617579, 1510246567196186,
- 191078022609704, 116661716289141
-#else
- 43800366, 22586119, 15213227, 23473218, 36255258, 22504427,
- 27884328, 2847284, 2655861, 1738395
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1295295738269652, 1714742313707026, 545583042462581,
- 2034411676262552, 1513248090013606
-#else
- 39571412, 19301410, 41772562, 25551651, 57738101, 8129820,
- 21651608, 30315096, 48021414, 22549153
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 230710545179830, 30821514358353, 760704303452229,
- 390668103790604, 573437871383156
-#else
- 1533110, 3437855, 23735889, 459276, 29970501, 11335377,
- 26030092, 5821408, 10478196, 8544890
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1169380107545646, 263167233745614, 2022901299054448,
- 819900753251120, 2023898464874585
-#else
- 32173102, 17425121, 24896206, 3921497, 22579056, 30143578,
- 19270448, 12217473, 17789017, 30158437
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2102254323485823, 1570832666216754, 34696906544624,
- 1993213739807337, 70638552271463
-#else
- 36555903, 31326030, 51530034, 23407230, 13243888, 517024,
- 15479401, 29701199, 30460519, 1052596
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 894132856735058, 548675863558441, 845349339503395,
- 1942269668326667, 1615682209874691
-#else
- 55493970, 13323617, 32618793, 8175907, 51878691, 12596686,
- 27491595, 28942073, 3179267, 24075541
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1287670217537834, 1222355136884920, 1846481788678694,
- 1150426571265110, 1613523400722047
-#else
- 31947050, 19187781, 62468280, 18214510, 51982886, 27514722,
- 52352086, 17142691, 19072639, 24043372
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 793388516527298, 1315457083650035, 1972286999342417,
- 1901825953052455, 338269477222410
-#else
- 11685058, 11822410, 3158003, 19601838, 33402193, 29389366,
- 5977895, 28339415, 473098, 5040608
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 550201530671806, 778605267108140, 2063911101902983,
- 115500557286349, 2041641272971022
-#else
- 46817982, 8198641, 39698732, 11602122, 1290375, 30754672,
- 28326861, 1721092, 47550222, 30422825
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 717255318455100, 519313764361315, 2080406977303708,
- 541981206705521, 774328150311600
-#else
- 7881532, 10687937, 7578723, 7738378, 48157852, 31000479,
- 21820785, 8076149, 39240368, 11538388
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 261715221532238, 1795354330069993, 1496878026850283,
- 499739720521052, 389031152673770
-#else
- 47173198, 3899860, 18283497, 26752864, 51380203, 22305220,
- 8754524, 7446702, 61432810, 5797015
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1997217696294013, 1717306351628065, 1684313917746180,
- 1644426076011410, 1857378133465451
-#else
- 55813245, 29760862, 51326753, 25589858, 12708868, 25098233,
- 2014098, 24503858, 64739691, 27677090
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1475434724792648, 76931896285979, 1116729029771667,
- 2002544139318042, 725547833803938
-#else
- 44636488, 21985690, 39426843, 1146374, 18956691, 16640559,
- 1192730, 29840233, 15123618, 10811505
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2022306639183567, 726296063571875, 315345054448644,
- 1058733329149221, 1448201136060677
-#else
- 14352079, 30134717, 48166819, 10822654, 32750596, 4699007,
- 67038501, 15776355, 38222085, 21579878
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1710065158525665, 1895094923036397, 123988286168546,
- 1145519900776355, 1607510767693874
-#else
- 38867681, 25481956, 62129901, 28239114, 29416930, 1847569,
- 46454691, 17069576, 4714546, 23953777
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 561605375422540, 1071733543815037, 131496498800990,
- 1946868434569999, 828138133964203
-#else
- 15200332, 8368572, 19679101, 15970074, 35236190, 1959450,
- 24611599, 29010600, 55362987, 12340219
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1548495173745801, 442310529226540, 998072547000384,
- 553054358385281, 644824326376171
-#else
- 12876937, 23074376, 33134380, 6590940, 60801088, 14872439,
- 9613953, 8241152, 15370987, 9608631
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1445526537029440, 2225519789662536, 914628859347385,
- 1064754194555068, 1660295614401091
-#else
- 62965568, 21540023, 8446280, 33162829, 4407737, 13629032,
- 59383996, 15866073, 38898243, 24740332
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1199690223111956, 24028135822341, 66638289244341,
- 57626156285975, 565093967979607
-#else
- 26660628, 17876777, 8393733, 358047, 59707573, 992987, 43204631,
- 858696, 20571223, 8420556
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 876926774220824, 554618976488214, 1012056309841565,
- 839961821554611, 1414499340307677
-#else
- 14620696, 13067227, 51661590, 8264466, 14106269, 15080814,
- 33531827, 12516406, 45534429, 21077682
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 703047626104145, 1266841406201770, 165556500219173,
- 486991595001879, 1011325891650656
-#else
- 236881, 10476226, 57258, 18877408, 6472997, 2466984, 17258519,
- 7256740, 8791136, 15069930
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1622861044480487, 1156394801573634, 1869132565415504,
- 327103985777730, 2095342781472284
-#else
- 1276391, 24182514, 22949634, 17231625, 43615824, 27852245,
- 14711874, 4874229, 36445724, 31223040
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 334886927423922, 489511099221528, 129160865966726,
- 1720809113143481, 619700195649254
-#else
- 5855666, 4990204, 53397016, 7294283, 59304582, 1924646,
- 65685689, 25642053, 34039526, 9234252
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1646545795166119, 1758370782583567, 714746174550637,
- 1472693650165135, 898994790308209
-#else
- 20590503, 24535444, 31529743, 26201766, 64402029, 10650547,
- 31559055, 21944845, 18979185, 13396066
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 333403773039279, 295772542452938, 1693106465353610,
- 912330357530760, 471235657950362
-#else
- 24474287, 4968103, 22267082, 4407354, 24063882, 25229252,
- 48291976, 13594781, 33514650, 7021958
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1811196219982022, 1068969825533602, 289602974833439,
- 1988956043611592, 863562343398367
-#else
- 55541958, 26988926, 45743778, 15928891, 40950559, 4315420,
- 41160136, 29637754, 45628383, 12868081
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 906282429780072, 2108672665779781, 432396390473936,
- 150625823801893, 1708930497638539
-#else
- 38473832, 13504660, 19988037, 31421671, 21078224, 6443208,
- 45662757, 2244499, 54653067, 25465048
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 925664675702328, 21416848568684, 1831436641861340,
- 601157008940113, 371818055044496
-#else
- 36513336, 13793478, 61256044, 319135, 41385692, 27290532,
- 33086545, 8957937, 51875216, 5540520
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1479786007267725, 1738881859066675, 68646196476567,
- 2146507056100328, 1247662817535471
-#else
- 55478669, 22050529, 58989363, 25911358, 2620055, 1022908,
- 43398120, 31985447, 50980335, 18591624
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 52035296774456, 939969390708103, 312023458773250,
- 59873523517659, 1231345905848899
-#else
- 23152952, 775386, 27395463, 14006635, 57407746, 4649511,
- 1689819, 892185, 55595587, 18348483
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 643355106415761, 290186807495774, 2013561737429023,
- 319648069511546, 393736678496162
-#else
- 9770129, 9586738, 26496094, 4324120, 1556511, 30004408,
- 27453818, 4763127, 47929250, 5867133
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 129358342392716, 1932811617704777, 1176749390799681,
- 398040349861790, 1170779668090425
-#else
- 34343820, 1927589, 31726409, 28801137, 23962433, 17534932,
- 27846558, 5931263, 37359161, 17445976
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2051980782668029, 121859921510665, 2048329875753063,
- 1235229850149665, 519062146124755
-#else
- 27461885, 30576896, 22380809, 1815854, 44075111, 30522493,
- 7283489, 18406359, 47582163, 7734628
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1608170971973096, 415809060360428, 1350468408164766,
- 2038620059057678, 1026904485989112
-#else
- 59098600, 23963614, 55988460, 6196037, 29344158, 20123547,
- 7585294, 30377806, 18549496, 15302069
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1837656083115103, 1510134048812070, 906263674192061,
- 1821064197805734, 565375124676301
-#else
- 34450527, 27383209, 59436070, 22502750, 6258877, 13504381,
- 10458790, 27135971, 58236621, 8424745
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 578027192365650, 2034800251375322, 2128954087207123,
- 478816193810521, 2196171989962750
-#else
- 24687186, 8613276, 36441818, 30320886, 1863891, 31723888,
- 19206233, 7134917, 55824382, 32725512
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1633188840273139, 852787172373708, 1548762607215796,
- 1266275218902681, 1107218203325133
-#else
- 11334899, 24336410, 8025292, 12707519, 17523892, 23078361,
- 10243737, 18868971, 62042829, 16498836
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 462189358480054, 1784816734159228, 1611334301651368,
- 1303938263943540, 707589560319424
-#else
- 8911542, 6887158, 57524604, 26595841, 11145640, 24010752,
- 17303924, 19430194, 6536640, 10543906
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1038829280972848, 38176604650029, 753193246598573,
- 1136076426528122, 595709990562434
-#else
- 38162480, 15479762, 49642029, 568875, 65611181, 11223453,
- 64439674, 16928857, 39873154, 8876770
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1408451820859834, 2194984964010833, 2198361797561729,
- 1061962440055713, 1645147963442934
-#else
- 41365946, 20987567, 51458897, 32707824, 34082177, 32758143,
- 33627041, 15824473, 66504438, 24514614
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 4701053362120, 1647641066302348, 1047553002242085,
- 1923635013395977, 206970314902065
-#else
- 10330056, 70051, 7957388, 24551765, 9764901, 15609756, 27698697,
- 28664395, 1657393, 3084098
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1750479161778571, 1362553355169293, 1891721260220598,
- 966109370862782, 1024913988299801
-#else
- 10477963, 26084172, 12119565, 20303627, 29016246, 28188843,
- 31280318, 14396151, 36875289, 15272408
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 212699049131723, 1117950018299775, 1873945661751056,
- 1403802921984058, 130896082652698
-#else
- 54820555, 3169462, 28813183, 16658753, 25116432, 27923966,
- 41934906, 20918293, 42094106, 1950503
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 636808533673210, 1262201711667560, 390951380330599,
- 1663420692697294, 561951321757406
-#else
- 40928506, 9489186, 11053416, 18808271, 36055143, 5825629,
- 58724558, 24786899, 15341278, 8373727
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 520731594438141, 1446301499955692, 273753264629267,
- 1565101517999256, 1019411827004672
-#else
- 28685821, 7759505, 52730348, 21551571, 35137043, 4079241,
- 298136, 23321830, 64230656, 15190419
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 926527492029409, 1191853477411379, 734233225181171,
- 184038887541270, 1790426146325343
-#else
- 34175969, 13806335, 52771379, 17760000, 43104243, 10940927,
- 8669718, 2742393, 41075551, 26679428
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1464651961852572, 1483737295721717, 1519450561335517,
- 1161429831763785, 405914998179977
-#else
- 65528476, 21825014, 41129205, 22109408, 49696989, 22641577,
- 9291593, 17306653, 54954121, 6048604
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 996126634382301, 796204125879525, 127517800546509,
- 344155944689303, 615279846169038
-#else
- 36803549, 14843443, 1539301, 11864366, 20201677, 1900163,
- 13934231, 5128323, 11213262, 9168384
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 738724080975276, 2188666632415296, 1961313708559162,
- 1506545807547587, 1151301638969740
-#else
- 40828332, 11007846, 19408960, 32613674, 48515898, 29225851,
- 62020803, 22449281, 20470156, 17155731
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 622917337413835, 1218989177089035, 1284857712846592,
- 970502061709359, 351025208117090
-#else
- 43972811, 9282191, 14855179, 18164354, 59746048, 19145871,
- 44324911, 14461607, 14042978, 5230683
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2067814584765580, 1677855129927492, 2086109782475197,
- 235286517313238, 1416314046739645
-#else
- 29969548, 30812838, 50396996, 25001989, 9175485, 31085458,
- 21556950, 3506042, 61174973, 21104723
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 586844262630358, 307444381952195, 458399356043426,
- 602068024507062, 1028548203415243
-#else
- 63964118, 8744660, 19704003, 4581278, 46678178, 6830682,
- 45824694, 8971512, 38569675, 15326562
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 678489922928203, 2016657584724032, 90977383049628,
- 1026831907234582, 615271492942522
-#else
- 47644235, 10110287, 49846336, 30050539, 43608476, 1355668,
- 51585814, 15300987, 46594746, 9168259
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 301225714012278, 1094837270268560, 1202288391010439,
- 644352775178361, 1647055902137983
-#else
- 61755510, 4488612, 43305616, 16314346, 7780487, 17915493,
- 38160505, 9601604, 33087103, 24543045
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1210746697896478, 1416608304244708, 686487477217856,
- 1245131191434135, 1051238336855737
-#else
- 47665694, 18041531, 46311396, 21109108, 37284416, 10229460,
- 39664535, 18553900, 61111993, 15664671
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1135604073198207, 1683322080485474, 769147804376683,
- 2086688130589414, 900445683120379
-#else
- 23294591, 16921819, 44458082, 25083453, 27844203, 11461195,
- 13099750, 31094076, 18151675, 13417686
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1971518477615628, 401909519527336, 448627091057375,
- 1409486868273821, 1214789035034363
-#else
- 42385932, 29377914, 35958184, 5988918, 40250079, 6685064,
- 1661597, 21002991, 15271675, 18101767
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1364039144731711, 1897497433586190, 2203097701135459,
- 145461396811251, 1349844460790699
-#else
- 11433023, 20325767, 8239630, 28274915, 65123427, 32828713,
- 48410099, 2167543, 60187563, 20114249
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1045230323257973, 818206601145807, 630513189076103,
- 1672046528998132, 807204017562437
-#else
- 35672693, 15575145, 30436815, 12192228, 44645511, 9395378,
- 57191156, 24915434, 12215109, 12028277
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 439961968385997, 386362664488986, 1382706320807688,
- 309894000125359, 2207801346498567
-#else
- 14098381, 6555944, 23007258, 5757252, 51681032, 20603929,
- 30123439, 4617780, 50208775, 32898803
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1229004686397588, 920643968530863, 123975893911178,
- 681423993215777, 1400559197080973
-#else
- 63082644, 18313596, 11893167, 13718664, 52299402, 1847384,
- 51288865, 10154008, 23973261, 20869958
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2003766096898049, 170074059235165, 1141124258967971,
- 1485419893480973, 1573762821028725
-#else
- 40577025, 29858441, 65199965, 2534300, 35238307, 17004076,
- 18341389, 22134481, 32013173, 23450893
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 729905708611432, 1270323270673202, 123353058984288,
- 426460209632942, 2195574535456672
-#else
- 41629544, 10876442, 55337778, 18929291, 54739296, 1838103,
- 21911214, 6354752, 4425632, 32716610
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1271140255321235, 2044363183174497, 52125387634689,
- 1445120246694705, 942541986339084
-#else
- 56675475, 18941465, 22229857, 30463385, 53917697, 776728,
- 49693489, 21533969, 4725004, 14044970
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1761608437466135, 583360847526804, 1586706389685493,
- 2157056599579261, 1170692369685772
-#else
- 19268631, 26250011, 1555348, 8692754, 45634805, 23643767,
- 6347389, 32142648, 47586572, 17444675
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 871476219910823, 1878769545097794, 2241832391238412,
- 548957640601001, 690047440233174
-#else
- 42244775, 12986007, 56209986, 27995847, 55796492, 33405905,
- 19541417, 8180106, 9282262, 10282508
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 297194732135507, 1366347803776820, 1301185512245601,
- 561849853336294, 1533554921345731
-#else
- 40903763, 4428546, 58447668, 20360168, 4098401, 19389175,
- 15522534, 8372215, 5542595, 22851749
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 999628998628371, 1132836708493400, 2084741674517453,
- 469343353015612, 678782988708035
-#else
- 56546323, 14895632, 26814552, 16880582, 49628109, 31065071,
- 64326972, 6993760, 49014979, 10114654
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2189427607417022, 699801937082607, 412764402319267,
- 1478091893643349, 2244675696854460
-#else
- 47001790, 32625013, 31422703, 10427861, 59998115, 6150668,
- 38017109, 22025285, 25953724, 33448274
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1712292055966563, 204413590624874, 1405738637332841,
- 408981300829763, 861082219276721
-#else
- 62874467, 25515139, 57989738, 3045999, 2101609, 20947138,
- 19390019, 6094296, 63793585, 12831124
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 508561155940631, 966928475686665, 2236717801150132,
- 424543858577297, 2089272956986143
-#else
- 51110167, 7578151, 5310217, 14408357, 33560244, 33329692,
- 31575953, 6326196, 7381791, 31132593
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 221245220129925, 1156020201681217, 491145634799213,
- 542422431960839, 828100817819207
-#else
- 46206085, 3296810, 24736065, 17226043, 18374253, 7318640,
- 6295303, 8082724, 51746375, 12339663
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 153756971240384, 1299874139923977, 393099165260502,
- 1058234455773022, 996989038681183
-#else
- 27724736, 2291157, 6088201, 19369634, 1792726, 5857634,
- 13848414, 15768922, 25091167, 14856294
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 559086812798481, 573177704212711, 1629737083816402,
- 1399819713462595, 1646954378266038
-#else
- 48242193, 8331042, 24373479, 8541013, 66406866, 24284974,
- 12927299, 20858939, 44926390, 24541532
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1887963056288059, 228507035730124, 1468368348640282,
- 930557653420194, 613513962454686
-#else
- 55685435, 28132841, 11632844, 3405020, 30536730, 21880393,
- 39848098, 13866389, 30146206, 9142070
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1224529808187553, 1577022856702685, 2206946542980843,
- 625883007765001, 279930793512158
-#else
- 3924129, 18246916, 53291741, 23499471, 12291819, 32886066,
- 39406089, 9326383, 58871006, 4171293
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1076287717051609, 1114455570543035, 187297059715481,
- 250446884292121, 1885187512550540
-#else
- 51186905, 16037936, 6713787, 16606682, 45496729, 2790943,
- 26396185, 3731949, 345228, 28091483
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 902497362940219, 76749815795675, 1657927525633846,
- 1420238379745202, 1340321636548352
-#else
- 45781307, 13448258, 25284571, 1143661, 20614966, 24705045,
- 2031538, 21163201, 50855680, 19972348
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1129576631190784, 1281994010027327, 996844254743018,
- 257876363489249, 1150850742055018
-#else
- 31016192, 16832003, 26371391, 19103199, 62081514, 14854136,
- 17477601, 3842657, 28012650, 17149012
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 628740660038789, 1943038498527841, 467786347793886,
- 1093341428303375, 235413859513003
-#else
- 62033029, 9368965, 58546785, 28953529, 51858910, 6970559,
- 57918991, 16292056, 58241707, 3507939
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 237425418909360, 469614029179605, 1512389769174935,
- 1241726368345357, 441602891065214
-#else
- 29439664, 3537914, 23333589, 6997794, 49553303, 22536363,
- 51899661, 18503164, 57943934, 6580395
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1736417953058555, 726531315520508, 1833335034432527,
- 1629442561574747, 624418919286085
-#else
- 54923003, 25874643, 16438268, 10826160, 58412047, 27318820,
- 17860443, 24280586, 65013061, 9304566
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1960754663920689, 497040957888962, 1909832851283095,
- 1271432136996826, 2219780368020940
-#else
- 20714545, 29217521, 29088194, 7406487, 11426967, 28458727,
- 14792666, 18945815, 5289420, 33077305
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1537037379417136, 1358865369268262, 2130838645654099,
- 828733687040705, 1999987652890901
-#else
- 50443312, 22903641, 60948518, 20248671, 9192019, 31751970,
- 17271489, 12349094, 26939669, 29802138
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 629042105241814, 1098854999137608, 887281544569320,
- 1423102019874777, 7911258951561
-#else
- 54218966, 9373457, 31595848, 16374215, 21471720, 13221525,
- 39825369, 21205872, 63410057, 117886
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1811562332665373, 1501882019007673, 2213763501088999,
- 359573079719636, 36370565049116
-#else
- 22263325, 26994382, 3984569, 22379786, 51994855, 32987646,
- 28311252, 5358056, 43789084, 541963
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 218907117361280, 1209298913016966, 1944312619096112,
- 1130690631451061, 1342327389191701
-#else
- 16259200, 3261970, 2309254, 18019958, 50223152, 28972515,
- 24134069, 16848603, 53771797, 20002236
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1369976867854704, 1396479602419169, 1765656654398856,
- 2203659200586299, 998327836117241
-#else
- 9378160, 20414246, 44262881, 20809167, 28198280, 26310334,
- 64709179, 32837080, 690425, 14876244
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2230701885562825, 1348173180338974, 2172856128624598,
- 1426538746123771, 444193481326151
-#else
- 24977353, 33240048, 58884894, 20089345, 28432342, 32378079,
- 54040059, 21257083, 44727879, 6618998
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 784210426627951, 918204562375674, 1284546780452985,
- 1324534636134684, 1872449409642708
-#else
- 65570671, 11685645, 12944378, 13682314, 42719353, 19141238,
- 8044828, 19737104, 32239828, 27901670
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 319638829540294, 596282656808406, 2037902696412608,
- 1557219121643918, 341938082688094
-#else
- 48505798, 4762989, 66182614, 8885303, 38696384, 30367116,
- 9781646, 23204373, 32779358, 5095274
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1901860206695915, 2004489122065736, 1625847061568236,
- 973529743399879, 2075287685312905
-#else
- 34100715, 28339925, 34843976, 29869215, 9460460, 24227009,
- 42507207, 14506723, 21639561, 30924196
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1371853944110545, 1042332820512553, 1949855697918254,
- 1791195775521505, 37487364849293
-#else
- 50707921, 20442216, 25239337, 15531969, 3987758, 29055114,
- 65819361, 26690896, 17874573, 558605
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 687200189577855, 1082536651125675, 644224940871546,
- 340923196057951, 343581346747396
-#else
- 53508735, 10240080, 9171883, 16131053, 46239610, 9599699,
- 33499487, 5080151, 2085892, 5119761
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2082717129583892, 27829425539422, 145655066671970,
- 1690527209845512, 1865260509673478
-#else
- 44903700, 31034903, 50727262, 414690, 42089314, 2170429,
- 30634760, 25190818, 35108870, 27794547
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1059729620568824, 2163709103470266, 1440302280256872,
- 1769143160546397, 869830310425069
-#else
- 60263160, 15791201, 8550074, 32241778, 29928808, 21462176,
- 27534429, 26362287, 44757485, 12961481
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1609516219779025, 777277757338817, 2101121130363987,
- 550762194946473, 1905542338659364
-#else
- 42616785, 23983660, 10368193, 11582341, 43711571, 31309144,
- 16533929, 8206996, 36914212, 28394793
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2024821921041576, 426948675450149, 595133284085473,
- 471860860885970, 600321679413000
-#else
- 55987368, 30172197, 2307365, 6362031, 66973409, 8868176,
- 50273234, 7031274, 7589640, 8945490
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 598474602406721, 1468128276358244, 1191923149557635,
- 1501376424093216, 1281662691293476
-#else
- 34956097, 8917966, 6661220, 21876816, 65916803, 17761038,
- 7251488, 22372252, 24099108, 19098262
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1721138489890707, 1264336102277790, 433064545421287,
- 1359988423149466, 1561871293409447
-#else
- 5019539, 25646962, 4244126, 18840076, 40175591, 6453164,
- 47990682, 20265406, 60876967, 23273695
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 719520245587143, 393380711632345, 132350400863381,
- 1543271270810729, 1819543295798660
-#else
- 10853575, 10721687, 26480089, 5861829, 44113045, 1972174,
- 65242217, 22996533, 63745412, 27113307
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 396397949784152, 1811354474471839, 1362679985304303,
- 2117033964846756, 498041172552279
-#else
- 50106456, 5906789, 221599, 26991285, 7828207, 20305514,
- 24362660, 31546264, 53242455, 7421391
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1812471844975748, 1856491995543149, 126579494584102,
- 1036244859282620, 1975108050082550
-#else
- 8139908, 27007935, 32257645, 27663886, 30375718, 1886181,
- 45933756, 15441251, 28826358, 29431403
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 650623932407995, 1137551288410575, 2125223403615539,
- 1725658013221271, 2134892965117796
-#else
- 6267067, 9695052, 7709135, 16950835, 34239795, 31668296,
- 14795159, 25714308, 13746020, 31812384
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 522584000310195, 1241762481390450, 1743702789495384,
- 2227404127826575, 1686746002148897
-#else
- 28584883, 7787108, 60375922, 18503702, 22846040, 25983196,
- 63926927, 33190907, 4771361, 25134474
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 427904865186312, 1703211129693455, 1585368107547509,
- 1436984488744336, 761188534613978
-#else
- 24949256, 6376279, 39642383, 25379823, 48462709, 23623825,
- 33543568, 21412737, 3569626, 11342593
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 318101947455002, 248138407995851, 1481904195303927,
- 309278454311197, 1258516760217879
-#else
- 26514970, 4740088, 27912651, 3697550, 19331575, 22082093,
- 6809885, 4608608, 7325975, 18753361
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1275068538599310, 513726919533379, 349926553492294,
- 688428871968420, 1702400196000666
-#else
- 55490446, 19000001, 42787651, 7655127, 65739590, 5214311,
- 39708324, 10258389, 49462170, 25367739
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1061864036265233, 961611260325381, 321859632700838,
- 1045600629959517, 1985130202504038
-#else
- 11431185, 15823007, 26570245, 14329124, 18029990, 4796082,
- 35662685, 15580663, 9280358, 29580745
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1558816436882417, 1962896332636523, 1337709822062152,
- 1501413830776938, 294436165831932
-#else
- 66948081, 23228174, 44253547, 29249434, 46247496, 19933429,
- 34297962, 22372809, 51563772, 4387440
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 818359826554971, 1862173000996177, 626821592884859,
- 573655738872376, 1749691246745455
-#else
- 46309467, 12194511, 3937617, 27748540, 39954043, 9340369,
- 42594872, 8548136, 20617071, 26072431
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1988022651432119, 1082111498586040, 1834020786104821,
- 1454826876423687, 692929915223122
-#else
- 66170039, 29623845, 58394552, 16124717, 24603125, 27329039,
- 53333511, 21678609, 24345682, 10325460
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2146513703733331, 584788900394667, 464965657279958,
- 2183973639356127, 238371159456790
-#else
- 47253587, 31985546, 44906155, 8714033, 14007766, 6928528,
- 16318175, 32543743, 4766742, 3552007
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1129007025494441, 2197883144413266, 265142755578169,
- 971864464758890, 1983715884903702
-#else
- 45357481, 16823515, 1351762, 32751011, 63099193, 3950934,
- 3217514, 14481909, 10988822, 29559670
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1291366624493075, 381456718189114, 1711482489312444,
- 1815233647702022, 892279782992467
-#else
- 15564307, 19242862, 3101242, 5684148, 30446780, 25503076,
- 12677126, 27049089, 58813011, 13296004
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 444548969917454, 1452286453853356, 2113731441506810,
- 645188273895859, 810317625309512
-#else
- 57666574, 6624295, 36809900, 21640754, 62437882, 31497052,
- 31521203, 9614054, 37108040, 12074673
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2242724082797924, 1373354730327868, 1006520110883049,
- 2147330369940688, 1151816104883620
-#else
- 4771172, 33419193, 14290748, 20464580, 27992297, 14998318,
- 65694928, 31997715, 29832612, 17163397
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1745720200383796, 1911723143175317, 2056329390702074,
- 355227174309849, 879232794371100
-#else
- 7064884, 26013258, 47946901, 28486894, 48217594, 30641695,
- 25825241, 5293297, 39986204, 13101589
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 163723479936298, 115424889803150, 1156016391581227,
- 1894942220753364, 1970549419986329
-#else
- 64810282, 2439669, 59642254, 1719964, 39841323, 17225986,
- 32512468, 28236839, 36752793, 29363474
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 681981452362484, 267208874112496, 1374683991933094,
- 638600984916117, 646178654558546
-#else
- 37102324, 10162315, 33928688, 3981722, 50626726, 20484387,
- 14413973, 9515896, 19568978, 9628812
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 13378654854251, 106237307029567, 1944412051589651,
- 1841976767925457, 230702819835573
-#else
- 33053803, 199357, 15894591, 1583059, 27380243, 28973997,
- 49269969, 27447592, 60817077, 3437739
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 260683893467075, 854060306077237, 913639551980112,
- 4704576840123, 280254810808712
-#else
- 48129987, 3884492, 19469877, 12726490, 15913552, 13614290,
- 44147131, 70103, 7463304, 4176122
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 715374893080287, 1173334812210491, 1806524662079626,
- 1894596008000979, 398905715033393
-#else
- 39984863, 10659916, 11482427, 17484051, 12771466, 26919315,
- 34389459, 28231680, 24216881, 5944158
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 500026409727661, 1596431288195371, 1420380351989370,
- 985211561521489, 392444930785633
-#else
- 8894125, 7450974, 64444715, 23788679, 39028346, 21165316,
- 19345745, 14680796, 11632993, 5847885
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2096421546958141, 1922523000950363, 789831022876840,
- 427295144688779, 320923973161730
-#else
- 26942781, 31239115, 9129563, 28647825, 26024104, 11769399,
- 55590027, 6367193, 57381634, 4782139
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1927770723575450, 1485792977512719, 1850996108474547,
- 551696031508956, 2126047405475647
-#else
- 19916442, 28726022, 44198159, 22140040, 25606323, 27581991,
- 33253852, 8220911, 6358847, 31680575
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2112099158080148, 742570803909715, 6484558077432,
- 1951119898618916, 93090382703416
-#else
- 801428, 31472730, 16569427, 11065167, 29875704, 96627, 7908388,
- 29073952, 53570360, 1387154
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 383905201636970, 859946997631870, 855623867637644,
- 1017125780577795, 794250831877809
-#else
- 19646058, 5720633, 55692158, 12814208, 11607948, 12749789,
- 14147075, 15156355, 45242033, 11835259
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 77571826285752, 999304298101753, 487841111777762,
- 1038031143212339, 339066367948762
-#else
- 19299512, 1155910, 28703737, 14890794, 2925026, 7269399,
- 26121523, 15467869, 40548314, 5052482
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 674994775520533, 266035846330789, 826951213393478,
- 1405007746162285, 1781791018620876
-#else
- 64091413, 10058205, 1980837, 3964243, 22160966, 12322533,
- 60677741, 20936246, 12228556, 26550755
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1001412661522686, 348196197067298, 1666614366723946,
- 888424995032760, 580747687801357
-#else
- 32944382, 14922211, 44263970, 5188527, 21913450, 24834489,
- 4001464, 13238564, 60994061, 8653814
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1939560076207777, 1409892634407635, 552574736069277,
- 383854338280405, 190706709864139
-#else
- 22865569, 28901697, 27603667, 21009037, 14348957, 8234005,
- 24808405, 5719875, 28483275, 2841751
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2177087163428741, 1439255351721944, 1208070840382793,
- 2230616362004769, 1396886392021913
-#else
- 50687877, 32441126, 66781144, 21446575, 21886281, 18001658,
- 65220897, 33238773, 19932057, 20815229
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 676962063230039, 1880275537148808, 2046721011602706,
- 888463247083003, 1318301552024067
-#else
- 55452759, 10087520, 58243976, 28018288, 47830290, 30498519,
- 3999227, 13239134, 62331395, 19644223
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1466980508178206, 617045217998949, 652303580573628,
- 757303753529064, 207583137376902
-#else
- 1382174, 21859713, 17266789, 9194690, 53784508, 9720080,
- 20403944, 11284705, 53095046, 3093229
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1511056752906902, 105403126891277, 493434892772846,
- 1091943425335976, 1802717338077427
-#else
- 16650902, 22516500, 66044685, 1570628, 58779118, 7352752,
- 66806440, 16271224, 43059443, 26862581
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1853982405405128, 1878664056251147, 1528011020803992,
- 1019626468153565, 1128438412189035
-#else
- 45197768, 27626490, 62497547, 27994275, 35364760, 22769138,
- 24123613, 15193618, 45456747, 16815042
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1963939888391106, 293456433791664, 697897559513649,
- 985882796904380, 796244541237972
-#else
- 57172930, 29264984, 41829040, 4372841, 2087473, 10399484,
- 31870908, 14690798, 17361620, 11864968
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 416770998629779, 389655552427054, 1314476859406756,
- 1749382513022778, 1161905598739491
-#else
- 55801235, 6210371, 13206574, 5806320, 38091172, 19587231,
- 54777658, 26067830, 41530403, 17313742
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1428358296490651, 1027115282420478, 304840698058337,
- 441410174026628, 1819358356278573
-#else
- 14668443, 21284197, 26039038, 15305210, 25515617, 4542480,
- 10453892, 6577524, 9145645, 27110552
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 204943430200135, 1554861433819175, 216426658514651,
- 264149070665950, 2047097371738319
-#else
- 5974855, 3053895, 57675815, 23169240, 35243739, 3225008,
- 59136222, 3936127, 61456591, 30504127
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1934415182909034, 1393285083565062, 516409331772960,
- 1157690734993892, 121039666594268
-#else
- 30625386, 28825032, 41552902, 20761565, 46624288, 7695098,
- 17097188, 17250936, 39109084, 1803631
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 662035583584445, 286736105093098, 1131773000510616,
- 818494214211439, 472943792054479
-#else
- 63555773, 9865098, 61880298, 4272700, 61435032, 16864731,
- 14911343, 12196514, 45703375, 7047411
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 665784778135882, 1893179629898606, 808313193813106,
- 276797254706413, 1563426179676396
-#else
- 20093258, 9920966, 55970670, 28210574, 13161586, 12044805,
- 34252013, 4124600, 34765036, 23296865
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 945205108984232, 526277562959295, 1324180513733566,
- 1666970227868664, 153547609289173
-#else
- 46320040, 14084653, 53577151, 7842146, 19119038, 19731827,
- 4752376, 24839792, 45429205, 2288037
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2031433403516252, 203996615228162, 170487168837083,
- 981513604791390, 843573964916831
-#else
- 40289628, 30270716, 29965058, 3039786, 52635099, 2540456,
- 29457502, 14625692, 42289247, 12570231
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1476570093962618, 838514669399805, 1857930577281364,
- 2017007352225784, 317085545220047
-#else
- 66045306, 22002608, 16920317, 12494842, 1278292, 27685323,
- 45948920, 30055751, 55134159, 4724942
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1461557121912842, 1600674043318359, 2157134900399597,
- 1670641601940616, 127765583803283
-#else
- 17960970, 21778898, 62967895, 23851901, 58232301, 32143814,
- 54201480, 24894499, 37532563, 1903855
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1293543509393474, 2143624609202546, 1058361566797508,
- 214097127393994, 946888515472729
-#else
- 23134274, 19275300, 56426866, 31942495, 20684484, 15770816,
- 54119114, 3190295, 26955097, 14109738
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 357067959932916, 1290876214345711, 521245575443703,
- 1494975468601005, 800942377643885
-#else
- 15308788, 5320727, 36995055, 19235554, 22902007, 7767164,
- 29425325, 22276870, 31960941, 11934971
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 566116659100033, 820247422481740, 994464017954148,
- 327157611686365, 92591318111744
-#else
- 39713153, 8435795, 4109644, 12222639, 42480996, 14818668,
- 20638173, 4875028, 10491392, 1379718
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 617256647603209, 1652107761099439, 1857213046645471,
- 1085597175214970, 817432759830522
-#else
- 53949449, 9197840, 3875503, 24618324, 65725151, 27674630,
- 33518458, 16176658, 21432314, 12180697
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 771808161440705, 1323510426395069, 680497615846440,
- 851580615547985, 1320806384849017
-#else
- 55321537, 11500837, 13787581, 19721842, 44678184, 10140204,
- 1465425, 12689540, 56807545, 19681548
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1219260086131915, 647169006596815, 79601124759706,
- 2161724213426748, 404861897060198
-#else
- 5414091, 18168391, 46101199, 9643569, 12834970, 1186149,
- 64485948, 32212200, 26128230, 6032912
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1327968293887866, 1335500852943256, 1401587164534264,
- 558137311952440, 1551360549268902
-#else
- 40771450, 19788269, 32496024, 19900513, 17847800, 20885276,
- 3604024, 8316894, 41233830, 23117073
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 417621685193956, 1429953819744454, 396157358457099,
- 1940470778873255, 214000046234152
-#else
- 3296484, 6223048, 24680646, 21307972, 44056843, 5903204,
- 58246567, 28915267, 12376616, 3188849
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1268047918491973, 2172375426948536, 1533916099229249,
- 1761293575457130, 1590622667026765
-#else
- 29190469, 18895386, 27549112, 32370916, 3520065, 22857131,
- 32049514, 26245319, 50999629, 23702124
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1627072914981959, 2211603081280073, 1912369601616504,
- 1191770436221309, 2187309757525860
-#else
- 52364359, 24245275, 735817, 32955454, 46701176, 28496527,
- 25246077, 17758763, 18640740, 32593455
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1149147819689533, 378692712667677, 828475842424202,
- 2218619146419342, 70688125792186
-#else
- 60180029, 17123636, 10361373, 5642961, 4910474, 12345252,
- 35470478, 33060001, 10530746, 1053335
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1299739417079761, 1438616663452759, 1536729078504412,
- 2053896748919838, 1008421032591246
-#else
- 37842897, 19367626, 53570647, 21437058, 47651804, 22899047,
- 35646494, 30605446, 24018830, 15026644
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2040723824657366, 399555637875075, 632543375452995,
- 872649937008051, 1235394727030233
-#else
- 44516310, 30409154, 64819587, 5953842, 53668675, 9425630,
- 25310643, 13003497, 64794073, 18408815
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2211311599327900, 2139787259888175, 938706616835350,
- 12609661139114, 2081897930719789
-#else
- 39688860, 32951110, 59064879, 31885314, 41016598, 13987818,
- 39811242, 187898, 43942445, 31022696
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1324994503390450, 336982330582631, 1183998925654177,
- 1091654665913274, 48727673971319
-#else
- 45364466, 19743956, 1844839, 5021428, 56674465, 17642958,
- 9716666, 16266922, 62038647, 726098
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1845522914617879, 1222198248335542, 150841072760134,
- 1927029069940982, 1189913404498011
-#else
- 29370903, 27500434, 7334070, 18212173, 9385286, 2247707,
- 53446902, 28714970, 30007387, 17731091
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1079559557592645, 2215338383666441, 1903569501302605,
- 49033973033940, 305703433934152
-#else
- 66172485, 16086690, 23751945, 33011114, 65941325, 28365395,
- 9137108, 730663, 9835848, 4555336
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 94653405416909, 1386121349852999, 1062130477891762,
- 36553947479274, 833669648948846
-#else
- 43732429, 1410445, 44855111, 20654817, 30867634, 15826977,
- 17693930, 544696, 55123566, 12422645
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1432015813136298, 440364795295369, 1395647062821501,
- 1976874522764578, 934452372723352
-#else
- 31117226, 21338698, 53606025, 6561946, 57231997, 20796761,
- 61990178, 29457725, 29120152, 13924425
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1296625309219774, 2068273464883862, 1858621048097805,
- 1492281814208508, 2235868981918946
-#else
- 49707966, 19321222, 19675798, 30819676, 56101901, 27695611,
- 57724924, 22236731, 7240930, 33317044
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1490330266465570, 1858795661361448, 1436241134969763,
- 294573218899647, 1208140011028933
-#else
- 35747106, 22207651, 52101416, 27698213, 44655523, 21401660,
- 1222335, 4389483, 3293637, 18002689
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1282462923712748, 741885683986255, 2027754642827561,
- 518989529541027, 1826610009555945
-#else
- 50424044, 19110186, 11038543, 11054958, 53307689, 30215898,
- 42789283, 7733546, 12796905, 27218610
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1525827120027511, 723686461809551, 1597702369236987,
- 244802101764964, 1502833890372311
-#else
- 58349431, 22736595, 41689999, 10783768, 36493307, 23807620,
- 38855524, 3647835, 3222231, 22393970
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 113622036244513, 1233740067745854, 674109952278496,
- 2114345180342965, 166764512856263
-#else
- 18606113, 1693100, 41660478, 18384159, 4112352, 10045021,
- 23603893, 31506198, 59558087, 2484984
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2041668749310338, 2184405322203901, 1633400637611036,
- 2110682505536899, 2048144390084644
-#else
- 9255298, 30423235, 54952701, 32550175, 13098012, 24339566,
- 16377219, 31451620, 47306788, 30519729
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 503058759232932, 760293024620937, 2027152777219493,
- 666858468148475, 1539184379870952
-#else
- 44379556, 7496159, 61366665, 11329248, 19991973, 30206930,
- 35390715, 9936965, 37011176, 22935634
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1916168475367211, 915626432541343, 883217071712575,
- 363427871374304, 1976029821251593
-#else
- 21878571, 28553135, 4338335, 13643897, 64071999, 13160959,
- 19708896, 5415497, 59748361, 29445138
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 678039535434506, 570587290189340, 1605302676614120,
- 2147762562875701, 1706063797091704
-#else
- 27736842, 10103576, 12500508, 8502413, 63695848, 23920873,
- 10436917, 32004156, 43449720, 25422331
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1439489648586438, 2194580753290951, 832380563557396,
- 561521973970522, 584497280718389
-#else
- 19492550, 21450067, 37426887, 32701801, 63900692, 12403436,
- 30066266, 8367329, 13243957, 8709688
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 187989455492609, 681223515948275, 1933493571072456,
- 1872921007304880, 488162364135671
-#else
- 12015105, 2801261, 28198131, 10151021, 24818120, 28811299,
- 55914672, 27908697, 5150967, 7274186
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1413466089534451, 410844090765630, 1397263346404072,
- 408227143123410, 1594561803147811
-#else
- 2831347, 21062286, 1478974, 6122054, 23825128, 20820846,
- 31097298, 6083058, 31021603, 23760822
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2102170800973153, 719462588665004, 1479649438510153,
- 1097529543970028, 1302363283777685
-#else
- 64578913, 31324785, 445612, 10720828, 53259337, 22048494,
- 43601132, 16354464, 15067285, 19406725
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 942065717847195, 1069313679352961, 2007341951411051,
- 70973416446291, 1419433790163706
-#else
- 7840923, 14037873, 33744001, 15934015, 66380651, 29911725,
- 21403987, 1057586, 47729402, 21151211
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1146565545556377, 1661971299445212, 406681704748893,
- 564452436406089, 1109109865829139
-#else
- 915865, 17085158, 15608284, 24765302, 42751837, 6060029,
- 49737545, 8410996, 59888403, 16527024
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2214421081775077, 1165671861210569, 1890453018796184,
- 3556249878661, 442116172656317
-#else
- 32922597, 32997445, 20336073, 17369864, 10903704, 28169945,
- 16957573, 52992, 23834301, 6588044
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 753830546620811, 1666955059895019, 1530775289309243,
- 1119987029104146, 2164156153857580
-#else
- 32752011, 11232950, 3381995, 24839566, 22652987, 22810329,
- 17159698, 16689107, 46794284, 32248439
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 615171919212796, 1523849404854568, 854560460547503,
- 2067097370290715, 1765325848586042
-#else
- 62419196, 9166775, 41398568, 22707125, 11576751, 12733943,
- 7924251, 30802151, 1976122, 26305405
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1094538949313667, 1796592198908825, 870221004284388,
- 2025558921863561, 1699010892802384
-#else
- 21251203, 16309901, 64125849, 26771309, 30810596, 12967303,
- 156041, 30183180, 12331344, 25317235
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1951351290725195, 1916457206844795, 198025184438026,
- 1909076887557595, 1938542290318919
-#else
- 8651595, 29077400, 51023227, 28557437, 13002506, 2950805,
- 29054427, 28447462, 10008135, 28886531
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1014323197538413, 869150639940606, 1756009942696599,
- 1334952557375672, 1544945379082874
-#else
- 31486061, 15114593, 52847614, 12951353, 14369431, 26166587,
- 16347320, 19892343, 8684154, 23021480
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 764055910920305, 1603590757375439, 146805246592357,
- 1843313433854297, 954279890114939
-#else
- 19443825, 11385320, 24468943, 23895364, 43189605, 2187568,
- 40845657, 27467510, 31316347, 14219878
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 80113526615750, 764536758732259, 1055139345100233,
- 469252651759390, 617897512431515
-#else
- 38514374, 1193784, 32245219, 11392485, 31092169, 15722801,
- 27146014, 6992409, 29126555, 9207390
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 74497112547268, 740094153192149, 1745254631717581,
- 727713886503130, 1283034364416928
-#else
- 32382916, 1110093, 18477781, 11028262, 39697101, 26006320,
- 62128346, 10843781, 59151264, 19118701
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 525892105991110, 1723776830270342, 1476444848991936,
- 573789489857760, 133864092632978
-#else
- 2814918, 7836403, 27519878, 25686276, 46214848, 22000742,
- 45614304, 8550129, 28346258, 1994730
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 542611720192581, 1986812262899321, 1162535242465837,
- 481498966143464, 544600533583622
-#else
- 47530565, 8085544, 53108345, 29605809, 2785837, 17323125,
- 47591912, 7174893, 22628102, 8115180
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 64123227344372, 1239927720647794, 1360722983445904,
- 222610813654661, 62429487187991
-#else
- 36703732, 955510, 55975026, 18476362, 34661776, 20276352,
- 41457285, 3317159, 57165847, 930271
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1793193323953132, 91096687857833, 70945970938921,
- 2158587638946380, 1537042406482111
-#else
- 51805164, 26720662, 28856489, 1357446, 23421993, 1057177,
- 24091212, 32165462, 44343487, 22903716
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1895854577604609, 1394895708949416, 1728548428495944,
- 1140864900240149, 563645333603061
-#else
- 44357633, 28250434, 54201256, 20785565, 51297352, 25757378,
- 52269845, 17000211, 65241845, 8398969
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 141358280486863, 91435889572504, 1087208572552643,
- 1829599652522921, 1193307020643647
-#else
- 35139535, 2106402, 62372504, 1362500, 12813763, 16200670,
- 22981545, 27263159, 18009407, 17781660
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1611230858525381, 950720175540785, 499589887488610,
- 2001656988495019, 88977313255908
-#else
- 49887941, 24009210, 39324209, 14166834, 29815394, 7444469,
- 29551787, 29827013, 19288548, 1325865
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1189080501479658, 2184348804772597, 1040818725742319,
- 2018318290311834, 1712060030915354
-#else
- 15100138, 17718680, 43184885, 32549333, 40658671, 15509407,
- 12376730, 30075286, 33166106, 25511682
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 873966876953756, 1090638350350440, 1708559325189137,
- 672344594801910, 1320437969700239
-#else
- 20909212, 13023121, 57899112, 16251777, 61330449, 25459517,
- 12412150, 10018715, 2213263, 19676059
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1508590048271766, 1131769479776094, 101550868699323,
- 428297785557897, 561791648661744
-#else
- 32529814, 22479743, 30361438, 16864679, 57972923, 1513225,
- 22922121, 6382134, 61341936, 8371347
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 756417570499462, 237882279232602, 2136263418594016,
- 1701968045454886, 703713185137472
-#else
- 9923462, 11271500, 12616794, 3544722, 37110496, 31832805,
- 12891686, 25361300, 40665920, 10486143
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1781187809325462, 1697624151492346, 1381393690939988,
- 175194132284669, 1483054666415238
-#else
- 44511638, 26541766, 8587002, 25296571, 4084308, 20584370,
- 361725, 2610596, 43187334, 22099236
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2175517777364616, 708781536456029, 955668231122942,
- 1967557500069555, 2021208005604118
-#else
- 5408392, 32417741, 62139741, 10561667, 24145918, 14240566,
- 31319731, 29318891, 19985174, 30118346
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1115135966606887, 224217372950782, 915967306279222,
- 593866251291540, 561747094208006
-#else
- 53114407, 16616820, 14549246, 3341099, 32155958, 13648976,
- 49531796, 8849296, 65030, 8370684
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1443163092879439, 391875531646162, 2180847134654632,
- 464538543018753, 1594098196837178
-#else
- 58787919, 21504805, 31204562, 5839400, 46481576, 32497154,
- 47665921, 6922163, 12743482, 23753914
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 850858855888869, 319436476624586, 327807784938441,
- 740785849558761, 17128415486016
-#else
- 64747493, 12678784, 28815050, 4759974, 43215817, 4884716,
- 23783145, 11038569, 18800704, 255233
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2132756334090067, 536247820155645, 48907151276867,
- 608473197600695, 1261689545022784
-#else
- 61839187, 31780545, 13957885, 7990715, 23132995, 728773,
- 13393847, 9066957, 19258688, 18800639
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1525176236978354, 974205476721062, 293436255662638,
- 148269621098039, 137961998433963
-#else
- 64172210, 22726896, 56676774, 14516792, 63468078, 4372540,
- 35173943, 2209389, 65584811, 2055793
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1121075518299410, 2071745529082111, 1265567917414828,
- 1648196578317805, 496232102750820
-#else
- 580882, 16705327, 5468415, 30871414, 36182444, 18858431,
- 59905517, 24560042, 37087844, 7394434
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 122321229299801, 1022922077493685, 2001275453369484,
- 2017441881607947, 993205880778002
-#else
- 23838809, 1822728, 51370421, 15242726, 8318092, 29821328,
- 45436683, 30062226, 62287122, 14799920
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 654925550560074, 1168810995576858, 575655959430926,
- 905758704861388, 496774564663534
-#else
- 13345610, 9759151, 3371034, 17416641, 16353038, 8577942,
- 31129804, 13496856, 58052846, 7402517
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1954109525779738, 2117022646152485, 338102630417180,
- 1194140505732026, 107881734943492
-#else
- 2286874, 29118501, 47066405, 31546095, 53412636, 5038121,
- 11006906, 17794080, 8205060, 1607563
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1714785840001267, 2036500018681589, 1876380234251966,
- 2056717182974196, 1645855254384642
-#else
- 14414067, 25552300, 3331829, 30346215, 22249150, 27960244,
- 18364660, 30647474, 30019586, 24525154
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 106431476499341, 62482972120563, 1513446655109411,
- 807258751769522, 538491469114
-#else
- 39420813, 1585952, 56333811, 931068, 37988643, 22552112,
- 52698034, 12029092, 9944378, 8024
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2002850762893643, 1243624520538135, 1486040410574605,
- 2184752338181213, 378495998083531
-#else
- 4368715, 29844802, 29874199, 18531449, 46878477, 22143727,
- 50994269, 32555346, 58966475, 5640029
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 922510868424903, 1089502620807680, 402544072617374,
- 1131446598479839, 1290278588136533
-#else
- 10299591, 13746483, 11661824, 16234854, 7630238, 5998374,
- 9809887, 16859868, 15219797, 19226649
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1867998812076769, 715425053580701, 39968586461416,
- 2173068014586163, 653822651801304
-#else
- 27425505, 27835351, 3055005, 10660664, 23458024, 595578,
- 51710259, 32381236, 48766680, 9742716
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 162892278589453, 182585796682149, 75093073137630,
- 497037941226502, 133871727117371
-#else
- 6744077, 2427284, 26042789, 2720740, 66260958, 1118973,
- 32324614, 7406442, 12420155, 1994844
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1914596576579670, 1608999621851578, 1987629837704609,
- 1519655314857977, 1819193753409464
-#else
- 14012502, 28529712, 48724410, 23975962, 40623521, 29617992,
- 54075385, 22644628, 24319928, 27108099
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1949315551096831, 1069003344994464, 1939165033499916,
- 1548227205730856, 1933767655861407
-#else
- 16412671, 29047065, 10772640, 15929391, 50040076, 28895810,
- 10555944, 23070383, 37006495, 28815383
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1730519386931635, 1393284965610134, 1597143735726030,
- 416032382447158, 1429665248828629
-#else
- 22397363, 25786748, 57815702, 20761563, 17166286, 23799296,
- 39775798, 6199365, 21880021, 21303672
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 360275475604565, 547835731063078, 215360904187529,
- 596646739879007, 332709650425085
-#else
- 62825557, 5368522, 35991846, 8163388, 36785801, 3209127,
- 16557151, 8890729, 8840445, 4957760
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 47602113726801, 1522314509708010, 437706261372925,
- 814035330438027, 335930650933545
-#else
- 51661137, 709326, 60189418, 22684253, 37330941, 6522331,
- 45388683, 12130071, 52312361, 5005756
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1291597595523886, 1058020588994081, 402837842324045,
- 1363323695882781, 2105763393033193
-#else
- 64994094, 19246303, 23019041, 15765735, 41839181, 6002751,
- 10183197, 20315106, 50713577, 31378319
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 109521982566564, 1715257748585139, 1112231216891516,
- 2046641005101484, 134249157157013
-#else
- 48083108, 1632004, 13466291, 25559332, 43468412, 16573536,
- 35094956, 30497327, 22208661, 2000468
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2156991030936798, 2227544497153325, 1869050094431622,
- 754875860479115, 1754242344267058
-#else
- 3065054, 32141671, 41510189, 33192999, 49425798, 27851016,
- 58944651, 11248526, 63417650, 26140247
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1846089562873800, 98894784984326, 1412430299204844,
- 171351226625762, 1100604760929008
-#else
- 10379208, 27508878, 8877318, 1473647, 37817580, 21046851,
- 16690914, 2553332, 63976176, 16400288
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 84172382130492, 499710970700046, 425749630620778,
- 1762872794206857, 612842602127960
-#else
- 15716668, 1254266, 48636174, 7446273, 58659946, 6344163,
- 45011593, 26268851, 26894936, 9132066
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 868309334532756, 1703010512741873, 1952690008738057,
- 4325269926064, 2071083554962116
-#else
- 24158868, 12938817, 11085297, 25376834, 39045385, 29097348,
- 36532400, 64451, 60291780, 30861549
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 523094549451158, 401938899487815, 1407690589076010,
- 2022387426254453, 158660516411257
-#else
- 13488534, 7794716, 22236231, 5989356, 25426474, 20976224,
- 2350709, 30135921, 62420857, 2364225
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 612867287630009, 448212612103814, 571629077419196,
- 1466796750919376, 1728478129663858
-#else
- 16335033, 9132434, 25640582, 6678888, 1725628, 8517937,
- 55301840, 21856974, 15445874, 25756331
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1723848973783452, 2208822520534681, 1718748322776940,
- 1974268454121942, 1194212502258141
-#else
- 29004188, 25687351, 28661401, 32914020, 54314860, 25611345,
- 31863254, 29418892, 66830813, 17795152
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1254114807944608, 977770684047110, 2010756238954993,
- 1783628927194099, 1525962994408256
-#else
- 60986784, 18687766, 38493958, 14569918, 56250865, 29962602,
- 10343411, 26578142, 37280576, 22738620
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 232464058235826, 1948628555342434, 1835348780427694,
- 1031609499437291, 64472106918373
-#else
- 27081650, 3463984, 14099042, 29036828, 1616302, 27348828,
- 29542635, 15372179, 17293797, 960709
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 767338676040683, 754089548318405, 1523192045639075,
- 435746025122062, 512692508440385
-#else
- 20263915, 11434237, 61343429, 11236809, 13505955, 22697330,
- 50997518, 6493121, 47724353, 7639713
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1255955808701983, 1700487367990941, 1166401238800299,
- 1175121994891534, 1190934801395380
-#else
- 64278047, 18715199, 25403037, 25339236, 58791851, 17380732,
- 18006286, 17510682, 29994676, 17746311
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 349144008168292, 1337012557669162, 1475912332999108,
- 1321618454900458, 47611291904320
-#else
- 9769828, 5202651, 42951466, 19923039, 39057860, 21992807,
- 42495722, 19693649, 35924288, 709463
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 877519947135419, 2172838026132651, 272304391224129,
- 1655143327559984, 886229406429814
-#else
- 12286395, 13076066, 45333675, 32377809, 42105665, 4057651,
- 35090736, 24663557, 16102006, 13205847
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 375806028254706, 214463229793940, 572906353144089,
- 572168269875638, 697556386112979
-#else
- 13733362, 5599946, 10557076, 3195751, 61550873, 8536969,
- 41568694, 8525971, 10151379, 10394400
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1168827102357844, 823864273033637, 2071538752104697,
- 788062026895924, 599578340743362
-#else
- 4024660, 17416881, 22436261, 12276534, 58009849, 30868332,
- 19698228, 11743039, 33806530, 8934413
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1948116082078088, 2054898304487796, 2204939184983900,
- 210526805152138, 786593586607626
-#else
- 51229064, 29029191, 58528116, 30620370, 14634844, 32856154,
- 57659786, 3137093, 55571978, 11721157
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1915320147894736, 156481169009469, 655050471180417,
- 592917090415421, 2165897438660879
-#else
- 17555920, 28540494, 8268605, 2331751, 44370049, 9761012,
- 9319229, 8835153, 57903375, 32274386
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1726336468579724, 1119932070398949, 1929199510967666,
- 33918788322959, 1836837863503150
-#else
- 66647436, 25724417, 20614117, 16688288, 59594098, 28747312,
- 22300303, 505429, 6108462, 27371017
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 829996854845988, 217061778005138, 1686565909803640,
- 1346948817219846, 1723823550730181
-#else
- 62038564, 12367916, 36445330, 3234472, 32617080, 25131790,
- 29880582, 20071101, 40210373, 25686972
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 384301494966394, 687038900403062, 2211195391021739,
- 254684538421383, 1245698430589680
-#else
- 35133562, 5726538, 26934134, 10237677, 63935147, 32949378,
- 24199303, 3795095, 7592688, 18562353
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1247567493562688, 1978182094455847, 183871474792955,
- 806570235643435, 288461518067916
-#else
- 21594432, 18590204, 17466407, 29477210, 32537083, 2739898,
- 6407723, 12018833, 38852812, 4298411
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1449077384734201, 38285445457996, 2136537659177832,
- 2146493000841573, 725161151123125
-#else
- 46458361, 21592935, 39872588, 570497, 3767144, 31836892,
- 13891941, 31985238, 13717173, 10805743
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1201928866368855, 800415690605445, 1703146756828343,
- 997278587541744, 1858284414104014
-#else
- 52432215, 17910135, 15287173, 11927123, 24177847, 25378864,
- 66312432, 14860608, 40169934, 27690595
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 356468809648877, 782373916933152, 1718002439402870,
- 1392222252219254, 663171266061951
-#else
- 12962541, 5311799, 57048096, 11658279, 18855286, 25600231,
- 13286262, 20745728, 62727807, 9882021
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 759628738230460, 1012693474275852, 353780233086498,
- 246080061387552, 2030378857679162
-#else
- 18512060, 11319350, 46985740, 15090308, 18818594, 5271736,
- 44380960, 3666878, 43141434, 30255002
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2040672435071076, 888593182036908, 1298443657189359,
- 1804780278521327, 354070726137060
-#else
- 60319844, 30408388, 16192428, 13241070, 15898607, 19348318,
- 57023983, 26893321, 64705764, 5276064
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1894938527423184, 1463213041477277, 474410505497651,
- 247294963033299, 877975941029128
-#else
- 30169808, 28236784, 26306205, 21803573, 27814963, 7069267,
- 7152851, 3684982, 1449224, 13082861
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 207937160991127, 12966911039119, 820997788283092,
- 1010440472205286, 1701372890140810
-#else
- 10342807, 3098505, 2119311, 193222, 25702612, 12233820,
- 23697382, 15056736, 46092426, 25352431
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 218882774543183, 533427444716285, 1233243976733245,
- 435054256891319, 1509568989549904
-#else
- 33958735, 3261607, 22745853, 7948688, 19370557, 18376767,
- 40936887, 6482813, 56808784, 22494330
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1888838535711826, 1052177758340622, 1213553803324135,
- 169182009127332, 463374268115872
-#else
- 32869458, 28145887, 25609742, 15678670, 56421095, 18083360,
- 26112420, 2521008, 44444576, 6904814
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 299137589460312, 1594371588983567, 868058494039073,
- 257771590636681, 1805012993142921
-#else
- 29506904, 4457497, 3377935, 23757988, 36598817, 12935079,
- 1561737, 3841096, 38105225, 26896789
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1806842755664364, 2098896946025095, 1356630998422878,
- 1458279806348064, 347755825962072
-#else
- 10340844, 26924055, 48452231, 31276001, 12621150, 20215377,
- 30878496, 21730062, 41524312, 5181965
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1402334161391744, 1560083671046299, 1008585416617747,
- 1147797150908892, 1420416683642459
-#else
- 25940096, 20896407, 17324187, 23247058, 58437395, 15029093,
- 24396252, 17103510, 64786011, 21165857
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 665506704253369, 273770475169863, 799236974202630,
- 848328990077558, 1811448782807931
-#else
- 45343161, 9916822, 65808455, 4079497, 66080518, 11909558,
- 1782390, 12641087, 20603771, 26992690
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1468412523962641, 771866649897997, 1931766110147832,
- 799561180078482, 524837559150077
-#else
- 48226577, 21881051, 24849421, 11501709, 13161720, 28785558,
- 1925522, 11914390, 4662781, 7820689
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2223212657821850, 630416247363666, 2144451165500328,
- 816911130947791, 1024351058410032
-#else
- 12241050, 33128450, 8132690, 9393934, 32846760, 31954812,
- 29749455, 12172924, 16136752, 15264020
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1266603897524861, 156378408858100, 1275649024228779,
- 447738405888420, 253186462063095
-#else
- 56758909, 18873868, 58896884, 2330219, 49446315, 19008651,
- 10658212, 6671822, 19012087, 3772772
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2022215964509735, 136144366993649, 1800716593296582,
- 1193970603800203, 871675847064218
-#else
- 3753511, 30133366, 10617073, 2028709, 14841030, 26832768,
- 28718731, 17791548, 20527770, 12988982
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1862751661970328, 851596246739884, 1519315554814041,
- 1542798466547449, 1417975335901520
-#else
- 52286360, 27757162, 63400876, 12689772, 66209881, 22639565,
- 42925817, 22989488, 3299664, 21129479
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1228168094547481, 334133883362894, 587567568420081,
- 433612590281181, 603390400373205
-#else
- 50331161, 18301130, 57466446, 4978982, 3308785, 8755439,
- 6943197, 6461331, 41525717, 8991217
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 121893973206505, 1843345804916664, 1703118377384911,
- 497810164760654, 101150811654673
-#else
- 49882601, 1816361, 65435576, 27467992, 31783887, 25378441,
- 34160718, 7417949, 36866577, 1507264
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 458346255946468, 290909935619344, 1452768413850679,
- 550922875254215, 1537286854336538
-#else
- 29692644, 6829891, 56610064, 4334895, 20945975, 21647936,
- 38221255, 8209390, 14606362, 22907359
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 584322311184395, 380661238802118, 114839394528060,
- 655082270500073, 2111856026034852
-#else
- 63627275, 8707080, 32188102, 5672294, 22096700, 1711240,
- 34088169, 9761486, 4170404, 31469107
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 996965581008991, 2148998626477022, 1012273164934654,
- 1073876063914522, 1688031788934939
-#else
- 55521375, 14855944, 62981086, 32022574, 40459774, 15084045,
- 22186522, 16002000, 52832027, 25153633
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 923487018849600, 2085106799623355, 528082801620136,
- 1606206360876188, 735907091712524
-#else
- 62297408, 13761028, 35404987, 31070512, 63796392, 7869046,
- 59995292, 23934339, 13240844, 10965870
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1697697887804317, 1335343703828273, 831288615207040,
- 949416685250051, 288760277392022
-#else
- 59366301, 25297669, 52340529, 19898171, 43876480, 12387165,
- 4498947, 14147411, 29514390, 4302863
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1419122478109648, 1325574567803701, 602393874111094,
- 2107893372601700, 1314159682671307
-#else
- 53695440, 21146572, 20757301, 19752600, 14785142, 8976368,
- 62047588, 31410058, 17846987, 19582505
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2201150872731804, 2180241023425241, 97663456423163,
- 1633405770247824, 848945042443986
-#else
- 64864412, 32799703, 62511833, 32488122, 60861691, 1455298,
- 45461136, 24339642, 61886162, 12650266
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1173339555550611, 818605084277583, 47521504364289,
- 924108720564965, 735423405754506
-#else
- 57202067, 17484121, 21134159, 12198166, 40044289, 708125,
- 387813, 13770293, 47974538, 10958662
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 830104860549448, 1886653193241086, 1600929509383773,
- 1475051275443631, 286679780900937
-#else
- 22470984, 12369526, 23446014, 28113323, 45588061, 23855708,
- 55336367, 21979976, 42025033, 4271861
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1577111294832995, 1030899169768747, 144900916293530,
- 1964672592979567, 568390100955250
-#else
- 41939299, 23500789, 47199531, 15361594, 61124506, 2159191,
- 75375, 29275903, 34582642, 8469672
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 278388655910247, 487143369099838, 927762205508727,
- 181017540174210, 1616886700741287
-#else
- 15854951, 4148314, 58214974, 7259001, 11666551, 13824734,
- 36577666, 2697371, 24154791, 24093489
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1191033906638969, 940823957346562, 1606870843663445,
- 861684761499847, 658674867251089
-#else
- 15446137, 17747788, 29759746, 14019369, 30811221, 23944241,
- 35526855, 12840103, 24913809, 9815020
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1875032594195546, 1427106132796197, 724736390962158,
- 901860512044740, 635268497268760
-#else
- 62399578, 27940162, 35267365, 21265538, 52665326, 10799413,
- 58005188, 13438768, 18735128, 9466238
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 622869792298357, 1903919278950367, 1922588621661629,
- 1520574711600434, 1087100760174640
-#else
- 11933045, 9281483, 5081055, 28370608, 64480701, 28648802,
- 59381042, 22658328, 44380208, 16199063
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 25465949416618, 1693639527318811, 1526153382657203,
- 125943137857169, 145276964043999
-#else
- 14576810, 379472, 40322331, 25237195, 37682355, 22741457,
- 67006097, 1876698, 30801119, 2164795
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 214739857969358, 920212862967915, 1939901550972269,
- 1211862791775221, 85097515720120
-#else
- 15995086, 3199873, 13672555, 13712240, 47730029, 28906785,
- 54027253, 18058162, 53616056, 1268051
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2006245852772938, 734762734836159, 254642929763427,
- 1406213292755966, 239303749517686
-#else
- 56818250, 29895392, 63822271, 10948817, 23037027, 3794475,
- 63638526, 20954210, 50053494, 3565903
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1619678837192149, 1919424032779215, 1357391272956794,
- 1525634040073113, 1310226789796241
-#else
- 29210069, 24135095, 61189071, 28601646, 10834810, 20226706,
- 50596761, 22733718, 39946641, 19523900
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1040763709762123, 1704449869235352, 605263070456329,
- 1998838089036355, 1312142911487502
-#else
- 53946955, 15508587, 16663704, 25398282, 38758921, 9019122,
- 37925443, 29785008, 2244110, 19552453
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1996723311435669, 1844342766567060, 985455700466044,
- 1165924681400960, 311508689870129
-#else
- 61955989, 29753495, 57802388, 27482848, 16243068, 14684434,
- 41435776, 17373631, 13491505, 4641841
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 43173156290518, 2202883069785309, 1137787467085917,
- 1733636061944606, 1394992037553852
-#else
- 10813398, 643330, 47920349, 32825515, 30292061, 16954354,
- 27548446, 25833190, 14476988, 20787001
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 670078326344559, 555655025059356, 471959386282438,
- 2141455487356409, 849015953823125
-#else
- 10292079, 9984945, 6481436, 8279905, 59857350, 7032742,
- 27282937, 31910173, 39196053, 12651323
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2197214573372804, 794254097241315, 1030190060513737,
- 267632515541902, 2040478049202624
-#else
- 35923332, 32741048, 22271203, 11835308, 10201545, 15351028,
- 17099662, 3988035, 21721536, 30405492
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1812516004670529, 1609256702920783, 1706897079364493,
- 258549904773295, 996051247540686
-#else
- 10202177, 27008593, 35735631, 23979793, 34958221, 25434748,
- 54202543, 3852693, 13216206, 14842320
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1540374301420584, 1764656898914615, 1810104162020396,
- 923808779163088, 664390074196579
-#else
- 51293224, 22953365, 60569911, 26295436, 60124204, 26972653,
- 35608016, 13765823, 39674467, 9900183
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1323460699404750, 1262690757880991, 871777133477900,
- 1060078894988977, 1712236889662886
-#else
- 14465486, 19721101, 34974879, 18815558, 39665676, 12990491,
- 33046193, 15796406, 60056998, 25514317
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1696163952057966, 1391710137550823, 608793846867416,
- 1034391509472039, 1780770894075012
-#else
- 30924398, 25274812, 6359015, 20738097, 16508376, 9071735,
- 41620263, 15413634, 9524356, 26535554
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1367603834210841, 2131988646583224, 890353773628144,
- 1908908219165595, 270836895252891
-#else
- 12274201, 20378885, 32627640, 31769106, 6736624, 13267305,
- 5237659, 28444949, 15663515, 4035784
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 597536315471731, 40375058742586, 1942256403956049,
- 1185484645495932, 312666282024145
-#else
- 64157555, 8903984, 17349946, 601635, 50676049, 28941875,
- 53376124, 17665097, 44850385, 4659090
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1919411405316294, 1234508526402192, 1066863051997083,
- 1008444703737597, 1348810787701552
-#else
- 50192582, 28601458, 36715152, 18395610, 20774811, 15897498,
- 5736189, 15026997, 64930608, 20098846
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2102881477513865, 1570274565945361, 1573617900503708,
- 18662635732583, 2232324307922098
-#else
- 58249865, 31335375, 28571665, 23398914, 66634396, 23448733,
- 63307367, 278094, 23440562, 33264224
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1853931367696942, 8107973870707, 350214504129299,
- 775206934582587, 1752317649166792
-#else
- 10226222, 27625730, 15139955, 120818, 52241171, 5218602,
- 32937275, 11551483, 50536904, 26111567
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1417148368003523, 721357181628282, 505725498207811,
- 373232277872983, 261634707184480
-#else
- 17932739, 21117156, 43069306, 10749059, 11316803, 7535897,
- 22503767, 5561594, 63462240, 3898660
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2186733281493267, 2250694917008620, 1014829812957440,
- 479998161452389, 83566193876474
-#else
- 7749907, 32584865, 50769132, 33537967, 42090752, 15122142,
- 65535333, 7152529, 21831162, 1245233
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1268116367301224, 560157088142809, 802626839600444,
- 2210189936605713, 1129993785579988
-#else
- 26958440, 18896406, 4314585, 8346991, 61431100, 11960071,
- 34519569, 32934396, 36706772, 16838219
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 615183387352312, 917611676109240, 878893615973325,
- 978940963313282, 938686890583575
-#else
- 54942968, 9166946, 33491384, 13673479, 29787085, 13096535,
- 6280834, 14587357, 44770839, 13987524
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 522024729211672, 1045059315315808, 1892245413707790,
- 1907891107684253, 2059998109500714
-#else
- 42758936, 7778774, 21116000, 15572597, 62275598, 28196653,
- 62807965, 28429792, 59639082, 30696363
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1799679152208884, 912132775900387, 25967768040979,
- 432130448590461, 274568990261996
-#else
- 9681908, 26817309, 35157219, 13591837, 60225043, 386949,
- 31622781, 6439245, 52527852, 4091396
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 98698809797682, 2144627600856209, 1907959298569602,
- 811491302610148, 1262481774981493
-#else
- 58682418, 1470726, 38999185, 31957441, 3978626, 28430809,
- 47486180, 12092162, 29077877, 18812444
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1791451399743152, 1713538728337276, 118349997257490,
- 1882306388849954, 158235232210248
-#else
- 5269168, 26694706, 53878652, 25533716, 25932562, 1763552,
- 61502754, 28048550, 47091016, 2357888
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1217809823321928, 2173947284933160, 1986927836272325,
- 1388114931125539, 12686131160169
-#else
- 32264008, 18146780, 61721128, 32394338, 65017541, 29607531,
- 23104803, 20684524, 5727337, 189038
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1650875518872272, 1136263858253897, 1732115601395988,
- 734312880662190, 1252904681142109
-#else
- 14609104, 24599962, 61108297, 16931650, 52531476, 25810533,
- 40363694, 10942114, 41219933, 18669734
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 372986456113865, 525430915458171, 2116279931702135,
- 501422713587815, 1907002872974925
-#else
- 20513481, 5557931, 51504251, 7829530, 26413943, 31535028,
- 45729895, 7471780, 13913677, 28416557
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 803147181835288, 868941437997146, 316299302989663,
- 943495589630550, 571224287904572
-#else
- 41534488, 11967825, 29233242, 12948236, 60354399, 4713226,
- 58167894, 14059179, 12878652, 8511905
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 227742695588364, 1776969298667369, 628602552821802,
- 457210915378118, 2041906378111140
-#else
- 41452044, 3393630, 64153449, 26478905, 64858154, 9366907,
- 36885446, 6812973, 5568676, 30426776
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 815000523470260, 913085688728307, 1052060118271173,
- 1345536665214223, 541623413135555
-#else
- 11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
- 49700111, 20050058, 52713667, 8070817
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1580216071604333, 1877997504342444, 857147161260913,
- 703522726778478, 2182763974211603
-#else
- 27117677, 23547054, 35826092, 27984343, 1127281, 12772488,
- 37262958, 10483305, 55556115, 32525717
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1870080310923419, 71988220958492, 1783225432016732,
- 615915287105016, 1035570475990230
-#else
- 10637467, 27866368, 5674780, 1072708, 40765276, 26572129,
- 65424888, 9177852, 39615702, 15431202
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 730987750830150, 857613889540280, 1083813157271766,
- 1002817255970169, 1719228484436074
-#else
- 20525126, 10892566, 54366392, 12779442, 37615830, 16150074,
- 38868345, 14943141, 52052074, 25618500
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 377616581647602, 1581980403078513, 804044118130621,
- 2034382823044191, 643844048472185
-#else
- 37084402, 5626925, 66557297, 23573344, 753597, 11981191,
- 25244767, 30314666, 63752313, 9594023
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 176957326463017, 1573744060478586, 528642225008045,
- 1816109618372371, 1515140189765006
-#else
- 43356201, 2636869, 61944954, 23450613, 585133, 7877383,
- 11345683, 27062142, 13352334, 22577348
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1888911448245718, 1387110895611080, 1924503794066429,
- 1731539523700949, 2230378382645454
-#else
- 65177046, 28146973, 3304648, 20669563, 17015805, 28677341,
- 37325013, 25801949, 53893326, 33235227
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 443392177002051, 233793396845137, 2199506622312416,
- 1011858706515937, 974676837063129
-#else
- 20239939, 6607058, 6203985, 3483793, 48721888, 32775202,
- 46385121, 15077869, 44358105, 14523816
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1846351103143623, 1949984838808427, 671247021915253,
- 1946756846184401, 1929296930380217
-#else
- 27406023, 27512775, 27423595, 29057038, 4996213, 10002360,
- 38266833, 29008937, 36936121, 28748764
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 849646212452002, 1410198775302919, 73767886183695,
- 1641663456615812, 762256272452411
-#else
- 11374242, 12660715, 17861383, 21013599, 10935567, 1099227,
- 53222788, 24462691, 39381819, 11358503
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 692017667358279, 723305578826727, 1638042139863265,
- 748219305990306, 334589200523901
-#else
- 54378055, 10311866, 1510375, 10778093, 64989409, 24408729,
- 32676002, 11149336, 40985213, 4985767
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 22893968530686, 2235758574399251, 1661465835630252,
- 925707319443452, 1203475116966621
-#else
- 48012542, 341146, 60911379, 33315398, 15756972, 24757770,
- 66125820, 13794113, 47694557, 17933176
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 801299035785166, 1733292596726131, 1664508947088596,
- 467749120991922, 1647498584535623
-#else
- 6490062, 11940286, 25495923, 25828072, 8668372, 24803116,
- 3367602, 6970005, 65417799, 24549641
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 903105258014366, 427141894933047, 561187017169777,
- 1884330244401954, 1914145708422219
-#else
- 1656478, 13457317, 15370807, 6364910, 13605745, 8362338,
- 47934242, 28078708, 50312267, 28522993
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1344191060517578, 1960935031767890, 1518838929955259,
- 1781502350597190, 1564784025565682
-#else
- 44835530, 20030007, 67044178, 29220208, 48503227, 22632463,
- 46537798, 26546453, 67009010, 23317098
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 673723351748086, 1979969272514923, 1175287312495508,
- 1187589090978666, 1881897672213940
-#else
- 17747446, 10039260, 19368299, 29503841, 46478228, 17513145,
- 31992682, 17696456, 37848500, 28042460
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1917185587363432, 1098342571752737, 5935801044414,
- 2000527662351839, 1538640296181569
-#else
- 31932008, 28568291, 47496481, 16366579, 22023614, 88450,
- 11371999, 29810185, 4882241, 22927527
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2495540013192, 678856913479236, 224998292422872,
- 219635787698590, 1972465269000940
-#else
- 29796488, 37186, 19818052, 10115756, 55279832, 3352735,
- 18551198, 3272828, 61917932, 29392022
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 271413961212179, 1353052061471651, 344711291283483,
- 2014925838520662, 2006221033113941
-#else
- 12501267, 4044383, 58495907, 20162046, 34678811, 5136598,
- 47878486, 30024734, 330069, 29895023
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 194583029968109, 514316781467765, 829677956235672,
- 1676415686873082, 810104584395840
-#else
- 6384877, 2899513, 17807477, 7663917, 64749976, 12363164,
- 25366522, 24980540, 66837568, 12071498
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1980510813313589, 1948645276483975, 152063780665900,
- 129968026417582, 256984195613935
-#else
- 58743349, 29511910, 25133447, 29037077, 60897836, 2265926,
- 34339246, 1936674, 61949167, 3829362
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1860190562533102, 1936576191345085, 461100292705964,
- 1811043097042830, 957486749306835
-#else
- 28425966, 27718999, 66531773, 28857233, 52891308, 6870929,
- 7921550, 26986645, 26333139, 14267664
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 796664815624365, 1543160838872951, 1500897791837765,
- 1667315977988401, 599303877030711
-#else
- 56041645, 11871230, 27385719, 22994888, 62522949, 22365119,
- 10004785, 24844944, 45347639, 8930323
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1151480509533204, 2136010406720455, 738796060240027,
- 319298003765044, 1150614464349587
-#else
- 45911060, 17158396, 25654215, 31829035, 12282011, 11008919,
- 1541940, 4757911, 40617363, 17145491
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1731069268103150, 735642447616087, 1364750481334268,
- 417232839982871, 927108269127661
-#else
- 13537262, 25794942, 46504023, 10961926, 61186044, 20336366,
- 53952279, 6217253, 51165165, 13814989
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1017222050227968, 1987716148359, 2234319589635701,
- 621282683093392, 2132553131763026
-#else
- 49686272, 15157789, 18705543, 29619, 24409717, 33293956,
- 27361680, 9257833, 65152338, 31777517
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1567828528453324, 1017807205202360, 565295260895298,
- 829541698429100, 307243822276582
-#else
- 42063564, 23362465, 15366584, 15166509, 54003778, 8423555,
- 37937324, 12361134, 48422886, 4578289
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 249079270936248, 1501514259790706, 947909724204848,
- 944551802437487, 552658763982480
-#else
- 24579768, 3711570, 1342322, 22374306, 40103728, 14124955,
- 44564335, 14074918, 21964432, 8235257
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2089966982947227, 1854140343916181, 2151980759220007,
- 2139781292261749, 158070445864917
-#else
- 60580251, 31142934, 9442965, 27628844, 12025639, 32067012,
- 64127349, 31885225, 13006805, 2355433
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1338766321464554, 1906702607371284, 1519569445519894,
- 115384726262267, 1393058953390992
-#else
- 50803946, 19949172, 60476436, 28412082, 16974358, 22643349,
- 27202043, 1719366, 1141648, 20758196
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1364621558265400, 1512388234908357, 1926731583198686,
- 2041482526432505, 920401122333774
-#else
- 54244920, 20334445, 58790597, 22536340, 60298718, 28710537,
- 13475065, 30420460, 32674894, 13715045
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1884844597333588, 601480070269079, 620203503079537,
- 1079527400117915, 1202076693132015
-#else
- 11423316, 28086373, 32344215, 8962751, 24989809, 9241752,
- 53843611, 16086211, 38367983, 17912338
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 840922919763324, 727955812569642, 1303406629750194,
- 522898432152867, 294161410441865
-#else
- 65699196, 12530727, 60740138, 10847386, 19531186, 19422272,
- 55399715, 7791793, 39862921, 4383346
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 353760790835310, 1598361541848743, 1122905698202299,
- 1922533590158905, 419107700666580
-#else
- 38137966, 5271446, 65842855, 23817442, 54653627, 16732598,
- 62246457, 28647982, 27193556, 6245191
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 359856369838236, 180914355488683, 861726472646627,
- 218807937262986, 575626773232501
-#else
- 51914908, 5362277, 65324971, 2695833, 4960227, 12840725,
- 23061898, 3260492, 22510453, 8577507
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 755467689082474, 909202735047934, 730078068932500,
- 936309075711518, 2007798262842972
-#else
- 54476394, 11257345, 34415870, 13548176, 66387860, 10879010,
- 31168030, 13952092, 37537372, 29918525
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1609384177904073, 362745185608627, 1335318541768201,
- 800965770436248, 547877979267412
-#else
- 3877321, 23981693, 32416691, 5405324, 56104457, 19897796,
- 3759768, 11935320, 5611860, 8164018
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 984339177776787, 815727786505884, 1645154585713747,
- 1659074964378553, 1686601651984156
-#else
- 50833043, 14667796, 15906460, 12155291, 44997715, 24514713,
- 32003001, 24722143, 5773084, 25132323
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1697863093781930, 599794399429786, 1104556219769607,
- 830560774794755, 12812858601017
-#else
- 43320746, 25300131, 1950874, 8937633, 18686727, 16459170,
- 66203139, 12376319, 31632953, 190926
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1168737550514982, 897832437380552, 463140296333799,
- 302564600022547, 2008360505135501
-#else
- 42515238, 17415546, 58684872, 13378745, 14162407, 6901328,
- 58820115, 4508563, 41767309, 29926903
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1856930662813910, 678090852002597, 1920179140755167,
- 1259527833759868, 55540971895511
-#else
- 8884438, 27670423, 6023973, 10104341, 60227295, 28612898,
- 18722940, 18768427, 65436375, 827624
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1158643631044921, 476554103621892, 178447851439725,
- 1305025542653569, 103433927680625
-#else
- 34388281, 17265135, 34605316, 7101209, 13354605, 2659080,
- 65308289, 19446395, 42230385, 1541285
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2176793111709008, 1576725716350391, 2009350167273523,
- 2012390194631546, 2125297410909580
-#else
- 2901328, 32436745, 3880375, 23495044, 49487923, 29941650,
- 45306746, 29986950, 20456844, 31669399
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 825403285195098, 2144208587560784, 1925552004644643,
- 1915177840006985, 1015952128947864
-#else
- 27019610, 12299467, 53450576, 31951197, 54247203, 28692960,
- 47568713, 28538373, 29439640, 15138866
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1807108316634472, 1534392066433717, 347342975407218,
- 1153820745616376, 7375003497471
-#else
- 21536104, 26928012, 34661045, 22864223, 44700786, 5175813,
- 61688824, 17193268, 7779327, 109896
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 983061001799725, 431211889901241, 2201903782961093,
- 817393911064341, 2214616493042167
-#else
- 30279725, 14648750, 59063993, 6425557, 13639621, 32810923,
- 28698389, 12180118, 23177719, 33000357
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 228567918409756, 865093958780220, 358083886450556,
- 159617889659320, 1360637926292598
-#else
- 26572828, 3405927, 35407164, 12890904, 47843196, 5335865,
- 60615096, 2378491, 4439158, 20275085
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 234147501399755, 2229469128637390, 2175289352258889,
- 1397401514549353, 1885288963089922
-#else
- 44392139, 3489069, 57883598, 33221678, 18875721, 32414337,
- 14819433, 20822905, 49391106, 28092994
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1111762412951562, 252849572507389, 1048714233823341,
- 146111095601446, 1237505378776770
-#else
- 62052362, 16566550, 15953661, 3767752, 56672365, 15627059,
- 66287910, 2177224, 8550082, 18440267
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1113790697840279, 1051167139966244, 1045930658550944,
- 2011366241542643, 1686166824620755
-#else
- 48635543, 16596774, 66727204, 15663610, 22860960, 15585581,
- 39264755, 29971692, 43848403, 25125843
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1054097349305049, 1872495070333352, 182121071220717,
- 1064378906787311, 100273572924182
-#else
- 34628313, 15707274, 58902952, 27902350, 29464557, 2713815,
- 44383727, 15860481, 45206294, 1494192
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1306410853171605, 1627717417672447, 50983221088417,
- 1109249951172250, 870201789081392
-#else
- 47546773, 19467038, 41524991, 24254879, 13127841, 759709,
- 21923482, 16529112, 8742704, 12967017
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 104233794644221, 1548919791188248, 2224541913267306,
- 2054909377116478, 1043803389015153
-#else
- 38643965, 1553204, 32536856, 23080703, 42417258, 33148257,
- 58194238, 30620535, 37205105, 15553882
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 216762189468802, 707284285441622, 190678557969733,
- 973969342604308, 1403009538434867
-#else
- 21877890, 3230008, 9881174, 10539357, 62311749, 2841331,
- 11543572, 14513274, 19375923, 20906471
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1279024291038477, 344776835218310, 273722096017199,
- 1834200436811442, 634517197663804
-#else
- 8832269, 19058947, 13253510, 5137575, 5037871, 4078777,
- 24880818, 27331716, 2862652, 9455043
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 343805853118335, 1302216857414201, 566872543223541,
- 2051138939539004, 321428858384280
-#else
- 29306751, 5123106, 20245049, 19404543, 9592565, 8447059,
- 65031740, 30564351, 15511448, 4789663
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 470067171324852, 1618629234173951, 2000092177515639,
- 7307679772789, 1117521120249968
-#else
- 46429108, 7004546, 8824831, 24119455, 63063159, 29803695,
- 61354101, 108892, 23513200, 16652362
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 278151578291475, 1810282338562947, 1771599529530998,
- 1383659409671631, 685373414471841
-#else
- 33852691, 4144781, 62632835, 26975308, 10770038, 26398890,
- 60458447, 20618131, 48789665, 10212859
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 577009397403102, 1791440261786291, 2177643735971638,
- 174546149911960, 1412505077782326
-#else
- 2756062, 8598110, 7383731, 26694540, 22312758, 32449420,
- 21179800, 2600940, 57120566, 21047965
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 893719721537457, 1201282458018197, 1522349501711173,
- 58011597740583, 1130406465887139
-#else
- 42463153, 13317461, 36659605, 17900503, 21365573, 22684775,
- 11344423, 864440, 64609187, 16844368
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 412607348255453, 1280455764199780, 2233277987330768,
- 14180080401665, 331584698417165
-#else
- 40676061, 6148328, 49924452, 19080277, 18782928, 33278435,
- 44547329, 211299, 2719757, 4940997
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 262483770854550, 990511055108216, 526885552771698,
- 571664396646158, 354086190278723
-#else
- 65784982, 3911312, 60160120, 14759764, 37081714, 7851206,
- 21690126, 8518463, 26699843, 5276295
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1820352417585487, 24495617171480, 1547899057533253,
- 10041836186225, 480457105094042
-#else
- 53958991, 27125364, 9396248, 365013, 24703301, 23065493,
- 1321585, 149635, 51656090, 7159368
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2023310314989233, 637905337525881, 2106474638900687,
- 557820711084072, 1687858215057826
-#else
- 9987761, 30149673, 17507961, 9505530, 9731535, 31388918,
- 22356008, 8312176, 22477218, 25151047
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1144168702609745, 604444390410187, 1544541121756138,
- 1925315550126027, 626401428894002
-#else
- 18155857, 17049442, 19744715, 9006923, 15154154, 23015456,
- 24256459, 28689437, 44560690, 9334108
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1922168257351784, 2018674099908659, 1776454117494445,
- 956539191509034, 36031129147635
-#else
- 2986088, 28642539, 10776627, 30080588, 10620589, 26471229,
- 45695018, 14253544, 44521715, 536905
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 544644538748041, 1039872944430374, 876750409130610,
- 710657711326551, 1216952687484972
-#else
- 4377737, 8115836, 24567078, 15495314, 11625074, 13064599,
- 7390551, 10589625, 10838060, 18134008
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 58242421545916, 2035812695641843, 2118491866122923,
- 1191684463816273, 46921517454099
-#else
- 47766460, 867879, 9277171, 30335973, 52677291, 31567988,
- 19295825, 17757482, 6378259, 699185
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 272268252444639, 1374166457774292, 2230115177009552,
- 1053149803909880, 1354288411641016
-#else
- 7895007, 4057113, 60027092, 20476675, 49222032, 33231305,
- 66392824, 15693154, 62063800, 20180469
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1857910905368338, 1754729879288912, 885945464109877,
- 1516096106802166, 1602902393369811
-#else
- 59371282, 27685029, 52542544, 26147512, 11385653, 13201616,
- 31730678, 22591592, 63190227, 23885106
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1193437069800958, 901107149704790, 999672920611411,
- 477584824802207, 364239578697845
-#else
- 10188286, 17783598, 59772502, 13427542, 22223443, 14896287,
- 30743455, 7116568, 45322357, 5427592
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 886299989548838, 1538292895758047, 1590564179491896,
- 1944527126709657, 837344427345298
-#else
- 696102, 13206899, 27047647, 22922350, 15285304, 23701253,
- 10798489, 28975712, 19236242, 12477404
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 754558365378305, 1712186480903618, 1703656826337531,
- 750310918489786, 518996040250900
-#else
- 55879425, 11243795, 50054594, 25513566, 66320635, 25386464,
- 63211194, 11180503, 43939348, 7733643
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1309847803895382, 1462151862813074, 211370866671570,
- 1544595152703681, 1027691798954090
-#else
- 17800790, 19518253, 40108434, 21787760, 23887826, 3149671,
- 23466177, 23016261, 10322026, 15313801
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 803217563745370, 1884799722343599, 1357706345069218,
- 2244955901722095, 730869460037413
-#else
- 26246234, 11968874, 32263343, 28085704, 6830754, 20231401,
- 51314159, 33452449, 42659621, 10890803
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 689299471295966, 1831210565161071, 1375187341585438,
- 1106284977546171, 1893781834054269
-#else
- 35743198, 10271362, 54448239, 27287163, 16690206, 20491888,
- 52126651, 16484930, 25180797, 28219548
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 696351368613042, 1494385251239250, 738037133616932,
- 636385507851544, 927483222611406
-#else
- 66522290, 10376443, 34522450, 22268075, 19801892, 10997610,
- 2276632, 9482883, 316878, 13820577
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1949114198209333, 1104419699537997, 783495707664463,
- 1747473107602770, 2002634765788641
-#else
- 57226037, 29044064, 64993357, 16457135, 56008783, 11674995,
- 30756178, 26039378, 30696929, 29841583
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1607325776830197, 530883941415333, 1451089452727895,
- 1581691157083423, 496100432831154
-#else
- 32988917, 23951020, 12499365, 7910787, 56491607, 21622917,
- 59766047, 23569034, 34759346, 7392472
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1068900648804224, 2006891997072550, 1134049269345549,
- 1638760646180091, 2055396084625778
-#else
- 58253184, 15927860, 9866406, 29905021, 64711949, 16898650,
- 36699387, 24419436, 25112946, 30627788
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2222475519314561, 1870703901472013, 1884051508440561,
- 1344072275216753, 1318025677799069
-#else
- 64604801, 33117465, 25621773, 27875660, 15085041, 28074555,
- 42223985, 20028237, 5537437, 19640113
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 155711679280656, 681100400509288, 389811735211209,
- 2135723811340709, 408733211204125
-#else
- 55883280, 2320284, 57524584, 10149186, 33664201, 5808647,
- 52232613, 31824764, 31234589, 6090599
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 7813206966729, 194444201427550, 2071405409526507,
- 1065605076176312, 1645486789731291
-#else
- 57475529, 116425, 26083934, 2897444, 60744427, 30866345, 609720,
- 15878753, 60138459, 24519663
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 16625790644959, 1647648827778410, 1579910185572704,
- 436452271048548, 121070048451050
-#else
- 39351007, 247743, 51914090, 24551880, 23288160, 23542496,
- 43239268, 6503645, 20650474, 1804084
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1037263028552531, 568385780377829, 297953104144430,
- 1558584511931211, 2238221839292471
-#else
- 39519059, 15456423, 8972517, 8469608, 15640622, 4439847,
- 3121995, 23224719, 27842615, 33352104
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 190565267697443, 672855706028058, 338796554369226,
- 337687268493904, 853246848691734
-#else
- 51801891, 2839643, 22530074, 10026331, 4602058, 5048462,
- 28248656, 5031932, 55733782, 12714368
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1763863028400139, 766498079432444, 1321118624818005,
- 69494294452268, 858786744165651
-#else
- 20807691, 26283607, 29286140, 11421711, 39232341, 19686201,
- 45881388, 1035545, 47375635, 12796919
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1292056768563024, 1456632109855638, 1100631247050184,
- 1386133165675321, 1232898350193752
-#else
- 12076880, 19253146, 58323862, 21705509, 42096072, 16400683,
- 49517369, 20654993, 3480664, 18371617
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 366253102478259, 525676242508811, 1449610995265438,
- 1183300845322183, 185960306491545
-#else
- 34747315, 5457596, 28548107, 7833186, 7303070, 21600887,
- 42745799, 17632556, 33734809, 2771024
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 28315355815982, 460422265558930, 1799675876678724,
- 1969256312504498, 1051823843138725
-#else
- 45719598, 421931, 26597266, 6860826, 22486084, 26817260,
- 49971378, 29344205, 42556581, 15673396
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 156914999361983, 1606148405719949, 1665208410108430,
- 317643278692271, 1383783705665320
-#else
- 46924223, 2338215, 19788685, 23933476, 63107598, 24813538,
- 46837679, 4733253, 3727144, 20619984
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 54684536365732, 2210010038536222, 1194984798155308,
- 535239027773705, 1516355079301361
-#else
- 6120100, 814863, 55314462, 32931715, 6812204, 17806661, 2019593,
- 7975683, 31123697, 22595451
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1484387703771650, 198537510937949, 2186282186359116,
- 617687444857508, 647477376402122
-#else
- 30069250, 22119100, 30434653, 2958439, 18399564, 32578143,
- 12296868, 9204260, 50676426, 9648164
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2147715541830533, 500032538445817, 646380016884826,
- 352227855331122, 1488268620408052
-#else
- 32705413, 32003455, 30705657, 7451065, 55303258, 9631812,
- 3305266, 5248604, 41100532, 22176930
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 159386186465542, 1877626593362941, 618737197060512,
- 1026674284330807, 1158121760792685
-#else
- 17219846, 2375039, 35537917, 27978816, 47649184, 9219902,
- 294711, 15298639, 2662509, 17257359
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1744544377739822, 1964054180355661, 1685781755873170,
- 2169740670377448, 1286112621104591
-#else
- 65935918, 25995736, 62742093, 29266687, 45762450, 25120105,
- 32087528, 32331655, 32247247, 19164571
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 81977249784993, 1667943117713086, 1668983819634866,
- 1605016835177615, 1353960708075544
-#else
- 14312609, 1221556, 17395390, 24854289, 62163122, 24869796,
- 38911119, 23916614, 51081240, 20175586
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1602253788689063, 439542044889886, 2220348297664483,
- 657877410752869, 157451572512238
-#else
- 65680039, 23875441, 57873182, 6549686, 59725795, 33085767,
- 23046501, 9803137, 17597934, 2346211
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1029287186166717, 65860128430192, 525298368814832,
- 1491902500801986, 1461064796385400
-#else
- 18510781, 15337574, 26171504, 981392, 44867312, 7827555,
- 43617730, 22231079, 3059832, 21771562
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 408216988729246, 2121095722306989, 913562102267595,
- 1879708920318308, 241061448436731
-#else
- 10141598, 6082907, 17829293, 31606789, 9830091, 13613136,
- 41552228, 28009845, 33606651, 3592095
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1185483484383269, 1356339572588553, 584932367316448,
- 102132779946470, 1792922621116791
-#else
- 33114149, 17665080, 40583177, 20211034, 33076704, 8716171,
- 1151462, 1521897, 66126199, 26716628
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1966196870701923, 2230044620318636, 1425982460745905,
- 261167817826569, 46517743394330
-#else
- 34169699, 29298616, 23947180, 33230254, 34035889, 21248794,
- 50471177, 3891703, 26353178, 693168
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 107077591595359, 884959942172345, 27306869797400,
- 2224911448949390, 964352058245223
-#else
- 30374239, 1595580, 50224825, 13186930, 4600344, 406904, 9585294,
- 33153764, 31375463, 14369965
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1730194207717538, 431790042319772, 1831515233279467,
- 1372080552768581, 1074513929381760
-#else
- 52738210, 25781902, 1510300, 6434173, 48324075, 27291703,
- 32732229, 20445593, 17901440, 16011505
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1450880638731607, 1019861580989005, 1229729455116861,
- 1174945729836143, 826083146840706
-#else
- 18171223, 21619806, 54608461, 15197121, 56070717, 18324396,
- 47936623, 17508055, 8764034, 12309598
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1899935429242705, 1602068751520477, 940583196550370,
- 82431069053859, 1540863155745696
-#else
- 5975889, 28311244, 47649501, 23872684, 55567586, 14015781,
- 43443107, 1228318, 17544096, 22960650
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2136688454840028, 2099509000964294, 1690800495246475,
- 1217643678575476, 828720645084218
-#else
- 5811932, 31839139, 3442886, 31285122, 48741515, 25194890,
- 49064820, 18144304, 61543482, 12348899
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 765548025667841, 462473984016099, 998061409979798,
- 546353034089527, 2212508972466858
-#else
- 35709185, 11407554, 25755363, 6891399, 63851926, 14872273,
- 42259511, 8141294, 56476330, 32968952
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 46575283771160, 892570971573071, 1281983193144090,
- 1491520128287375, 75847005908304
-#else
- 54433560, 694025, 62032719, 13300343, 14015258, 19103038,
- 57410191, 22225381, 30944592, 1130208
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1801436127943107, 1734436817907890, 1268728090345068,
- 167003097070711, 2233597765834956
-#else
- 8247747, 26843490, 40546482, 25845122, 52706924, 18905521,
- 4652151, 2488540, 23550156, 33283200
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1997562060465113, 1048700225534011, 7615603985628,
- 1855310849546841, 2242557647635213
-#else
- 17294297, 29765994, 7026747, 15626851, 22990044, 113481,
- 2267737, 27646286, 66700045, 33416712
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1161017320376250, 492624580169043, 2169815802355237,
- 976496781732542, 1770879511019629
-#else
- 16091066, 17300506, 18599251, 7340678, 2137637, 32332775,
- 63744702, 14550935, 3260525, 26388161
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1357044908364776, 729130645262438, 1762469072918979,
- 1365633616878458, 181282906404941
-#else
- 62198760, 20221544, 18550886, 10864893, 50649539, 26262835,
- 44079994, 20349526, 54360141, 2701325
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1080413443139865, 1155205815510486, 1848782073549786,
- 622566975152580, 124965574467971
-#else
- 58534169, 16099414, 4629974, 17213908, 46322650, 27548999,
- 57090500, 9276970, 11329923, 1862132
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1184526762066993, 247622751762817, 692129017206356,
- 820018689412496, 2188697339828085
-#else
- 14763057, 17650824, 36190593, 3689866, 3511892, 10313526,
- 45157776, 12219230, 58070901, 32614131
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2020536369003019, 202261491735136, 1053169669150884,
- 2056531979272544, 778165514694311
-#else
- 8894987, 30108338, 6150752, 3013931, 301220, 15693451, 35127648,
- 30644714, 51670695, 11595569
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 237404399610207, 1308324858405118, 1229680749538400,
- 720131409105291, 1958958863624906
-#else
- 15214943, 3537601, 40870142, 19495559, 4418656, 18323671,
- 13947275, 10730794, 53619402, 29190761
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 515583508038846, 17656978857189, 1717918437373989,
- 1568052070792483, 46975803123923
-#else
- 64570558, 7682792, 32759013, 263109, 37124133, 25598979,
- 44776739, 23365796, 977107, 699994
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 281527309158085, 36970532401524, 866906920877543,
- 2222282602952734, 1289598729589882
-#else
- 54642373, 4195083, 57897332, 550903, 51543527, 12917919,
- 19118110, 33114591, 36574330, 19216518
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1278207464902042, 494742455008756, 1262082121427081,
- 1577236621659884, 1888786707293291
-#else
- 31788442, 19046775, 4799988, 7372237, 8808585, 18806489,
- 9408236, 23502657, 12493931, 28145115
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 353042527954210, 1830056151907359, 1111731275799225,
- 174960955838824, 404312815582675
-#else
- 41428258, 5260743, 47873055, 27269961, 63412921, 16566086,
- 27218280, 2607121, 29375955, 6024730
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2064251142068628, 1666421603389706, 1419271365315441,
- 468767774902855, 191535130366583
-#else
- 842132, 30759739, 62345482, 24831616, 26332017, 21148791,
- 11831879, 6985184, 57168503, 2854095
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1716987058588002, 1859366439773457, 1767194234188234,
- 64476199777924, 1117233614485261
-#else
- 62261602, 25585100, 2516241, 27706719, 9695690, 26333246,
- 16512644, 960770, 12121869, 16648078
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 984292135520292, 135138246951259, 2220652137473167,
- 1722843421165029, 190482558012909
-#else
- 51890212, 14667095, 53772635, 2013716, 30598287, 33090295,
- 35603941, 25672367, 20237805, 2838411
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 298845952651262, 1166086588952562, 1179896526238434,
- 1347812759398693, 1412945390096208
-#else
- 47820798, 4453151, 15298546, 17376044, 22115042, 17581828,
- 12544293, 20083975, 1068880, 21054527
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1143239552672925, 906436640714209, 2177000572812152,
- 2075299936108548, 325186347798433
-#else
- 57549981, 17035596, 33238497, 13506958, 30505848, 32439836,
- 58621956, 30924378, 12521377, 4845654
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 721024854374772, 684487861263316, 1373438744094159,
- 2193186935276995, 1387043709851261
-#else
- 38910324, 10744107, 64150484, 10199663, 7759311, 20465832,
- 3409347, 32681032, 60626557, 20668561
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 418098668140962, 715065997721283, 1471916138376055,
- 2168570337288357, 937812682637044
-#else
- 43547042, 6230155, 46726851, 10655313, 43068279, 21933259,
- 10477733, 32314216, 63995636, 13974497
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1043584187226485, 2143395746619356, 2209558562919611,
- 482427979307092, 847556718384018
-#else
- 12966261, 15550616, 35069916, 31939085, 21025979, 32924988,
- 5642324, 7188737, 18895762, 12629579
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1248731221520759, 1465200936117687, 540803492710140,
- 52978634680892, 261434490176109
-#else
- 14741879, 18607545, 22177207, 21833195, 1279740, 8058600,
- 11758140, 789443, 32195181, 3895677
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1057329623869501, 620334067429122, 461700859268034,
- 2012481616501857, 297268569108938
-#else
- 10758205, 15755439, 62598914, 9243697, 62229442, 6879878,
- 64904289, 29988312, 58126794, 4429646
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1055352180870759, 1553151421852298, 1510903185371259,
- 1470458349428097, 1226259419062731
-#else
- 64654951, 15725972, 46672522, 23143759, 61304955, 22514211,
- 59972993, 21911536, 18047435, 18272689
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1492988790301668, 790326625573331, 1190107028409745,
- 1389394752159193, 1620408196604194
-#else
- 41935844, 22247266, 29759955, 11776784, 44846481, 17733976,
- 10993113, 20703595, 49488162, 24145963
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 47000654413729, 1004754424173864, 1868044813557703,
- 173236934059409, 588771199737015
-#else
- 21987233, 700364, 42603816, 14972007, 59334599, 27836036,
- 32155025, 2581431, 37149879, 8773374
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 30498470091663, 1082245510489825, 576771653181956,
- 806509986132686, 1317634017056939
-#else
- 41540495, 454462, 53896929, 16126714, 25240068, 8594567,
- 20656846, 12017935, 59234475, 19634276
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 420308055751555, 1493354863316002, 165206721528088,
- 1884845694919786, 2065456951573059
-#else
- 6028163, 6263078, 36097058, 22252721, 66289944, 2461771,
- 35267690, 28086389, 65387075, 30777706
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1115636332012334, 1854340990964155, 83792697369514,
- 1972177451994021, 457455116057587
-#else
- 54829870, 16624276, 987579, 27631834, 32908202, 1248608,
- 7719845, 29387734, 28408819, 6816612
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1698968457310898, 1435137169051090, 1083661677032510,
- 938363267483709, 340103887207182
-#else
- 56750770, 25316602, 19549650, 21385210, 22082622, 16147817,
- 20613181, 13982702, 56769294, 5067942
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1995325341336574, 911500251774648, 164010755403692,
- 855378419194762, 1573601397528842
-#else
- 36602878, 29732664, 12074680, 13582412, 47230892, 2443950,
- 47389578, 12746131, 5331210, 23448488
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 241719380661528, 310028521317150, 1215881323380194,
- 1408214976493624, 2141142156467363
-#else
- 30528792, 3601899, 65151774, 4619784, 39747042, 18118043,
- 24180792, 20984038, 27679907, 31905504
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1315157046163473, 727368447885818, 1363466668108618,
- 1668921439990361, 1398483384337907
-#else
- 9402385, 19597367, 32834042, 10838634, 40528714, 20317236,
- 26653273, 24868867, 22611443, 20839026
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 75029678299646, 1015388206460473, 1849729037055212,
- 1939814616452984, 444404230394954
-#else
- 22190590, 1118029, 22736441, 15130463, 36648172, 27563110,
- 19189624, 28905490, 4854858, 6622139
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2053597130993710, 2024431685856332, 2233550957004860,
- 2012407275509545, 872546993104440
-#else
- 58798126, 30600981, 58846284, 30166382, 56707132, 33282502,
- 13424425, 29987205, 26404408, 13001963
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1217269667678610, 599909351968693, 1390077048548598,
- 1471879360694802, 739586172317596
-#else
- 35867026, 18138731, 64114613, 8939345, 11562230, 20713762,
- 41044498, 21932711, 51703708, 11020692
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1718318639380794, 1560510726633958, 904462881159922,
- 1418028351780052, 94404349451937
-#else
- 1866042, 25604943, 59210214, 23253421, 12483314, 13477547,
- 3175636, 21130269, 28761761, 1406734
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2132502667405250, 214379346175414, 1502748313768060,
- 1960071701057800, 1353971822643138
-#else
- 66660290, 31776765, 13018550, 3194501, 57528444, 22392694,
- 24760584, 29207344, 25577410, 20175752
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 319394212043702, 2127459436033571, 717646691535162,
- 663366796076914, 318459064945314
-#else
- 42818486, 4759344, 66418211, 31701615, 2066746, 10693769,
- 37513074, 9884935, 57739938, 4745409
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 405989424923593, 1960452633787083, 667349034401665,
- 1492674260767112, 1451061489880787
-#else
- 57967561, 6049713, 47577803, 29213020, 35848065, 9944275,
- 51646856, 22242579, 10931923, 21622501
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 947085906234007, 323284730494107, 1485778563977200,
- 728576821512394, 901584347702286
-#else
- 50547351, 14112679, 59096219, 4817317, 59068400, 22139825,
- 44255434, 10856640, 46638094, 13434653
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1575783124125742, 2126210792434375, 1569430791264065,
- 1402582372904727, 1891780248341114
-#else
- 22759470, 23480998, 50342599, 31683009, 13637441, 23386341,
- 1765143, 20900106, 28445306, 28189722
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 838432205560695, 1997703511451664, 1018791879907867,
- 1662001808174331, 78328132957753
-#else
- 29875063, 12493613, 2795536, 29768102, 1710619, 15181182,
- 56913147, 24765756, 9074233, 1167180
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 739152638255629, 2074935399403557, 505483666745895,
- 1611883356514088, 628654635394878
-#else
- 40903181, 11014232, 57266213, 30918946, 40200743, 7532293,
- 48391976, 24018933, 3843902, 9367684
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1822054032121349, 643057948186973, 7306757352712,
- 577249257962099, 284735863382083
-#else
- 56139269, 27150720, 9591133, 9582310, 11349256, 108879,
- 16235123, 8601684, 66969667, 4242894
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1366558556363930, 1448606567552086, 1478881020944768,
- 165803179355898, 1115718458123498
-#else
- 22092954, 20363309, 65066070, 21585919, 32186752, 22037044,
- 60534522, 2470659, 39691498, 16625500
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 204146226972102, 1630511199034723, 2215235214174763,
- 174665910283542, 956127674017216
-#else
- 56051142, 3042015, 13770083, 24296510, 584235, 33009577,
- 59338006, 2602724, 39757248, 14247412
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1562934578796716, 1070893489712745, 11324610642270,
- 958989751581897, 2172552325473805
-#else
- 6314156, 23289540, 34336361, 15957556, 56951134, 168749,
- 58490057, 14290060, 27108877, 32373552
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1770564423056027, 735523631664565, 1326060113795289,
- 1509650369341127, 65892421582684
-#else
- 58522267, 26383465, 13241781, 10960156, 34117849, 19759835,
- 33547975, 22495543, 39960412, 981873
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 623682558650637, 1337866509471512, 990313350206649,
- 1314236615762469, 1164772974270275
-#else
- 22833421, 9293594, 34459416, 19935764, 57971897, 14756818,
- 44180005, 19583651, 56629059, 17356469
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 223256821462517, 723690150104139, 1000261663630601,
- 933280913953265, 254872671543046
-#else
- 59340277, 3326785, 38997067, 10783823, 19178761, 14905060,
- 22680049, 13906969, 51175174, 3797898
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1969087237026041, 624795725447124, 1335555107635969,
- 2069986355593023, 1712100149341902
-#else
- 21721337, 29341686, 54902740, 9310181, 63226625, 19901321,
- 23740223, 30845200, 20491982, 25512280
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1236103475266979, 1837885883267218, 1026072585230455,
- 1025865513954973, 1801964901432134
-#else
- 9209251, 18419377, 53852306, 27386633, 66377847, 15289672,
- 25947805, 15286587, 30997318, 26851369
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1115241013365517, 1712251818829143, 2148864332502771,
- 2096001471438138, 2235017246626125
-#else
- 7392013, 16618386, 23946583, 25514540, 53843699, 32020573,
- 52911418, 31232855, 17649997, 33304352
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1299268198601632, 2047148477845621, 2165648650132450,
- 1612539282026145, 514197911628890
-#else
- 57807776, 19360604, 30609525, 30504889, 41933794, 32270679,
- 51867297, 24028707, 64875610, 7662145
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 118352772338543, 1067608711804704, 1434796676193498,
- 1683240170548391, 230866769907437
-#else
- 49550191, 1763593, 33994528, 15908609, 37067994, 21380136,
- 7335079, 25082233, 63934189, 3440182
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1850689576796636, 1601590730430274, 1139674615958142,
- 1954384401440257, 76039205311
-#else
- 47219164, 27577423, 42997570, 23865561, 10799742, 16982475,
- 40449, 29122597, 4862399, 1133
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1723387471374172, 997301467038410, 533927635123657,
- 20928644693965, 1756575222802513
-#else
- 34252636, 25680474, 61686474, 14860949, 50789833, 7956141,
- 7258061, 311861, 36513873, 26175010
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2146711623855116, 503278928021499, 625853062251406,
- 1109121378393107, 1033853809911861
-#else
- 63335436, 31988495, 28985339, 7499440, 24445838, 9325937,
- 29727763, 16527196, 18278453, 15405622
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 571005965509422, 2005213373292546, 1016697270349626,
- 56607856974274, 914438579435146
-#else
- 62726958, 8508651, 47210498, 29880007, 61124410, 15149969,
- 53795266, 843522, 45233802, 13626196
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1346698876211176, 2076651707527589, 1084761571110205,
- 265334478828406, 1068954492309671
-#else
- 2281448, 20067377, 56193445, 30944521, 1879357, 16164207,
- 56324982, 3953791, 13340839, 15928663
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1769967932677654, 1695893319756416, 1151863389675920,
- 1781042784397689, 400287774418285
-#else
- 31727126, 26374577, 48671360, 25270779, 2875792, 17164102,
- 41838969, 26539605, 43656557, 5964752
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1851867764003121, 403841933237558, 820549523771987,
- 761292590207581, 1743735048551143
-#else
- 4100401, 27594980, 49929526, 6017713, 48403027, 12227140,
- 40424029, 11344143, 2538215, 25983677
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 410915148140008, 2107072311871739, 1004367461876503,
- 99684895396761, 1180818713503224
-#else
- 57675240, 6123112, 11159803, 31397824, 30016279, 14966241,
- 46633881, 1485420, 66479608, 17595569
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 285945406881439, 648174397347453, 1098403762631981,
- 1366547441102991, 1505876883139217
-#else
- 40304287, 4260918, 11851389, 9658551, 35091757, 16367491,
- 46903439, 20363143, 11659921, 22439314
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 672095903120153, 1675918957959872, 636236529315028,
- 1569297300327696, 2164144194785875
-#else
- 26180377, 10015009, 36264640, 24973138, 5418196, 9480663,
- 2231568, 23384352, 33100371, 32248261
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1902708175321798, 1035343530915438, 1178560808893263,
- 301095684058146, 1280977479761118
-#else
- 15121094, 28352561, 56718958, 15427820, 39598927, 17561924,
- 21670946, 4486675, 61177054, 19088051
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1615357281742403, 404257611616381, 2160201349780978,
- 1160947379188955, 1578038619549541
-#else
- 16166467, 24070699, 56004733, 6023907, 35182066, 32189508,
- 2340059, 17299464, 56373093, 23514607
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2013087639791217, 822734930507457, 1785668418619014,
- 1668650702946164, 389450875221715
-#else
- 28042865, 29997343, 54982337, 12259705, 63391366, 26608532,
- 6766452, 24864833, 18036435, 5803270
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 453918449698368, 106406819929001, 2072540975937135,
- 308588860670238, 1304394580755385
-#else
- 66291264, 6763911, 11803561, 1585585, 10958447, 30883267,
- 23855390, 4598332, 60949433, 19436993
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1295082798350326, 2091844511495996, 1851348972587817,
- 3375039684596, 789440738712837
-#else
- 36077558, 19298237, 17332028, 31170912, 31312681, 27587249,
- 696308, 50292, 47013125, 11763583
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2083069137186154, 848523102004566, 993982213589257,
- 1405313299916317, 1532824818698468
-#else
- 66514282, 31040148, 34874710, 12643979, 12650761, 14811489,
- 665117, 20940800, 47335652, 22840869
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1495961298852430, 1397203457344779, 1774950217066942,
- 139302743555696, 66603584342787
-#else
- 30464590, 22291560, 62981387, 20819953, 19835326, 26448819,
- 42712688, 2075772, 50088707, 992470
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1782411379088302, 1096724939964781, 27593390721418,
- 542241850291353, 1540337798439873
-#else
- 18357166, 26559999, 7766381, 16342475, 37783946, 411173,
- 14578841, 8080033, 55534529, 22952821
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 693543956581437, 171507720360750, 1557908942697227,
- 1074697073443438, 1104093109037196
-#else
- 19598397, 10334610, 12555054, 2555664, 18821899, 23214652,
- 21873262, 16014234, 26224780, 16452269
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 345288228393419, 1099643569747172, 134881908403743,
- 1740551994106740, 248212179299770
-#else
- 36884939, 5145195, 5944548, 16385966, 3976735, 2009897,
- 55731060, 25936245, 46575034, 3698649
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 231429562203065, 1526290236421172, 2021375064026423,
- 1520954495658041, 806337791525116
-#else
- 14187449, 3448569, 56472628, 22743496, 44444983, 30120835,
- 7268409, 22663988, 27394300, 12015369
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1079623667189886, 872403650198613, 766894200588288,
- 2163700860774109, 2023464507911816
-#else
- 19695742, 16087646, 28032085, 12999827, 6817792, 11427614,
- 20244189, 32241655, 53849736, 30151970
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 854645372543796, 1936406001954827, 151460662541253,
- 825325739271555, 1554306377287556
-#else
- 30860084, 12735208, 65220619, 28854697, 50133957, 2256939,
- 58942851, 12298311, 58558340, 23160969
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1497138821904622, 1044820250515590, 1742593886423484,
- 1237204112746837, 849047450816987
-#else
- 61389038, 22309106, 65198214, 15569034, 26642876, 25966672,
- 61319509, 18435777, 62132699, 12651792
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 667962773375330, 1897271816877105, 1399712621683474,
- 1143302161683099, 2081798441209593
-#else
- 64260450, 9953420, 11531313, 28271553, 26895122, 20857343,
- 53990043, 17036529, 9768697, 31021214
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 127147851567005, 1936114012888110, 1704424366552046,
- 856674880716312, 716603621335359
-#else
- 42389405, 1894650, 66821166, 28850346, 15348718, 25397902,
- 32767512, 12765450, 4940095, 10678226
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1072409664800960, 2146937497077528, 1508780108920651,
- 935767602384853, 1112800433544068
-#else
- 18860224, 15980149, 48121624, 31991861, 40875851, 22482575,
- 59264981, 13944023, 42736516, 16582018
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 333549023751292, 280219272863308, 2104176666454852,
- 1036466864875785, 536135186520207
-#else
- 51604604, 4970267, 37215820, 4175592, 46115652, 31354675,
- 55404809, 15444559, 56105103, 7989036
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 373666279883137, 146457241530109, 304116267127857,
- 416088749147715, 1258577131183391
-#else
- 31490433, 5568061, 64696061, 2182382, 34772017, 4531685,
- 35030595, 6200205, 47422751, 18754260
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1186115062588401, 2251609796968486, 1098944457878953,
- 1153112761201374, 1791625503417267
-#else
- 49800177, 17674491, 35586086, 33551600, 34221481, 16375548,
- 8680158, 17182719, 28550067, 26697300
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1870078460219737, 2129630962183380, 852283639691142,
- 292865602592851, 401904317342226
-#else
- 38981977, 27866340, 16837844, 31733974, 60258182, 12700015,
- 37068883, 4364037, 1155602, 5988841
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1361070124828035, 815664541425524, 1026798897364671,
- 1951790935390647, 555874891834790
-#else
- 21890435, 20281525, 54484852, 12154348, 59276991, 15300495,
- 23148983, 29083951, 24618406, 8283181
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1546301003424277, 459094500062839, 1097668518375311,
- 1780297770129643, 720763293687608
-#else
- 33972757, 23041680, 9975415, 6841041, 35549071, 16356535,
- 3070187, 26528504, 1466168, 10740210
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1212405311403990, 1536693382542438, 61028431067459,
- 1863929423417129, 1223219538638038
-#else
- 65599446, 18066246, 53605478, 22898515, 32799043, 909394,
- 53169961, 27774712, 34944214, 18227391
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1294303766540260, 1183557465955093, 882271357233093,
- 63854569425375, 2213283684565087
-#else
- 3960804, 19286629, 39082773, 17636380, 47704005, 13146867,
- 15567327, 951507, 63848543, 32980496
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 339050984211414, 601386726509773, 413735232134068,
- 966191255137228, 1839475899458159
-#else
- 24740822, 5052253, 37014733, 8961360, 25877428, 6165135,
- 42740684, 14397371, 59728495, 27410326
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 235605972169408, 2174055643032978, 1538335001838863,
- 1281866796917192, 1815940222628465
-#else
- 38220480, 3510802, 39005586, 32395953, 55870735, 22922977,
- 51667400, 19101303, 65483377, 27059617
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1632352921721536, 1833328609514701, 2092779091951987,
- 1923956201873226, 2210068022482919
-#else
- 793280, 24323954, 8836301, 27318725, 39747955, 31184838,
- 33152842, 28669181, 57202663, 32932579
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 35271216625062, 1712350667021807, 983664255668860,
- 98571260373038, 1232645608559836
-#else
- 5666214, 525582, 20782575, 25516013, 42570364, 14657739,
- 16099374, 1468826, 60937436, 18367850
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1998172393429622, 1798947921427073, 784387737563581,
- 1589352214827263, 1589861734168180
-#else
- 62249590, 29775088, 64191105, 26806412, 7778749, 11688288,
- 36704511, 23683193, 65549940, 23690785
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1733739258725305, 31715717059538, 201969945218860,
- 992093044556990, 1194308773174556
-#else
- 10896313, 25834728, 824274, 472601, 47648556, 3009586, 25248958,
- 14783338, 36527388, 17796587
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 846415389605137, 746163495539180, 829658752826080,
- 592067705956946, 957242537821393
-#else
- 10566929, 12612572, 35164652, 11118702, 54475488, 12362878,
- 21752402, 8822496, 24003793, 14264025
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1758148849754419, 619249044817679, 168089007997045,
- 1371497636330523, 1867101418880350
-#else
- 27713843, 26198459, 56100623, 9227529, 27050101, 2504721,
- 23886875, 20436907, 13958494, 27821979
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 326633984209635, 261759506071016, 1700682323676193,
- 1577907266349064, 1217647663383016
-#else
- 43627235, 4867225, 39861736, 3900520, 29838369, 25342141,
- 35219464, 23512650, 7340520, 18144364
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1714182387328607, 1477856482074168, 574895689942184,
- 2159118410227270, 1555532449716575
-#else
- 4646495, 25543308, 44342840, 22021777, 23184552, 8566613,
- 31366726, 32173371, 52042079, 23179239
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 853828206885131, 998498946036955, 1835887550391235,
- 207627336608048, 258363815956050
-#else
- 49838347, 12723031, 50115803, 14878793, 21619651, 27356856,
- 27584816, 3093888, 58265170, 3849920
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 141141474651677, 1236728744905256, 643101419899887,
- 1646615130509173, 1208239602291765
-#else
- 58043933, 2103171, 25561640, 18428694, 61869039, 9582957,
- 32477045, 24536477, 5002293, 18004173
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1501663228068911, 1354879465566912, 1444432675498247,
- 897812463852601, 855062598754348
-#else
- 55051311, 22376525, 21115584, 20189277, 8808711, 21523724,
- 16489529, 13378448, 41263148, 12741425
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 714380763546606, 1032824444965790, 1774073483745338,
- 1063840874947367, 1738680636537158
-#else
- 61162478, 10645102, 36197278, 15390283, 63821882, 26435754,
- 24306471, 15852464, 28834118, 25908360
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1640635546696252, 633168953192112, 2212651044092396,
- 30590958583852, 368515260889378
-#else
- 49773116, 24447374, 42577584, 9434952, 58636780, 32971069,
- 54018092, 455840, 20461858, 5491305
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1171650314802029, 1567085444565577, 1453660792008405,
- 757914533009261, 1619511342778196
-#else
- 13669229, 17458950, 54626889, 23351392, 52539093, 21661233,
- 42112877, 11293806, 38520660, 24132599
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 420958967093237, 971103481109486, 2169549185607107,
- 1301191633558497, 1661514101014240
-#else
- 28497909, 6272777, 34085870, 14470569, 8906179, 32328802,
- 18504673, 19389266, 29867744, 24758489
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 907123651818302, 1332556122804146, 1824055253424487,
- 1367614217442959, 1982558335973172
-#else
- 50901822, 13517195, 39309234, 19856633, 24009063, 27180541,
- 60741263, 20379039, 22853428, 29542421
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1121533090144639, 1021251337022187, 110469995947421,
- 1511059774758394, 2110035908131662
-#else
- 24191359, 16712145, 53177067, 15217830, 14542237, 1646131,
- 18603514, 22516545, 12876622, 31441985
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 303213233384524, 2061932261128138, 352862124777736,
- 40828818670255, 249879468482660
-#else
- 17902668, 4518229, 66697162, 30725184, 26878216, 5258055,
- 54248111, 608396, 16031844, 3723494
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 856559257852200, 508517664949010, 1378193767894916,
- 1723459126947129, 1962275756614521
-#else
- 38476072, 12763727, 46662418, 7577503, 33001348, 20536687,
- 17558841, 25681542, 23896953, 29240187
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1445691340537320, 40614383122127, 402104303144865,
- 485134269878232, 1659439323587426
-#else
- 47103464, 21542479, 31520463, 605201, 2543521, 5991821,
- 64163800, 7229063, 57189218, 24727572
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 20057458979482, 1183363722525800, 2140003847237215,
- 2053873950687614, 2112017736174909
-#else
- 28816026, 298879, 38943848, 17633493, 19000927, 31888542,
- 54428030, 30605106, 49057085, 31471516
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2228654250927986, 1483591363415267, 1368661293910956,
- 1076511285177291, 526650682059608
-#else
- 16000882, 33209536, 3493091, 22107234, 37604268, 20394642,
- 12577739, 16041268, 47393624, 7847706
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 709481497028540, 531682216165724, 316963769431931,
- 1814315888453765, 258560242424104
-#else
- 10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
- 34252933, 27035413, 57088296, 3852847
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1053447823660455, 1955135194248683, 1010900954918985,
- 1182614026976701, 1240051576966610
-#else
- 55678375, 15697595, 45987307, 29133784, 5386313, 15063598,
- 16514493, 17622322, 29330898, 18478208
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1957943897155497, 1788667368028035, 137692910029106,
- 1039519607062, 826404763313028
-#else
- 41609129, 29175637, 51885955, 26653220, 16615730, 2051784,
- 3303702, 15490, 39560068, 12314390
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1848942433095597, 1582009882530495, 1849292741020143,
- 1068498323302788, 2001402229799484
-#else
- 15683501, 27551389, 18109119, 23573784, 15337967, 27556609,
- 50391428, 15921865, 16103996, 29823217
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1528282417624269, 2142492439828191, 2179662545816034,
- 362568973150328, 1591374675250271
-#else
- 43939021, 22773182, 13588191, 31925625, 63310306, 32479502,
- 47835256, 5402698, 37293151, 23713330
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 160026679434388, 232341189218716, 2149181472355545,
- 598041771119831, 183859001910173
-#else
- 23190676, 2384583, 34394524, 3462153, 37205209, 32025299,
- 55842007, 8911516, 41903005, 2739712
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2013278155187349, 662660471354454, 793981225706267,
- 411706605985744, 804490933124791
-#else
- 21374101, 30000182, 33584214, 9874410, 15377179, 11831242,
- 33578960, 6134906, 4931255, 11987849
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2051892037280204, 488391251096321, 2230187337030708,
- 930221970662692, 679002758255210
-#else
- 67101132, 30575573, 50885377, 7277596, 105524, 33232381,
- 35628324, 13861387, 37032554, 10117929
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1530723630438670, 875873929577927, 341560134269988,
- 449903119530753, 1055551308214179
-#else
- 37607694, 22809559, 40945095, 13051538, 41483300, 5089642,
- 60783361, 6704078, 12890019, 15728940
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1461835919309432, 1955256480136428, 180866187813063,
- 1551979252664528, 557743861963950
-#else
- 45136504, 21783052, 66157804, 29135591, 14704839, 2695116,
- 903376, 23126293, 12885166, 8311031
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 359179641731115, 1324915145732949, 902828372691474,
- 294254275669987, 1887036027752957
-#else
- 49592363, 5352193, 10384213, 19742774, 7506450, 13453191,
- 26423267, 4384730, 1888765, 28119028
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2043271609454323, 2038225437857464, 1317528426475850,
- 1398989128982787, 2027639881006861
-#else
- 41291507, 30447119, 53614264, 30371925, 30896458, 19632703,
- 34857219, 20846562, 47644429, 30214188
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2072902725256516, 312132452743412, 309930885642209,
- 996244312618453, 1590501300352303
-#else
- 43500868, 30888657, 66582772, 4651135, 5765089, 4618330,
- 6092245, 14845197, 17151279, 23700316
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1397254305160710, 695734355138021, 2233992044438756,
- 1776180593969996, 1085588199351115
-#else
- 42278406, 20820711, 51942885, 10367249, 37577956, 33289075,
- 22825804, 26467153, 50242379, 16176524
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 440567051331029, 254894786356681, 493869224930222,
- 1556322069683366, 1567456540319218
-#else
- 43525589, 6564960, 20063689, 3798228, 62368686, 7359224,
- 2006182, 23191006, 38362610, 23356922
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1950722461391320, 1907845598854797, 1822757481635527,
- 2121567704750244, 73811931471221
-#else
- 56482264, 29068029, 53788301, 28429114, 3432135, 27161203,
- 23632036, 31613822, 32808309, 1099883
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 387139307395758, 2058036430315676, 1220915649965325,
- 1794832055328951, 1230009312169328
-#else
- 15030958, 5768825, 39657628, 30667132, 60681485, 18193060,
- 51830967, 26745081, 2051440, 18328567
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1765973779329517, 659344059446977, 19821901606666,
- 1301928341311214, 1116266004075885
-#else
- 63746541, 26315059, 7517889, 9824992, 23555850, 295369, 5148398,
- 19400244, 44422509, 16633659
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1127572801181483, 1224743760571696, 1276219889847274,
- 1529738721702581, 1589819666871853
-#else
- 4577067, 16802144, 13249840, 18250104, 19958762, 19017158,
- 18559669, 22794883, 8402477, 23690159
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2181229378964934, 2190885205260020, 1511536077659137,
- 1246504208580490, 668883326494241
-#else
- 38702534, 32502850, 40318708, 32646733, 49896449, 22523642,
- 9453450, 18574360, 17983009, 9967138
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 437866655573314, 669026411194768, 81896997980338,
- 523874406393178, 245052060935236
-#else
- 41346370, 6524721, 26585488, 9969270, 24709298, 1220360,
- 65430874, 7806336, 17507396, 3651560
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1975438052228868, 1071801519999806, 594652299224319,
- 1877697652668809, 1489635366987285
-#else
- 56688388, 29436320, 14584638, 15971087, 51340543, 8861009,
- 26556809, 27979875, 48555541, 22197296
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 958592545673770, 233048016518599, 851568750216589,
- 567703851596087, 1740300006094761
-#else
- 2839082, 14284142, 4029895, 3472686, 14402957, 12689363,
- 40466743, 8459446, 61503401, 25932490
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2014540178270324, 192672779514432, 213877182641530,
- 2194819933853411, 1716422829364835
-#else
- 62269556, 30018987, 9744960, 2871048, 25113978, 3187018,
- 41998051, 32705365, 17258083, 25576693
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1540769606609725, 2148289943846077, 1597804156127445,
- 1230603716683868, 815423458809453
-#else
- 18164541, 22959256, 49953981, 32012014, 19237077, 23809137,
- 23357532, 18337424, 26908269, 12150756
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1738560251245018, 1779576754536888, 1783765347671392,
- 1880170990446751, 1088225159617541
-#else
- 36843994, 25906566, 5112248, 26517760, 65609056, 26580174,
- 43167, 28016731, 34806789, 16215818
-#endif
- }},
- },
- },
- {
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 659303913929492, 1956447718227573, 1830568515922666,
- 841069049744408, 1669607124206368
-#else
- 60209940, 9824393, 54804085, 29153342, 35711722, 27277596,
- 32574488, 12532905, 59605792, 24879084
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1143465490433355, 1532194726196059, 1093276745494697,
- 481041706116088, 2121405433561163
-#else
- 39765323, 17038963, 39957339, 22831480, 946345, 16291093,
- 254968, 7168080, 21676107, 31611404
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1686424298744462, 1451806974487153, 266296068846582,
- 1834686947542675, 1720762336132256
-#else
- 21260942, 25129680, 50276977, 21633609, 43430902, 3968120,
- 63456915, 27338965, 63552672, 25641356
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 889217026388959, 1043290623284660, 856125087551909,
- 1669272323124636, 1603340330827879
-#else
- 16544735, 13250366, 50304436, 15546241, 62525861, 12757257,
- 64646556, 24874095, 48201831, 23891632
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1206396181488998, 333158148435054, 1402633492821422,
- 1120091191722026, 1945474114550509
-#else
- 64693606, 17976703, 18312302, 4964443, 51836334, 20900867,
- 26820650, 16690659, 25459437, 28989823
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 766720088232571, 1512222781191002, 1189719893490790,
- 2091302129467914, 2141418006894941
-#else
- 41964155, 11425019, 28423002, 22533875, 60963942, 17728207,
- 9142794, 31162830, 60676445, 31909614
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 419663647306612, 1998875112167987, 1426599870253707,
- 1154928355379510, 486538532138187
-#else
- 44004212, 6253475, 16964147, 29785560, 41994891, 21257994,
- 39651638, 17209773, 6335691, 7249989
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 938160078005954, 1421776319053174, 1941643234741774,
- 180002183320818, 1414380336750546
-#else
- 36775618, 13979674, 7503222, 21186118, 55152142, 28932738,
- 36836594, 2682241, 25993170, 21075909
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 398001940109652, 1577721237663248, 1012748649830402,
- 1540516006905144, 1011684812884559
-#else
- 4364628, 5930691, 32304656, 23509878, 59054082, 15091130,
- 22857016, 22955477, 31820367, 15075278
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1653276489969630, 6081825167624, 1921777941170836,
- 1604139841794531, 861211053640641
-#else
- 31879134, 24635739, 17258760, 90626, 59067028, 28636722,
- 24162787, 23903546, 49138625, 12833044
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 996661541407379, 1455877387952927, 744312806857277,
- 139213896196746, 1000282908547789
-#else
- 19073683, 14851414, 42705695, 21694263, 7625277, 11091125,
- 47489674, 2074448, 57694925, 14905376
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1450817495603008, 1476865707053229, 1030490562252053,
- 620966950353376, 1744760161539058
-#else
- 24483648, 21618865, 64589997, 22007013, 65555733, 15355505,
- 41826784, 9253128, 27628530, 25998952
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 559728410002599, 37056661641185, 2038622963352006,
- 1637244893271723, 1026565352238948
-#else
- 17597607, 8340603, 19355617, 552187, 26198470, 30377849,
- 4593323, 24396850, 52997988, 15297015
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 962165956135846, 1116599660248791, 182090178006815,
- 1455605467021751, 196053588803284
-#else
- 510886, 14337390, 35323607, 16638631, 6328095, 2713355,
- 46891447, 21690211, 8683220, 2921426
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 796863823080135, 1897365583584155, 420466939481601,
- 2165972651724672, 932177357788289
-#else
- 18606791, 11874196, 27155355, 28272950, 43077121, 6265445,
- 41930624, 32275507, 4674689, 13890525
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 877047233620632, 1375632631944375, 643773611882121,
- 660022738847877, 19353932331831
-#else
- 13609624, 13069022, 39736503, 20498523, 24360585, 9592974,
- 14977157, 9835105, 4389687, 288396
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2216943882299338, 394841323190322, 2222656898319671,
- 558186553950529, 1077236877025190
-#else
- 9922506, 33035038, 13613106, 5883594, 48350519, 33120168,
- 54804801, 8317627, 23388070, 16052080
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 801118384953213, 1914330175515892, 574541023311511,
- 1471123787903705, 1526158900256288
-#else
- 12719997, 11937594, 35138804, 28525742, 26900119, 8561328,
- 46953177, 21921452, 52354592, 22741539
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 949617889087234, 2207116611267331, 912920039141287,
- 501158539198789, 62362560771472
-#else
- 15961858, 14150409, 26716931, 32888600, 44314535, 13603568,
- 11829573, 7467844, 38286736, 929274
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1474518386765335, 1760793622169197, 1157399790472736,
- 1622864308058898, 165428294422792
-#else
- 11038231, 21972036, 39798381, 26237869, 56610336, 17246600,
- 43629330, 24182562, 45715720, 2465073
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1961673048027128, 102619413083113, 1051982726768458,
- 1603657989805485, 1941613251499678
-#else
- 20017144, 29231206, 27915241, 1529148, 12396362, 15675764,
- 13817261, 23896366, 2463390, 28932292
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1401939116319266, 335306339903072, 72046196085786,
- 862423201496006, 850518754531384
-#else
- 50749986, 20890520, 55043680, 4996453, 65852442, 1073571,
- 9583558, 12851107, 4003896, 12673717
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1234706593321979, 1083343891215917, 898273974314935,
- 1640859118399498, 157578398571149
-#else
- 65377275, 18398561, 63845933, 16143081, 19294135, 13385325,
- 14741514, 24450706, 7903885, 2348101
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1143483057726416, 1992614991758919, 674268662140796,
- 1773370048077526, 674318359920189
-#else
- 24536016, 17039225, 12715591, 29692277, 1511292, 10047386,
- 63266518, 26425272, 38731325, 10048126
-#endif
- }},
+ {0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0xe, 0x8c,
+ 0xfb, 0xc6, 0x2d, 0x93, 0xcf, 0xc2, 0x42, 0x3d, 0x64, 0x98, 0x48,
+ 0xb, 0x27, 0x65, 0xba, 0xd4, 0x33, 0x3a, 0x9d, 0xcf, 0x7},
+ {0x3e, 0x91, 0x40, 0xd7, 0x5, 0x39, 0x10, 0x9d, 0xb3, 0xbe, 0x40,
+ 0xd1, 0x5, 0x9f, 0x39, 0xfd, 0x9, 0x8a, 0x8f, 0x68, 0x34, 0x84,
+ 0xc1, 0xa5, 0x67, 0x12, 0xf8, 0x98, 0x92, 0x2f, 0xfd, 0x44},
+ {0x68, 0xaa, 0x7a, 0x87, 0x5, 0x12, 0xc9, 0xab, 0x9e, 0xc4, 0xaa,
+ 0xcc, 0x23, 0xe8, 0xd9, 0x26, 0x8c, 0x59, 0x43, 0xdd, 0xcb, 0x7d,
+ 0x1b, 0x5a, 0xa8, 0x65, 0xc, 0x9f, 0x68, 0x7b, 0x11, 0x6f},
+ },
+ {
+ {0xd7, 0x71, 0x3c, 0x93, 0xfc, 0xe7, 0x24, 0x92, 0xb5, 0xf5, 0xf,
+ 0x7a, 0x96, 0x9d, 0x46, 0x9f, 0x2, 0x7, 0xd6, 0xe1, 0x65, 0x9a,
+ 0xa6, 0x5a, 0x2e, 0x2e, 0x7d, 0xa8, 0x3f, 0x6, 0xc, 0x59},
+ {0xa8, 0xd5, 0xb4, 0x42, 0x60, 0xa5, 0x99, 0x8a, 0xf6, 0xac, 0x60,
+ 0x4e, 0xc, 0x81, 0x2b, 0x8f, 0xaa, 0x37, 0x6e, 0xb1, 0x6b, 0x23,
+ 0x9e, 0xe0, 0x55, 0x25, 0xc9, 0x69, 0xa6, 0x95, 0xb5, 0x6b},
+ {0x5f, 0x7a, 0x9b, 0xa5, 0xb3, 0xa8, 0xfa, 0x43, 0x78, 0xcf, 0x9a,
+ 0x5d, 0xdd, 0x6b, 0xc1, 0x36, 0x31, 0x6a, 0x3d, 0xb, 0x84, 0xa0,
+ 0xf, 0x50, 0x73, 0xb, 0xa5, 0x3e, 0xb1, 0xf5, 0x1a, 0x70},
+ },
+ {
+ {0x30, 0x97, 0xee, 0x4c, 0xa8, 0xb0, 0x25, 0xaf, 0x8a, 0x4b, 0x86,
+ 0xe8, 0x30, 0x84, 0x5a, 0x2, 0x32, 0x67, 0x1, 0x9f, 0x2, 0x50,
+ 0x1b, 0xc1, 0xf4, 0xf8, 0x80, 0x9a, 0x1b, 0x4e, 0x16, 0x7a},
+ {0x65, 0xd2, 0xfc, 0xa4, 0xe8, 0x1f, 0x61, 0x56, 0x7d, 0xba, 0xc1,
+ 0xe5, 0xfd, 0x53, 0xd3, 0x3b, 0xbd, 0xd6, 0x4b, 0x21, 0x1a, 0xf3,
+ 0x31, 0x81, 0x62, 0xda, 0x5b, 0x55, 0x87, 0x15, 0xb9, 0x2a},
+ {0x89, 0xd8, 0xd0, 0xd, 0x3f, 0x93, 0xae, 0x14, 0x62, 0xda, 0x35,
+ 0x1c, 0x22, 0x23, 0x94, 0x58, 0x4c, 0xdb, 0xf2, 0x8c, 0x45, 0xe5,
+ 0x70, 0xd1, 0xc6, 0xb4, 0xb9, 0x12, 0xaf, 0x26, 0x28, 0x5a},
+ },
+ {
+ {0x9f, 0x9, 0xfc, 0x8e, 0xb9, 0x51, 0x73, 0x28, 0x38, 0x25, 0xfd,
+ 0x7d, 0xf4, 0xc6, 0x65, 0x67, 0x65, 0x92, 0xa, 0xfb, 0x3d, 0x8d,
+ 0x34, 0xca, 0x27, 0x87, 0xe5, 0x21, 0x3, 0x91, 0xe, 0x68},
+ {0xbf, 0x18, 0x68, 0x5, 0xa, 0x5, 0xfe, 0x95, 0xa9, 0xfa, 0x60,
+ 0x56, 0x71, 0x89, 0x7e, 0x32, 0x73, 0x50, 0xa0, 0x6, 0xcd, 0xe3,
+ 0xe8, 0xc3, 0x9a, 0xa4, 0x45, 0x74, 0x4c, 0x3f, 0x93, 0x27},
+ {0x9, 0xff, 0x76, 0xc4, 0xe9, 0xfb, 0x13, 0x5a, 0x72, 0xc1, 0x5c,
+ 0x7b, 0x45, 0x39, 0x9e, 0x6e, 0x94, 0x44, 0x2b, 0x10, 0xf9, 0xdc,
+ 0xdb, 0x5d, 0x2b, 0x3e, 0x55, 0x63, 0xbf, 0xc, 0x9d, 0x7f},
+ },
+ {
+ {0x33, 0xbb, 0xa5, 0x8, 0x44, 0xbc, 0x12, 0xa2, 0x2, 0xed, 0x5e,
+ 0xc7, 0xc3, 0x48, 0x50, 0x8d, 0x44, 0xec, 0xbf, 0x5a, 0xc, 0xeb,
+ 0x1b, 0xdd, 0xeb, 0x6, 0xe2, 0x46, 0xf1, 0xcc, 0x45, 0x29},
+ {0xba, 0xd6, 0x47, 0xa4, 0xc3, 0x82, 0x91, 0x7f, 0xb7, 0x29, 0x27,
+ 0x4b, 0xd1, 0x14, 0x0, 0xd5, 0x87, 0xa0, 0x64, 0xb8, 0x1c, 0xf1,
+ 0x3c, 0xe3, 0xf3, 0x55, 0x1b, 0xeb, 0x73, 0x7e, 0x4a, 0x15},
+ {0x85, 0x82, 0x2a, 0x81, 0xf1, 0xdb, 0xbb, 0xbc, 0xfc, 0xd1, 0xbd,
+ 0xd0, 0x7, 0x8, 0xe, 0x27, 0x2d, 0xa7, 0xbd, 0x1b, 0xb, 0x67,
+ 0x1b, 0xb4, 0x9a, 0xb6, 0x3b, 0x6b, 0x69, 0xbe, 0xaa, 0x43},
+ },
+ {
+ {0x31, 0x71, 0x15, 0x77, 0xeb, 0xee, 0xc, 0x3a, 0x88, 0xaf, 0xc8,
+ 0x0, 0x89, 0x15, 0x27, 0x9b, 0x36, 0xa7, 0x59, 0xda, 0x68, 0xb6,
+ 0x65, 0x80, 0xbd, 0x38, 0xcc, 0xa2, 0xb6, 0x7b, 0xe5, 0x51},
+ {0xa4, 0x8c, 0x7d, 0x7b, 0xb6, 0x6, 0x98, 0x49, 0x39, 0x27, 0xd2,
+ 0x27, 0x84, 0xe2, 0x5b, 0x57, 0xb9, 0x53, 0x45, 0x20, 0xe7, 0x5c,
+ 0x8, 0xbb, 0x84, 0x78, 0x41, 0xae, 0x41, 0x4c, 0xb6, 0x38},
+ {0x71, 0x4b, 0xea, 0x2, 0x67, 0x32, 0xac, 0x85, 0x1, 0xbb, 0xa1,
+ 0x41, 0x3, 0xe0, 0x70, 0xbe, 0x44, 0xc1, 0x3b, 0x8, 0x4b, 0xa2,
+ 0xe4, 0x53, 0xe3, 0x61, 0xd, 0x9f, 0x1a, 0xe9, 0xb8, 0x10},
+ },
+ {
+ {0xbf, 0xa3, 0x4e, 0x94, 0xd0, 0x5c, 0x1a, 0x6b, 0xd2, 0xc0, 0x9d,
+ 0xb3, 0x3a, 0x35, 0x70, 0x74, 0x49, 0x2e, 0x54, 0x28, 0x82, 0x52,
+ 0xb2, 0x71, 0x7e, 0x92, 0x3c, 0x28, 0x69, 0xea, 0x1b, 0x46},
+ {0xb1, 0x21, 0x32, 0xaa, 0x9a, 0x2c, 0x6f, 0xba, 0xa7, 0x23, 0xba,
+ 0x3b, 0x53, 0x21, 0xa0, 0x6c, 0x3a, 0x2c, 0x19, 0x92, 0x4f, 0x76,
+ 0xea, 0x9d, 0xe0, 0x17, 0x53, 0x2e, 0x5d, 0xdd, 0x6e, 0x1d},
+ {0xa2, 0xb3, 0xb8, 0x1, 0xc8, 0x6d, 0x83, 0xf1, 0x9a, 0xa4, 0x3e,
+ 0x5, 0x47, 0x5f, 0x3, 0xb3, 0xf3, 0xad, 0x77, 0x58, 0xba, 0x41,
+ 0x9c, 0x52, 0xa7, 0x90, 0xf, 0x6a, 0x1c, 0xbb, 0x9f, 0x7a},
+ },
+ {
+ {0x8f, 0x3e, 0xdd, 0x4, 0x66, 0x59, 0xb7, 0x59, 0x2c, 0x70, 0x88,
+ 0xe2, 0x77, 0x3, 0xb3, 0x6c, 0x23, 0xc3, 0xd9, 0x5e, 0x66, 0x9c,
+ 0x33, 0xb1, 0x2f, 0xe5, 0xbc, 0x61, 0x60, 0xe7, 0x15, 0x9},
+ {0xd9, 0x34, 0x92, 0xf3, 0xed, 0x5d, 0xa7, 0xe2, 0xf9, 0x58, 0xb5,
+ 0xe1, 0x80, 0x76, 0x3d, 0x96, 0xfb, 0x23, 0x3c, 0x6e, 0xac, 0x41,
+ 0x27, 0x2c, 0xc3, 0x1, 0xe, 0x32, 0xa1, 0x24, 0x90, 0x3a},
+ {0x1a, 0x91, 0xa2, 0xc9, 0xd9, 0xf5, 0xc1, 0xe7, 0xd7, 0xa7, 0xcc,
+ 0x8b, 0x78, 0x71, 0xa3, 0xb8, 0x32, 0x2a, 0xb6, 0xe, 0x19, 0x12,
+ 0x64, 0x63, 0x95, 0x4e, 0xcc, 0x2e, 0x5c, 0x7c, 0x90, 0x26},
},
},
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1835401379538542, 173900035308392, 818247630716732,
- 1762100412152786, 1021506399448291
-#else
- 54486638, 27349611, 30718824, 2591312, 56491836, 12192839,
- 18873298, 26257342, 34811107, 15221631
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1506632088156630, 2127481795522179, 513812919490255,
- 140643715928370, 442476620300318
-#else
- 40630742, 22450567, 11546243, 31701949, 9180879, 7656409,
- 45764914, 2095754, 29769758, 6593415
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2056683376856736, 219094741662735, 2193541883188309,
- 1841182310235800, 556477468664293
-#else
- 35114656, 30646970, 4176911, 3264766, 12538965, 32686321,
- 26312344, 27435754, 30958053, 8292160
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1315019427910827, 1049075855992603, 2066573052986543,
- 266904467185534, 2040482348591520
-#else
- 31429803, 19595316, 29173531, 15632448, 12174511, 30794338,
- 32808830, 3977186, 26143136, 30405556
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 94096246544434, 922482381166992, 24517828745563,
- 2139430508542503, 2097139044231004
-#else
- 22648882, 1402143, 44308880, 13746058, 7936347, 365344,
- 58440231, 31879998, 63350620, 31249806
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 537697207950515, 1399352016347350, 1563663552106345,
- 2148749520888918, 549922092988516
-#else
- 51616947, 8012312, 64594134, 20851969, 43143017, 23300402,
- 65496150, 32018862, 50444388, 8194477
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1747985413252434, 680511052635695, 1809559829982725,
- 594274250930054, 201673170745982
-#else
- 27338066, 26047012, 59694639, 10140404, 48082437, 26964542,
- 27277190, 8855376, 28572286, 3005164
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 323583936109569, 1973572998577657, 1192219029966558,
- 79354804385273, 1374043025560347
-#else
- 26287105, 4821776, 25476601, 29408529, 63344350, 17765447,
- 49100281, 1182478, 41014043, 20474836
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 213277331329947, 416202017849623, 1950535221091783,
- 1313441578103244, 2171386783823658
-#else
- 59937691, 3178079, 23970071, 6201893, 49913287, 29065239,
- 45232588, 19571804, 32208682, 32356184
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 189088804229831, 993969372859110, 895870121536987,
- 1547301535298256, 1477373024911350
-#else
- 50451143, 2817642, 56822502, 14811297, 6024667, 13349505,
- 39793360, 23056589, 39436278, 22014573
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1620578418245010, 541035331188469, 2235785724453865,
- 2154865809088198, 1974627268751826
-#else
- 15941010, 24148500, 45741813, 8062054, 31876073, 33315803,
- 51830470, 32110002, 15397330, 29424239
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1346805451740245, 1350981335690626, 942744349501813,
- 2155094562545502, 1012483751693409
-#else
- 8934485, 20068965, 43822466, 20131190, 34662773, 14047985,
- 31170398, 32113411, 39603297, 15087183
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2107080134091762, 1132567062788208, 1824935377687210,
- 769194804343737, 1857941799971888
-#else
- 48751602, 31397940, 24524912, 16876564, 15520426, 27193656,
- 51606457, 11461895, 16788528, 27685490
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1074666112436467, 249279386739593, 1174337926625354,
- 1559013532006480, 1472287775519121
-#else
- 65161459, 16013772, 21750665, 3714552, 49707082, 17498998,
- 63338576, 23231111, 31322513, 21938797
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1872620123779532, 1892932666768992, 1921559078394978,
- 1270573311796160, 1438913646755037
-#else
- 21426636, 27904214, 53460576, 28206894, 38296674, 28633461,
- 48833472, 18933017, 13040861, 21441484
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 837390187648199, 1012253300223599, 989780015893987,
- 1351393287739814, 328627746545550
-#else
- 11293895, 12478086, 39972463, 15083749, 37801443, 14748871,
- 14555558, 20137329, 1613710, 4896935
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1028328827183114, 1711043289969857, 1350832470374933,
- 1923164689604327, 1495656368846911
-#else
- 41213962, 15323293, 58619073, 25496531, 25967125, 20128972,
- 2825959, 28657387, 43137087, 22287016
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1900828492104143, 430212361082163, 687437570852799,
- 832514536673512, 1685641495940794
-#else
- 51184079, 28324551, 49665331, 6410663, 3622847, 10243618,
- 20615400, 12405433, 43355834, 25118015
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 842632847936398, 605670026766216, 290836444839585,
- 163210774892356, 2213815011799645
-#else
- 60017550, 12556207, 46917512, 9025186, 50036385, 4333800,
- 4378436, 2432030, 23097949, 32988414
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1176336383453996, 1725477294339771, 12700622672454,
- 678015708818208, 162724078519879
-#else
- 4565804, 17528778, 20084411, 25711615, 1724998, 189254,
- 24767264, 10103221, 48596551, 2424777
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1448049969043497, 1789411762943521, 385587766217753,
- 90201620913498, 832999441066823
-#else
- 366633, 21577626, 8173089, 26664313, 30788633, 5745705,
- 59940186, 1344108, 63466311, 12412658
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 516086333293313, 2240508292484616, 1351669528166508,
- 1223255565316488, 750235824427138
-#else
- 43107073, 7690285, 14929416, 33386175, 34898028, 20141445,
- 24162696, 18227928, 63967362, 11179384
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1263624896582495, 1102602401673328, 526302183714372,
- 2152015839128799, 1483839308490010
-#else
- 18289503, 18829478, 8056944, 16430056, 45379140, 7842513,
- 61107423, 32067534, 48424218, 22110928
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 442991718646863, 1599275157036458, 1925389027579192,
- 899514691371390, 350263251085160
-#else
- 476239, 6601091, 60956074, 23831056, 17503544, 28690532,
- 27672958, 13403813, 11052904, 5219329
-#endif
- }},
+ {0x1d, 0x9c, 0x2f, 0x63, 0xe, 0xdd, 0xcc, 0x2e, 0x15, 0x31, 0x89,
+ 0x76, 0x96, 0xb6, 0xd0, 0x51, 0x58, 0x7a, 0x63, 0xa8, 0x6b, 0xb7,
+ 0xdf, 0x52, 0x39, 0xef, 0xe, 0xa0, 0x49, 0x7d, 0xd3, 0x6d},
+ {0x5e, 0x51, 0xaa, 0x49, 0x54, 0x63, 0x5b, 0xed, 0x3a, 0x82, 0xc6,
+ 0xb, 0x9f, 0xc4, 0x65, 0xa8, 0xc4, 0xd1, 0x42, 0x5b, 0xe9, 0x1f,
+ 0xc, 0x85, 0xb9, 0x15, 0xd3, 0x3, 0x6f, 0x6d, 0xd7, 0x30},
+ {0xc7, 0xe4, 0x6, 0x21, 0x17, 0x44, 0x44, 0x6c, 0x69, 0x7f, 0x8d,
+ 0x92, 0x80, 0xd6, 0x53, 0xfb, 0x26, 0x3f, 0x4d, 0x69, 0xa4, 0x9e,
+ 0x73, 0xb4, 0xb0, 0x4b, 0x86, 0x2e, 0x11, 0x97, 0xc6, 0x10},
+ },
+ {
+ {0x5, 0xc8, 0x58, 0x83, 0xa0, 0x2a, 0xa6, 0xc, 0x47, 0x42, 0x20,
+ 0x7a, 0xe3, 0x4a, 0x3d, 0x6a, 0xdc, 0xed, 0x11, 0x3b, 0xa6, 0xd3,
+ 0x64, 0x74, 0xef, 0x6, 0x8, 0x55, 0xaf, 0x9b, 0xbf, 0x3},
+ {0xde, 0x5f, 0xbe, 0x7d, 0x27, 0xc4, 0x93, 0x64, 0xa2, 0x7e, 0xad,
+ 0x19, 0xad, 0x4f, 0x5d, 0x26, 0x90, 0x45, 0x30, 0x46, 0xc8, 0xdf,
+ 0x0, 0xe, 0x9, 0xfe, 0x66, 0xed, 0xab, 0x1c, 0xe6, 0x25},
+ {0x4, 0x66, 0x58, 0xcc, 0x28, 0xe1, 0x13, 0x3f, 0x7e, 0x74, 0x59,
+ 0xb4, 0xec, 0x73, 0x58, 0x6f, 0xf5, 0x68, 0x12, 0xcc, 0xed, 0x3d,
+ 0xb6, 0xa0, 0x2c, 0xe2, 0x86, 0x45, 0x63, 0x78, 0x6d, 0x56},
+ },
+ {
+ {0xd0, 0x2f, 0x5a, 0xc6, 0x85, 0x42, 0x5, 0xa1, 0xc3, 0x67, 0x16,
+ 0xf3, 0x2a, 0x11, 0x64, 0x6c, 0x58, 0xee, 0x1a, 0x73, 0x40, 0xe2,
+ 0xa, 0x68, 0x2a, 0xb2, 0x93, 0x47, 0xf3, 0xa5, 0xfb, 0x14},
+ {0x34, 0x8, 0xc1, 0x9c, 0x9f, 0xa4, 0x37, 0x16, 0x51, 0xc4, 0x9b,
+ 0xa8, 0xd5, 0x56, 0x8e, 0xbc, 0xdb, 0xd2, 0x7f, 0x7f, 0xf, 0xec,
+ 0xb5, 0x1c, 0xd9, 0x35, 0xcc, 0x5e, 0xca, 0x5b, 0x97, 0x33},
+ {0xd4, 0xf7, 0x85, 0x69, 0x16, 0x46, 0xd7, 0x3c, 0x57, 0x0, 0xc8,
+ 0xc9, 0x84, 0x5e, 0x3e, 0x59, 0x1e, 0x13, 0x61, 0x7b, 0xb6, 0xf2,
+ 0xc3, 0x2f, 0x6c, 0x52, 0xfc, 0x83, 0xea, 0x9c, 0x82, 0x14},
+ },
+ {
+ {0xb8, 0xec, 0x71, 0x4e, 0x2f, 0xb, 0xe7, 0x21, 0xe3, 0x77, 0xa4,
+ 0x40, 0xb9, 0xdd, 0x56, 0xe6, 0x80, 0x4f, 0x1d, 0xce, 0xce, 0x56,
+ 0x65, 0xbf, 0x7e, 0x7b, 0x5d, 0x53, 0xc4, 0x3b, 0xfc, 0x5},
+ {0xc2, 0x95, 0xdd, 0x97, 0x84, 0x7b, 0x43, 0xff, 0xa7, 0xb5, 0x4e,
+ 0xaa, 0x30, 0x4e, 0x74, 0x6c, 0x8b, 0xe8, 0x85, 0x3c, 0x61, 0x5d,
+ 0xc, 0x9e, 0x73, 0x81, 0x75, 0x5f, 0x1e, 0xc7, 0xd9, 0x2f},
+ {0xdd, 0xde, 0xaf, 0x52, 0xae, 0xb3, 0xb8, 0x24, 0xcf, 0x30, 0x3b,
+ 0xed, 0x8c, 0x63, 0x95, 0x34, 0x95, 0x81, 0xbe, 0xa9, 0x83, 0xbc,
+ 0xa4, 0x33, 0x4, 0x1f, 0x65, 0x5c, 0x47, 0x67, 0x37, 0x37},
+ },
+ {
+ {0x90, 0x65, 0x24, 0x14, 0xcb, 0x95, 0x40, 0x63, 0x35, 0x55, 0xc1,
+ 0x16, 0x40, 0x14, 0x12, 0xef, 0x60, 0xbc, 0x10, 0x89, 0xc, 0x14,
+ 0x38, 0x9e, 0x8c, 0x7c, 0x90, 0x30, 0x57, 0x90, 0xf5, 0x6b},
+ {0xd9, 0xad, 0xd1, 0x40, 0xfd, 0x99, 0xba, 0x2f, 0x27, 0xd0, 0xf4,
+ 0x96, 0x6f, 0x16, 0x7, 0xb3, 0xae, 0x3b, 0xf0, 0x15, 0x52, 0xf0,
+ 0x63, 0x43, 0x99, 0xf9, 0x18, 0x3b, 0x6c, 0xa5, 0xbe, 0x1f},
+ {0x8a, 0x5b, 0x41, 0xe1, 0xf1, 0x78, 0xa7, 0xf, 0x7e, 0xa7, 0xc3,
+ 0xba, 0xf7, 0x9f, 0x40, 0x6, 0x50, 0x9a, 0xa2, 0x9a, 0xb8, 0xd7,
+ 0x52, 0x6f, 0x56, 0x5a, 0x63, 0x7a, 0xf6, 0x1c, 0x52, 0x2},
+ },
+ {
+ {0xe4, 0x5e, 0x2f, 0x77, 0x20, 0x67, 0x14, 0xb1, 0xce, 0x9a, 0x7,
+ 0x96, 0xb1, 0x94, 0xf8, 0xe8, 0x4a, 0x82, 0xac, 0x0, 0x4d, 0x22,
+ 0xf8, 0x4a, 0xc4, 0x6c, 0xcd, 0xf7, 0xd9, 0x53, 0x17, 0x0},
+ {0x94, 0x52, 0x9d, 0xa, 0xb, 0xee, 0x3f, 0x51, 0x66, 0x5a, 0xdf,
+ 0xf, 0x5c, 0xe7, 0x98, 0x8f, 0xce, 0x7, 0xe1, 0xbf, 0x88, 0x86,
+ 0x61, 0xd4, 0xed, 0x2c, 0x38, 0x71, 0x7e, 0xa, 0xa0, 0x3f},
+ {0x34, 0xdb, 0x3d, 0x96, 0x2d, 0x23, 0x69, 0x3c, 0x58, 0x38, 0x97,
+ 0xb4, 0xda, 0x87, 0xde, 0x1d, 0x85, 0xf2, 0x91, 0xa0, 0xf9, 0xd1,
+ 0xd7, 0xaa, 0xb6, 0xed, 0x48, 0xa0, 0x2f, 0xfe, 0xb5, 0x12},
+ },
+ {
+ {0x92, 0x1e, 0x6f, 0xad, 0x26, 0x7c, 0x2b, 0xdf, 0x13, 0x89, 0x4b,
+ 0x50, 0x23, 0xd3, 0x66, 0x4b, 0xc3, 0x8b, 0x1c, 0x75, 0xc0, 0x9d,
+ 0x40, 0x8c, 0xb8, 0xc7, 0x96, 0x7, 0xc2, 0x93, 0x7e, 0x6f},
+ {0x4d, 0xe3, 0xfc, 0x96, 0xc4, 0xfb, 0xf0, 0x71, 0xed, 0x5b, 0xf3,
+ 0xad, 0x6b, 0x82, 0xb9, 0x73, 0x61, 0xc5, 0x28, 0xff, 0x61, 0x72,
+ 0x4, 0xd2, 0x6f, 0x20, 0xb1, 0x6f, 0xf9, 0x76, 0x9b, 0x74},
+ {0x5, 0xae, 0xa6, 0xae, 0x4, 0xf6, 0x5a, 0x1f, 0x99, 0x9c, 0xe4,
+ 0xbe, 0xf1, 0x51, 0x23, 0xc1, 0x66, 0x6b, 0xff, 0xee, 0xb5, 0x8,
+ 0xa8, 0x61, 0x51, 0x21, 0xe0, 0x1, 0xf, 0xc1, 0xce, 0xf},
+ },
+ {
+ {0x45, 0x4e, 0x24, 0xc4, 0x9d, 0xd2, 0xf2, 0x3d, 0xa, 0xde, 0xd8,
+ 0x93, 0x74, 0xe, 0x2, 0x2b, 0x4d, 0x21, 0xc, 0x82, 0x7e, 0x6,
+ 0xc8, 0x6c, 0xa, 0xb9, 0xea, 0x6f, 0x16, 0x79, 0x37, 0x41},
+ {0x44, 0x1e, 0xfe, 0x49, 0xa6, 0x58, 0x4d, 0x64, 0x7e, 0x77, 0xad,
+ 0x31, 0xa2, 0xae, 0xfc, 0x21, 0xd2, 0xd0, 0x7f, 0x88, 0x5a, 0x1c,
+ 0x44, 0x2, 0xf3, 0x11, 0xc5, 0x83, 0x71, 0xaa, 0x1, 0x49},
+ {0xf0, 0xf8, 0x1a, 0x8c, 0x54, 0xb7, 0xb1, 0x8, 0xb4, 0x99, 0x62,
+ 0x24, 0x7c, 0x7a, 0xf, 0xce, 0x39, 0xd9, 0x6, 0x1e, 0xf9, 0xb0,
+ 0x60, 0xf7, 0x13, 0x12, 0x6d, 0x72, 0x7b, 0x88, 0xbb, 0x41},
},
},
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1689713572022143, 593854559254373, 978095044791970,
- 1985127338729499, 1676069120347625
-#else
- 20678527, 25178694, 34436965, 8849122, 62099106, 14574751,
- 31186971, 29580702, 9014761, 24975376
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1557207018622683, 340631692799603, 1477725909476187,
- 614735951619419, 2033237123746766
-#else
- 53464795, 23204192, 51146355, 5075807, 65594203, 22019831,
- 34006363, 9160279, 8473550, 30297594
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 968764929340557, 1225534776710944, 662967304013036,
- 1155521416178595, 791142883466590
-#else
- 24900749, 14435722, 17209120, 18261891, 44516588, 9878982,
- 59419555, 17218610, 42540382, 11788947
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1487081286167458, 993039441814934, 1792378982844640,
- 698652444999874, 2153908693179754
-#else
- 63990690, 22159237, 53306774, 14797440, 9652448, 26708528,
- 47071426, 10410732, 42540394, 32095740
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1123181311102823, 685575944875442, 507605465509927,
- 1412590462117473, 568017325228626
-#else
- 51449703, 16736705, 44641714, 10215877, 58011687, 7563910,
- 11871841, 21049238, 48595538, 8464117
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 560258797465417, 2193971151466401, 1824086900849026,
- 579056363542056, 1690063960036441
-#else
- 43708233, 8348506, 52522913, 32692717, 63158658, 27181012,
- 14325288, 8628612, 33313881, 25183915
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 1918407319222416, 353767553059963, 1930426334528099,
- 1564816146005724, 1861342381708096
-#else
- 46921872, 28586496, 22367355, 5271547, 66011747, 28765593,
- 42303196, 23317577, 58168128, 27736162
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2131325168777276, 1176636658428908, 1756922641512981,
- 1390243617176012, 1966325177038383
-#else
- 60160060, 31759219, 34483180, 17533252, 32635413, 26180187,
- 15989196, 20716244, 28358191, 29300528
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2063958120364491, 2140267332393533, 699896251574968,
- 273268351312140, 375580724713232
-#else
- 43547083, 30755372, 34757181, 31892468, 57961144, 10429266,
- 50471180, 4072015, 61757200, 5596588
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2024297515263178, 416959329722687, 1079014235017302,
- 171612225573183, 1031677520051053
-#else
- 38872266, 30164383, 12312895, 6213178, 3117142, 16078565,
- 29266239, 2557221, 1768301, 15373193
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2033900009388450, 1744902869870788, 2190580087917640,
- 1949474984254121, 231049754293748
-#else
- 59865506, 30307471, 62515396, 26001078, 66980936, 32642186,
- 66017961, 29049440, 42448372, 3442909
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 343868674606581, 550155864008088, 1450580864229630,
- 481603765195050, 896972360018042
-#else
- 36898293, 5124042, 14181784, 8197961, 18964734, 21615339,
- 22597930, 7176455, 48523386, 13365929
-#endif
- }},
- },
- {
- {{
-#if defined(OPENSSL_64_BIT)
- 2151139328380127, 314745882084928, 59756825775204,
- 1676664391494651, 2048348075599360
-#else
- 59231455, 32054473, 8324672, 4690079, 6261860, 890446, 24538107,
- 24984246, 57419264, 30522764
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1528930066340597, 1605003907059576, 1055061081337675,
- 1458319101947665, 1234195845213142
-#else
- 25008885, 22782833, 62803832, 23916421, 16265035, 15721635,
- 683793, 21730648, 15723478, 18390951
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 830430507734812, 1780282976102377, 1425386760709037,
- 362399353095425, 2168861579799910
-#else
- 57448220, 12374378, 40101865, 26528283, 59384749, 21239917,
- 11879681, 5400171, 519526, 32318556
-#endif
- }},
+ {0xae, 0x91, 0x66, 0x7c, 0x59, 0x4c, 0x23, 0x7e, 0xc8, 0xb4, 0x85,
+ 0xa, 0x3d, 0x9d, 0x88, 0x64, 0xe7, 0xfa, 0x4a, 0x35, 0xc, 0xc9,
+ 0xe2, 0xda, 0x1d, 0x9e, 0x6a, 0xc, 0x7, 0x1e, 0x87, 0xa},
+ {0xbe, 0x46, 0x43, 0x74, 0x44, 0x7d, 0xe8, 0x40, 0x25, 0x2b, 0xb5,
+ 0x15, 0xd4, 0xda, 0x48, 0x1d, 0x3e, 0x60, 0x3b, 0xa1, 0x18, 0x8a,
+ 0x3a, 0x7c, 0xf7, 0xbd, 0xcd, 0x2f, 0xc1, 0x28, 0xb7, 0x4e},
+ {0x89, 0x89, 0xbc, 0x4b, 0x99, 0xb5, 0x1, 0x33, 0x60, 0x42, 0xdd,
+ 0x5b, 0x3a, 0xae, 0x6b, 0x73, 0x3c, 0x9e, 0xd5, 0x19, 0xe2, 0xad,
+ 0x61, 0xd, 0x64, 0xd4, 0x85, 0x26, 0xf, 0x30, 0xe7, 0x3e},
+ },
+ {
+ {0x18, 0x75, 0x1e, 0x84, 0x47, 0x79, 0xfa, 0x43, 0xd7, 0x46, 0x9c,
+ 0x63, 0x59, 0xfa, 0xc6, 0xe5, 0x74, 0x2b, 0x5, 0xe3, 0x1d, 0x5e,
+ 0x6, 0xa1, 0x30, 0x90, 0xb8, 0xcf, 0xa2, 0xc6, 0x47, 0x7d},
+ {0xb7, 0xd6, 0x7d, 0x9e, 0xe4, 0x55, 0xd2, 0xf5, 0xac, 0x1e, 0xb,
+ 0x61, 0x5c, 0x11, 0x16, 0x80, 0xca, 0x87, 0xe1, 0x92, 0x5d, 0x97,
+ 0x99, 0x3c, 0xc2, 0x25, 0x91, 0x97, 0x62, 0x57, 0x81, 0x13},
+ {0xe0, 0xd6, 0xf0, 0x8e, 0x14, 0xd0, 0xda, 0x3f, 0x3c, 0x6f, 0x54,
+ 0x91, 0x9a, 0x74, 0x3e, 0x9d, 0x57, 0x81, 0xbb, 0x26, 0x10, 0x62,
+ 0xec, 0x71, 0x80, 0xec, 0xc9, 0x34, 0x8d, 0xf5, 0x8c, 0x14},
+ },
+ {
+ {0x6d, 0x75, 0xe4, 0x9a, 0x7d, 0x2f, 0x57, 0xe2, 0x7f, 0x48, 0xf3,
+ 0x88, 0xbb, 0x45, 0xc3, 0x56, 0x8d, 0xa8, 0x60, 0x69, 0x6d, 0xb,
+ 0xd1, 0x9f, 0xb9, 0xa1, 0xae, 0x4e, 0xad, 0xeb, 0x8f, 0x27},
+ {0x27, 0xf0, 0x34, 0x79, 0xf6, 0x92, 0xa4, 0x46, 0xa9, 0xa, 0x84,
+ 0xf6, 0xbe, 0x84, 0x99, 0x46, 0x54, 0x18, 0x61, 0x89, 0x2a, 0xbc,
+ 0xa1, 0x5c, 0xd4, 0xbb, 0x5d, 0xbd, 0x1e, 0xfa, 0xf2, 0x3f},
+ {0x66, 0x39, 0x93, 0x8c, 0x1f, 0x68, 0xaa, 0xb1, 0x98, 0xc, 0x29,
+ 0x20, 0x9c, 0x94, 0x21, 0x8c, 0x52, 0x3c, 0x9d, 0x21, 0x91, 0x52,
+ 0x11, 0x39, 0x7b, 0x67, 0x9c, 0xfe, 0x2, 0xdd, 0x4, 0x41},
+ },
+ {
+ {0xb8, 0x6a, 0x9, 0xdb, 0x6, 0x4e, 0x21, 0x81, 0x35, 0x4f, 0xe4,
+ 0xc, 0xc9, 0xb6, 0xa8, 0x21, 0xf5, 0x2a, 0x9e, 0x40, 0x2a, 0xc1,
+ 0x24, 0x65, 0x81, 0xa4, 0xfc, 0x8e, 0xa4, 0xb5, 0x65, 0x1},
+ {0x2a, 0x42, 0x24, 0x11, 0x5e, 0xbf, 0xb2, 0x72, 0xb5, 0x3a, 0xa3,
+ 0x98, 0x33, 0xc, 0xfa, 0xa1, 0x66, 0xb6, 0x52, 0xfa, 0x1, 0x61,
+ 0xcb, 0x94, 0xd5, 0x53, 0xaf, 0xaf, 0x0, 0x3b, 0x86, 0x2c},
+ {0x76, 0x6a, 0x84, 0xa0, 0x74, 0xa4, 0x90, 0xf1, 0xc0, 0x7c, 0x2f,
+ 0xcd, 0x84, 0xf9, 0xef, 0x12, 0x8f, 0x2b, 0xaa, 0x58, 0x6, 0x29,
+ 0x5e, 0x69, 0xb8, 0xc8, 0xfe, 0xbf, 0xd9, 0x67, 0x1b, 0x59},
+ },
+ {
+ {0x5d, 0xb5, 0x18, 0x9f, 0x71, 0xb3, 0xb9, 0x99, 0x1e, 0x64, 0x8c,
+ 0xa1, 0xfa, 0xe5, 0x65, 0xe4, 0xed, 0x5, 0x9f, 0xc2, 0x36, 0x11,
+ 0x8, 0x61, 0x8b, 0x12, 0x30, 0x70, 0x86, 0x4f, 0x9b, 0x48},
+ {0xfa, 0x9b, 0xb4, 0x80, 0x1c, 0xd, 0x2f, 0x31, 0x8a, 0xec, 0xf3,
+ 0xab, 0x5e, 0x51, 0x79, 0x59, 0x88, 0x1c, 0xf0, 0x9e, 0xc0, 0x33,
+ 0x70, 0x72, 0xcb, 0x7b, 0x8f, 0xca, 0xc7, 0x2e, 0xe0, 0x3d},
+ {0xef, 0x92, 0xeb, 0x3a, 0x2d, 0x10, 0x32, 0xd2, 0x61, 0xa8, 0x16,
+ 0x61, 0xb4, 0x53, 0x62, 0xe1, 0x24, 0xaa, 0xb, 0x19, 0xe7, 0xab,
+ 0x7e, 0x3d, 0xbf, 0xbe, 0x6c, 0x49, 0xba, 0xfb, 0xf5, 0x49},
+ },
+ {
+ {0x2e, 0x57, 0x9c, 0x1e, 0x8c, 0x62, 0x5d, 0x15, 0x41, 0x47, 0x88,
+ 0xc5, 0xac, 0x86, 0x4d, 0x8a, 0xeb, 0x63, 0x57, 0x51, 0xf6, 0x52,
+ 0xa3, 0x91, 0x5b, 0x51, 0x67, 0x88, 0xc2, 0xa6, 0xa1, 0x6},
+ {0xd4, 0xcf, 0x5b, 0x8a, 0x10, 0x9a, 0x94, 0x30, 0xeb, 0x73, 0x64,
+ 0xbc, 0x70, 0xdd, 0x40, 0xdc, 0x1c, 0xd, 0x7c, 0x30, 0xc1, 0x94,
+ 0xc2, 0x92, 0x74, 0x6e, 0xfa, 0xcb, 0x6d, 0xa8, 0x4, 0x56},
+ {0xb6, 0x64, 0x17, 0x7c, 0xd4, 0xd1, 0x88, 0x72, 0x51, 0x8b, 0x41,
+ 0xe0, 0x40, 0x11, 0x54, 0x72, 0xd1, 0xf6, 0xac, 0x18, 0x60, 0x1a,
+ 0x3, 0x9f, 0xc6, 0x42, 0x27, 0xfe, 0x89, 0x9e, 0x98, 0x20},
+ },
+ {
+ {0x2e, 0xec, 0xea, 0x85, 0x8b, 0x27, 0x74, 0x16, 0xdf, 0x2b, 0xcb,
+ 0x7a, 0x7, 0xdc, 0x21, 0x56, 0x5a, 0xf4, 0xcb, 0x61, 0x16, 0x4c,
+ 0xa, 0x64, 0xd3, 0x95, 0x5, 0xf7, 0x50, 0x99, 0xb, 0x73},
+ {0x7f, 0xcc, 0x2d, 0x3a, 0xfd, 0x77, 0x97, 0x49, 0x92, 0xd8, 0x4f,
+ 0xa5, 0x2c, 0x7c, 0x85, 0x32, 0xa0, 0xe3, 0x7, 0xd2, 0x64, 0xd8,
+ 0x79, 0xa2, 0x29, 0x7e, 0xa6, 0xc, 0x1d, 0xed, 0x3, 0x4},
+ {0x52, 0xc5, 0x4e, 0x87, 0x35, 0x2d, 0x4b, 0xc9, 0x8d, 0x6f, 0x24,
+ 0x98, 0xcf, 0xc8, 0xe6, 0xc5, 0xce, 0x35, 0xc0, 0x16, 0xfa, 0x46,
+ 0xcb, 0xf7, 0xcc, 0x3d, 0x30, 0x8, 0x43, 0x45, 0xd7, 0x5b},
+ },
+ {
+ {0x2a, 0x79, 0xe7, 0x15, 0x21, 0x93, 0xc4, 0x85, 0xc9, 0xdd, 0xcd,
+ 0xbd, 0xa2, 0x89, 0x4c, 0xc6, 0x62, 0xd7, 0xa3, 0xad, 0xa8, 0x3d,
+ 0x1e, 0x9d, 0x2c, 0xf8, 0x67, 0x30, 0x12, 0xdb, 0xb7, 0x5b},
+ {0xc2, 0x4c, 0xb2, 0x28, 0x95, 0xd1, 0x9a, 0x7f, 0x81, 0xc1, 0x35,
+ 0x63, 0x65, 0x54, 0x6b, 0x7f, 0x36, 0x72, 0xc0, 0x4f, 0x6e, 0xb6,
+ 0xb8, 0x66, 0x83, 0xad, 0x80, 0x73, 0x0, 0x78, 0x3a, 0x13},
+ {0xbe, 0x62, 0xca, 0xc6, 0x67, 0xf4, 0x61, 0x9, 0xee, 0x52, 0x19,
+ 0x21, 0xd6, 0x21, 0xec, 0x4, 0x70, 0x47, 0xd5, 0x9b, 0x77, 0x60,
+ 0x23, 0x18, 0xd2, 0xe0, 0xf0, 0x58, 0x6d, 0xca, 0xd, 0x74},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1155762232730333, 980662895504006, 2053766700883521,
- 490966214077606, 510405877041357
-#else
- 22258397, 17222199, 59239046, 14613015, 44588609, 30603508,
- 46754982, 7315966, 16648397, 7605640
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1683750316716132, 652278688286128, 1221798761193539,
- 1897360681476669, 319658166027343
-#else
- 59027556, 25089834, 58885552, 9719709, 19259459, 18206220,
- 23994941, 28272877, 57640015, 4763277
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 618808732869972, 72755186759744, 2060379135624181,
- 1730731526741822, 48862757828238
-#else
- 45409620, 9220968, 51378240, 1084136, 41632757, 30702041,
- 31088446, 25789909, 55752334, 728111
-#endif
- }},
+ {0x3c, 0x43, 0x78, 0x4, 0x57, 0x8c, 0x1a, 0x23, 0x9d, 0x43, 0x81,
+ 0xc2, 0xe, 0x27, 0xb5, 0xb7, 0x9f, 0x7, 0xd9, 0xe3, 0xea, 0x99,
+ 0xaa, 0xdb, 0xd9, 0x3, 0x2b, 0x6c, 0x25, 0xf5, 0x3, 0x2c},
+ {0x4e, 0xce, 0xcf, 0x52, 0x7, 0xee, 0x48, 0xdf, 0xb7, 0x8, 0xec,
+ 0x6, 0xf3, 0xfa, 0xff, 0xc3, 0xc4, 0x59, 0x54, 0xb9, 0x2a, 0xb,
+ 0x71, 0x5, 0x8d, 0xa3, 0x3e, 0x96, 0xfa, 0x25, 0x1d, 0x16},
+ {0x7d, 0xa4, 0x53, 0x7b, 0x75, 0x18, 0xf, 0x79, 0x79, 0x58, 0xc,
+ 0xcf, 0x30, 0x1, 0x7b, 0x30, 0xf9, 0xf7, 0x7e, 0x25, 0x77, 0x3d,
+ 0x90, 0x31, 0xaf, 0xbb, 0x96, 0xbd, 0xbd, 0x68, 0x94, 0x69},
+ },
+ {
+ {0x48, 0x19, 0xa9, 0x6a, 0xe6, 0x3d, 0xdd, 0xd8, 0xcc, 0xd2, 0xc0,
+ 0x2f, 0xc2, 0x64, 0x50, 0x48, 0x2f, 0xea, 0xfd, 0x34, 0x66, 0x24,
+ 0x48, 0x9b, 0x3a, 0x2e, 0x4a, 0x6c, 0x4e, 0x1c, 0x3e, 0x29},
+ {0xcf, 0xfe, 0xda, 0xf4, 0x46, 0x2f, 0x1f, 0xbd, 0xf7, 0xd6, 0x7f,
+ 0xa4, 0x14, 0x1, 0xef, 0x7c, 0x7f, 0xb3, 0x47, 0x4a, 0xda, 0xfd,
+ 0x1f, 0xd3, 0x85, 0x57, 0x90, 0x73, 0xa4, 0x19, 0x52, 0x52},
+ {0xe1, 0x12, 0x51, 0x92, 0x4b, 0x13, 0x6e, 0x37, 0xa0, 0x5d, 0xa1,
+ 0xdc, 0xb5, 0x78, 0x37, 0x70, 0x11, 0x31, 0x1c, 0x46, 0xaf, 0x89,
+ 0x45, 0xb0, 0x23, 0x28, 0x3, 0x7f, 0x44, 0x5c, 0x60, 0x5b},
+ },
+ {
+ {0x4c, 0xf0, 0xe7, 0xf0, 0xc6, 0xfe, 0xe9, 0x3b, 0x62, 0x49, 0xe3,
+ 0x75, 0x9e, 0x57, 0x6a, 0x86, 0x1a, 0xe6, 0x1d, 0x1e, 0x16, 0xef,
+ 0x42, 0x55, 0xd5, 0xbd, 0x5a, 0xcc, 0xf4, 0xfe, 0x12, 0x2f},
+ {0x89, 0x7c, 0xc4, 0x20, 0x59, 0x80, 0x65, 0xb9, 0xcc, 0x8f, 0x3b,
+ 0x92, 0xc, 0x10, 0xf0, 0xe7, 0x77, 0xef, 0xe2, 0x2, 0x65, 0x25,
+ 0x1, 0x0, 0xee, 0xb3, 0xae, 0xa8, 0xce, 0x6d, 0xa7, 0x24},
+ {0x40, 0xc7, 0xc0, 0xdf, 0xb2, 0x22, 0x45, 0xa, 0x7, 0xa4, 0xc9,
+ 0x40, 0x7f, 0x6e, 0xd0, 0x10, 0x68, 0xf6, 0xcf, 0x78, 0x41, 0x14,
+ 0xcf, 0xc6, 0x90, 0x37, 0xa4, 0x18, 0x25, 0x7b, 0x60, 0x5e},
+ },
+ {
+ {0x14, 0xcf, 0x96, 0xa5, 0x1c, 0x43, 0x2c, 0xa0, 0x0, 0xe4, 0xd3,
+ 0xae, 0x40, 0x2d, 0xc4, 0xe3, 0xdb, 0x26, 0xf, 0x2e, 0x80, 0x26,
+ 0x45, 0xd2, 0x68, 0x70, 0x45, 0x9e, 0x13, 0x33, 0x1f, 0x20},
+ {0x18, 0x18, 0xdf, 0x6c, 0x8f, 0x1d, 0xb3, 0x58, 0xa2, 0x58, 0x62,
+ 0xc3, 0x4f, 0xa7, 0xcf, 0x35, 0x6e, 0x1d, 0xe6, 0x66, 0x4f, 0xff,
+ 0xb3, 0xe1, 0xf7, 0xd5, 0xcd, 0x6c, 0xab, 0xac, 0x67, 0x50},
+ {0x51, 0x9d, 0x3, 0x8, 0x6b, 0x7f, 0x52, 0xfd, 0x6, 0x0, 0x7c,
+ 0x1, 0x64, 0x49, 0xb1, 0x18, 0xa8, 0xa4, 0x25, 0x2e, 0xb0, 0xe,
+ 0x22, 0xd5, 0x75, 0x3, 0x46, 0x62, 0x88, 0xba, 0x7c, 0x39},
+ },
+ {
+ {0xe7, 0x79, 0x13, 0xc8, 0xfb, 0xc3, 0x15, 0x78, 0xf1, 0x2a, 0xe1,
+ 0xdd, 0x20, 0x94, 0x61, 0xa6, 0xd5, 0xfd, 0xa8, 0x85, 0xf8, 0xc0,
+ 0xa9, 0xff, 0x52, 0xc2, 0xe1, 0xc1, 0x22, 0x40, 0x1b, 0x77},
+ {0xb2, 0x59, 0x59, 0xf0, 0x93, 0x30, 0xc1, 0x30, 0x76, 0x79, 0xa9,
+ 0xe9, 0x8d, 0xa1, 0x3a, 0xe2, 0x26, 0x5e, 0x1d, 0x72, 0x91, 0xd4,
+ 0x2f, 0x22, 0x3a, 0x6c, 0x6e, 0x76, 0x20, 0xd3, 0x39, 0x23},
+ {0xa7, 0x2f, 0x3a, 0x51, 0x86, 0xd9, 0x7d, 0xd8, 0x8, 0xcf, 0xd4,
+ 0xf9, 0x71, 0x9b, 0xac, 0xf5, 0xb3, 0x83, 0xa2, 0x1e, 0x1b, 0xc3,
+ 0x6b, 0xd0, 0x76, 0x1a, 0x97, 0x19, 0x92, 0x18, 0x1a, 0x33},
+ },
+ {
+ {0xaf, 0x72, 0x75, 0x9d, 0x3a, 0x2f, 0x51, 0x26, 0x9e, 0x4a, 0x7,
+ 0x68, 0x88, 0xe2, 0xcb, 0x5b, 0xc4, 0xf7, 0x80, 0x11, 0xc1, 0xc1,
+ 0xed, 0x84, 0x7b, 0xa6, 0x49, 0xf6, 0x9f, 0x61, 0xc9, 0x1a},
+ {0xc6, 0x80, 0x4f, 0xfb, 0x45, 0x6f, 0x16, 0xf5, 0xcf, 0x75, 0xc7,
+ 0x61, 0xde, 0xc7, 0x36, 0x9c, 0x1c, 0xd9, 0x41, 0x90, 0x1b, 0xe8,
+ 0xd4, 0xe3, 0x21, 0xfe, 0xbd, 0x83, 0x6b, 0x7c, 0x16, 0x31},
+ {0x68, 0x10, 0x4b, 0x52, 0x42, 0x38, 0x2b, 0xf2, 0x87, 0xe9, 0x9c,
+ 0xee, 0x3b, 0x34, 0x68, 0x50, 0xc8, 0x50, 0x62, 0x4a, 0x84, 0x71,
+ 0x9d, 0xfc, 0x11, 0xb1, 0x8, 0x1f, 0x34, 0x36, 0x24, 0x61},
+ },
+ {
+ {0x38, 0x26, 0x2d, 0x1a, 0xe3, 0x49, 0x63, 0x8b, 0x35, 0xfd, 0xd3,
+ 0x9b, 0x0, 0xb7, 0xdf, 0x9d, 0xa4, 0x6b, 0xa0, 0xa3, 0xb8, 0xf1,
+ 0x8b, 0x7f, 0x45, 0x4, 0xd9, 0x78, 0x31, 0xaa, 0x22, 0x15},
+ {0x8d, 0x89, 0x4e, 0x87, 0xdb, 0x41, 0x9d, 0xd9, 0x20, 0xdc, 0x7,
+ 0x6c, 0xf1, 0xa5, 0xfe, 0x9, 0xbc, 0x9b, 0xf, 0xd0, 0x67, 0x2c,
+ 0x3d, 0x79, 0x40, 0xff, 0x5e, 0x9e, 0x30, 0xe2, 0xeb, 0x46},
+ {0x38, 0x49, 0x61, 0x69, 0x53, 0x2f, 0x38, 0x2c, 0x10, 0x6d, 0x2d,
+ 0xb7, 0x9a, 0x40, 0xfe, 0xda, 0x27, 0xf2, 0x46, 0xb6, 0x91, 0x33,
+ 0xc8, 0xe8, 0x6c, 0x30, 0x24, 0x5, 0xf5, 0x70, 0xfe, 0x45},
+ },
+ {
+ {0x91, 0x14, 0x95, 0xc8, 0x20, 0x49, 0xf2, 0x62, 0xa2, 0xc, 0x63,
+ 0x3f, 0xc8, 0x7, 0xf0, 0x5, 0xb8, 0xd4, 0xc9, 0xf5, 0xd2, 0x45,
+ 0xbb, 0x6f, 0x45, 0x22, 0x7a, 0xb5, 0x6d, 0x9f, 0x61, 0x16},
+ {0x8c, 0xb, 0xc, 0x96, 0xa6, 0x75, 0x48, 0xda, 0x20, 0x2f, 0xe,
+ 0xef, 0x76, 0xd0, 0x68, 0x5b, 0xd4, 0x8f, 0xb, 0x3d, 0xcf, 0x51,
+ 0xfb, 0x7, 0xd4, 0x92, 0xe3, 0xa0, 0x23, 0x16, 0x8d, 0x42},
+ {0xfd, 0x8, 0xa3, 0x1, 0x44, 0x4a, 0x4f, 0x8, 0xac, 0xca, 0xa5,
+ 0x76, 0xc3, 0x19, 0x22, 0xa8, 0x7d, 0xbc, 0xd1, 0x43, 0x46, 0xde,
+ 0xb8, 0xde, 0xc6, 0x38, 0xbd, 0x60, 0x2d, 0x59, 0x81, 0x1d},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1463171970593505, 1143040711767452, 614590986558883,
- 1409210575145591, 1882816996436803
-#else
- 26047201, 21802961, 60208540, 17032633, 24092067, 9158119,
- 62835319, 20998873, 37743427, 28056159
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2230133264691131, 563950955091024, 2042915975426398,
- 827314356293472, 672028980152815
-#else
- 17510331, 33231575, 5854288, 8403524, 17133918, 30441820,
- 38997856, 12327944, 10750447, 10014012
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 264204366029760, 1654686424479449, 2185050199932931,
- 2207056159091748, 506015669043634
-#else
- 56796096, 3936951, 9156313, 24656749, 16498691, 32559785,
- 39627812, 32887699, 3424690, 7540221
-#endif
- }},
+ {0xe8, 0xc5, 0x85, 0x7b, 0x9f, 0xb6, 0x65, 0x87, 0xb2, 0xba, 0x68,
+ 0xd1, 0x8b, 0x67, 0xf0, 0x6f, 0x9b, 0xf, 0x33, 0x1d, 0x7c, 0xe7,
+ 0x70, 0x3a, 0x7c, 0x8e, 0xaf, 0xb0, 0x51, 0x6d, 0x5f, 0x3a},
+ {0x5f, 0xac, 0xd, 0xa6, 0x56, 0x87, 0x36, 0x61, 0x57, 0xdc, 0xab,
+ 0xeb, 0x6a, 0x2f, 0xe0, 0x17, 0x7d, 0xf, 0xce, 0x4c, 0x2d, 0x3f,
+ 0x19, 0x7f, 0xf0, 0xdc, 0xec, 0x89, 0x77, 0x4a, 0x23, 0x20},
+ {0x52, 0xb2, 0x78, 0x71, 0xb6, 0xd, 0xd2, 0x76, 0x60, 0xd1, 0x1e,
+ 0xd5, 0xf9, 0x34, 0x1c, 0x7, 0x70, 0x11, 0xe4, 0xb3, 0x20, 0x4a,
+ 0x2a, 0xf6, 0x66, 0xe3, 0xff, 0x3c, 0x35, 0x82, 0xd6, 0x7c},
+ },
+ {
+ {0xf3, 0xf4, 0xac, 0x68, 0x60, 0xcd, 0x65, 0xa6, 0xd3, 0xe3, 0xd7,
+ 0x3c, 0x18, 0x2d, 0xd9, 0x42, 0xd9, 0x25, 0x60, 0x33, 0x9d, 0x38,
+ 0x59, 0x57, 0xff, 0xd8, 0x2c, 0x2b, 0x3b, 0x25, 0xf0, 0x3e},
+ {0xb6, 0xfa, 0x87, 0xd8, 0x5b, 0xa4, 0xe1, 0xb, 0x6e, 0x3b, 0x40,
+ 0xba, 0x32, 0x6a, 0x84, 0x2a, 0x0, 0x60, 0x6e, 0xe9, 0x12, 0x10,
+ 0x92, 0xd9, 0x43, 0x9, 0xdc, 0x3b, 0x86, 0xc8, 0x38, 0x28},
+ {0x30, 0x50, 0x46, 0x4a, 0xcf, 0xb0, 0x6b, 0xd1, 0xab, 0x77, 0xc5,
+ 0x15, 0x41, 0x6b, 0x49, 0xfa, 0x9d, 0x41, 0xab, 0xf4, 0x8a, 0xae,
+ 0xcf, 0x82, 0x12, 0x28, 0xa8, 0x6, 0xa6, 0xb8, 0xdc, 0x21},
+ },
+ {
+ {0xba, 0x31, 0x77, 0xbe, 0xfa, 0x0, 0x8d, 0x9a, 0x89, 0x18, 0x9e,
+ 0x62, 0x7e, 0x60, 0x3, 0x82, 0x7f, 0xd9, 0xf3, 0x43, 0x37, 0x2,
+ 0xcc, 0xb2, 0x8b, 0x67, 0x6f, 0x6c, 0xbf, 0xd, 0x84, 0x5d},
+ {0xc8, 0x9f, 0x9d, 0x8c, 0x46, 0x4, 0x60, 0x5c, 0xcb, 0xa3, 0x2a,
+ 0xd4, 0x6e, 0x9, 0x40, 0x25, 0x9c, 0x2f, 0xee, 0x12, 0x4c, 0x4d,
+ 0x5b, 0x12, 0xab, 0x1d, 0xa3, 0x94, 0x81, 0xd0, 0xc3, 0xb},
+ {0x8b, 0xe1, 0x9f, 0x30, 0xd, 0x38, 0x6e, 0x70, 0xc7, 0x65, 0xe1,
+ 0xb9, 0xa6, 0x2d, 0xb0, 0x6e, 0xab, 0x20, 0xae, 0x7d, 0x99, 0xba,
+ 0xbb, 0x57, 0xdd, 0x96, 0xc1, 0x2a, 0x23, 0x76, 0x42, 0x3a},
+ },
+ {
+ {0xcb, 0x7e, 0x44, 0xdb, 0x72, 0xc1, 0xf8, 0x3b, 0xbd, 0x2d, 0x28,
+ 0xc6, 0x1f, 0xc4, 0xcf, 0x5f, 0xfe, 0x15, 0xaa, 0x75, 0xc0, 0xff,
+ 0xac, 0x80, 0xf9, 0xa9, 0xe1, 0x24, 0xe8, 0xc9, 0x70, 0x7},
+ {0xfa, 0x84, 0x70, 0x8a, 0x2c, 0x43, 0x42, 0x4b, 0x45, 0xe5, 0xb9,
+ 0xdf, 0xe3, 0x19, 0x8a, 0x89, 0x5d, 0xe4, 0x58, 0x9c, 0x21, 0x0,
+ 0x9f, 0xbe, 0xd1, 0xeb, 0x6d, 0xa1, 0xce, 0x77, 0xf1, 0x1f},
+ {0xfd, 0xb5, 0xb5, 0x45, 0x9a, 0xd9, 0x61, 0xcf, 0x24, 0x79, 0x3a,
+ 0x1b, 0xe9, 0x84, 0x9, 0x86, 0x89, 0x3e, 0x3e, 0x30, 0x19, 0x9,
+ 0x30, 0xe7, 0x1e, 0xb, 0x50, 0x41, 0xfd, 0x64, 0xf2, 0x39},
+ },
+ {
+ {0xe1, 0x7b, 0x9, 0xfe, 0xab, 0x4a, 0x9b, 0xd1, 0x29, 0x19, 0xe0,
+ 0xdf, 0xe1, 0xfc, 0x6d, 0xa4, 0xff, 0xf1, 0xa6, 0x2c, 0x94, 0x8,
+ 0xc9, 0xc3, 0x4e, 0xf1, 0x35, 0x2c, 0x27, 0x21, 0xc6, 0x65},
+ {0x9c, 0xe2, 0xe7, 0xdb, 0x17, 0x34, 0xad, 0xa7, 0x9c, 0x13, 0x9c,
+ 0x2b, 0x6a, 0x37, 0x94, 0xbd, 0xa9, 0x7b, 0x59, 0x93, 0x8e, 0x1b,
+ 0xe9, 0xa0, 0x40, 0x98, 0x88, 0x68, 0x34, 0xd7, 0x12, 0x17},
+ {0xdd, 0x93, 0x31, 0xce, 0xf8, 0x89, 0x2b, 0xe7, 0xbb, 0xc0, 0x25,
+ 0xa1, 0x56, 0x33, 0x10, 0x4d, 0x83, 0xfe, 0x1c, 0x2e, 0x3d, 0xa9,
+ 0x19, 0x4, 0x72, 0xe2, 0x9c, 0xb1, 0xa, 0x80, 0xf9, 0x22},
+ },
+ {
+ {0xac, 0xfd, 0x6e, 0x9a, 0xdd, 0x9f, 0x2, 0x42, 0x41, 0x49, 0xa5,
+ 0x34, 0xbe, 0xce, 0x12, 0xb9, 0x7b, 0xf3, 0xbd, 0x87, 0xb9, 0x64,
+ 0xf, 0x64, 0xb4, 0xca, 0x98, 0x85, 0xd3, 0xa4, 0x71, 0x41},
+ {0xcb, 0xf8, 0x9e, 0x3e, 0x8a, 0x36, 0x5a, 0x60, 0x15, 0x47, 0x50,
+ 0xa5, 0x22, 0xc0, 0xe9, 0xe3, 0x8f, 0x24, 0x24, 0x5f, 0xb0, 0x48,
+ 0x3d, 0x55, 0xe5, 0x26, 0x76, 0x64, 0xcd, 0x16, 0xf4, 0x13},
+ {0x8c, 0x4c, 0xc9, 0x99, 0xaa, 0x58, 0x27, 0xfa, 0x7, 0xb8, 0x0,
+ 0xb0, 0x6f, 0x6f, 0x0, 0x23, 0x92, 0x53, 0xda, 0xad, 0xdd, 0x91,
+ 0xd2, 0xfb, 0xab, 0xd1, 0x4b, 0x57, 0xfa, 0x14, 0x82, 0x50},
+ },
+ {
+ {0xd6, 0x3, 0xd0, 0x53, 0xbb, 0x15, 0x1a, 0x46, 0x65, 0xc9, 0xf3,
+ 0xbc, 0x88, 0x28, 0x10, 0xb2, 0x5a, 0x3a, 0x68, 0x6c, 0x75, 0x76,
+ 0xc5, 0x27, 0x47, 0xb4, 0x6c, 0xc8, 0xa4, 0x58, 0x77, 0x3a},
+ {0x4b, 0xfe, 0xd6, 0x3e, 0x15, 0x69, 0x2, 0xc2, 0xc4, 0x77, 0x1d,
+ 0x51, 0x39, 0x67, 0x5a, 0xa6, 0x94, 0xaf, 0x14, 0x2c, 0x46, 0x26,
+ 0xde, 0xcb, 0x4b, 0xa7, 0xab, 0x6f, 0xec, 0x60, 0xf9, 0x22},
+ {0x76, 0x50, 0xae, 0x93, 0xf6, 0x11, 0x81, 0x54, 0xa6, 0x54, 0xfd,
+ 0x1d, 0xdf, 0x21, 0xae, 0x1d, 0x65, 0x5e, 0x11, 0xf3, 0x90, 0x8c,
+ 0x24, 0x12, 0x94, 0xf4, 0xe7, 0x8d, 0x5f, 0xd1, 0x9f, 0x5d},
+ },
+ {
+ {0x1e, 0x52, 0xd7, 0xee, 0x2a, 0x4d, 0x24, 0x3f, 0x15, 0x96, 0x2e,
+ 0x43, 0x28, 0x90, 0x3a, 0x8e, 0xd4, 0x16, 0x9c, 0x2e, 0x77, 0xba,
+ 0x64, 0xe1, 0xd8, 0x98, 0xeb, 0x47, 0xfa, 0x87, 0xc1, 0x3b},
+ {0x7f, 0x72, 0x63, 0x6d, 0xd3, 0x8, 0x14, 0x3, 0x33, 0xb5, 0xc7,
+ 0xd7, 0xef, 0x9a, 0x37, 0x6a, 0x4b, 0xe2, 0xae, 0xcc, 0xc5, 0x8f,
+ 0xe1, 0xa9, 0xd3, 0xbe, 0x8f, 0x4f, 0x91, 0x35, 0x2f, 0x33},
+ {0xc, 0xc2, 0x86, 0xea, 0x15, 0x1, 0x47, 0x6d, 0x25, 0xd1, 0x46,
+ 0x6c, 0xcb, 0xb7, 0x8a, 0x99, 0x88, 0x1, 0x66, 0x3a, 0xb5, 0x32,
+ 0x78, 0xd7, 0x3, 0xba, 0x6f, 0x90, 0xce, 0x81, 0xd, 0x45},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1784446333136569, 1973746527984364, 334856327359575,
- 1156769775884610, 1023950124675478
-#else
- 30322361, 26590322, 11361004, 29411115, 7433303, 4989748,
- 60037442, 17237212, 57864598, 15258045
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2065270940578383, 31477096270353, 306421879113491,
- 181958643936686, 1907105536686083
-#else
- 13054543, 30774935, 19155473, 469045, 54626067, 4566041,
- 5631406, 2711395, 1062915, 28418087
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1496516440779464, 1748485652986458, 872778352227340,
- 818358834654919, 97932669284220
-#else
- 47868616, 22299832, 37599834, 26054466, 61273100, 13005410,
- 61042375, 12194496, 32960380, 1459310
-#endif
- }},
+ {0x3f, 0x74, 0xae, 0x1c, 0x96, 0xd8, 0x74, 0xd0, 0xed, 0x63, 0x1c,
+ 0xee, 0xf5, 0x18, 0x6d, 0xf8, 0x29, 0xed, 0xf4, 0xe7, 0x5b, 0xc5,
+ 0xbd, 0x97, 0x8, 0xb1, 0x3a, 0x66, 0x79, 0xd2, 0xba, 0x4c},
+ {0x75, 0x52, 0x20, 0xa6, 0xa1, 0xb6, 0x7b, 0x6e, 0x83, 0x8e, 0x3c,
+ 0x41, 0xd7, 0x21, 0x4f, 0xaa, 0xb2, 0x5c, 0x8f, 0xe8, 0x55, 0xd1,
+ 0x56, 0x6f, 0xe1, 0x5b, 0x34, 0xa6, 0x4b, 0x5d, 0xe2, 0x2d},
+ {0xcd, 0x1f, 0xd7, 0xa0, 0x24, 0x90, 0xd1, 0x80, 0xf8, 0x8a, 0x28,
+ 0xfb, 0xa, 0xc2, 0x25, 0xc5, 0x19, 0x64, 0x3a, 0x5f, 0x4b, 0x97,
+ 0xa3, 0xb1, 0x33, 0x72, 0x0, 0xe2, 0xef, 0xbc, 0x7f, 0x7d},
+ },
+ {
+ {0x94, 0x90, 0xc2, 0xf3, 0xc5, 0x5d, 0x7c, 0xcd, 0xab, 0x5, 0x91,
+ 0x2a, 0x9a, 0xa2, 0x81, 0xc7, 0x58, 0x30, 0x1c, 0x42, 0x36, 0x1d,
+ 0xc6, 0x80, 0xd7, 0xd4, 0xd8, 0xdc, 0x96, 0xd1, 0x9c, 0x4f},
+ {0x1, 0x28, 0x6b, 0x26, 0x6a, 0x1e, 0xef, 0xfa, 0x16, 0x9f, 0x73,
+ 0xd5, 0xc4, 0x68, 0x6c, 0x86, 0x2c, 0x76, 0x3, 0x1b, 0xbc, 0x2f,
+ 0x8a, 0xf6, 0x8d, 0x5a, 0xb7, 0x87, 0x5e, 0x43, 0x75, 0x59},
+ {0x68, 0x37, 0x7b, 0x6a, 0xd8, 0x97, 0x92, 0x19, 0x63, 0x7a, 0xd1,
+ 0x1a, 0x24, 0x58, 0xd0, 0xd0, 0x17, 0xc, 0x1c, 0x5c, 0xad, 0x9c,
+ 0x2, 0xba, 0x7, 0x3, 0x7a, 0x38, 0x84, 0xd0, 0xcd, 0x7c},
+ },
+ {
+ {0x93, 0xcc, 0x60, 0x67, 0x18, 0x84, 0xc, 0x9b, 0x99, 0x2a, 0xb3,
+ 0x1a, 0x7a, 0x0, 0xae, 0xcd, 0x18, 0xda, 0xb, 0x62, 0x86, 0xec,
+ 0x8d, 0xa8, 0x44, 0xca, 0x90, 0x81, 0x84, 0xca, 0x93, 0x35},
+ {0x17, 0x4, 0x26, 0x6d, 0x2c, 0x42, 0xa6, 0xdc, 0xbd, 0x40, 0x82,
+ 0x94, 0x50, 0x3d, 0x15, 0xae, 0x77, 0xc6, 0x68, 0xfb, 0xb4, 0xc1,
+ 0xc0, 0xa9, 0x53, 0xcf, 0xd0, 0x61, 0xed, 0xd0, 0x8b, 0x42},
+ {0xa7, 0x9a, 0x84, 0x5e, 0x9a, 0x18, 0x13, 0x92, 0xcd, 0xfa, 0xd8,
+ 0x65, 0x35, 0xc3, 0xd8, 0xd4, 0xd1, 0xbb, 0xfd, 0x53, 0x5b, 0x54,
+ 0x52, 0x8c, 0xe6, 0x63, 0x2d, 0xda, 0x8, 0x83, 0x39, 0x27},
+ },
+ {
+ {0x53, 0x24, 0x70, 0xa, 0x4c, 0xe, 0xa1, 0xb9, 0xde, 0x1b, 0x7d,
+ 0xd5, 0x66, 0x58, 0xa2, 0xf, 0xf7, 0xda, 0x27, 0xcd, 0xb5, 0xd9,
+ 0xb9, 0xff, 0xfd, 0x33, 0x2c, 0x49, 0x45, 0x29, 0x2c, 0x57},
+ {0x13, 0xd4, 0x5e, 0x43, 0x28, 0x8d, 0xc3, 0x42, 0xc9, 0xcc, 0x78,
+ 0x32, 0x60, 0xf3, 0x50, 0xbd, 0xef, 0x3, 0xda, 0x79, 0x1a, 0xab,
+ 0x7, 0xbb, 0x55, 0x33, 0x8c, 0xbe, 0xae, 0x97, 0x95, 0x26},
+ {0xbe, 0x30, 0xcd, 0xd6, 0x45, 0xc7, 0x7f, 0xc7, 0xfb, 0xae, 0xba,
+ 0xe3, 0xd3, 0xe8, 0xdf, 0xe4, 0xc, 0xda, 0x5d, 0xaa, 0x30, 0x88,
+ 0x2c, 0xa2, 0x80, 0xca, 0x5b, 0xc0, 0x98, 0x54, 0x98, 0x7f},
+ },
+ {
+ {0x63, 0x63, 0xbf, 0xf, 0x52, 0x15, 0x56, 0xd3, 0xa6, 0xfb, 0x4d,
+ 0xcf, 0x45, 0x5a, 0x4, 0x8, 0xc2, 0xa0, 0x3f, 0x87, 0xbc, 0x4f,
+ 0xc2, 0xee, 0xe7, 0x12, 0x9b, 0xd6, 0x3c, 0x65, 0xf2, 0x30},
+ {0x17, 0xe1, 0xb, 0x9f, 0x88, 0xce, 0x49, 0x38, 0x88, 0xa2, 0x54,
+ 0x7b, 0x1b, 0xad, 0x5, 0x80, 0x1c, 0x92, 0xfc, 0x23, 0x9f, 0xc3,
+ 0xa3, 0x3d, 0x4, 0xf3, 0x31, 0xa, 0x47, 0xec, 0xc2, 0x76},
+ {0x85, 0xc, 0xc1, 0xaa, 0x38, 0xc9, 0x8, 0x8a, 0xcb, 0x6b, 0x27,
+ 0xdb, 0x60, 0x9b, 0x17, 0x46, 0x70, 0xac, 0x6f, 0xe, 0x1e, 0xc0,
+ 0x20, 0xa9, 0xda, 0x73, 0x64, 0x59, 0xf1, 0x73, 0x12, 0x2f},
+ },
+ {
+ {0xc0, 0xb, 0xa7, 0x55, 0xd7, 0x8b, 0x48, 0x30, 0xe7, 0x42, 0xd4,
+ 0xf1, 0xa4, 0xb5, 0xd6, 0x6, 0x62, 0x61, 0x59, 0xbc, 0x9e, 0xa6,
+ 0xd1, 0xea, 0x84, 0xf7, 0xc5, 0xed, 0x97, 0x19, 0xac, 0x38},
+ {0x11, 0x1e, 0xe0, 0x8a, 0x7c, 0xfc, 0x39, 0x47, 0x9f, 0xab, 0x6a,
+ 0x4a, 0x90, 0x74, 0x52, 0xfd, 0x2e, 0x8f, 0x72, 0x87, 0x82, 0x8a,
+ 0xd9, 0x41, 0xf2, 0x69, 0x5b, 0xd8, 0x2a, 0x57, 0x9e, 0x5d},
+ {0x3b, 0xb1, 0x51, 0xa7, 0x17, 0xb5, 0x66, 0x6, 0x8c, 0x85, 0x9b,
+ 0x7e, 0x86, 0x6, 0x7d, 0x74, 0x49, 0xde, 0x4d, 0x45, 0x11, 0xc0,
+ 0xac, 0xac, 0x9c, 0xe6, 0xe9, 0xbf, 0x9c, 0xcd, 0xdf, 0x22},
+ },
+ {
+ {0xa1, 0xe0, 0x3b, 0x10, 0xb4, 0x59, 0xec, 0x56, 0x69, 0xf9, 0x59,
+ 0xd2, 0xec, 0xba, 0xe3, 0x2e, 0x32, 0xcd, 0xf5, 0x13, 0x94, 0xb2,
+ 0x7c, 0x79, 0x72, 0xe4, 0xcd, 0x24, 0x78, 0x87, 0xe9, 0xf},
+ {0xd9, 0xc, 0xd, 0xc3, 0xe0, 0xd2, 0xdb, 0x8d, 0x33, 0x43, 0xbb,
+ 0xac, 0x5f, 0x66, 0x8e, 0xad, 0x1f, 0x96, 0x2a, 0x32, 0x8c, 0x25,
+ 0x6b, 0x8f, 0xc7, 0xc1, 0x48, 0x54, 0xc0, 0x16, 0x29, 0x6b},
+ {0x3b, 0x91, 0xba, 0xa, 0xd1, 0x34, 0xdb, 0x7e, 0xe, 0xac, 0x6d,
+ 0x2e, 0x82, 0xcd, 0xa3, 0x4e, 0x15, 0xf8, 0x78, 0x65, 0xff, 0x3d,
+ 0x8, 0x66, 0x17, 0xa, 0xf0, 0x7f, 0x30, 0x3f, 0x30, 0x4c},
+ },
+ {
+ {0x0, 0x45, 0xd9, 0xd, 0x58, 0x3, 0xfc, 0x29, 0x93, 0xec, 0xbb,
+ 0x6f, 0xa4, 0x7a, 0xd2, 0xec, 0xf8, 0xa7, 0xe2, 0xc2, 0x5f, 0x15,
+ 0xa, 0x13, 0xd5, 0xa1, 0x6, 0xb7, 0x1a, 0x15, 0x6b, 0x41},
+ {0x85, 0x8c, 0xb2, 0x17, 0xd6, 0x3b, 0xa, 0xd3, 0xea, 0x3b, 0x77,
+ 0x39, 0xb7, 0x77, 0xd3, 0xc5, 0xbf, 0x5c, 0x6a, 0x1e, 0x8c, 0xe7,
+ 0xc6, 0xc6, 0xc4, 0xb7, 0x2a, 0x8b, 0xf7, 0xb8, 0x61, 0xd},
+ {0xb0, 0x36, 0xc1, 0xe9, 0xef, 0xd7, 0xa8, 0x56, 0x20, 0x4b, 0xe4,
+ 0x58, 0xcd, 0xe5, 0x7, 0xbd, 0xab, 0xe0, 0x57, 0x1b, 0xda, 0x2f,
+ 0xe6, 0xaf, 0xd2, 0xe8, 0x77, 0x42, 0xf7, 0x2a, 0x1a, 0x19},
},
},
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 471636015770351, 672455402793577, 1804995246884103,
- 1842309243470804, 1501862504981682
-#else
- 19852015, 7027924, 23669353, 10020366, 8586503, 26896525,
- 394196, 27452547, 18638002, 22379495
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1013216974933691, 538921919682598, 1915776722521558,
- 1742822441583877, 1886550687916656
-#else
- 31395515, 15098109, 26581030, 8030562, 50580950, 28547297,
- 9012485, 25970078, 60465776, 28111795
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2094270000643336, 303971879192276, 40801275554748,
- 649448917027930, 1818544418535447
-#else
- 57916680, 31207054, 65111764, 4529533, 25766844, 607986,
- 67095642, 9677542, 34813975, 27098423
-#endif
- }},
+ {0xfb, 0xe, 0x46, 0x4f, 0x43, 0x2b, 0xe6, 0x9f, 0xd6, 0x7, 0x36,
+ 0xa6, 0xd4, 0x3, 0xd3, 0xde, 0x24, 0xda, 0xa0, 0xb7, 0xe, 0x21,
+ 0x52, 0xf0, 0x93, 0x5b, 0x54, 0x0, 0xbe, 0x7d, 0x7e, 0x23},
+ {0x31, 0x14, 0x3c, 0xc5, 0x4b, 0xf7, 0x16, 0xce, 0xde, 0xed, 0x72,
+ 0x20, 0xce, 0x25, 0x97, 0x2b, 0xe7, 0x3e, 0xb2, 0xb5, 0x6f, 0xc3,
+ 0xb9, 0xb8, 0x8, 0xc9, 0x5c, 0xb, 0x45, 0xe, 0x2e, 0x7e},
+ {0x30, 0xb4, 0x1, 0x67, 0xed, 0x75, 0x35, 0x1, 0x10, 0xfd, 0xb,
+ 0x9f, 0xe6, 0x94, 0x10, 0x23, 0x22, 0x7f, 0xe4, 0x83, 0x15, 0xf,
+ 0x32, 0x75, 0xe3, 0x55, 0x11, 0xb1, 0x99, 0xa6, 0xaf, 0x71},
+ },
+ {
+ {0xd6, 0x50, 0x3b, 0x47, 0x1c, 0x3c, 0x42, 0xea, 0x10, 0xef, 0x38,
+ 0x3b, 0x1f, 0x7a, 0xe8, 0x51, 0x95, 0xbe, 0xc9, 0xb2, 0x5f, 0xbf,
+ 0x84, 0x9b, 0x1c, 0x9a, 0xf8, 0x78, 0xbc, 0x1f, 0x73, 0x0},
+ {0x1d, 0xb6, 0x53, 0x39, 0x9b, 0x6f, 0xce, 0x65, 0xe6, 0x41, 0xa1,
+ 0xaf, 0xea, 0x39, 0x58, 0xc6, 0xfe, 0x59, 0xf7, 0xa9, 0xfd, 0x5f,
+ 0x43, 0xf, 0x8e, 0xc2, 0xb1, 0xc2, 0xe9, 0x42, 0x11, 0x2},
+ {0x80, 0x18, 0xf8, 0x48, 0x18, 0xc7, 0x30, 0xe4, 0x19, 0xc1, 0xce,
+ 0x5e, 0x22, 0xc, 0x96, 0xbf, 0xe3, 0x15, 0xba, 0x6b, 0x83, 0xe0,
+ 0xda, 0xb6, 0x8, 0x58, 0xe1, 0x47, 0x33, 0x6f, 0x4d, 0x4c},
+ },
+ {
+ {0x70, 0x19, 0x8f, 0x98, 0xfc, 0xdd, 0xc, 0x2f, 0x1b, 0xf5, 0xb9,
+ 0xb0, 0x27, 0x62, 0x91, 0x6b, 0xbe, 0x76, 0x91, 0x77, 0xc4, 0xb6,
+ 0xc7, 0x6e, 0xa8, 0x9f, 0x8f, 0xa8, 0x0, 0x95, 0xbf, 0x38},
+ {0xc9, 0x1f, 0x7d, 0xc1, 0xcf, 0xec, 0xf7, 0x18, 0x14, 0x3c, 0x40,
+ 0x51, 0xa6, 0xf5, 0x75, 0x6c, 0xdf, 0xc, 0xee, 0xf7, 0x2b, 0x71,
+ 0xde, 0xdb, 0x22, 0x7a, 0xe4, 0xa7, 0xaa, 0xdd, 0x3f, 0x19},
+ {0x6f, 0x87, 0xe8, 0x37, 0x3c, 0xc9, 0xd2, 0x1f, 0x2c, 0x46, 0xd1,
+ 0x18, 0x5a, 0x1e, 0xf6, 0xa2, 0x76, 0x12, 0x24, 0x39, 0x82, 0xf5,
+ 0x80, 0x50, 0x69, 0x49, 0xd, 0xbf, 0x9e, 0xb9, 0x6f, 0x6a},
+ },
+ {
+ {0xc6, 0x23, 0xe4, 0xb6, 0xb5, 0x22, 0xb1, 0xee, 0x8e, 0xff, 0x86,
+ 0xf2, 0x10, 0x70, 0x9d, 0x93, 0x8c, 0x5d, 0xcf, 0x1d, 0x83, 0x2a,
+ 0xa9, 0x90, 0x10, 0xeb, 0xc5, 0x42, 0x9f, 0xda, 0x6f, 0x13},
+ {0xeb, 0x55, 0x8, 0x56, 0xbb, 0xc1, 0x46, 0x6a, 0x9d, 0xf0, 0x93,
+ 0xf8, 0x38, 0xbb, 0x16, 0x24, 0xc1, 0xac, 0x71, 0x8f, 0x37, 0x11,
+ 0x1d, 0xd7, 0xea, 0x96, 0x18, 0xa3, 0x14, 0x69, 0xf7, 0x75},
+ {0xd1, 0xbd, 0x5, 0xa3, 0xb1, 0xdf, 0x4c, 0xf9, 0x8, 0x2c, 0xf8,
+ 0x9f, 0x9d, 0x4b, 0x36, 0xf, 0x8a, 0x58, 0xbb, 0xc3, 0xa5, 0xd8,
+ 0x87, 0x2a, 0xba, 0xdc, 0xe8, 0xb, 0x51, 0x83, 0x21, 0x2},
+ },
+ {
+ {0x7f, 0x7a, 0x30, 0x43, 0x1, 0x71, 0x5a, 0x9d, 0x5f, 0xa4, 0x7d,
+ 0xc4, 0x9e, 0xde, 0x63, 0xb0, 0xd3, 0x7a, 0x92, 0xbe, 0x52, 0xfe,
+ 0xbb, 0x22, 0x6c, 0x42, 0x40, 0xfd, 0x41, 0xc4, 0x87, 0x13},
+ {0x14, 0x2d, 0xad, 0x5e, 0x38, 0x66, 0xf7, 0x4a, 0x30, 0x58, 0x7c,
+ 0xca, 0x80, 0xd8, 0x8e, 0xa0, 0x3d, 0x1e, 0x21, 0x10, 0xe6, 0xa6,
+ 0x13, 0xd, 0x3, 0x6c, 0x80, 0x7b, 0xe1, 0x1c, 0x7, 0x6a},
+ {0xf8, 0x8a, 0x97, 0x87, 0xd1, 0xc3, 0xd3, 0xb5, 0x13, 0x44, 0xe,
+ 0x7f, 0x3d, 0x5a, 0x2b, 0x72, 0xa0, 0x7c, 0x47, 0xbb, 0x48, 0x48,
+ 0x7b, 0xd, 0x92, 0xdc, 0x1e, 0xaf, 0x6a, 0xb2, 0x71, 0x31},
+ },
+ {
+ {0xd1, 0x47, 0x8a, 0xb2, 0xd8, 0xb7, 0xd, 0xa6, 0xf1, 0xa4, 0x70,
+ 0x17, 0xd6, 0x14, 0xbf, 0xa6, 0x58, 0xbd, 0xdd, 0x53, 0x93, 0xf8,
+ 0xa1, 0xd4, 0xe9, 0x43, 0x42, 0x34, 0x63, 0x4a, 0x51, 0x6c},
+ {0xa8, 0x4c, 0x56, 0x97, 0x90, 0x31, 0x2f, 0xa9, 0x19, 0xe1, 0x75,
+ 0x22, 0x4c, 0xb8, 0x7b, 0xff, 0x50, 0x51, 0x87, 0xa4, 0x37, 0xfe,
+ 0x55, 0x4f, 0x5a, 0x83, 0xf0, 0x3c, 0x87, 0xd4, 0x1f, 0x22},
+ {0x41, 0x63, 0x15, 0x3a, 0x4f, 0x20, 0x22, 0x23, 0x2d, 0x3, 0xa,
+ 0xba, 0xe9, 0xe0, 0x73, 0xfb, 0xe, 0x3, 0xf, 0x41, 0x4c, 0xdd,
+ 0xe0, 0xfc, 0xaa, 0x4a, 0x92, 0xfb, 0x96, 0xa5, 0xda, 0x48},
+ },
+ {
+ {0x93, 0x97, 0x4c, 0xc8, 0x5d, 0x1d, 0xf6, 0x14, 0x6, 0x82, 0x41,
+ 0xef, 0xe3, 0xf9, 0x41, 0x99, 0xac, 0x77, 0x62, 0x34, 0x8f, 0xb8,
+ 0xf5, 0xcd, 0xa9, 0x79, 0x8a, 0xe, 0xfa, 0x37, 0xc8, 0x58},
+ {0xc7, 0x9c, 0xa5, 0x5c, 0x66, 0x8e, 0xca, 0x6e, 0xa0, 0xac, 0x38,
+ 0x2e, 0x4b, 0x25, 0x47, 0xa8, 0xce, 0x17, 0x1e, 0xd2, 0x8, 0xc7,
+ 0xaf, 0x31, 0xf7, 0x4a, 0xd8, 0xca, 0xfc, 0xd6, 0x6d, 0x67},
+ {0x58, 0x90, 0xfc, 0x96, 0x85, 0x68, 0xf9, 0xc, 0x1b, 0xa0, 0x56,
+ 0x7b, 0xf3, 0xbb, 0xdc, 0x1d, 0x6a, 0xd6, 0x35, 0x49, 0x7d, 0xe7,
+ 0xc2, 0xdc, 0xa, 0x7f, 0xa5, 0xc6, 0xf2, 0x73, 0x4f, 0x1c},
+ },
+ {
+ {0x84, 0x34, 0x7c, 0xfc, 0x6e, 0x70, 0x6e, 0xb3, 0x61, 0xcf, 0xc1,
+ 0xc3, 0xb4, 0xc9, 0xdf, 0x73, 0xe5, 0xc7, 0x1c, 0x78, 0xc9, 0x79,
+ 0x1d, 0xeb, 0x5c, 0x67, 0xaf, 0x7d, 0xdb, 0x9a, 0x45, 0x70},
+ {0xbb, 0xa0, 0x5f, 0x30, 0xbd, 0x4f, 0x7a, 0xe, 0xad, 0x63, 0xc6,
+ 0x54, 0xe0, 0x4c, 0x9d, 0x82, 0x48, 0x38, 0xe3, 0x2f, 0x83, 0xc3,
+ 0x21, 0xf4, 0x42, 0x4c, 0xf6, 0x1b, 0xd, 0xc8, 0x5a, 0x79},
+ {0xb3, 0x2b, 0xb4, 0x91, 0x49, 0xdb, 0x91, 0x1b, 0xca, 0xdc, 0x2,
+ 0x4b, 0x23, 0x96, 0x26, 0x57, 0xdc, 0x78, 0x8c, 0x1f, 0xe5, 0x9e,
+ 0xdf, 0x9f, 0xd3, 0x1f, 0xe2, 0x8c, 0x84, 0x62, 0xe1, 0x5f},
+ },
+ },
+ {
+ {
+ {0x8, 0xb2, 0x7c, 0x5d, 0x2d, 0x85, 0x79, 0x28, 0xe7, 0xf2, 0x7d,
+ 0x68, 0x70, 0xdd, 0xde, 0xb8, 0x91, 0x78, 0x68, 0x21, 0xab, 0xff,
+ 0xb, 0xdc, 0x35, 0xaa, 0x7d, 0x67, 0x43, 0xc0, 0x44, 0x2b},
+ {0x1a, 0x96, 0x94, 0xe1, 0x4f, 0x21, 0x59, 0x4e, 0x4f, 0xcd, 0x71,
+ 0xd, 0xc7, 0x7d, 0xbe, 0x49, 0x2d, 0xf2, 0x50, 0x3b, 0xd2, 0xcf,
+ 0x0, 0x93, 0x32, 0x72, 0x91, 0xfc, 0x46, 0xd4, 0x89, 0x47},
+ {0x8e, 0xb7, 0x4e, 0x7, 0xab, 0x87, 0x1c, 0x1a, 0x67, 0xf4, 0xda,
+ 0x99, 0x8e, 0xd1, 0xc6, 0xfa, 0x67, 0x90, 0x4f, 0x48, 0xcd, 0xbb,
+ 0xac, 0x3e, 0xe4, 0xa4, 0xb9, 0x2b, 0xef, 0x2e, 0xc5, 0x60},
+ },
+ {
+ {0x11, 0x6d, 0xae, 0x7c, 0xc2, 0xc5, 0x2b, 0x70, 0xab, 0x8c, 0xa4,
+ 0x54, 0x9b, 0x69, 0xc7, 0x44, 0xb2, 0x2e, 0x49, 0xba, 0x56, 0x40,
+ 0xbc, 0xef, 0x6d, 0x67, 0xb6, 0xd9, 0x48, 0x72, 0xd7, 0x70},
+ {0xf1, 0x8b, 0xfd, 0x3b, 0xbc, 0x89, 0x5d, 0xb, 0x1a, 0x55, 0xf3,
+ 0xc9, 0x37, 0x92, 0x6b, 0xb0, 0xf5, 0x28, 0x30, 0xd5, 0xb0, 0x16,
+ 0x4c, 0xe, 0xab, 0xca, 0xcf, 0x2c, 0x31, 0x9c, 0xbc, 0x10},
+ {0x5b, 0xa0, 0xc2, 0x3e, 0x4b, 0xe8, 0x8a, 0xaa, 0xe0, 0x81, 0x17,
+ 0xed, 0xf4, 0x9e, 0x69, 0x98, 0xd1, 0x85, 0x8e, 0x70, 0xe4, 0x13,
+ 0x45, 0x79, 0x13, 0xf4, 0x76, 0xa9, 0xd3, 0x5b, 0x75, 0x63},
+ },
+ {
+ {0xb7, 0xac, 0xf1, 0x97, 0x18, 0x10, 0xc7, 0x3d, 0xd8, 0xbb, 0x65,
+ 0xc1, 0x5e, 0x7d, 0xda, 0x5d, 0xf, 0x2, 0xa1, 0xf, 0x9c, 0x5b,
+ 0x8e, 0x50, 0x56, 0x2a, 0xc5, 0x37, 0x17, 0x75, 0x63, 0x27},
+ {0x53, 0x8, 0xd1, 0x2a, 0x3e, 0xa0, 0x5f, 0xb5, 0x69, 0x35, 0xe6,
+ 0x9e, 0x90, 0x75, 0x6f, 0x35, 0x90, 0xb8, 0x69, 0xbe, 0xfd, 0xf1,
+ 0xf9, 0x9f, 0x84, 0x6f, 0xc1, 0x8b, 0xc4, 0xc1, 0x8c, 0xd},
+ {0xa9, 0x19, 0xb4, 0x6e, 0xd3, 0x2, 0x94, 0x2, 0xa5, 0x60, 0xb4,
+ 0x77, 0x7e, 0x4e, 0xb4, 0xf0, 0x56, 0x49, 0x3c, 0xd4, 0x30, 0x62,
+ 0xa8, 0xcf, 0xe7, 0x66, 0xd1, 0x7a, 0x8a, 0xdd, 0xc2, 0x70},
+ },
+ {
+ {0x13, 0x7e, 0xed, 0xb8, 0x7d, 0x96, 0xd4, 0x91, 0x7a, 0x81, 0x76,
+ 0xd7, 0xa, 0x2f, 0x25, 0x74, 0x64, 0x25, 0x85, 0xd, 0xe0, 0x82,
+ 0x9, 0xe4, 0xe5, 0x3c, 0xa5, 0x16, 0x38, 0x61, 0xb8, 0x32},
+ {0xe, 0xec, 0x6f, 0x9f, 0x50, 0x94, 0x61, 0x65, 0x8d, 0x51, 0xc6,
+ 0x46, 0xa9, 0x7e, 0x2e, 0xee, 0x5c, 0x9b, 0xe0, 0x67, 0xf3, 0xc1,
+ 0x33, 0x97, 0x95, 0x84, 0x94, 0x63, 0x63, 0xac, 0xf, 0x2e},
+ {0x64, 0xcd, 0x48, 0xe4, 0xbe, 0xf7, 0xe7, 0x79, 0xd0, 0x86, 0x78,
+ 0x8, 0x67, 0x3a, 0xc8, 0x6a, 0x2e, 0xdb, 0xe4, 0xa0, 0xd9, 0xd4,
+ 0x9f, 0xf8, 0x41, 0x4f, 0x5a, 0x73, 0x5c, 0x21, 0x79, 0x41},
+ },
+ {
+ {0x34, 0xcd, 0x6b, 0x28, 0xb9, 0x33, 0xae, 0xe4, 0xdc, 0xd6, 0x9d,
+ 0x55, 0xb6, 0x7e, 0xef, 0xb7, 0x1f, 0x8e, 0xd3, 0xb3, 0x1f, 0x14,
+ 0x8b, 0x27, 0x86, 0xc2, 0x41, 0x22, 0x66, 0x85, 0xfa, 0x31},
+ {0x2a, 0xed, 0xdc, 0xd7, 0xe7, 0x94, 0x70, 0x8c, 0x70, 0x9c, 0xd3,
+ 0x47, 0xc3, 0x8a, 0xfb, 0x97, 0x2, 0xd9, 0x6, 0xa9, 0x33, 0xe0,
+ 0x3b, 0xe1, 0x76, 0x9d, 0xd9, 0xc, 0xa3, 0x44, 0x3, 0x70},
+ {0xf4, 0x22, 0x36, 0x2e, 0x42, 0x6c, 0x82, 0xaf, 0x2d, 0x50, 0x33,
+ 0x98, 0x87, 0x29, 0x20, 0xc1, 0x23, 0x91, 0x38, 0x2b, 0xe1, 0xb7,
+ 0xc1, 0x9b, 0x89, 0x24, 0x95, 0xa9, 0x12, 0x23, 0xbb, 0x24},
+ },
+ {
+ {0x6b, 0x5c, 0xf8, 0xf5, 0x2a, 0xc, 0xf8, 0x41, 0x94, 0x67, 0xfa,
+ 0x4, 0xc3, 0x84, 0x72, 0x68, 0xad, 0x1b, 0xba, 0xa3, 0x99, 0xdf,
+ 0x45, 0x89, 0x16, 0x5d, 0xeb, 0xff, 0xf9, 0x2a, 0x1d, 0xd},
+ {0xc3, 0x67, 0xde, 0x32, 0x17, 0xed, 0xa8, 0xb1, 0x48, 0x49, 0x1b,
+ 0x46, 0x18, 0x94, 0xb4, 0x3c, 0xd2, 0xbc, 0xcf, 0x76, 0x43, 0x43,
+ 0xbd, 0x8e, 0x8, 0x80, 0x18, 0x1e, 0x87, 0x3e, 0xee, 0xf},
+ {0xdf, 0x1e, 0x62, 0x32, 0xa1, 0x8a, 0xda, 0xa9, 0x79, 0x65, 0x22,
+ 0x59, 0xa1, 0x22, 0xb8, 0x30, 0x93, 0xc1, 0x9a, 0xa7, 0x7b, 0x19,
+ 0x4, 0x40, 0x76, 0x1d, 0x53, 0x18, 0x97, 0xd7, 0xac, 0x16},
+ },
+ {
+ {0xad, 0xb6, 0x87, 0x78, 0xc5, 0xc6, 0x59, 0xc9, 0xba, 0xfe, 0x90,
+ 0x5f, 0xad, 0x9e, 0xe1, 0x94, 0x4, 0xf5, 0x42, 0xa3, 0x62, 0x4e,
+ 0xe2, 0x16, 0x0, 0x17, 0x16, 0x18, 0x4b, 0xd3, 0x4e, 0x16},
+ {0x3d, 0x1d, 0x9b, 0x2d, 0xaf, 0x72, 0xdf, 0x72, 0x5a, 0x24, 0x32,
+ 0xa4, 0x36, 0x2a, 0x46, 0x63, 0x37, 0x96, 0xb3, 0x16, 0x79, 0xa0,
+ 0xce, 0x3e, 0x9, 0x23, 0x30, 0xb9, 0xf6, 0xe, 0x3e, 0x12},
+ {0x9a, 0xe6, 0x2f, 0x19, 0x4c, 0xd9, 0x7e, 0x48, 0x13, 0x15, 0x91,
+ 0x3a, 0xea, 0x2c, 0xae, 0x61, 0x27, 0xde, 0xa4, 0xb9, 0xd3, 0xf6,
+ 0x7b, 0x87, 0xeb, 0xf3, 0x73, 0x10, 0xc6, 0xf, 0xda, 0x78},
+ },
+ {
+ {0x94, 0x3a, 0xc, 0x68, 0xf1, 0x80, 0x9f, 0xa2, 0xe6, 0xe7, 0xe9,
+ 0x1a, 0x15, 0x7e, 0xf7, 0x71, 0x73, 0x79, 0x1, 0x48, 0x58, 0xf1,
+ 0x0, 0x11, 0xdd, 0x8d, 0xb3, 0x16, 0xb3, 0xa4, 0x4a, 0x5},
+ {0x6a, 0xc6, 0x2b, 0xe5, 0x28, 0x5d, 0xf1, 0x5b, 0x8e, 0x1a, 0xf0,
+ 0x70, 0x18, 0xe3, 0x47, 0x2c, 0xdd, 0x8b, 0xc2, 0x6, 0xbc, 0xaf,
+ 0x19, 0x24, 0x3a, 0x17, 0x6b, 0x25, 0xeb, 0xde, 0x25, 0x2d},
+ {0xb8, 0x7c, 0x26, 0x19, 0x8d, 0x46, 0xc8, 0xdf, 0xaf, 0x4d, 0xe5,
+ 0x66, 0x9c, 0x78, 0x28, 0xb, 0x17, 0xec, 0x6e, 0x66, 0x2a, 0x1d,
+ 0xeb, 0x2a, 0x60, 0xa7, 0x7d, 0xab, 0xa6, 0x10, 0x46, 0x13},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 2241737709499165, 549397817447461, 838180519319392,
- 1725686958520781, 1705639080897747
-#else
- 64664349, 33404494, 29348901, 8186665, 1873760, 12489863,
- 36174285, 25714739, 59256019, 25416002
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1216074541925116, 50120933933509, 1565829004133810,
- 721728156134580, 349206064666188
-#else
- 51872508, 18120922, 7766469, 746860, 26346930, 23332670,
- 39775412, 10754587, 57677388, 5203575
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 948617110470858, 346222547451945, 1126511960599975,
- 1759386906004538, 493053284802266
-#else
- 31834314, 14135496, 66338857, 5159117, 20917671, 16786336,
- 59640890, 26216907, 31809242, 7347066
-#endif
- }},
+ {0x15, 0xf5, 0xd1, 0x77, 0xe7, 0x65, 0x2a, 0xcd, 0xf1, 0x60, 0xaa,
+ 0x8f, 0x87, 0x91, 0x89, 0x54, 0xe5, 0x6, 0xbc, 0xda, 0xbc, 0x3b,
+ 0xb7, 0xb1, 0xfb, 0xc9, 0x7c, 0xa9, 0xcb, 0x78, 0x48, 0x65},
+ {0xfe, 0xb0, 0xf6, 0x8d, 0xc7, 0x8e, 0x13, 0x51, 0x1b, 0xf5, 0x75,
+ 0xe5, 0x89, 0xda, 0x97, 0x53, 0xb9, 0xf1, 0x7a, 0x71, 0x1d, 0x7a,
+ 0x20, 0x9, 0x50, 0xd6, 0x20, 0x2b, 0xba, 0xfd, 0x2, 0x21},
+ {0xa1, 0xe6, 0x5c, 0x5, 0x5, 0xe4, 0x9e, 0x96, 0x29, 0xad, 0x51,
+ 0x12, 0x68, 0xa7, 0xbc, 0x36, 0x15, 0xa4, 0x7d, 0xaa, 0x17, 0xf5,
+ 0x1a, 0x3a, 0xba, 0xb2, 0xec, 0x29, 0xdb, 0x25, 0xd7, 0xa},
+ },
+ {
+ {0x85, 0x6f, 0x5, 0x9b, 0xc, 0xbc, 0xc7, 0xfe, 0xd7, 0xff, 0xf5,
+ 0xe7, 0x68, 0x52, 0x7d, 0x53, 0xfa, 0xae, 0x12, 0x43, 0x62, 0xc6,
+ 0xaf, 0x77, 0xd9, 0x9f, 0x39, 0x2, 0x53, 0x5f, 0x67, 0x4f},
+ {0x57, 0x24, 0x4e, 0x83, 0xb1, 0x67, 0x42, 0xdc, 0xc5, 0x1b, 0xce,
+ 0x70, 0xb5, 0x44, 0x75, 0xb6, 0xd7, 0x5e, 0xd1, 0xf7, 0xb, 0x7a,
+ 0xf0, 0x1a, 0x50, 0x36, 0xa0, 0x71, 0xfb, 0xcf, 0xef, 0x4a},
+ {0x1e, 0x17, 0x15, 0x4, 0x36, 0x36, 0x2d, 0xc3, 0x3b, 0x48, 0x98,
+ 0x89, 0x11, 0xef, 0x2b, 0xcd, 0x10, 0x51, 0x94, 0xd0, 0xad, 0x6e,
+ 0xa, 0x87, 0x61, 0x65, 0xa8, 0xa2, 0x72, 0xbb, 0xcc, 0xb},
+ },
+ {
+ {0x96, 0x12, 0xfe, 0x50, 0x4c, 0x5e, 0x6d, 0x18, 0x7e, 0x9f, 0xe8,
+ 0xfe, 0x82, 0x7b, 0x39, 0xe0, 0xb0, 0x31, 0x70, 0x50, 0xc5, 0xf6,
+ 0xc7, 0x3b, 0xc2, 0x37, 0x8f, 0x10, 0x69, 0xfd, 0x78, 0x66},
+ {0xc8, 0xa9, 0xb1, 0xea, 0x2f, 0x96, 0x5e, 0x18, 0xcd, 0x7d, 0x14,
+ 0x65, 0x35, 0xe6, 0xe7, 0x86, 0xf2, 0x6d, 0x5b, 0xbb, 0x31, 0xe0,
+ 0x92, 0xb0, 0x3e, 0xb7, 0xd6, 0x59, 0xab, 0xf0, 0x24, 0x40},
+ {0xc2, 0x63, 0x68, 0x63, 0x31, 0xfa, 0x86, 0x15, 0xf2, 0x33, 0x2d,
+ 0x57, 0x48, 0x8c, 0xf6, 0x7, 0xfc, 0xae, 0x9e, 0x78, 0x9f, 0xcc,
+ 0x73, 0x4f, 0x1, 0x47, 0xad, 0x8e, 0x10, 0xe2, 0x42, 0x2d},
+ },
+ {
+ {0x93, 0x75, 0x53, 0xf, 0xd, 0x7b, 0x71, 0x21, 0x4c, 0x6, 0x1e,
+ 0x13, 0xb, 0x69, 0x4e, 0x91, 0x9f, 0xe0, 0x2a, 0x75, 0xae, 0x87,
+ 0xb6, 0x1b, 0x6e, 0x3c, 0x42, 0x9b, 0xa7, 0xf3, 0xb, 0x42},
+ {0x9b, 0xd2, 0xdf, 0x94, 0x15, 0x13, 0xf5, 0x97, 0x6a, 0x4c, 0x3f,
+ 0x31, 0x5d, 0x98, 0x55, 0x61, 0x10, 0x50, 0x45, 0x8, 0x7, 0x3f,
+ 0xa1, 0xeb, 0x22, 0xd3, 0xd2, 0xb8, 0x8, 0x26, 0x6b, 0x67},
+ {0x47, 0x2b, 0x5b, 0x1c, 0x65, 0xba, 0x38, 0x81, 0x80, 0x1b, 0x1b,
+ 0x31, 0xec, 0xb6, 0x71, 0x86, 0xb0, 0x35, 0x31, 0xbc, 0xb1, 0xc,
+ 0xff, 0x7b, 0xe0, 0xf1, 0xc, 0x9c, 0xfa, 0x2f, 0x5d, 0x74},
+ },
+ {
+ {0x6a, 0x4e, 0xd3, 0x21, 0x57, 0xdf, 0x36, 0x60, 0xd0, 0xb3, 0x7b,
+ 0x99, 0x27, 0x88, 0xdb, 0xb1, 0xfa, 0x6a, 0x75, 0xc8, 0xc3, 0x9,
+ 0xc2, 0xd3, 0x39, 0xc8, 0x1d, 0x4c, 0xe5, 0x5b, 0xe1, 0x6},
+ {0xbd, 0xc8, 0xc9, 0x2b, 0x1e, 0x5a, 0x52, 0xbf, 0x81, 0x9d, 0x47,
+ 0x26, 0x8, 0x26, 0x5b, 0xea, 0xdb, 0x55, 0x1, 0xdf, 0xe, 0xc7,
+ 0x11, 0xd5, 0xd0, 0xf5, 0xc, 0x96, 0xeb, 0x3c, 0xe2, 0x1a},
+ {0x4a, 0x99, 0x32, 0x19, 0x87, 0x5d, 0x72, 0x5b, 0xb0, 0xda, 0xb1,
+ 0xce, 0xb5, 0x1c, 0x35, 0x32, 0x5, 0xca, 0xb7, 0xda, 0x49, 0x15,
+ 0xc4, 0x7d, 0xf7, 0xc1, 0x8e, 0x27, 0x61, 0xd8, 0xde, 0x58},
+ },
+ {
+ {0xa8, 0xc9, 0xc2, 0xb6, 0xa8, 0x5b, 0xfb, 0x2d, 0x8c, 0x59, 0x2c,
+ 0xf5, 0x8e, 0xef, 0xee, 0x48, 0x73, 0x15, 0x2d, 0xf1, 0x7, 0x91,
+ 0x80, 0x33, 0xd8, 0x5b, 0x1d, 0x53, 0x6b, 0x69, 0xba, 0x8},
+ {0x5c, 0xc5, 0x66, 0xf2, 0x93, 0x37, 0x17, 0xd8, 0x49, 0x4e, 0x45,
+ 0xcc, 0xc5, 0x76, 0xc9, 0xc8, 0xa8, 0xc3, 0x26, 0xbc, 0xf8, 0x82,
+ 0xe3, 0x5c, 0xf9, 0xf6, 0x85, 0x54, 0xe8, 0x9d, 0xf3, 0x2f},
+ {0x7a, 0xc5, 0xef, 0xc3, 0xee, 0x3e, 0xed, 0x77, 0x11, 0x48, 0xff,
+ 0xd4, 0x17, 0x55, 0xe0, 0x4, 0xcb, 0x71, 0xa6, 0xf1, 0x3f, 0x7a,
+ 0x3d, 0xea, 0x54, 0xfe, 0x7c, 0x94, 0xb4, 0x33, 0x6, 0x12},
+ },
+ {
+ {0xa, 0x10, 0x12, 0x49, 0x47, 0x31, 0xbd, 0x82, 0x6, 0xbe, 0x6f,
+ 0x7e, 0x6d, 0x7b, 0x23, 0xde, 0xc6, 0x79, 0xea, 0x11, 0x19, 0x76,
+ 0x1e, 0xe1, 0xde, 0x3b, 0x39, 0xcb, 0xe3, 0x3b, 0x43, 0x7},
+ {0x42, 0x0, 0x61, 0x91, 0x78, 0x98, 0x94, 0xb, 0xe8, 0xfa, 0xeb,
+ 0xec, 0x3c, 0xb1, 0xe7, 0x4e, 0xc0, 0xa4, 0xf0, 0x94, 0x95, 0x73,
+ 0xbe, 0x70, 0x85, 0x91, 0xd5, 0xb4, 0x99, 0xa, 0xd3, 0x35},
+ {0xf4, 0x97, 0xe9, 0x5c, 0xc0, 0x44, 0x79, 0xff, 0xa3, 0x51, 0x5c,
+ 0xb0, 0xe4, 0x3d, 0x5d, 0x57, 0x7c, 0x84, 0x76, 0x5a, 0xfd, 0x81,
+ 0x33, 0x58, 0x9f, 0xda, 0xf6, 0x7a, 0xde, 0x3e, 0x87, 0x2d},
+ },
+ {
+ {0x81, 0xf9, 0x5d, 0x4e, 0xe1, 0x2, 0x62, 0xaa, 0xf5, 0xe1, 0x15,
+ 0x50, 0x17, 0x59, 0xd, 0xa2, 0x6c, 0x1d, 0xe2, 0xba, 0xd3, 0x75,
+ 0xa2, 0x18, 0x53, 0x2, 0x60, 0x1, 0x8a, 0x61, 0x43, 0x5},
+ {0x9, 0x34, 0x37, 0x43, 0x64, 0x31, 0x7a, 0x15, 0xd9, 0x81, 0xaa,
+ 0xf4, 0xee, 0xb7, 0xb8, 0xfa, 0x6, 0x48, 0xa6, 0xf5, 0xe6, 0xfe,
+ 0x93, 0xb0, 0xb6, 0xa7, 0x7f, 0x70, 0x54, 0x36, 0x77, 0x2e},
+ {0xc1, 0x23, 0x4c, 0x97, 0xf4, 0xbd, 0xea, 0xd, 0x93, 0x46, 0xce,
+ 0x9d, 0x25, 0xa, 0x6f, 0xaa, 0x2c, 0xba, 0x9a, 0xa2, 0xb8, 0x2c,
+ 0x20, 0x4, 0xd, 0x96, 0x7, 0x2d, 0x36, 0x43, 0x14, 0x4b},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1454933046815146, 874696014266362, 1467170975468588,
- 1432316382418897, 2111710746366763
-#else
- 57502122, 21680191, 20414458, 13033986, 13716524, 21862551,
- 19797969, 21343177, 15192875, 31466942
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2105387117364450, 1996463405126433, 1303008614294500,
- 851908115948209, 1353742049788635
-#else
- 54445282, 31372712, 1168161, 29749623, 26747876, 19416341,
- 10609329, 12694420, 33473243, 20172328
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 750300956351719, 1487736556065813, 15158817002104,
- 1511998221598392, 971739901354129
-#else
- 33184999, 11180355, 15832085, 22169002, 65475192, 225883,
- 15089336, 22530529, 60973201, 14480052
-#endif
- }},
+ {0xcb, 0x9c, 0x52, 0x1c, 0xe9, 0x54, 0x7c, 0x96, 0xfb, 0x35, 0xc6,
+ 0x64, 0x92, 0x26, 0xf6, 0x30, 0x65, 0x19, 0x12, 0x78, 0xf4, 0xaf,
+ 0x47, 0x27, 0x5c, 0x6f, 0xf6, 0xea, 0x18, 0x84, 0x3, 0x17},
+ {0x7a, 0x1f, 0x6e, 0xb6, 0xc7, 0xb7, 0xc4, 0xcc, 0x7e, 0x2f, 0xc,
+ 0xf5, 0x25, 0x7e, 0x15, 0x44, 0x1c, 0xaf, 0x3e, 0x71, 0xfc, 0x6d,
+ 0xf0, 0x3e, 0xf7, 0x63, 0xda, 0x52, 0x67, 0x44, 0x2f, 0x58},
+ {0xe4, 0x4c, 0x32, 0x20, 0xd3, 0x7b, 0x31, 0xc6, 0xc4, 0x8b, 0x48,
+ 0xa4, 0xe8, 0x42, 0x10, 0xa8, 0x64, 0x13, 0x5a, 0x4e, 0x8b, 0xf1,
+ 0x1e, 0xb2, 0xc9, 0x8d, 0xa2, 0xcd, 0x4b, 0x1c, 0x2a, 0xc},
+ },
+ {
+ {0x45, 0x69, 0xbd, 0x69, 0x48, 0x81, 0xc4, 0xed, 0x22, 0x8d, 0x1c,
+ 0xbe, 0x7d, 0x90, 0x6d, 0xd, 0xab, 0xc5, 0x5c, 0xd5, 0x12, 0xd2,
+ 0x3b, 0xc6, 0x83, 0xdc, 0x14, 0xa3, 0x30, 0x9b, 0x6a, 0x5a},
+ {0x47, 0x4, 0x1f, 0x6f, 0xd0, 0xc7, 0x4d, 0xd2, 0x59, 0xc0, 0x87,
+ 0xdb, 0x3e, 0x9e, 0x26, 0xb2, 0x8f, 0xd2, 0xb2, 0xfb, 0x72, 0x2,
+ 0x5b, 0xd1, 0x77, 0x48, 0xf6, 0xc6, 0xd1, 0x8b, 0x55, 0x7c},
+ {0x3d, 0x46, 0x96, 0xd3, 0x24, 0x15, 0xec, 0xd0, 0xf0, 0x24, 0x5a,
+ 0xc3, 0x8a, 0x62, 0xbb, 0x12, 0xa4, 0x5f, 0xbc, 0x1c, 0x79, 0x3a,
+ 0xc, 0xa5, 0xc3, 0xaf, 0xfb, 0xa, 0xca, 0xa5, 0x4, 0x4},
+ },
+ {
+ {0xd1, 0x6f, 0x41, 0x2a, 0x1b, 0x9e, 0xbc, 0x62, 0x8b, 0x59, 0x50,
+ 0xe3, 0x28, 0xf7, 0xc6, 0xb5, 0x67, 0x69, 0x5d, 0x3d, 0xd8, 0x3f,
+ 0x34, 0x4, 0x98, 0xee, 0xf8, 0xe7, 0x16, 0x75, 0x52, 0x39},
+ {0xd6, 0x43, 0xa7, 0xa, 0x7, 0x40, 0x1f, 0x8c, 0xe8, 0x5e, 0x26,
+ 0x5b, 0xcb, 0xd0, 0xba, 0xcc, 0xde, 0xd2, 0x8f, 0x66, 0x6b, 0x4,
+ 0x4b, 0x57, 0x33, 0x96, 0xdd, 0xca, 0xfd, 0x5b, 0x39, 0x46},
+ {0x9c, 0x9a, 0x5d, 0x1a, 0x2d, 0xdb, 0x7f, 0x11, 0x2a, 0x5c, 0x0,
+ 0xd1, 0xbc, 0x45, 0x77, 0x9c, 0xea, 0x6f, 0xd5, 0x54, 0xf1, 0xbe,
+ 0xd4, 0xef, 0x16, 0xd0, 0x22, 0xe8, 0x29, 0x9a, 0x57, 0x76},
+ },
+ {
+ {0xf2, 0x34, 0xb4, 0x52, 0x13, 0xb5, 0x3c, 0x33, 0xe1, 0x80, 0xde,
+ 0x93, 0x49, 0x28, 0x32, 0xd8, 0xce, 0x35, 0xd, 0x75, 0x87, 0x28,
+ 0x51, 0xb5, 0xc1, 0x77, 0x27, 0x2a, 0xbb, 0x14, 0xc5, 0x2},
+ {0x17, 0x2a, 0xc0, 0x49, 0x7e, 0x8e, 0xb6, 0x45, 0x7f, 0xa3, 0xa9,
+ 0xbc, 0xa2, 0x51, 0xcd, 0x23, 0x1b, 0x4c, 0x22, 0xec, 0x11, 0x5f,
+ 0xd6, 0x3e, 0xb1, 0xbd, 0x5, 0x9e, 0xdc, 0x84, 0xa3, 0x43},
+ {0x45, 0xb6, 0xf1, 0x8b, 0xda, 0xd5, 0x4b, 0x68, 0x53, 0x4b, 0xb5,
+ 0xf6, 0x7e, 0xd3, 0x8b, 0xfb, 0x53, 0xd2, 0xb0, 0xa9, 0xd7, 0x16,
+ 0x39, 0x31, 0x59, 0x80, 0x54, 0x61, 0x9, 0x92, 0x60, 0x11},
+ },
+ {
+ {0xcd, 0x4d, 0x9b, 0x36, 0x16, 0x56, 0x38, 0x7a, 0x63, 0x35, 0x5c,
+ 0x65, 0xa7, 0x2c, 0xc0, 0x75, 0x21, 0x80, 0xf1, 0xd4, 0xf9, 0x1b,
+ 0xc2, 0x7d, 0x42, 0xe0, 0xe6, 0x91, 0x74, 0x7d, 0x63, 0x2f},
+ {0xaa, 0xcf, 0xda, 0x29, 0x69, 0x16, 0x4d, 0xb4, 0x8f, 0x59, 0x13,
+ 0x84, 0x4c, 0x9f, 0x52, 0xda, 0x59, 0x55, 0x3d, 0x45, 0xca, 0x63,
+ 0xef, 0xe9, 0xb, 0x8e, 0x69, 0xc5, 0x5b, 0x12, 0x1e, 0x35},
+ {0xbe, 0x7b, 0xf6, 0x1a, 0x46, 0x9b, 0xb4, 0xd4, 0x61, 0x89, 0xab,
+ 0xc8, 0x7a, 0x3, 0x3, 0xd6, 0xfb, 0x99, 0xa6, 0xf9, 0x9f, 0xe1,
+ 0xde, 0x71, 0x9a, 0x2a, 0xce, 0xe7, 0x6, 0x2d, 0x18, 0x7f},
+ },
+ {
+ {0x22, 0x75, 0x21, 0x8e, 0x72, 0x4b, 0x45, 0x9, 0xd8, 0xb8, 0x84,
+ 0xd4, 0xf4, 0xe8, 0x58, 0xaa, 0x3c, 0x90, 0x46, 0x7f, 0x4d, 0x25,
+ 0x58, 0xd3, 0x17, 0x52, 0x1c, 0x24, 0x43, 0xc0, 0xac, 0x44},
+ {0xec, 0x68, 0x1, 0xab, 0x64, 0x8e, 0x7c, 0x7a, 0x43, 0xc5, 0xed,
+ 0x15, 0x55, 0x4a, 0x5a, 0xcb, 0xda, 0xe, 0xcd, 0x47, 0xd3, 0x19,
+ 0x55, 0x9, 0xb0, 0x93, 0x3e, 0x34, 0x8c, 0xac, 0xd4, 0x67},
+ {0x77, 0x57, 0x7a, 0x4f, 0xbb, 0x6b, 0x7d, 0x1c, 0xe1, 0x13, 0x83,
+ 0x91, 0xd4, 0xfe, 0x35, 0x8b, 0x84, 0x46, 0x6b, 0xc9, 0xc6, 0xa1,
+ 0xdc, 0x4a, 0xbd, 0x71, 0xad, 0x12, 0x83, 0x1c, 0x6d, 0x55},
+ },
+ {
+ {0x21, 0xe8, 0x1b, 0xb1, 0x56, 0x67, 0xf0, 0x81, 0xdd, 0xf3, 0xa3,
+ 0x10, 0x23, 0xf8, 0xaf, 0xf, 0x5d, 0x46, 0x99, 0x6a, 0x55, 0xd0,
+ 0xb2, 0xf8, 0x5, 0x7f, 0x8c, 0xcc, 0x38, 0xbe, 0x7a, 0x9},
+ {0x82, 0x39, 0x8d, 0xc, 0xe3, 0x40, 0xef, 0x17, 0x34, 0xfa, 0xa3,
+ 0x15, 0x3e, 0x7, 0xf7, 0x31, 0x6e, 0x64, 0x73, 0x7, 0xcb, 0xf3,
+ 0x21, 0x4f, 0xff, 0x4e, 0x82, 0x1d, 0x6d, 0x6c, 0x6c, 0x74},
+ {0xa4, 0x2d, 0xa5, 0x7e, 0x87, 0xc9, 0x49, 0xc, 0x43, 0x1d, 0xdc,
+ 0x9b, 0x55, 0x69, 0x43, 0x4c, 0xd2, 0xeb, 0xcc, 0xf7, 0x9, 0x38,
+ 0x2c, 0x2, 0xbd, 0x84, 0xee, 0x4b, 0xa3, 0x14, 0x7e, 0x57},
+ },
+ {
+ {0x2b, 0xd7, 0x4d, 0xbd, 0xbe, 0xce, 0xfe, 0x94, 0x11, 0x22, 0xf,
+ 0x6, 0xda, 0x4f, 0x6a, 0xf4, 0xff, 0xd1, 0xc8, 0xc0, 0x77, 0x59,
+ 0x4a, 0x12, 0x95, 0x92, 0x0, 0xfb, 0xb8, 0x4, 0x53, 0x70},
+ {0xa, 0x3b, 0xa7, 0x61, 0xac, 0x68, 0xe2, 0xf0, 0xf5, 0xa5, 0x91,
+ 0x37, 0x10, 0xfa, 0xfa, 0xf2, 0xe9, 0x0, 0x6d, 0x6b, 0x82, 0x3e,
+ 0xe1, 0xc1, 0x42, 0x8f, 0xd7, 0x6f, 0xe9, 0x7e, 0xfa, 0x60},
+ {0xc6, 0x6e, 0x29, 0x4d, 0x35, 0x1d, 0x3d, 0xb6, 0xd8, 0x31, 0xad,
+ 0x5f, 0x3e, 0x5, 0xc3, 0xf3, 0xec, 0x42, 0xbd, 0xb4, 0x8c, 0x95,
+ 0xb, 0x67, 0xfd, 0x53, 0x63, 0xa1, 0xc, 0x8e, 0x39, 0x21},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1874648163531693, 2124487685930551, 1810030029384882,
- 918400043048335, 586348627300650
-#else
- 31308717, 27934434, 31030839, 31657333, 15674546, 26971549,
- 5496207, 13685227, 27595050, 8737275
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1235084464747900, 1166111146432082, 1745394857881591,
- 1405516473883040, 4463504151617
-#else
- 46790012, 18404192, 10933842, 17376410, 8335351, 26008410,
- 36100512, 20943827, 26498113, 66511
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1663810156463827, 327797390285791, 1341846161759410,
- 1964121122800605, 1747470312055380
-#else
- 22644435, 24792703, 50437087, 4884561, 64003250, 19995065,
- 30540765, 29267685, 53781076, 26039336
-#endif
- }},
+ {0x1, 0x56, 0xb7, 0xb4, 0xf9, 0xaa, 0x98, 0x27, 0x72, 0xad, 0x8d,
+ 0x5c, 0x13, 0x72, 0xac, 0x5e, 0x23, 0xa0, 0xb7, 0x61, 0x61, 0xaa,
+ 0xce, 0xd2, 0x4e, 0x7d, 0x8f, 0xe9, 0x84, 0xb2, 0xbf, 0x1b},
+ {0xf3, 0x33, 0x2b, 0x38, 0x8a, 0x5, 0xf5, 0x89, 0xb4, 0xc0, 0x48,
+ 0xad, 0xb, 0xba, 0xe2, 0x5a, 0x6e, 0xb3, 0x3d, 0xa5, 0x3, 0xb5,
+ 0x93, 0x8f, 0xe6, 0x32, 0xa2, 0x95, 0x9d, 0xed, 0xa3, 0x5a},
+ {0x61, 0x65, 0xd9, 0xc7, 0xe9, 0x77, 0x67, 0x65, 0x36, 0x80, 0xc7,
+ 0x72, 0x54, 0x12, 0x2b, 0xcb, 0xee, 0x6e, 0x50, 0xd9, 0x99, 0x32,
+ 0x5, 0x65, 0xcc, 0x57, 0x89, 0x5e, 0x4e, 0xe1, 0x7, 0x4a},
+ },
+ {
+ {0x9b, 0xa4, 0x77, 0xc4, 0xcd, 0x58, 0xb, 0x24, 0x17, 0xf0, 0x47,
+ 0x64, 0xde, 0xda, 0x38, 0xfd, 0xad, 0x6a, 0xc8, 0xa7, 0x32, 0x8d,
+ 0x92, 0x19, 0x81, 0xa0, 0xaf, 0x84, 0xed, 0x7a, 0xaf, 0x50},
+ {0x99, 0xf9, 0xd, 0x98, 0xcb, 0x12, 0xe4, 0x4e, 0x71, 0xc7, 0x6e,
+ 0x3c, 0x6f, 0xd7, 0x15, 0xa3, 0xfd, 0x77, 0x5c, 0x92, 0xde, 0xed,
+ 0xa5, 0xbb, 0x2, 0x34, 0x31, 0x1d, 0x39, 0xac, 0xb, 0x3f},
+ {0xe5, 0x5b, 0xf6, 0x15, 0x1, 0xde, 0x4f, 0x6e, 0xb2, 0x9, 0x61,
+ 0x21, 0x21, 0x26, 0x98, 0x29, 0xd9, 0xd6, 0xad, 0xb, 0x81, 0x5,
+ 0x2, 0x78, 0x6, 0xd0, 0xeb, 0xba, 0x16, 0xa3, 0x21, 0x19},
+ },
+ {
+ {0x8b, 0xc1, 0xf3, 0xd9, 0x9a, 0xad, 0x5a, 0xd7, 0x9c, 0xc1, 0xb1,
+ 0x60, 0xef, 0xe, 0x6a, 0x56, 0xd9, 0xe, 0x5c, 0x25, 0xac, 0xb,
+ 0x9a, 0x3e, 0xf5, 0xc7, 0x62, 0xa0, 0xec, 0x9d, 0x4, 0x7b},
+ {0xfc, 0x70, 0xb8, 0xdf, 0x7e, 0x2f, 0x42, 0x89, 0xbd, 0xb3, 0x76,
+ 0x4f, 0xeb, 0x6b, 0x29, 0x2c, 0xf7, 0x4d, 0xc2, 0x36, 0xd4, 0xf1,
+ 0x38, 0x7, 0xb0, 0xae, 0x73, 0xe2, 0x41, 0xdf, 0x58, 0x64},
+ {0x83, 0x44, 0x44, 0x35, 0x7a, 0xe3, 0xcb, 0xdc, 0x93, 0xbe, 0xed,
+ 0xf, 0x33, 0x79, 0x88, 0x75, 0x87, 0xdd, 0xc5, 0x12, 0xc3, 0x4,
+ 0x60, 0x78, 0x64, 0xe, 0x95, 0xc2, 0xcb, 0xdc, 0x93, 0x60},
+ },
+ {
+ {0x4b, 0x3, 0x84, 0x60, 0xbe, 0xee, 0xde, 0x6b, 0x54, 0xb8, 0xf,
+ 0x78, 0xb6, 0xc2, 0x99, 0x31, 0x95, 0x6, 0x2d, 0xb6, 0xab, 0x76,
+ 0x33, 0x97, 0x90, 0x7d, 0x64, 0x8b, 0xc9, 0x80, 0x31, 0x6e},
+ {0x6d, 0x70, 0xe0, 0x85, 0x85, 0x9a, 0xf3, 0x1f, 0x33, 0x39, 0xe7,
+ 0xb3, 0xd8, 0xa5, 0xd0, 0x36, 0x3b, 0x45, 0x8f, 0x71, 0xe1, 0xf2,
+ 0xb9, 0x43, 0x7c, 0xa9, 0x27, 0x48, 0x8, 0xea, 0xd1, 0x57},
+ {0x71, 0xb0, 0x28, 0xa1, 0xe7, 0xb6, 0x7a, 0xee, 0xaa, 0x8b, 0xa8,
+ 0x93, 0x6d, 0x59, 0xc1, 0xa4, 0x30, 0x61, 0x21, 0xb2, 0x82, 0xde,
+ 0xb4, 0xf7, 0x18, 0xbd, 0x97, 0xdd, 0x9d, 0x99, 0x3e, 0x36},
+ },
+ {
+ {0xc6, 0xae, 0x4b, 0xe2, 0xdc, 0x48, 0x18, 0x2f, 0x60, 0xaf, 0xbc,
+ 0xba, 0x55, 0x72, 0x9b, 0x76, 0x31, 0xe9, 0xef, 0x3c, 0x6e, 0x3c,
+ 0xcb, 0x90, 0x55, 0xb3, 0xf9, 0xc6, 0x9b, 0x97, 0x1f, 0x23},
+ {0xc4, 0x1f, 0xee, 0x35, 0xc1, 0x43, 0xa8, 0x96, 0xcf, 0xc8, 0xe4,
+ 0x8, 0x55, 0xb3, 0x6e, 0x97, 0x30, 0xd3, 0x8c, 0xb5, 0x1, 0x68,
+ 0x2f, 0xb4, 0x2b, 0x5, 0x3a, 0x69, 0x78, 0x9b, 0xee, 0x48},
+ {0xc6, 0xf3, 0x2a, 0xcc, 0x4b, 0xde, 0x31, 0x5c, 0x1f, 0x8d, 0x20,
+ 0xfe, 0x30, 0xb0, 0x4b, 0xb0, 0x66, 0xb4, 0x4f, 0xc1, 0x9, 0x70,
+ 0x8d, 0xb7, 0x13, 0x24, 0x79, 0x8, 0x9b, 0xfa, 0x9b, 0x7},
+ },
+ {
+ {0x45, 0x42, 0xd5, 0xa2, 0x80, 0xed, 0xc9, 0xf3, 0x52, 0x39, 0xf6,
+ 0x77, 0x78, 0x8b, 0xa0, 0xa, 0x75, 0x54, 0x8, 0xd1, 0x63, 0xac,
+ 0x6d, 0xd7, 0x6b, 0x63, 0x70, 0x94, 0x15, 0xfb, 0xf4, 0x1e},
+ {0xf4, 0xd, 0x30, 0xda, 0x51, 0x3a, 0x90, 0xe3, 0xb0, 0x5a, 0xa9,
+ 0x3d, 0x23, 0x64, 0x39, 0x84, 0x80, 0x64, 0x35, 0xb, 0x2d, 0xf1,
+ 0x3c, 0xed, 0x94, 0x71, 0x81, 0x84, 0xf6, 0x77, 0x8c, 0x3},
+ {0xec, 0x7b, 0x16, 0x5b, 0xe6, 0x5e, 0x4e, 0x85, 0xc2, 0xcd, 0xd0,
+ 0x96, 0x42, 0xa, 0x59, 0x59, 0x99, 0x21, 0x10, 0x98, 0x34, 0xdf,
+ 0xb2, 0x72, 0x56, 0xff, 0xb, 0x4a, 0x2a, 0xe9, 0x5e, 0x57},
+ },
+ {
+ {0x1, 0xd8, 0xa4, 0xa, 0x45, 0xbc, 0x46, 0x5d, 0xd8, 0xb9, 0x33,
+ 0xa5, 0x27, 0x12, 0xaf, 0xc3, 0xc2, 0x6, 0x89, 0x2b, 0x26, 0x3b,
+ 0x9e, 0x38, 0x1b, 0x58, 0x2f, 0x38, 0x7e, 0x1e, 0xa, 0x20},
+ {0xcf, 0x2f, 0x18, 0x8a, 0x90, 0x80, 0xc0, 0xd4, 0xbd, 0x9d, 0x48,
+ 0x99, 0xc2, 0x70, 0xe1, 0x30, 0xde, 0x33, 0xf7, 0x52, 0x57, 0xbd,
+ 0xba, 0x5, 0x0, 0xfd, 0xd3, 0x2c, 0x11, 0xe7, 0xd4, 0x43},
+ {0xc5, 0x3a, 0xf9, 0xea, 0x67, 0xb9, 0x8d, 0x51, 0xc0, 0x52, 0x66,
+ 0x5, 0x9b, 0x98, 0xbc, 0x71, 0xf5, 0x97, 0x71, 0x56, 0xd9, 0x85,
+ 0x2b, 0xfe, 0x38, 0x4e, 0x1e, 0x65, 0x52, 0xca, 0xe, 0x5},
+ },
+ {
+ {0xea, 0x68, 0xe6, 0x60, 0x76, 0x39, 0xac, 0x97, 0x97, 0xb4, 0x3a,
+ 0x15, 0xfe, 0xbb, 0x19, 0x9b, 0x9f, 0xa7, 0xec, 0x34, 0xb5, 0x79,
+ 0xb1, 0x4c, 0x57, 0xae, 0x31, 0xa1, 0x9f, 0xc0, 0x51, 0x61},
+ {0x9c, 0xc, 0x3f, 0x45, 0xde, 0x1a, 0x43, 0xc3, 0x9b, 0x3b, 0x70,
+ 0xff, 0x5e, 0x4, 0xf5, 0xe9, 0x3d, 0x7b, 0x84, 0xed, 0xc9, 0x7a,
+ 0xd9, 0xfc, 0xc6, 0xf4, 0x58, 0x1c, 0xc2, 0xe6, 0xe, 0x4b},
+ {0x96, 0x5d, 0xf0, 0xfd, 0xd, 0x5c, 0xf5, 0x3a, 0x7a, 0xee, 0xb4,
+ 0x2a, 0xe0, 0x2e, 0x26, 0xdd, 0x9, 0x17, 0x17, 0x12, 0x87, 0xbb,
+ 0xb2, 0x11, 0xb, 0x3, 0xf, 0x80, 0xfa, 0x24, 0xef, 0x1f},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 660005247548233, 2071860029952887, 1358748199950107,
- 911703252219107, 1014379923023831
-#else
- 39091017, 9834844, 18617207, 30873120, 63706907, 20246925,
- 8205539, 13585437, 49981399, 15115438
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2206641276178231, 1690587809721504, 1600173622825126,
- 2156096097634421, 1106822408548216
-#else
- 23711543, 32881517, 31206560, 25191721, 6164646, 23844445,
- 33572981, 32128335, 8236920, 16492939
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1344788193552206, 1949552134239140, 1735915881729557,
- 675891104100469, 1834220014427292
-#else
- 43198286, 20038905, 40809380, 29050590, 25005589, 25867162,
- 19574901, 10071562, 6708380, 27332008
-#endif
- }},
+ {0x86, 0x6b, 0x97, 0x30, 0xf5, 0xaf, 0xd2, 0x22, 0x4, 0x46, 0xd2,
+ 0xc2, 0x6, 0xb8, 0x90, 0x8d, 0xe5, 0xba, 0xe5, 0x4d, 0x6c, 0x89,
+ 0xa1, 0xdc, 0x17, 0xc, 0x34, 0xc8, 0xe6, 0x5f, 0x0, 0x28},
+ {0x96, 0x31, 0xa7, 0x1a, 0xfb, 0x53, 0xd6, 0x37, 0x18, 0x64, 0xd7,
+ 0x3f, 0x30, 0x95, 0x94, 0xf, 0xb2, 0x17, 0x3a, 0xfb, 0x9, 0xb,
+ 0x20, 0xad, 0x3e, 0x61, 0xc8, 0x2f, 0x29, 0x49, 0x4d, 0x54},
+ {0x88, 0x86, 0x52, 0x34, 0x9f, 0xba, 0xef, 0x6a, 0xa1, 0x7d, 0x10,
+ 0x25, 0x94, 0xff, 0x1b, 0x5c, 0x36, 0x4b, 0xd9, 0x66, 0xcd, 0xbb,
+ 0x5b, 0xf7, 0xfa, 0x6d, 0x31, 0xf, 0x93, 0x72, 0xe4, 0x72},
+ },
+ {
+ {0x27, 0x76, 0x2a, 0xd3, 0x35, 0xf6, 0xf3, 0x7, 0xf0, 0x66, 0x65,
+ 0x5f, 0x86, 0x4d, 0xaa, 0x7a, 0x50, 0x44, 0xd0, 0x28, 0x97, 0xe7,
+ 0x85, 0x3c, 0x38, 0x64, 0xe0, 0xf, 0x0, 0x7f, 0xee, 0x1f},
+ {0x4f, 0x8, 0x81, 0x97, 0x8c, 0x20, 0x95, 0x26, 0xe1, 0xe, 0x45,
+ 0x23, 0xb, 0x2a, 0x50, 0xb1, 0x2, 0xde, 0xef, 0x3, 0xa6, 0xae,
+ 0x9d, 0xfd, 0x4c, 0xa3, 0x33, 0x27, 0x8c, 0x2e, 0x9d, 0x5a},
+ {0xe5, 0xf7, 0xdb, 0x3, 0xda, 0x5, 0x53, 0x76, 0xbd, 0xcd, 0x34,
+ 0x14, 0x49, 0xf2, 0xda, 0xa4, 0xec, 0x88, 0x4a, 0xd2, 0xcd, 0xd5,
+ 0x4a, 0x7b, 0x43, 0x5, 0x4, 0xee, 0x51, 0x40, 0xf9, 0x0},
+ },
+ {
+ {0x53, 0x97, 0xaf, 0x7, 0xbb, 0x93, 0xef, 0xd7, 0xa7, 0x66, 0xb7,
+ 0x3d, 0xcf, 0xd0, 0x3e, 0x58, 0xc5, 0x1e, 0xb, 0x6e, 0xbf, 0x98,
+ 0x69, 0xce, 0x52, 0x4, 0xd4, 0x5d, 0xd2, 0xff, 0xb7, 0x47},
+ {0xb2, 0x30, 0xd3, 0xc3, 0x23, 0x6b, 0x35, 0x8d, 0x6, 0x1b, 0x47,
+ 0xb0, 0x9b, 0x8b, 0x1c, 0xf2, 0x3c, 0xb8, 0x42, 0x6e, 0x6c, 0x31,
+ 0x6c, 0xb3, 0xd, 0xb1, 0xea, 0x8b, 0x7e, 0x9c, 0xd7, 0x7},
+ {0x12, 0xdd, 0x8, 0xbc, 0x9c, 0xfb, 0xfb, 0x87, 0x9b, 0xc2, 0xee,
+ 0xe1, 0x3a, 0x6b, 0x6, 0x8a, 0xbf, 0xc1, 0x1f, 0xdb, 0x2b, 0x24,
+ 0x57, 0xd, 0xb6, 0x4b, 0xa6, 0x5e, 0xa3, 0x20, 0x35, 0x1c},
+ },
+ {
+ {0x59, 0xc0, 0x6b, 0x21, 0x40, 0x6f, 0xa8, 0xcd, 0x7e, 0xd8, 0xbc,
+ 0x12, 0x1d, 0x23, 0xbb, 0x1f, 0x90, 0x9, 0xc7, 0x17, 0x9e, 0x6a,
+ 0x95, 0xb4, 0x55, 0x2e, 0xd1, 0x66, 0x3b, 0xc, 0x75, 0x38},
+ {0x4a, 0xa3, 0xcb, 0xbc, 0xa6, 0x53, 0xd2, 0x80, 0x9b, 0x21, 0x38,
+ 0x38, 0xa1, 0xc3, 0x61, 0x3e, 0x96, 0xe3, 0x82, 0x98, 0x1, 0xb6,
+ 0xc3, 0x90, 0x6f, 0xe6, 0xe, 0x5d, 0x77, 0x5, 0x3d, 0x1c},
+ {0x1a, 0xe5, 0x22, 0x94, 0x40, 0xf1, 0x2e, 0x69, 0x71, 0xf6, 0x5d,
+ 0x2b, 0x3c, 0xc7, 0xc0, 0xcb, 0x29, 0xe0, 0x4c, 0x74, 0xe7, 0x4f,
+ 0x1, 0x21, 0x7c, 0x48, 0x30, 0xd3, 0xc7, 0xe2, 0x21, 0x6},
+ },
+ {
+ {0xf3, 0xf0, 0xdb, 0xb0, 0x96, 0x17, 0xae, 0xb7, 0x96, 0xe1, 0x7c,
+ 0xe1, 0xb9, 0xaf, 0xdf, 0x54, 0xb4, 0xa3, 0xaa, 0xe9, 0x71, 0x30,
+ 0x92, 0x25, 0x9d, 0x2e, 0x0, 0xa1, 0x9c, 0x58, 0x8e, 0x5d},
+ {0x8d, 0x83, 0x59, 0x82, 0xcc, 0x60, 0x98, 0xaf, 0xdc, 0x9a, 0x9f,
+ 0xc6, 0xc1, 0x48, 0xea, 0x90, 0x30, 0x1e, 0x58, 0x65, 0x37, 0x48,
+ 0x26, 0x65, 0xbc, 0xa5, 0xd3, 0x7b, 0x9, 0xd6, 0x7, 0x0},
+ {0x4b, 0xa9, 0x42, 0x8, 0x95, 0x1d, 0xbf, 0xc0, 0x3e, 0x2e, 0x8f,
+ 0x58, 0x63, 0xc3, 0xd3, 0xb2, 0xef, 0xe2, 0x51, 0xbb, 0x38, 0x14,
+ 0x96, 0xa, 0x86, 0xbf, 0x1c, 0x3c, 0x78, 0xd7, 0x83, 0x15},
+ },
+ {
+ {0xc7, 0x28, 0x9d, 0xcc, 0x4, 0x47, 0x3, 0x90, 0x8f, 0xc5, 0x2c,
+ 0xf7, 0x9e, 0x67, 0x1b, 0x1d, 0x26, 0x87, 0x5b, 0xbe, 0x5f, 0x2b,
+ 0xe1, 0x16, 0xa, 0x58, 0xc5, 0x83, 0x4e, 0x6, 0x58, 0x49},
+ {0xe1, 0x7a, 0xa2, 0x5d, 0xef, 0xa2, 0xee, 0xec, 0x74, 0x1, 0x67,
+ 0x55, 0x14, 0x3a, 0x7c, 0x59, 0x7a, 0x16, 0x9, 0x66, 0x12, 0x2a,
+ 0xa6, 0xc9, 0x70, 0x8f, 0xed, 0x81, 0x2e, 0x5f, 0x2a, 0x25},
+ {0xd, 0xe8, 0x66, 0x50, 0x26, 0x94, 0x28, 0xd, 0x6b, 0x8c, 0x7c,
+ 0x30, 0x85, 0xf7, 0xc3, 0xfc, 0xfd, 0x12, 0x11, 0xc, 0x78, 0xda,
+ 0x53, 0x1b, 0x88, 0xb3, 0x43, 0xd8, 0xb, 0x17, 0x9c, 0x7},
+ },
+ {
+ {0x56, 0xd0, 0xd5, 0xc0, 0x50, 0xcd, 0xd6, 0xcd, 0x3b, 0x57, 0x3,
+ 0xbb, 0x6d, 0x68, 0xf7, 0x9a, 0x48, 0xef, 0xc3, 0xf3, 0x3f, 0x72,
+ 0xa6, 0x3c, 0xcc, 0x8a, 0x7b, 0x31, 0xd7, 0xc0, 0x68, 0x67},
+ {0xff, 0x6f, 0xfa, 0x64, 0xe4, 0xec, 0x6, 0x5, 0x23, 0xe5, 0x5,
+ 0x62, 0x1e, 0x43, 0xe3, 0xbe, 0x42, 0xea, 0xb8, 0x51, 0x24, 0x42,
+ 0x79, 0x35, 0x0, 0xfb, 0xc9, 0x4a, 0xe3, 0x5, 0xec, 0x6d},
+ {0xb3, 0xc1, 0x55, 0xf1, 0xe5, 0x25, 0xb6, 0x94, 0x91, 0x7b, 0x7b,
+ 0x99, 0xa7, 0xf3, 0x7b, 0x41, 0x0, 0x26, 0x6b, 0x6d, 0xdc, 0xbd,
+ 0x2c, 0xc2, 0xf4, 0x52, 0xcd, 0xdd, 0x14, 0x5e, 0x44, 0x51},
+ },
+ {
+ {0x55, 0xa4, 0xbe, 0x2b, 0xab, 0x47, 0x31, 0x89, 0x29, 0x91, 0x7,
+ 0x92, 0x4f, 0xa2, 0x53, 0x8c, 0xa7, 0xf7, 0x30, 0xbe, 0x48, 0xf9,
+ 0x49, 0x4b, 0x3d, 0xd4, 0x4f, 0x6e, 0x8, 0x90, 0xe9, 0x12},
+ {0x51, 0x49, 0x14, 0x3b, 0x4b, 0x2b, 0x50, 0x57, 0xb3, 0xbc, 0x4b,
+ 0x44, 0x6b, 0xff, 0x67, 0x8e, 0xdb, 0x85, 0x63, 0x16, 0x27, 0x69,
+ 0xbd, 0xb8, 0xc8, 0x95, 0x92, 0xe3, 0x31, 0x6f, 0x18, 0x13},
+ {0x2e, 0xbb, 0xdf, 0x7f, 0xb3, 0x96, 0xc, 0xf1, 0xf9, 0xea, 0x1c,
+ 0x12, 0x5e, 0x93, 0x9a, 0x9f, 0x3f, 0x98, 0x5b, 0x3a, 0xc4, 0x36,
+ 0x11, 0xdf, 0xaf, 0x99, 0x3e, 0x5d, 0xf0, 0xe3, 0xb2, 0x77},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1920949492387964, 158885288387530, 70308263664033,
- 626038464897817, 1468081726101009
-#else
- 2101372, 28624378, 19702730, 2367575, 51681697, 1047674,
- 5301017, 9328700, 29955601, 21876122
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 622221042073383, 1210146474039168, 1742246422343683,
- 1403839361379025, 417189490895736
-#else
- 3096359, 9271816, 45488000, 18032587, 52260867, 25961494,
- 41216721, 20918836, 57191288, 6216607
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 22727256592983, 168471543384997, 1324340989803650,
- 1839310709638189, 504999476432775
-#else
- 34493015, 338662, 41913253, 2510421, 37895298, 19734218,
- 24822829, 27407865, 40341383, 7525078
-#endif
- }},
+ {0xa4, 0xb0, 0xdd, 0x12, 0x9c, 0x63, 0x98, 0xd5, 0x6b, 0x86, 0x24,
+ 0xc0, 0x30, 0x9f, 0xd1, 0xa5, 0x60, 0xe4, 0xfc, 0x58, 0x3, 0x2f,
+ 0x7c, 0xd1, 0x8a, 0x5e, 0x9, 0x2e, 0x15, 0x95, 0xa1, 0x7},
+ {0xde, 0xc4, 0x2e, 0x9c, 0xc5, 0xa9, 0x6f, 0x29, 0xcb, 0xf3, 0x84,
+ 0x4f, 0xbf, 0x61, 0x8b, 0xbc, 0x8, 0xf9, 0xa8, 0x17, 0xd9, 0x6,
+ 0x77, 0x1c, 0x5d, 0x25, 0xd3, 0x7a, 0xfc, 0x95, 0xb7, 0x63},
+ {0xc8, 0x5f, 0x9e, 0x38, 0x2, 0x8f, 0x36, 0xa8, 0x3b, 0xe4, 0x8d,
+ 0xcf, 0x2, 0x3b, 0x43, 0x90, 0x43, 0x26, 0x41, 0xc5, 0x5d, 0xfd,
+ 0xa1, 0xaf, 0x37, 0x1, 0x2f, 0x3, 0x3d, 0xe8, 0x8f, 0x3e},
+ },
+ {
+ {0x3c, 0xd1, 0xef, 0xe8, 0x8d, 0x4c, 0x70, 0x8, 0x31, 0x37, 0xe0,
+ 0x33, 0x8e, 0x1a, 0xc5, 0xdf, 0xe3, 0xcd, 0x60, 0x12, 0xa5, 0x5d,
+ 0x9d, 0xa5, 0x86, 0x8c, 0x25, 0xa6, 0x99, 0x8, 0xd6, 0x22},
+ {0x94, 0xa2, 0x70, 0x5, 0xb9, 0x15, 0x8b, 0x2f, 0x49, 0x45, 0x8,
+ 0x67, 0x70, 0x42, 0xf2, 0x94, 0x84, 0xfd, 0xbb, 0x61, 0xe1, 0x5a,
+ 0x1c, 0xde, 0x7, 0x40, 0xac, 0x7f, 0x79, 0x3b, 0xba, 0x75},
+ {0x96, 0xd1, 0xcd, 0x70, 0xc0, 0xdb, 0x39, 0x62, 0x9a, 0x8a, 0x7d,
+ 0x6c, 0x8b, 0x8a, 0xfe, 0x60, 0x60, 0x12, 0x40, 0xeb, 0xbc, 0x47,
+ 0x88, 0xb3, 0x5e, 0x9e, 0x77, 0x87, 0x7b, 0xd0, 0x4, 0x9},
+ },
+ {
+ {0xb9, 0x40, 0xf9, 0x48, 0x66, 0x2d, 0x32, 0xf4, 0x39, 0xc, 0x2d,
+ 0xbd, 0xc, 0x2f, 0x95, 0x6, 0x31, 0xf9, 0x81, 0xa0, 0xad, 0x97,
+ 0x76, 0x16, 0x6c, 0x2a, 0xf7, 0xba, 0xce, 0xaa, 0x40, 0x62},
+ {0x9c, 0x91, 0xba, 0xdd, 0xd4, 0x1f, 0xce, 0xb4, 0xaa, 0x8d, 0x4c,
+ 0xc7, 0x3e, 0xdb, 0x31, 0xcf, 0x51, 0xcc, 0x86, 0xad, 0x63, 0xcc,
+ 0x63, 0x2c, 0x7, 0xde, 0x1d, 0xbc, 0x3f, 0x14, 0xe2, 0x43},
+ {0xa0, 0x95, 0xa2, 0x5b, 0x9c, 0x74, 0x34, 0xf8, 0x5a, 0xd2, 0x37,
+ 0xca, 0x5b, 0x7c, 0x94, 0xd6, 0x6a, 0x31, 0xc9, 0xe7, 0xa7, 0x3b,
+ 0xf1, 0x66, 0xac, 0xc, 0xb4, 0x8d, 0x23, 0xaf, 0xbd, 0x56},
+ },
+ {
+ {0xb2, 0x3b, 0x9d, 0xc1, 0x6c, 0xd3, 0x10, 0x13, 0xb9, 0x86, 0x23,
+ 0x62, 0xb7, 0x6b, 0x2a, 0x6, 0x5c, 0x4f, 0xa1, 0xd7, 0x91, 0x85,
+ 0x9b, 0x7c, 0x54, 0x57, 0x1e, 0x7e, 0x50, 0x31, 0xaa, 0x3},
+ {0xeb, 0x33, 0x35, 0xf5, 0xe3, 0xb9, 0x2a, 0x36, 0x40, 0x3d, 0xb9,
+ 0x6e, 0xd5, 0x68, 0x85, 0x33, 0x72, 0x55, 0x5a, 0x1d, 0x52, 0x14,
+ 0xe, 0x9e, 0x18, 0x13, 0x74, 0x83, 0x6d, 0xa8, 0x24, 0x1d},
+ {0x1f, 0xce, 0xd4, 0xff, 0x48, 0x76, 0xec, 0xf4, 0x1c, 0x8c, 0xac,
+ 0x54, 0xf0, 0xea, 0x45, 0xe0, 0x7c, 0x35, 0x9, 0x1d, 0x82, 0x25,
+ 0xd2, 0x88, 0x59, 0x48, 0xeb, 0x9a, 0xdc, 0x61, 0xb2, 0x43},
+ },
+ {
+ {0x64, 0x13, 0x95, 0x6c, 0x8b, 0x3d, 0x51, 0x19, 0x7b, 0xf4, 0xb,
+ 0x0, 0x26, 0x71, 0xfe, 0x94, 0x67, 0x95, 0x4f, 0xd5, 0xdd, 0x10,
+ 0x8d, 0x2, 0x64, 0x9, 0x94, 0x42, 0xe2, 0xd5, 0xb4, 0x2},
+ {0xbb, 0x79, 0xbb, 0x88, 0x19, 0x1e, 0x5b, 0xe5, 0x9d, 0x35, 0x7a,
+ 0xc1, 0x7d, 0xd0, 0x9e, 0xa0, 0x33, 0xea, 0x3d, 0x60, 0xe2, 0x2e,
+ 0x2c, 0xb0, 0xc2, 0x6b, 0x27, 0x5b, 0xcf, 0x55, 0x60, 0x32},
+ {0xf2, 0x8d, 0xd1, 0x28, 0xcb, 0x55, 0xa1, 0xb4, 0x8, 0xe5, 0x6c,
+ 0x18, 0x46, 0x46, 0xcc, 0xea, 0x89, 0x43, 0x82, 0x6c, 0x93, 0xf4,
+ 0x9c, 0xc4, 0x10, 0x34, 0x5d, 0xae, 0x9, 0xc8, 0xa6, 0x27},
+ },
+ {
+ {0x54, 0x69, 0x3d, 0xc4, 0xa, 0x27, 0x2c, 0xcd, 0xb2, 0xca, 0x66,
+ 0x6a, 0x57, 0x3e, 0x4a, 0xdd, 0x6c, 0x3, 0xd7, 0x69, 0x24, 0x59,
+ 0xfa, 0x79, 0x99, 0x25, 0x8c, 0x3d, 0x60, 0x3, 0x15, 0x22},
+ {0x88, 0xb1, 0xd, 0x1f, 0xcd, 0xeb, 0xa6, 0x8b, 0xe8, 0x5b, 0x5a,
+ 0x67, 0x3a, 0xd7, 0xd3, 0x37, 0x5a, 0x58, 0xf5, 0x15, 0xa3, 0xdf,
+ 0x2e, 0xf2, 0x7e, 0xa1, 0x60, 0xff, 0x74, 0x71, 0xb6, 0x2c},
+ {0xd0, 0xe1, 0xb, 0x39, 0xf9, 0xcd, 0xee, 0x59, 0xf1, 0xe3, 0x8c,
+ 0x72, 0x44, 0x20, 0x42, 0xa9, 0xf4, 0xf0, 0x94, 0x7a, 0x66, 0x1c,
+ 0x89, 0x82, 0x36, 0xf4, 0x90, 0x38, 0xb7, 0xf4, 0x1d, 0x7b},
+ },
+ {
+ {0x8c, 0xf5, 0xf8, 0x7, 0x18, 0x22, 0x2e, 0x5f, 0xd4, 0x9, 0x94,
+ 0xd4, 0x9f, 0x5c, 0x55, 0xe3, 0x30, 0xa6, 0xb6, 0x1f, 0x8d, 0xa8,
+ 0xaa, 0xb2, 0x3d, 0xe0, 0x52, 0xd3, 0x45, 0x82, 0x69, 0x68},
+ {0x24, 0xa2, 0xb2, 0xb3, 0xe0, 0xf2, 0x92, 0xe4, 0x60, 0x11, 0x55,
+ 0x2b, 0x6, 0x9e, 0x6c, 0x7c, 0xe, 0x7b, 0x7f, 0xd, 0xe2, 0x8f,
+ 0xeb, 0x15, 0x92, 0x59, 0xfc, 0x58, 0x26, 0xef, 0xfc, 0x61},
+ {0x7a, 0x18, 0x18, 0x2a, 0x85, 0x5d, 0xb1, 0xdb, 0xd7, 0xac, 0xdd,
+ 0x86, 0xd3, 0xaa, 0xe4, 0xf3, 0x82, 0xc4, 0xf6, 0xf, 0x81, 0xe2,
+ 0xba, 0x44, 0xcf, 0x1, 0xaf, 0x3d, 0x47, 0x4c, 0xcf, 0x46},
+ },
+ {
+ {0x40, 0x81, 0x49, 0xf1, 0xa7, 0x6e, 0x3c, 0x21, 0x54, 0x48, 0x2b,
+ 0x39, 0xf8, 0x7e, 0x1e, 0x7c, 0xba, 0xce, 0x29, 0x56, 0x8c, 0xc3,
+ 0x88, 0x24, 0xbb, 0xc5, 0x8c, 0xd, 0xe5, 0xaa, 0x65, 0x10},
+ {0xf9, 0xe5, 0xc4, 0x9e, 0xed, 0x25, 0x65, 0x42, 0x3, 0x33, 0x90,
+ 0x16, 0x1, 0xda, 0x5e, 0xe, 0xdc, 0xca, 0xe5, 0xcb, 0xf2, 0xa7,
+ 0xb1, 0x72, 0x40, 0x5f, 0xeb, 0x14, 0xcd, 0x7b, 0x38, 0x29},
+ {0x57, 0xd, 0x20, 0xdf, 0x25, 0x45, 0x2c, 0x1c, 0x4a, 0x67, 0xca,
+ 0xbf, 0xd6, 0x2d, 0x3b, 0x5c, 0x30, 0x40, 0x83, 0xe1, 0xb1, 0xe7,
+ 0x7, 0xa, 0x16, 0xe7, 0x1c, 0x4f, 0xe6, 0x98, 0xa1, 0x69},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1313240518756327, 1721896294296942, 52263574587266,
- 2065069734239232, 804910473424630
-#else
- 44042215, 19568808, 16133486, 25658254, 63719298, 778787,
- 66198528, 30771936, 47722230, 11994100
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1337466662091884, 1287645354669772, 2018019646776184,
- 652181229374245, 898011753211715
-#else
- 21691500, 19929806, 66467532, 19187410, 3285880, 30070836,
- 42044197, 9718257, 59631427, 13381417
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1969792547910734, 779969968247557, 2011350094423418,
- 1823964252907487, 1058949448296945
-#else
- 18445390, 29352196, 14979845, 11622458, 65381754, 29971451,
- 23111647, 27179185, 28535281, 15779576
-#endif
- }},
+ {0xed, 0xca, 0xc5, 0xdc, 0x34, 0x44, 0x1, 0xe1, 0x33, 0xfb, 0x84,
+ 0x3c, 0x96, 0x5d, 0xed, 0x47, 0xe7, 0xa0, 0x86, 0xed, 0x76, 0x95,
+ 0x1, 0x70, 0xe4, 0xf9, 0x67, 0xd2, 0x7b, 0x69, 0xb2, 0x25},
+ {0xbc, 0x78, 0x1a, 0xd9, 0xe0, 0xb2, 0x62, 0x90, 0x67, 0x96, 0x50,
+ 0xc8, 0x9c, 0x88, 0xc9, 0x47, 0xb8, 0x70, 0x50, 0x40, 0x66, 0x4a,
+ 0xf5, 0x9d, 0xbf, 0xa1, 0x93, 0x24, 0xa9, 0xe6, 0x69, 0x73},
+ {0x64, 0x68, 0x98, 0x13, 0xfb, 0x3f, 0x67, 0x9d, 0xb8, 0xc7, 0x5d,
+ 0x41, 0xd9, 0xfb, 0xa5, 0x3c, 0x5e, 0x3b, 0x27, 0xdf, 0x3b, 0xcc,
+ 0x4e, 0xe0, 0xd2, 0x4c, 0x4e, 0xb5, 0x3d, 0x68, 0x20, 0x14},
+ },
+ {
+ {0xd0, 0x5a, 0xcc, 0xc1, 0x6f, 0xbb, 0xee, 0x34, 0x8b, 0xac, 0x46,
+ 0x96, 0xe9, 0xc, 0x1b, 0x6a, 0x53, 0xde, 0x6b, 0xa6, 0x49, 0xda,
+ 0xb0, 0xd3, 0xc1, 0x81, 0xd0, 0x61, 0x41, 0x3b, 0xe8, 0x31},
+ {0x97, 0xd1, 0x9d, 0x24, 0x1e, 0xbd, 0x78, 0xb4, 0x2, 0xc1, 0x58,
+ 0x5e, 0x0, 0x35, 0xc, 0x62, 0x5c, 0xac, 0xba, 0xcc, 0x2f, 0xd3,
+ 0x2, 0xfb, 0x2d, 0xa7, 0x8, 0xf5, 0xeb, 0x3b, 0xb6, 0x60},
+ {0x4f, 0x2b, 0x6, 0x9e, 0x12, 0xc7, 0xe8, 0x97, 0xd8, 0xa, 0x32,
+ 0x29, 0x4f, 0x8f, 0xe4, 0x49, 0x3f, 0x68, 0x18, 0x6f, 0x4b, 0xe1,
+ 0xec, 0x5b, 0x17, 0x3, 0x55, 0x2d, 0xb6, 0x1e, 0xcf, 0x55},
+ },
+ {
+ {0x52, 0x8c, 0xf5, 0x7d, 0xe3, 0xb5, 0x76, 0x30, 0x36, 0xcc, 0x99,
+ 0xe7, 0xdd, 0xb9, 0x3a, 0xd7, 0x20, 0xee, 0x13, 0x49, 0xe3, 0x1c,
+ 0x83, 0xbd, 0x33, 0x1, 0xba, 0x62, 0xaa, 0xfb, 0x56, 0x1a},
+ {0x58, 0x3d, 0xc2, 0x65, 0x10, 0x10, 0x79, 0x58, 0x9c, 0x81, 0x94,
+ 0x50, 0x6d, 0x8, 0x9d, 0x8b, 0xa7, 0x5f, 0xc5, 0x12, 0xa9, 0x2f,
+ 0x40, 0xe2, 0xd4, 0x91, 0x8, 0x57, 0x64, 0x65, 0x9a, 0x66},
+ {0xec, 0xc9, 0x9d, 0x5c, 0x50, 0x6b, 0x3e, 0x94, 0x1a, 0x37, 0x7c,
+ 0xa7, 0xbb, 0x57, 0x25, 0x30, 0x51, 0x76, 0x34, 0x41, 0x56, 0xae,
+ 0x73, 0x98, 0x5c, 0x8a, 0xc5, 0x99, 0x67, 0x83, 0xc4, 0x13},
+ },
+ {
+ {0x80, 0xd0, 0x8b, 0x5d, 0x6a, 0xfb, 0xdc, 0xc4, 0x42, 0x48, 0x1a,
+ 0x57, 0xec, 0xc4, 0xeb, 0xde, 0x65, 0x53, 0xe5, 0xb8, 0x83, 0xe8,
+ 0xb2, 0xd4, 0x27, 0xb8, 0xe5, 0xc8, 0x7d, 0xc8, 0xbd, 0x50},
+ {0xb9, 0xe1, 0xb3, 0x5a, 0x46, 0x5d, 0x3a, 0x42, 0x61, 0x3f, 0xf1,
+ 0xc7, 0x87, 0xc1, 0x13, 0xfc, 0xb6, 0xb9, 0xb5, 0xec, 0x64, 0x36,
+ 0xf8, 0x19, 0x7, 0xb6, 0x37, 0xa6, 0x93, 0xc, 0xf8, 0x66},
+ {0x11, 0xe1, 0xdf, 0x6e, 0x83, 0x37, 0x6d, 0x60, 0xd9, 0xab, 0x11,
+ 0xf0, 0x15, 0x3e, 0x35, 0x32, 0x96, 0x3b, 0xb7, 0x25, 0xc3, 0x3a,
+ 0xb0, 0x64, 0xae, 0xd5, 0x5f, 0x72, 0x44, 0x64, 0xd5, 0x1d},
+ },
+ {
+ {0x9a, 0xc8, 0xba, 0x8, 0x0, 0xe6, 0x97, 0xc2, 0xe0, 0xc3, 0xe1,
+ 0xea, 0x11, 0xea, 0x4c, 0x7d, 0x7c, 0x97, 0xe7, 0x9f, 0xe1, 0x8b,
+ 0xe3, 0xf3, 0xcd, 0x5, 0xa3, 0x63, 0xf, 0x45, 0x3a, 0x3a},
+ {0x7d, 0x12, 0x62, 0x33, 0xf8, 0x7f, 0xa4, 0x8f, 0x15, 0x7c, 0xcd,
+ 0x71, 0xc4, 0x6a, 0x9f, 0xbc, 0x8b, 0xc, 0x22, 0x49, 0x43, 0x45,
+ 0x71, 0x6e, 0x2e, 0x73, 0x9f, 0x21, 0x12, 0x59, 0x64, 0xe},
+ {0x27, 0x46, 0x39, 0xd8, 0x31, 0x2f, 0x8f, 0x7, 0x10, 0xa5, 0x94,
+ 0xde, 0x83, 0x31, 0x9d, 0x38, 0x80, 0x6f, 0x99, 0x17, 0x6d, 0x6c,
+ 0xe3, 0xd1, 0x7b, 0xa8, 0xa9, 0x93, 0x93, 0x8d, 0x8c, 0x31},
+ },
+ {
+ {0x98, 0xd3, 0x1d, 0xab, 0x29, 0x9e, 0x66, 0x5d, 0x3b, 0x9e, 0x2d,
+ 0x34, 0x58, 0x16, 0x92, 0xfc, 0xcd, 0x73, 0x59, 0xf3, 0xfd, 0x1d,
+ 0x85, 0x55, 0xf6, 0xa, 0x95, 0x25, 0xc3, 0x41, 0x9a, 0x50},
+ {0x19, 0xfe, 0xff, 0x2a, 0x3, 0x5d, 0x74, 0xf2, 0x66, 0xdb, 0x24,
+ 0x7f, 0x49, 0x3c, 0x9f, 0xc, 0xef, 0x98, 0x85, 0xba, 0xe3, 0xd3,
+ 0x98, 0xbc, 0x14, 0x53, 0x1d, 0x9a, 0x67, 0x7c, 0x4c, 0x22},
+ {0xe9, 0x25, 0xf9, 0xa6, 0xdc, 0x6e, 0xc0, 0xbd, 0x33, 0x1f, 0x1b,
+ 0x64, 0xf4, 0xf3, 0x3e, 0x79, 0x89, 0x3e, 0x83, 0x9d, 0x80, 0x12,
+ 0xec, 0x82, 0x89, 0x13, 0xa1, 0x28, 0x23, 0xf0, 0xbf, 0x5},
+ },
+ {
+ {0xe4, 0x12, 0xc5, 0xd, 0xdd, 0xa0, 0x81, 0x68, 0xfe, 0xfa, 0xa5,
+ 0x44, 0xc8, 0xd, 0xe7, 0x4f, 0x40, 0x52, 0x4a, 0x8f, 0x6b, 0x8e,
+ 0x74, 0x1f, 0xea, 0xa3, 0x1, 0xee, 0xcd, 0x77, 0x62, 0x57},
+ {0xb, 0xe0, 0xca, 0x23, 0x70, 0x13, 0x32, 0x36, 0x59, 0xcf, 0xac,
+ 0xd1, 0xa, 0xcf, 0x4a, 0x54, 0x88, 0x1c, 0x1a, 0xd2, 0x49, 0x10,
+ 0x74, 0x96, 0xa7, 0x44, 0x2a, 0xfa, 0xc3, 0x8c, 0xb, 0x78},
+ {0x5f, 0x30, 0x4f, 0x23, 0xbc, 0x8a, 0xf3, 0x1e, 0x8, 0xde, 0x5,
+ 0x14, 0xbd, 0x7f, 0x57, 0x9a, 0xd, 0x2a, 0xe6, 0x34, 0x14, 0xa5,
+ 0x82, 0x5e, 0xa1, 0xb7, 0x71, 0x62, 0x72, 0x18, 0xf4, 0x5f},
+ },
+ {
+ {0x40, 0x95, 0xb6, 0x13, 0xe8, 0x47, 0xdb, 0xe5, 0xe1, 0x10, 0x26,
+ 0x43, 0x3b, 0x2a, 0x5d, 0xf3, 0x76, 0x12, 0x78, 0x38, 0xe9, 0x26,
+ 0x1f, 0xac, 0x69, 0xcb, 0xa0, 0xa0, 0x8c, 0xdb, 0xd4, 0x29},
+ {0x9d, 0xdb, 0x89, 0x17, 0xc, 0x8, 0x8e, 0x39, 0xf5, 0x78, 0xe7,
+ 0xf3, 0x25, 0x20, 0x60, 0xa7, 0x5d, 0x3, 0xbd, 0x6, 0x4c, 0x89,
+ 0x98, 0xfa, 0xbe, 0x66, 0xa9, 0x25, 0xdc, 0x3, 0x6a, 0x10},
+ {0xd0, 0x53, 0x33, 0x33, 0xaf, 0xa, 0xad, 0xd9, 0xe5, 0x9, 0xd3,
+ 0xac, 0xa5, 0x9d, 0x66, 0x38, 0xf0, 0xf7, 0x88, 0xc8, 0x8a, 0x65,
+ 0x57, 0x3c, 0xfa, 0xbe, 0x2c, 0x5, 0x51, 0x8a, 0xb3, 0x4a},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 207343737062002, 1118176942430253, 758894594548164,
- 806764629546266, 1157700123092949
-#else
- 30098034, 3089662, 57874477, 16662134, 45801924, 11308410,
- 53040410, 12021729, 9955285, 17251076
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1273565321399022, 1638509681964574, 759235866488935,
- 666015124346707, 897983460943405
-#else
- 9734894, 18977602, 59635230, 24415696, 2060391, 11313496,
- 48682835, 9924398, 20194861, 13380996
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1717263794012298, 1059601762860786, 1837819172257618,
- 1054130665797229, 680893204263559
-#else
- 40730762, 25589224, 44941042, 15789296, 49053522, 27385639,
- 65123949, 15707770, 26342023, 10146099
-#endif
- }},
+ {0x9c, 0xc0, 0xdd, 0x5f, 0xef, 0xd1, 0xcf, 0xd6, 0xce, 0x5d, 0x57,
+ 0xf7, 0xfd, 0x3e, 0x2b, 0xe8, 0xc2, 0x34, 0x16, 0x20, 0x5d, 0x6b,
+ 0xd5, 0x25, 0x9b, 0x2b, 0xed, 0x4, 0xbb, 0xc6, 0x41, 0x30},
+ {0x93, 0xd5, 0x68, 0x67, 0x25, 0x2b, 0x7c, 0xda, 0x13, 0xca, 0x22,
+ 0x44, 0x57, 0xc0, 0xc1, 0x98, 0x1d, 0xce, 0xa, 0xca, 0xd5, 0xb,
+ 0xa8, 0xf1, 0x90, 0xa6, 0x88, 0xc0, 0xad, 0xd1, 0xcd, 0x29},
+ {0x48, 0xe1, 0x56, 0xd9, 0xf9, 0xf2, 0xf2, 0xf, 0x2e, 0x6b, 0x35,
+ 0x9f, 0x75, 0x97, 0xe7, 0xad, 0x5c, 0x2, 0x6c, 0x5f, 0xbb, 0x98,
+ 0x46, 0x1a, 0x7b, 0x9a, 0x4, 0x14, 0x68, 0xbd, 0x4b, 0x10},
+ },
+ {
+ {0x63, 0xf1, 0x7f, 0xd6, 0x5f, 0x9a, 0x5d, 0xa9, 0x81, 0x56, 0xc7,
+ 0x4c, 0x9d, 0xe6, 0x2b, 0xe9, 0x57, 0xf2, 0x20, 0xde, 0x4c, 0x2,
+ 0xf8, 0xb7, 0xf5, 0x2d, 0x7, 0xfb, 0x20, 0x2a, 0x4f, 0x20},
+ {0x67, 0xed, 0xf1, 0x68, 0x31, 0xfd, 0xf0, 0x51, 0xc2, 0x3b, 0x6f,
+ 0xd8, 0xcd, 0x1d, 0x81, 0x2c, 0xde, 0xf2, 0xd2, 0x4, 0x43, 0x5c,
+ 0xdc, 0x44, 0x49, 0x71, 0x2a, 0x9, 0x57, 0xcc, 0xe8, 0x5b},
+ {0x79, 0xb0, 0xeb, 0x30, 0x3d, 0x3b, 0x14, 0xc8, 0x30, 0x2e, 0x65,
+ 0xbd, 0x5a, 0x15, 0x89, 0x75, 0x31, 0x5c, 0x6d, 0x8f, 0x31, 0x3c,
+ 0x3c, 0x65, 0x1f, 0x16, 0x79, 0xc2, 0x17, 0xfb, 0x70, 0x25},
+ },
+ {
+ {0x5a, 0x24, 0xb8, 0xb, 0x55, 0xa9, 0x2e, 0x19, 0xd1, 0x50, 0x90,
+ 0x8f, 0xa8, 0xfb, 0xe6, 0xc8, 0x35, 0xc9, 0xa4, 0x88, 0x2d, 0xea,
+ 0x86, 0x79, 0x68, 0x86, 0x1, 0xde, 0x91, 0x5f, 0x1c, 0x24},
+ {0x75, 0x15, 0xb6, 0x2c, 0x7f, 0x36, 0xfa, 0x3e, 0x6c, 0x2, 0xd6,
+ 0x1c, 0x76, 0x6f, 0xf9, 0xf5, 0x62, 0x25, 0xb5, 0x65, 0x2a, 0x14,
+ 0xc7, 0xe8, 0xcd, 0xa, 0x3, 0x53, 0xea, 0x65, 0xcb, 0x3d},
+ {0xaa, 0x6c, 0xde, 0x40, 0x29, 0x17, 0xd8, 0x28, 0x3a, 0x73, 0xd9,
+ 0x22, 0xf0, 0x2c, 0xbf, 0x8f, 0xd1, 0x1, 0x5b, 0x23, 0xdd, 0xfc,
+ 0xd7, 0x16, 0xe5, 0xf0, 0xcd, 0x5f, 0xdd, 0xe, 0x42, 0x8},
+ },
+ {
+ {0xce, 0x10, 0xf4, 0x4, 0x4e, 0xc3, 0x58, 0x3, 0x85, 0x6, 0x6e,
+ 0x27, 0x5a, 0x5b, 0x13, 0xb6, 0x21, 0x15, 0xb9, 0xeb, 0xc7, 0x70,
+ 0x96, 0x5d, 0x9c, 0x88, 0xdb, 0x21, 0xf3, 0x54, 0xd6, 0x4},
+ {0x4a, 0xfa, 0x62, 0x83, 0xab, 0x20, 0xff, 0xcd, 0x6e, 0x3e, 0x1a,
+ 0xe2, 0xd4, 0x18, 0xe1, 0x57, 0x2b, 0xe6, 0x39, 0xfc, 0x17, 0x96,
+ 0x17, 0xe3, 0xfd, 0x69, 0x17, 0xbc, 0xef, 0x53, 0x9a, 0xd},
+ {0xd5, 0xb5, 0xbd, 0xdd, 0x16, 0xc1, 0x7d, 0x5e, 0x2d, 0xdd, 0xa5,
+ 0x8d, 0xb6, 0xde, 0x54, 0x29, 0x92, 0xa2, 0x34, 0x33, 0x17, 0x8,
+ 0xb6, 0x1c, 0xd7, 0x1a, 0x99, 0x18, 0x26, 0x4f, 0x7a, 0x4a},
+ },
+ {
+ {0x4b, 0x2a, 0x37, 0xaf, 0x91, 0xb2, 0xc3, 0x24, 0xf2, 0x47, 0x81,
+ 0x71, 0x70, 0x82, 0xda, 0x93, 0xf2, 0x9e, 0x89, 0x86, 0x64, 0x85,
+ 0x84, 0xdd, 0x33, 0xee, 0xe0, 0x23, 0x42, 0x31, 0x96, 0x4a},
+ {0x95, 0x5f, 0xb1, 0x5f, 0x2, 0x18, 0xa7, 0xf4, 0x8f, 0x1b, 0x5c,
+ 0x6b, 0x34, 0x5f, 0xf6, 0x3d, 0x12, 0x11, 0xe0, 0x0, 0x85, 0xf0,
+ 0xfc, 0xcd, 0x48, 0x18, 0xd3, 0xdd, 0x4c, 0xc, 0xb5, 0x11},
+ {0xd6, 0xff, 0xa4, 0x8, 0x44, 0x27, 0xe8, 0xa6, 0xd9, 0x76, 0x15,
+ 0x9c, 0x7e, 0x17, 0x8e, 0x73, 0xf2, 0xb3, 0x2, 0x3d, 0xb6, 0x48,
+ 0x33, 0x77, 0x51, 0xcc, 0x6b, 0xce, 0x4d, 0xce, 0x4b, 0x4f},
+ },
+ {
+ {0x6f, 0xb, 0x9d, 0xc4, 0x6e, 0x61, 0xe2, 0x30, 0x17, 0x23, 0xec,
+ 0xca, 0x8f, 0x71, 0x56, 0xe4, 0xa6, 0x4f, 0x6b, 0xf2, 0x9b, 0x40,
+ 0xeb, 0x48, 0x37, 0x5f, 0x59, 0x61, 0xe5, 0xce, 0x42, 0x30},
+ {0x84, 0x25, 0x24, 0xe2, 0x5a, 0xce, 0x1f, 0xa7, 0x9e, 0x8a, 0xf5,
+ 0x92, 0x56, 0x72, 0xea, 0x26, 0xf4, 0x3c, 0xea, 0x1c, 0xd7, 0x9,
+ 0x1a, 0xd2, 0xe6, 0x1, 0x1c, 0xb7, 0x14, 0xdd, 0xfc, 0x73},
+ {0x41, 0xac, 0x9b, 0x44, 0x79, 0x70, 0x7e, 0x42, 0xa, 0x31, 0xe2,
+ 0xbc, 0x6d, 0xe3, 0x5a, 0x85, 0x7c, 0x1a, 0x84, 0x5f, 0x21, 0x76,
+ 0xae, 0x4c, 0xd6, 0xe1, 0x9c, 0x9a, 0xc, 0x74, 0x9e, 0x38},
+ },
+ {
+ {0x28, 0xac, 0xe, 0x57, 0xf6, 0x78, 0xbd, 0xc9, 0xe1, 0x9c, 0x91,
+ 0x27, 0x32, 0xb, 0x5b, 0xe5, 0xed, 0x91, 0x9b, 0xa1, 0xab, 0x3e,
+ 0xfc, 0x65, 0x90, 0x36, 0x26, 0xd6, 0xe5, 0x25, 0xc4, 0x25},
+ {0xce, 0xb9, 0xdc, 0x34, 0xae, 0xb3, 0xfc, 0x64, 0xad, 0xd0, 0x48,
+ 0xe3, 0x23, 0x3, 0x50, 0x97, 0x1b, 0x38, 0xc6, 0x62, 0x7d, 0xf0,
+ 0xb3, 0x45, 0x88, 0x67, 0x5a, 0x46, 0x79, 0x53, 0x54, 0x61},
+ {0x6e, 0xde, 0xd7, 0xf1, 0xa6, 0x6, 0x3e, 0x3f, 0x8, 0x23, 0x6,
+ 0x8e, 0x27, 0x76, 0xf9, 0x3e, 0x77, 0x6c, 0x8a, 0x4e, 0x26, 0xf6,
+ 0x14, 0x8c, 0x59, 0x47, 0x48, 0x15, 0x89, 0xa0, 0x39, 0x65},
+ },
+ {
+ {0x19, 0x4a, 0xbb, 0x14, 0xd4, 0xdb, 0xc4, 0xdd, 0x8e, 0x4f, 0x42,
+ 0x98, 0x3c, 0xbc, 0xb2, 0x19, 0x69, 0x71, 0xca, 0x36, 0xd7, 0x9f,
+ 0xa8, 0x48, 0x90, 0xbd, 0x19, 0xf0, 0xe, 0x32, 0x65, 0xf},
+ {0x73, 0xf7, 0xd2, 0xc3, 0x74, 0x1f, 0xd2, 0xe9, 0x45, 0x68, 0xc4,
+ 0x25, 0x41, 0x54, 0x50, 0xc1, 0x33, 0x9e, 0xb9, 0xf9, 0xe8, 0x5c,
+ 0x4e, 0x62, 0x6c, 0x18, 0xcd, 0xc5, 0xaa, 0xe4, 0xc5, 0x11},
+ {0xc6, 0xe0, 0xfd, 0xca, 0xb1, 0xd1, 0x86, 0xd4, 0x81, 0x51, 0x3b,
+ 0x16, 0xe3, 0xe6, 0x3f, 0x4f, 0x9a, 0x93, 0xf2, 0xfa, 0xd, 0xaf,
+ 0xa8, 0x59, 0x2a, 0x7, 0x33, 0xec, 0xbd, 0xc7, 0xab, 0x4c},
},
},
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 2237039662793603, 2249022333361206, 2058613546633703,
- 149454094845279, 2215176649164582
-#else
- 41091971, 33334488, 21339190, 33513044, 19745255, 30675732,
- 37471583, 2227039, 21612326, 33008704
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 79472182719605, 1851130257050174, 1825744808933107,
- 821667333481068, 781795293511946
-#else
- 54031477, 1184227, 23562814, 27583990, 46757619, 27205717,
- 25764460, 12243797, 46252298, 11649657
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 755822026485370, 152464789723500, 1178207602290608,
- 410307889503239, 156581253571278
-#else
- 57077370, 11262625, 27384172, 2271902, 26947504, 17556661,
- 39943, 6114064, 33514190, 2333242
-#endif
- }},
+ {0x89, 0xd2, 0x78, 0x3f, 0x8f, 0x78, 0x8f, 0xc0, 0x9f, 0x4d, 0x40,
+ 0xa1, 0x2c, 0xa7, 0x30, 0xfe, 0x9d, 0xcc, 0x65, 0xcf, 0xfc, 0x8b,
+ 0x77, 0xf2, 0x21, 0x20, 0xcb, 0x5a, 0x16, 0x98, 0xe4, 0x7e},
+ {0x2e, 0xa, 0x9c, 0x8, 0x24, 0x96, 0x9e, 0x23, 0x38, 0x47, 0xfe,
+ 0x3a, 0xc0, 0xc4, 0x48, 0xc7, 0x2a, 0xa1, 0x4f, 0x76, 0x2a, 0xed,
+ 0xdb, 0x17, 0x82, 0x85, 0x1c, 0x32, 0xf0, 0x93, 0x9b, 0x63},
+ {0xc3, 0xa1, 0x11, 0x91, 0xe3, 0x8, 0xd5, 0x7b, 0x89, 0x74, 0x90,
+ 0x80, 0xd4, 0x90, 0x2b, 0x2b, 0x19, 0xfd, 0x72, 0xae, 0xc2, 0xae,
+ 0xd2, 0xe7, 0xa6, 0x2, 0xb6, 0x85, 0x3c, 0x49, 0xdf, 0xe},
+ },
+ {
+ {0x13, 0x41, 0x76, 0x84, 0xd2, 0xc4, 0x67, 0x67, 0x35, 0xf8, 0xf5,
+ 0xf7, 0x3f, 0x40, 0x90, 0xa0, 0xde, 0xbe, 0xe6, 0xca, 0xfa, 0xcf,
+ 0x8f, 0x1c, 0x69, 0xa3, 0xdf, 0xd1, 0x54, 0xc, 0xc0, 0x4},
+ {0x68, 0x5a, 0x9b, 0x59, 0x58, 0x81, 0xcc, 0xae, 0xe, 0xe2, 0xad,
+ 0xeb, 0xf, 0x4f, 0x57, 0xea, 0x7, 0x7f, 0xb6, 0x22, 0x74, 0x1d,
+ 0xe4, 0x4f, 0xb4, 0x4f, 0x9d, 0x1, 0xe3, 0x92, 0x3b, 0x40},
+ {0xf8, 0x5c, 0x46, 0x8b, 0x81, 0x2f, 0xc2, 0x4d, 0xf8, 0xef, 0x80,
+ 0x14, 0x5a, 0xf3, 0xa0, 0x71, 0x57, 0xd6, 0xc7, 0x4, 0xad, 0xbf,
+ 0xe8, 0xae, 0xf4, 0x76, 0x61, 0xb2, 0x2a, 0xb1, 0x5b, 0x35},
+ },
+ {
+ {0x18, 0x73, 0x8c, 0x5a, 0xc7, 0xda, 0x1, 0xa3, 0x11, 0xaa, 0xce,
+ 0xb3, 0x9d, 0x3, 0x90, 0xed, 0x2d, 0x3f, 0xae, 0x3b, 0xbf, 0x7c,
+ 0x7, 0x6f, 0x8e, 0xad, 0x52, 0xe0, 0xf8, 0xea, 0x18, 0x75},
+ {0xf4, 0xbb, 0x93, 0x74, 0xcc, 0x64, 0x1e, 0xa7, 0xc3, 0xb0, 0xa3,
+ 0xec, 0xd9, 0x84, 0xbd, 0xe5, 0x85, 0xe7, 0x5, 0xfa, 0xc, 0xc5,
+ 0x6b, 0xa, 0x12, 0xc3, 0x2e, 0x18, 0x32, 0x81, 0x9b, 0xf},
+ {0x32, 0x6c, 0x7f, 0x1b, 0xc4, 0x59, 0x88, 0xa4, 0x98, 0x32, 0x38,
+ 0xf4, 0xbc, 0x60, 0x2d, 0xf, 0xd9, 0xd1, 0xb1, 0xc9, 0x29, 0xa9,
+ 0x15, 0x18, 0xc4, 0x55, 0x17, 0xbb, 0x1b, 0x87, 0xc3, 0x47},
+ },
+ {
+ {0xb0, 0x66, 0x50, 0xc8, 0x50, 0x5d, 0xe6, 0xfb, 0xb0, 0x99, 0xa2,
+ 0xb3, 0xb0, 0xc4, 0xec, 0x62, 0xe0, 0xe8, 0x1a, 0x44, 0xea, 0x54,
+ 0x37, 0xe5, 0x5f, 0x8d, 0xd4, 0xe8, 0x2c, 0xa0, 0xfe, 0x8},
+ {0x48, 0x4f, 0xec, 0x71, 0x97, 0x53, 0x44, 0x51, 0x6e, 0x5d, 0x8c,
+ 0xc9, 0x7d, 0xb1, 0x5, 0xf8, 0x6b, 0xc6, 0xc3, 0x47, 0x1a, 0xc1,
+ 0x62, 0xf7, 0xdc, 0x99, 0x46, 0x76, 0x85, 0x9b, 0xb8, 0x0},
+ {0xd0, 0xea, 0xde, 0x68, 0x76, 0xdd, 0x4d, 0x82, 0x23, 0x5d, 0x68,
+ 0x4b, 0x20, 0x45, 0x64, 0xc8, 0x65, 0xd6, 0x89, 0x5d, 0xcd, 0xcf,
+ 0x14, 0xb5, 0x37, 0xd5, 0x75, 0x4f, 0xa7, 0x29, 0x38, 0x47},
+ },
+ {
+ {0xc9, 0x2, 0x39, 0xad, 0x3a, 0x53, 0xd9, 0x23, 0x8f, 0x58, 0x3,
+ 0xef, 0xce, 0xdd, 0xc2, 0x64, 0xb4, 0x2f, 0xe1, 0xcf, 0x90, 0x73,
+ 0x25, 0x15, 0x90, 0xd3, 0xe4, 0x44, 0x4d, 0x8b, 0x66, 0x6c},
+ {0x18, 0xc4, 0x79, 0x46, 0x75, 0xda, 0xd2, 0x82, 0xf0, 0x8d, 0x61,
+ 0xb2, 0xd8, 0xd7, 0x3b, 0xe6, 0xa, 0xeb, 0x47, 0xac, 0x24, 0xef,
+ 0x5e, 0x35, 0xb4, 0xc6, 0x33, 0x48, 0x4c, 0x68, 0x78, 0x20},
+ {0xc, 0x82, 0x78, 0x7a, 0x21, 0xcf, 0x48, 0x3b, 0x97, 0x3e, 0x27,
+ 0x81, 0xb2, 0xa, 0x6a, 0xf7, 0x7b, 0xed, 0x8e, 0x8c, 0xa7, 0x65,
+ 0x6c, 0xa9, 0x3f, 0x43, 0x8a, 0x4f, 0x5, 0xa6, 0x11, 0x74},
+ },
+ {
+ {0xb4, 0x75, 0xb1, 0x18, 0x3d, 0xe5, 0x9a, 0x57, 0x2, 0xa1, 0x92,
+ 0xf3, 0x59, 0x31, 0x71, 0x68, 0xf5, 0x35, 0xef, 0x1e, 0xba, 0xec,
+ 0x55, 0x84, 0x8f, 0x39, 0x8c, 0x45, 0x72, 0xa8, 0xc9, 0x1e},
+ {0x6d, 0xc8, 0x9d, 0xb9, 0x32, 0x9d, 0x65, 0x4d, 0x15, 0xf1, 0x3a,
+ 0x60, 0x75, 0xdc, 0x4c, 0x4, 0x88, 0xe4, 0xc2, 0xdc, 0x2c, 0x71,
+ 0x4c, 0xb3, 0xff, 0x34, 0x81, 0xfb, 0x74, 0x65, 0x13, 0x7c},
+ {0x9b, 0x50, 0xa2, 0x0, 0xd4, 0xa4, 0xe6, 0xb8, 0xb4, 0x82, 0xc8,
+ 0xb, 0x2, 0xd7, 0x81, 0x9b, 0x61, 0x75, 0x95, 0xf1, 0x9b, 0xcc,
+ 0xe7, 0x57, 0x60, 0x64, 0xcd, 0xc7, 0xa5, 0x88, 0xdd, 0x3a},
+ },
+ {
+ {0x46, 0x30, 0x39, 0x59, 0xd4, 0x98, 0xc2, 0x85, 0xec, 0x59, 0xf6,
+ 0x5f, 0x98, 0x35, 0x7e, 0x8f, 0x3a, 0x6e, 0xf6, 0xf2, 0x2a, 0xa2,
+ 0x2c, 0x1d, 0x20, 0xa7, 0x6, 0xa4, 0x31, 0x11, 0xba, 0x61},
+ {0xf2, 0xdc, 0x35, 0xb6, 0x70, 0x57, 0x89, 0xab, 0xbc, 0x1f, 0x6c,
+ 0xf6, 0x6c, 0xef, 0xdf, 0x2, 0x87, 0xd1, 0xb6, 0xbe, 0x68, 0x2,
+ 0x53, 0x85, 0x74, 0x9e, 0x87, 0xcc, 0xfc, 0x29, 0x99, 0x24},
+ {0x29, 0x90, 0x95, 0x16, 0xf1, 0xa0, 0xd0, 0xa3, 0x89, 0xbd, 0x7e,
+ 0xba, 0x6c, 0x6b, 0x3b, 0x2, 0x7, 0x33, 0x78, 0x26, 0x3e, 0x5a,
+ 0xf1, 0x7b, 0xe7, 0xec, 0xd8, 0xbb, 0xc, 0x31, 0x20, 0x56},
+ },
+ {
+ {0xd6, 0x85, 0xe2, 0x77, 0xf4, 0xb5, 0x46, 0x66, 0x93, 0x61, 0x8f,
+ 0x6c, 0x67, 0xff, 0xe8, 0x40, 0xdd, 0x94, 0xb5, 0xab, 0x11, 0x73,
+ 0xec, 0xa6, 0x4d, 0xec, 0x8c, 0x65, 0xf3, 0x46, 0xc8, 0x7e},
+ {0x43, 0xd6, 0x34, 0x49, 0x43, 0x93, 0x89, 0x52, 0xf5, 0x22, 0x12,
+ 0xa5, 0x6, 0xf8, 0xdb, 0xb9, 0x22, 0x1c, 0xf4, 0xc3, 0x8f, 0x87,
+ 0x6d, 0x8f, 0x30, 0x97, 0x9d, 0x4d, 0x2a, 0x6a, 0x67, 0x37},
+ {0xc7, 0x2e, 0xa2, 0x1d, 0x3f, 0x8f, 0x5e, 0x9b, 0x13, 0xcd, 0x1,
+ 0x6c, 0x77, 0x1d, 0xf, 0x13, 0xb8, 0x9f, 0x98, 0xa2, 0xcf, 0x8f,
+ 0x4c, 0x21, 0xd5, 0x9d, 0x9b, 0x39, 0x23, 0xf7, 0xaa, 0x6d},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1418185496130297, 484520167728613, 1646737281442950,
- 1401487684670265, 1349185550126961
-#else
- 45675257, 21132610, 8119781, 7219913, 45278342, 24538297,
- 60429113, 20883793, 24350577, 20104431
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1495380034400429, 325049476417173, 46346894893933,
- 1553408840354856, 828980101835683
-#else
- 62992557, 22282898, 43222677, 4843614, 37020525, 690622,
- 35572776, 23147595, 8317859, 12352766
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1280337889310282, 2070832742866672, 1640940617225222,
- 2098284908289951, 450929509534434
-#else
- 18200138, 19078521, 34021104, 30857812, 43406342, 24451920,
- 43556767, 31266881, 20712162, 6719373
-#endif
- }},
+ {0xa2, 0x8e, 0xad, 0xac, 0xbf, 0x4, 0x3b, 0x58, 0x84, 0xe8, 0x8b,
+ 0x14, 0xe8, 0x43, 0xb7, 0x29, 0xdb, 0xc5, 0x10, 0x8, 0x3b, 0x58,
+ 0x1e, 0x2b, 0xaa, 0xbb, 0xb3, 0x8e, 0xe5, 0x49, 0x54, 0x2b},
+ {0x47, 0xbe, 0x3d, 0xeb, 0x62, 0x75, 0x3a, 0x5f, 0xb8, 0xa0, 0xbd,
+ 0x8e, 0x54, 0x38, 0xea, 0xf7, 0x99, 0x72, 0x74, 0x45, 0x31, 0xe5,
+ 0xc3, 0x0, 0x51, 0xd5, 0x27, 0x16, 0xe7, 0xe9, 0x4, 0x13},
+ {0xfe, 0x9c, 0xdc, 0x6a, 0xd2, 0x14, 0x98, 0x78, 0xb, 0xdd, 0x48,
+ 0x8b, 0x3f, 0xab, 0x1b, 0x3c, 0xa, 0xc6, 0x79, 0xf9, 0xff, 0xe1,
+ 0xf, 0xda, 0x93, 0xd6, 0x2d, 0x7c, 0x2d, 0xde, 0x68, 0x44},
+ },
+ {
+ {0xce, 0x7, 0x63, 0xf8, 0xc6, 0xd8, 0x9a, 0x4b, 0x28, 0xc, 0x5d,
+ 0x43, 0x31, 0x35, 0x11, 0x21, 0x2c, 0x77, 0x7a, 0x65, 0xc5, 0x66,
+ 0xa8, 0xd4, 0x52, 0x73, 0x24, 0x63, 0x7e, 0x42, 0xa6, 0x5d},
+ {0x9e, 0x46, 0x19, 0x94, 0x5e, 0x35, 0xbb, 0x51, 0x54, 0xc7, 0xdd,
+ 0x23, 0x4c, 0xdc, 0xe6, 0x33, 0x62, 0x99, 0x7f, 0x44, 0xd6, 0xb6,
+ 0xa5, 0x93, 0x63, 0xbd, 0x44, 0xfb, 0x6f, 0x7c, 0xce, 0x6c},
+ {0xca, 0x22, 0xac, 0xde, 0x88, 0xc6, 0x94, 0x1a, 0xf8, 0x1f, 0xae,
+ 0xbb, 0xf7, 0x6e, 0x6, 0xb9, 0xf, 0x58, 0x59, 0x8d, 0x38, 0x8c,
+ 0xad, 0x88, 0xa8, 0x2c, 0x9f, 0xe7, 0xbf, 0x9a, 0xf2, 0x58},
+ },
+ {
+ {0xf6, 0xcd, 0xe, 0x71, 0xbf, 0x64, 0x5a, 0x4b, 0x3c, 0x29, 0x2c,
+ 0x46, 0x38, 0xe5, 0x4c, 0xb1, 0xb9, 0x3a, 0xb, 0xd5, 0x56, 0xd0,
+ 0x43, 0x36, 0x70, 0x48, 0x5b, 0x18, 0x24, 0x37, 0xf9, 0x6a},
+ {0x68, 0x3e, 0xe7, 0x8d, 0xab, 0xcf, 0xe, 0xe9, 0xa5, 0x76, 0x7e,
+ 0x37, 0x9f, 0x6f, 0x3, 0x54, 0x82, 0x59, 0x1, 0xbe, 0xb, 0x5b,
+ 0x49, 0xf0, 0x36, 0x1e, 0xf4, 0xa7, 0xc4, 0x29, 0x76, 0x57},
+ {0x88, 0xa8, 0xc6, 0x9, 0x45, 0x2, 0x20, 0x32, 0x73, 0x89, 0x55,
+ 0x4b, 0x13, 0x36, 0xe0, 0xd2, 0x9f, 0x28, 0x33, 0x3c, 0x23, 0x36,
+ 0xe2, 0x83, 0x8f, 0xc1, 0xae, 0xc, 0xbb, 0x25, 0x1f, 0x70},
+ },
+ {
+ {0x13, 0xc1, 0xbe, 0x7c, 0xd9, 0xf6, 0x18, 0x9d, 0xe4, 0xdb, 0xbf,
+ 0x74, 0xe6, 0x6, 0x4a, 0x84, 0xd6, 0x60, 0x4e, 0xac, 0x22, 0xb5,
+ 0xf5, 0x20, 0x51, 0x5e, 0x95, 0x50, 0xc0, 0x5b, 0xa, 0x72},
+ {0xed, 0x6c, 0x61, 0xe4, 0xf8, 0xb0, 0xa8, 0xc3, 0x7d, 0xa8, 0x25,
+ 0x9e, 0xe, 0x66, 0x0, 0xf7, 0x9c, 0xa5, 0xbc, 0xf4, 0x1f, 0x6,
+ 0xe3, 0x61, 0xe9, 0xb, 0xc4, 0xbd, 0xbf, 0x92, 0xc, 0x2e},
+ {0x35, 0x5a, 0x80, 0x9b, 0x43, 0x9, 0x3f, 0xc, 0xfc, 0xab, 0x42,
+ 0x62, 0x37, 0x8b, 0x4e, 0xe8, 0x46, 0x93, 0x22, 0x5c, 0xf3, 0x17,
+ 0x14, 0x69, 0xec, 0xf0, 0x4e, 0x14, 0xbb, 0x9c, 0x9b, 0xe},
+ },
+ {
+ {0xee, 0xbe, 0xb1, 0x5d, 0xd5, 0x9b, 0xee, 0x8d, 0xb9, 0x3f, 0x72,
+ 0xa, 0x37, 0xab, 0xc3, 0xc9, 0x91, 0xd7, 0x68, 0x1c, 0xbf, 0xf1,
+ 0xa8, 0x44, 0xde, 0x3c, 0xfd, 0x1c, 0x19, 0x44, 0x6d, 0x36},
+ {0xad, 0x20, 0x57, 0xfb, 0x8f, 0xd4, 0xba, 0xfb, 0xe, 0xd, 0xf9,
+ 0xdb, 0x6b, 0x91, 0x81, 0xee, 0xbf, 0x43, 0x55, 0x63, 0x52, 0x31,
+ 0x81, 0xd4, 0xd8, 0x7b, 0x33, 0x3f, 0xeb, 0x4, 0x11, 0x22},
+ {0x14, 0x8c, 0xbc, 0xf2, 0x43, 0x17, 0x3c, 0x9e, 0x3b, 0x6c, 0x85,
+ 0xb5, 0xfc, 0x26, 0xda, 0x2e, 0x97, 0xfb, 0xa7, 0x68, 0xe, 0x2f,
+ 0xb8, 0xcc, 0x44, 0x32, 0x59, 0xbc, 0xe6, 0xa4, 0x67, 0x41},
+ },
+ {
+ {0xee, 0x8f, 0xce, 0xf8, 0x65, 0x26, 0xbe, 0xc2, 0x2c, 0xd6, 0x80,
+ 0xe8, 0x14, 0xff, 0x67, 0xe9, 0xee, 0x4e, 0x36, 0x2f, 0x7e, 0x6e,
+ 0x2e, 0xf1, 0xf6, 0xd2, 0x7e, 0xcb, 0x70, 0x33, 0xb3, 0x34},
+ {0x0, 0x27, 0xf6, 0x76, 0x28, 0x9d, 0x3b, 0x64, 0xeb, 0x68, 0x76,
+ 0xe, 0x40, 0x9d, 0x1d, 0x5d, 0x84, 0x6, 0xfc, 0x21, 0x3, 0x43,
+ 0x4b, 0x1b, 0x6a, 0x24, 0x55, 0x22, 0x7e, 0xbb, 0x38, 0x79},
+ {0xcc, 0xd6, 0x81, 0x86, 0xee, 0x91, 0xc5, 0xcd, 0x53, 0xa7, 0x85,
+ 0xed, 0x9c, 0x10, 0x2, 0xce, 0x83, 0x88, 0x80, 0x58, 0xc1, 0x85,
+ 0x74, 0xed, 0xe4, 0x65, 0xfe, 0x2d, 0x6e, 0xfc, 0x76, 0x11},
+ },
+ {
+ {0xb8, 0xe, 0x77, 0x49, 0x89, 0xe2, 0x90, 0xdb, 0xa3, 0x40, 0xf4,
+ 0xac, 0x2a, 0xcc, 0xfb, 0x98, 0x9b, 0x87, 0xd7, 0xde, 0xfe, 0x4f,
+ 0x35, 0x21, 0xb6, 0x6, 0x69, 0xf2, 0x54, 0x3e, 0x6a, 0x1f},
+ {0x9b, 0x61, 0x9c, 0x5b, 0xd0, 0x6c, 0xaf, 0xb4, 0x80, 0x84, 0xa5,
+ 0xb2, 0xf4, 0xc9, 0xdf, 0x2d, 0xc4, 0x4d, 0xe9, 0xeb, 0x2, 0xa5,
+ 0x4f, 0x3d, 0x34, 0x5f, 0x7d, 0x67, 0x4c, 0x3a, 0xfc, 0x8},
+ {0xea, 0x34, 0x7, 0xd3, 0x99, 0xc1, 0xa4, 0x60, 0xd6, 0x5c, 0x16,
+ 0x31, 0xb6, 0x85, 0xc0, 0x40, 0x95, 0x82, 0x59, 0xf7, 0x23, 0x3e,
+ 0x33, 0xe2, 0xd1, 0x0, 0xb9, 0x16, 0x1, 0xad, 0x2f, 0x4f},
+ },
+ {
+ {0x38, 0xb6, 0x3b, 0xb7, 0x1d, 0xd9, 0x2c, 0x96, 0x8, 0x9c, 0x12,
+ 0xfc, 0xaa, 0x77, 0x5, 0xe6, 0x89, 0x16, 0xb6, 0xf3, 0x39, 0x9b,
+ 0x61, 0x6f, 0x81, 0xee, 0x44, 0x29, 0x5f, 0x99, 0x51, 0x34},
+ {0x54, 0x4e, 0xae, 0x94, 0x41, 0xb2, 0xbe, 0x44, 0x6c, 0xef, 0x57,
+ 0x18, 0x51, 0x1c, 0x54, 0x5f, 0x98, 0x4, 0x8d, 0x36, 0x2d, 0x6b,
+ 0x1e, 0xa6, 0xab, 0xf7, 0x2e, 0x97, 0xa4, 0x84, 0x54, 0x44},
+ {0x7c, 0x7d, 0xea, 0x9f, 0xd0, 0xfc, 0x52, 0x91, 0xf6, 0x5c, 0x93,
+ 0xb0, 0x94, 0x6c, 0x81, 0x4a, 0x40, 0x5c, 0x28, 0x47, 0xaa, 0x9a,
+ 0x8e, 0x25, 0xb7, 0x93, 0x28, 0x4, 0xa6, 0x9c, 0xb8, 0x10},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 407703353998781, 126572141483652, 286039827513621,
- 1999255076709338, 2030511179441770
-#else
- 26656189, 6075253, 59250308, 1886071, 38764821, 4262325,
- 11117530, 29791222, 26224234, 30256974
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1254958221100483, 1153235960999843, 942907704968834,
- 637105404087392, 1149293270147267
-#else
- 49939907, 18700334, 63713187, 17184554, 47154818, 14050419,
- 21728352, 9493610, 18620611, 17125804
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 894249020470196, 400291701616810, 406878712230981,
- 1599128793487393, 1145868722604026
-#else
- 53785524, 13325348, 11432106, 5964811, 18609221, 6062965,
- 61839393, 23828875, 36407290, 17074774
-#endif
- }},
+ {0x6e, 0xf0, 0x45, 0x5a, 0xbe, 0x41, 0x39, 0x75, 0x65, 0x5f, 0x9c,
+ 0x6d, 0xed, 0xae, 0x7c, 0xd0, 0xb6, 0x51, 0xff, 0x72, 0x9c, 0x6b,
+ 0x77, 0x11, 0xa9, 0x4d, 0xd, 0xef, 0xd9, 0xd1, 0xd2, 0x17},
+ {0x9c, 0x28, 0x18, 0x97, 0x49, 0x47, 0x59, 0x3d, 0x26, 0x3f, 0x53,
+ 0x24, 0xc5, 0xf8, 0xeb, 0x12, 0x15, 0xef, 0xc3, 0x14, 0xcb, 0xbf,
+ 0x62, 0x2, 0x8e, 0x51, 0xb7, 0x77, 0xd5, 0x78, 0xb8, 0x20},
+ {0x6a, 0x3e, 0x3f, 0x7, 0x18, 0xaf, 0xf2, 0x27, 0x69, 0x10, 0x52,
+ 0xd7, 0x19, 0xe5, 0x3f, 0xfd, 0x22, 0x0, 0xa6, 0x3c, 0x2c, 0xb7,
+ 0xe3, 0x22, 0xa7, 0xc6, 0x65, 0xcc, 0x63, 0x4f, 0x21, 0x72},
+ },
+ {
+ {0xc9, 0x29, 0x3b, 0xf4, 0xb9, 0xb7, 0x9d, 0x1d, 0x75, 0x8f, 0x51,
+ 0x4f, 0x4a, 0x82, 0x5, 0xd6, 0xc4, 0x9d, 0x2f, 0x31, 0xbd, 0x72,
+ 0xc0, 0xf2, 0xb0, 0x45, 0x15, 0x5a, 0x85, 0xac, 0x24, 0x1f},
+ {0x93, 0xa6, 0x7, 0x53, 0x40, 0x7f, 0xe3, 0xb4, 0x95, 0x67, 0x33,
+ 0x2f, 0xd7, 0x14, 0xa7, 0xab, 0x99, 0x10, 0x76, 0x73, 0xa7, 0xd0,
+ 0xfb, 0xd6, 0xc9, 0xcb, 0x71, 0x81, 0xc5, 0x48, 0xdf, 0x5f},
+ {0xaa, 0x5, 0x95, 0x8e, 0x32, 0x8, 0xd6, 0x24, 0xee, 0x20, 0x14,
+ 0xc, 0xd1, 0xc1, 0x48, 0x47, 0xa2, 0x25, 0xfb, 0x6, 0x5c, 0xe4,
+ 0xff, 0xc7, 0xe6, 0x95, 0xe3, 0x2a, 0x9e, 0x73, 0xba, 0x0},
+ },
+ {
+ {0x26, 0xbb, 0x88, 0xea, 0xf5, 0x26, 0x44, 0xae, 0xfb, 0x3b, 0x97,
+ 0x84, 0xd9, 0x79, 0x6, 0x36, 0x50, 0x4e, 0x69, 0x26, 0xc, 0x3,
+ 0x9f, 0x5c, 0x26, 0xd2, 0x18, 0xd5, 0xe7, 0x7d, 0x29, 0x72},
+ {0xd6, 0x90, 0x87, 0x5c, 0xde, 0x98, 0x2e, 0x59, 0xdf, 0xa2, 0xc2,
+ 0x45, 0xd3, 0xb7, 0xbf, 0xe5, 0x22, 0x99, 0xb4, 0xf9, 0x60, 0x3b,
+ 0x5a, 0x11, 0xf3, 0x78, 0xad, 0x67, 0x3e, 0x3a, 0x28, 0x3},
+ {0x39, 0xb9, 0xc, 0xbe, 0xc7, 0x1d, 0x24, 0x48, 0x80, 0x30, 0x63,
+ 0x8b, 0x4d, 0x9b, 0xf1, 0x32, 0x8, 0x93, 0x28, 0x2, 0xd, 0xc9,
+ 0xdf, 0xd3, 0x45, 0x19, 0x27, 0x46, 0x68, 0x29, 0xe1, 0x5},
+ },
+ {
+ {0x50, 0x45, 0x2c, 0x24, 0xc8, 0xbb, 0xbf, 0xad, 0xd9, 0x81, 0x30,
+ 0xd0, 0xec, 0xc, 0xc8, 0xbc, 0x92, 0xdf, 0xc8, 0xf5, 0xa6, 0x66,
+ 0x35, 0x84, 0x4c, 0xce, 0x58, 0x82, 0xd3, 0x25, 0xcf, 0x78},
+ {0x5a, 0x49, 0x9c, 0x2d, 0xb3, 0xee, 0x82, 0xba, 0x7c, 0xb9, 0x2b,
+ 0xf1, 0xfc, 0xc8, 0xef, 0xce, 0xe0, 0xd1, 0xb5, 0x93, 0xae, 0xab,
+ 0x2d, 0xb0, 0x9b, 0x8d, 0x69, 0x13, 0x9c, 0xc, 0xc0, 0x39},
+ {0x68, 0x9d, 0x48, 0x31, 0x8e, 0x6b, 0xae, 0x15, 0x87, 0xf0, 0x2b,
+ 0x9c, 0xab, 0x1c, 0x85, 0xaa, 0x5, 0xfa, 0x4e, 0xf0, 0x97, 0x5a,
+ 0xa7, 0xc9, 0x32, 0xf8, 0x3f, 0x6b, 0x7, 0x52, 0x6b, 0x0},
+ },
+ {
+ {0x2d, 0x8, 0xce, 0xb9, 0x16, 0x7e, 0xcb, 0xf5, 0x29, 0xbc, 0x7a,
+ 0x41, 0x4c, 0xf1, 0x7, 0x34, 0xab, 0xa7, 0xf4, 0x2b, 0xce, 0x6b,
+ 0xb3, 0xd4, 0xce, 0x75, 0x9f, 0x1a, 0x56, 0xe9, 0xe2, 0x7d},
+ {0x1c, 0x78, 0x95, 0x9d, 0xe1, 0xcf, 0xe0, 0x29, 0xe2, 0x10, 0x63,
+ 0x96, 0x18, 0xdf, 0x81, 0xb6, 0x39, 0x6b, 0x51, 0x70, 0xd3, 0x39,
+ 0xdf, 0x57, 0x22, 0x61, 0xc7, 0x3b, 0x44, 0xe3, 0x57, 0x4d},
+ {0xcb, 0x5e, 0xa5, 0xb6, 0xf4, 0xd4, 0x70, 0xde, 0x99, 0xdb, 0x85,
+ 0x5d, 0x7f, 0x52, 0x1, 0x48, 0x81, 0x9a, 0xee, 0xd3, 0x40, 0xc4,
+ 0xc9, 0xdb, 0xed, 0x29, 0x60, 0x1a, 0xaf, 0x90, 0x2a, 0x6b},
+ },
+ {
+ {0xa, 0xd8, 0xb2, 0x5b, 0x24, 0xf3, 0xeb, 0x77, 0x9b, 0x7, 0xb9,
+ 0x2f, 0x47, 0x1b, 0x30, 0xd8, 0x33, 0x73, 0xee, 0x4c, 0xf2, 0xe6,
+ 0x47, 0xc6, 0x9, 0x21, 0x6c, 0x27, 0xc8, 0x12, 0x58, 0x46},
+ {0x97, 0x1e, 0xe6, 0x9a, 0xfc, 0xf4, 0x23, 0x69, 0xd1, 0x5f, 0x3f,
+ 0xe0, 0x1d, 0x28, 0x35, 0x57, 0x2d, 0xd1, 0xed, 0xe6, 0x43, 0xae,
+ 0x64, 0xa7, 0x4a, 0x3e, 0x2d, 0xd1, 0xe9, 0xf4, 0xd8, 0x5f},
+ {0xd9, 0x62, 0x10, 0x2a, 0xb2, 0xbe, 0x43, 0x4d, 0x16, 0xdc, 0x31,
+ 0x38, 0x75, 0xfb, 0x65, 0x70, 0xd7, 0x68, 0x29, 0xde, 0x7b, 0x4a,
+ 0xd, 0x18, 0x90, 0x67, 0xb1, 0x1c, 0x2b, 0x2c, 0xb3, 0x5},
+ },
+ {
+ {0x95, 0x81, 0xd5, 0x7a, 0x2c, 0xa4, 0xfc, 0xf7, 0xcc, 0xf3, 0x33,
+ 0x43, 0x6e, 0x28, 0x14, 0x32, 0x9d, 0x97, 0xb, 0x34, 0xd, 0x9d,
+ 0xc2, 0xb6, 0xe1, 0x7, 0x73, 0x56, 0x48, 0x1a, 0x77, 0x31},
+ {0xfd, 0xa8, 0x4d, 0xd2, 0xcc, 0x5e, 0xc0, 0xc8, 0x83, 0xef, 0xdf,
+ 0x5, 0xac, 0x1a, 0xcf, 0xa1, 0x61, 0xcd, 0xf9, 0x7d, 0xf2, 0xef,
+ 0xbe, 0xdb, 0x99, 0x1e, 0x47, 0x7b, 0xa3, 0x56, 0x55, 0x3b},
+ {0x82, 0xd4, 0x4d, 0xe1, 0x24, 0xc5, 0xb0, 0x32, 0xb6, 0xa4, 0x2b,
+ 0x1a, 0x54, 0x51, 0xb3, 0xed, 0xf3, 0x5a, 0x2b, 0x28, 0x48, 0x60,
+ 0xd1, 0xa3, 0xeb, 0x36, 0x73, 0x7a, 0xd2, 0x79, 0xc0, 0x4f},
+ },
+ {
+ {0xd, 0xc5, 0x86, 0xc, 0x44, 0x8b, 0x34, 0xdc, 0x51, 0xe6, 0x94,
+ 0xcc, 0xc9, 0xcb, 0x37, 0x13, 0xb9, 0x3c, 0x3e, 0x64, 0x4d, 0xf7,
+ 0x22, 0x64, 0x8, 0xcd, 0xe3, 0xba, 0xc2, 0x70, 0x11, 0x24},
+ {0x7f, 0x2f, 0xbf, 0x89, 0xb0, 0x38, 0xc9, 0x51, 0xa7, 0xe9, 0xdf,
+ 0x2, 0x65, 0xbd, 0x97, 0x24, 0x53, 0xe4, 0x80, 0x78, 0x9c, 0xc0,
+ 0xff, 0xff, 0x92, 0x8e, 0xf9, 0xca, 0xce, 0x67, 0x45, 0x12},
+ {0xb4, 0x73, 0xc4, 0xa, 0x86, 0xab, 0xf9, 0x3f, 0x35, 0xe4, 0x13,
+ 0x1, 0xee, 0x1d, 0x91, 0xf0, 0xaf, 0xc4, 0xc6, 0xeb, 0x60, 0x50,
+ 0xe7, 0x4a, 0xd, 0x0, 0x87, 0x6c, 0x96, 0x12, 0x86, 0x3f},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1497955250203334, 110116344653260, 1128535642171976,
- 1900106496009660, 129792717460909
-#else
- 43248326, 22321272, 26961356, 1640861, 34695752, 16816491,
- 12248508, 28313793, 13735341, 1934062
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 452487513298665, 1352120549024569, 1173495883910956,
- 1999111705922009, 367328130454226
-#else
- 25089769, 6742589, 17081145, 20148166, 21909292, 17486451,
- 51972569, 29789085, 45830866, 5473615
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1717539401269642, 1475188995688487, 891921989653942,
- 836824441505699, 1885988485608364
-#else
- 31883658, 25593331, 1083431, 21982029, 22828470, 13290673,
- 59983779, 12469655, 29111212, 28103418
-#endif
- }},
+ {0x13, 0x8d, 0x4, 0x36, 0xfa, 0xfc, 0x18, 0x9c, 0xdd, 0x9d, 0x89,
+ 0x73, 0xb3, 0x9d, 0x15, 0x29, 0xaa, 0xd0, 0x92, 0x9f, 0xb, 0x35,
+ 0x9f, 0xdc, 0xd4, 0x19, 0x8a, 0x87, 0xee, 0x7e, 0xf5, 0x26},
+ {0xde, 0xd, 0x2a, 0x78, 0xc9, 0xc, 0x9a, 0x55, 0x85, 0x83, 0x71,
+ 0xea, 0xb2, 0xcd, 0x1d, 0x55, 0x8c, 0x23, 0xef, 0x31, 0x5b, 0x86,
+ 0x62, 0x7f, 0x3d, 0x61, 0x73, 0x79, 0x76, 0xa7, 0x4a, 0x50},
+ {0xb1, 0xef, 0x87, 0x56, 0xd5, 0x2c, 0xab, 0xc, 0x7b, 0xf1, 0x7a,
+ 0x24, 0x62, 0xd1, 0x80, 0x51, 0x67, 0x24, 0x5a, 0x4f, 0x34, 0x5a,
+ 0xc1, 0x85, 0x69, 0x30, 0xba, 0x9d, 0x3d, 0x94, 0x41, 0x40},
+ },
+ {
+ {0xdd, 0xaa, 0x6c, 0xa2, 0x43, 0x77, 0x21, 0x4b, 0xce, 0xb7, 0x8a,
+ 0x64, 0x24, 0xb4, 0xa6, 0x47, 0xe3, 0xc9, 0xfb, 0x3, 0x7a, 0x4f,
+ 0x1d, 0xcb, 0x19, 0xd0, 0x0, 0x98, 0x42, 0x31, 0xd9, 0x12},
+ {0x96, 0xcc, 0xeb, 0x43, 0xba, 0xee, 0xc0, 0xc3, 0xaf, 0x9c, 0xea,
+ 0x26, 0x9c, 0x9c, 0x74, 0x8d, 0xc6, 0xcc, 0x77, 0x1c, 0xee, 0x95,
+ 0xfa, 0xd9, 0xf, 0x34, 0x84, 0x76, 0xd9, 0xa1, 0x20, 0x14},
+ {0x4f, 0x59, 0x37, 0xd3, 0x99, 0x77, 0xc6, 0x0, 0x7b, 0xa4, 0x3a,
+ 0xb2, 0x40, 0x51, 0x3c, 0x5e, 0x95, 0xf3, 0x5f, 0xe3, 0x54, 0x28,
+ 0x18, 0x44, 0x12, 0xa0, 0x59, 0x43, 0x31, 0x92, 0x4f, 0x1b},
+ },
+ {
+ {0xb1, 0x66, 0x98, 0xa4, 0x30, 0x30, 0xcf, 0x33, 0x59, 0x48, 0x5f,
+ 0x21, 0xd2, 0x73, 0x1f, 0x25, 0xf6, 0xf4, 0xde, 0x51, 0x40, 0xaa,
+ 0x82, 0xab, 0xf6, 0x23, 0x9a, 0x6f, 0xd5, 0x91, 0xf1, 0x5f},
+ {0x51, 0x9, 0x15, 0x89, 0x9d, 0x10, 0x5c, 0x3e, 0x6a, 0x69, 0xe9,
+ 0x2d, 0x91, 0xfa, 0xce, 0x39, 0x20, 0x30, 0x5f, 0x97, 0x3f, 0xe4,
+ 0xea, 0x20, 0xae, 0x2d, 0x13, 0x7f, 0x2a, 0x57, 0x9b, 0x23},
+ {0x68, 0x90, 0x2d, 0xac, 0x33, 0xd4, 0x9e, 0x81, 0x23, 0x85, 0xc9,
+ 0x5f, 0x79, 0xab, 0x83, 0x28, 0x3d, 0xeb, 0x93, 0x55, 0x80, 0x72,
+ 0x45, 0xef, 0xcb, 0x36, 0x8f, 0x75, 0x6a, 0x52, 0xc, 0x2},
+ },
+ {
+ {0x89, 0xcc, 0x42, 0xf0, 0x59, 0xef, 0x31, 0xe9, 0xb6, 0x4b, 0x12,
+ 0x8e, 0x9d, 0x9c, 0x58, 0x2c, 0x97, 0x59, 0xc7, 0xae, 0x8a, 0xe1,
+ 0xc8, 0xad, 0xc, 0xc5, 0x2, 0x56, 0xa, 0xfe, 0x2c, 0x45},
+ {0xbc, 0xdb, 0xd8, 0x9e, 0xf8, 0x34, 0x98, 0x77, 0x6c, 0xa4, 0x7c,
+ 0xdc, 0xf9, 0xaa, 0xf2, 0xc8, 0x74, 0xb0, 0xe1, 0xa3, 0xdc, 0x4c,
+ 0x52, 0xa9, 0x77, 0x38, 0x31, 0x15, 0x46, 0xcc, 0xaa, 0x2},
+ {0xdf, 0x77, 0x78, 0x64, 0xa0, 0xf7, 0xa0, 0x86, 0x9f, 0x7c, 0x60,
+ 0xe, 0x27, 0x64, 0xc4, 0xbb, 0xc9, 0x11, 0xfb, 0xf1, 0x25, 0xea,
+ 0x17, 0xab, 0x7b, 0x87, 0x4b, 0x30, 0x7b, 0x7d, 0xfb, 0x4c},
+ },
+ {
+ {0x12, 0xef, 0x89, 0x97, 0xc2, 0x99, 0x86, 0xe2, 0xd, 0x19, 0x57,
+ 0xdf, 0x71, 0xcd, 0x6e, 0x2b, 0xd0, 0x70, 0xc9, 0xec, 0x57, 0xc8,
+ 0x43, 0xc3, 0xc5, 0x3a, 0x4d, 0x43, 0xbc, 0x4c, 0x1d, 0x5b},
+ {0xfe, 0x75, 0x9b, 0xb8, 0x6c, 0x3d, 0xb4, 0x72, 0x80, 0xdc, 0x6a,
+ 0x9c, 0xd9, 0x94, 0xc6, 0x54, 0x9f, 0x4c, 0xe3, 0x3e, 0x37, 0xaa,
+ 0xc3, 0xb8, 0x64, 0x53, 0x7, 0x39, 0x2b, 0x62, 0xb4, 0x14},
+ {0x26, 0x9f, 0xa, 0xcc, 0x15, 0x26, 0xfb, 0xb6, 0xe5, 0xcc, 0x8d,
+ 0xb8, 0x2b, 0xe, 0x4f, 0x3a, 0x5, 0xa7, 0x69, 0x33, 0x8b, 0x49,
+ 0x1, 0x13, 0xd1, 0x2d, 0x59, 0x58, 0x12, 0xf7, 0x98, 0x2f},
+ },
+ {
+ {0x1, 0xa7, 0x54, 0x4f, 0x44, 0xae, 0x12, 0x2e, 0xde, 0xd7, 0xcb,
+ 0xa9, 0xf0, 0x3e, 0xfe, 0xfc, 0xe0, 0x5d, 0x83, 0x75, 0xd, 0x89,
+ 0xbf, 0xce, 0x54, 0x45, 0x61, 0xe7, 0xe9, 0x62, 0x80, 0x1d},
+ {0x56, 0x9e, 0xf, 0xb5, 0x4c, 0xa7, 0x94, 0xc, 0x20, 0x13, 0x8e,
+ 0x8e, 0xa9, 0xf4, 0x1f, 0x5b, 0x67, 0xf, 0x30, 0x82, 0x21, 0xcc,
+ 0x2a, 0x9a, 0xf9, 0xaa, 0x6, 0xd8, 0x49, 0xe2, 0x6a, 0x3a},
+ {0x5a, 0x7c, 0x90, 0xa9, 0x85, 0xda, 0x7a, 0x65, 0x62, 0xf, 0xb9,
+ 0x91, 0xb5, 0xa8, 0xe, 0x1a, 0xe9, 0xb4, 0x34, 0xdf, 0xfb, 0x1d,
+ 0xe, 0x8d, 0xf3, 0x5f, 0xf2, 0xae, 0xe8, 0x8c, 0x8b, 0x29},
+ },
+ {
+ {0xde, 0x65, 0x21, 0xa, 0xea, 0x72, 0x7a, 0x83, 0xf6, 0x79, 0xcf,
+ 0xb, 0xb4, 0x7, 0xab, 0x3f, 0x70, 0xae, 0x38, 0x77, 0xc7, 0x36,
+ 0x16, 0x52, 0xdc, 0xd7, 0xa7, 0x3, 0x18, 0x27, 0xa6, 0x6b},
+ {0xb2, 0xc, 0xf7, 0xef, 0x53, 0x79, 0x92, 0x2a, 0x76, 0x70, 0x15,
+ 0x79, 0x2a, 0xc9, 0x89, 0x4b, 0x6a, 0xcf, 0xa7, 0x30, 0x7a, 0x45,
+ 0x18, 0x94, 0x85, 0xe4, 0x5c, 0x4d, 0x40, 0xa8, 0xb8, 0x34},
+ {0x35, 0x33, 0x69, 0x83, 0xb5, 0xec, 0x6e, 0xc2, 0xfd, 0xfe, 0xb5,
+ 0x63, 0xdf, 0x13, 0xa8, 0xd5, 0x73, 0x25, 0xb2, 0xa4, 0x9a, 0xaa,
+ 0x93, 0xa2, 0x6a, 0x1c, 0x5e, 0x46, 0xdd, 0x2b, 0xd6, 0x71},
+ },
+ {
+ {0xf5, 0x5e, 0xf7, 0xb1, 0xda, 0xb5, 0x2d, 0xcd, 0xf5, 0x65, 0xb0,
+ 0x16, 0xcf, 0x95, 0x7f, 0xd7, 0x85, 0xf0, 0x49, 0x3f, 0xea, 0x1f,
+ 0x57, 0x14, 0x3d, 0x2b, 0x2b, 0x26, 0x21, 0x36, 0x33, 0x1c},
+ {0x80, 0xdf, 0x78, 0xd3, 0x28, 0xcc, 0x33, 0x65, 0xb4, 0xa4, 0xf,
+ 0xa, 0x79, 0x43, 0xdb, 0xf6, 0x5a, 0xda, 0x1, 0xf7, 0xf9, 0x5f,
+ 0x64, 0xe3, 0xa4, 0x2b, 0x17, 0xf3, 0x17, 0xf3, 0xd5, 0x74},
+ {0x81, 0xca, 0xd9, 0x67, 0x54, 0xe5, 0x6f, 0xa8, 0x37, 0x8c, 0x29,
+ 0x2b, 0x75, 0x7c, 0x8b, 0x39, 0x3b, 0x62, 0xac, 0xe3, 0x92, 0x8,
+ 0x6d, 0xda, 0x8c, 0xd9, 0xe9, 0x47, 0x45, 0xcc, 0xeb, 0x4a},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1241784121422547, 187337051947583, 1118481812236193,
- 428747751936362, 30358898927325
-#else
- 24244947, 18504025, 40845887, 2791539, 52111265, 16666677,
- 24367466, 6388839, 56813277, 452382
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2022432361201842, 1088816090685051, 1977843398539868,
- 1854834215890724, 564238862029357
-#else
- 41468082, 30136590, 5217915, 16224624, 19987036, 29472163,
- 42872612, 27639183, 15766061, 8407814
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 938868489100585, 1100285072929025, 1017806255688848,
- 1957262154788833, 152787950560442
-#else
- 46701865, 13990230, 15495425, 16395525, 5377168, 15166495,
- 58191841, 29165478, 59040954, 2276717
-#endif
- }},
+ {0x10, 0xb6, 0x54, 0x73, 0x9e, 0x8d, 0x40, 0xb, 0x6e, 0x5b, 0xa8,
+ 0x5b, 0x53, 0x32, 0x6b, 0x80, 0x7, 0xa2, 0x58, 0x4a, 0x3, 0x3a,
+ 0xe6, 0xdb, 0x2c, 0xdf, 0xa1, 0xc9, 0xdd, 0xd9, 0x3b, 0x17},
+ {0xc9, 0x1, 0x6d, 0x27, 0x1b, 0x7, 0xf0, 0x12, 0x70, 0x8c, 0xc4,
+ 0x86, 0xc5, 0xba, 0xb8, 0xe7, 0xa9, 0xfb, 0xd6, 0x71, 0x9b, 0x12,
+ 0x8, 0x53, 0x92, 0xb7, 0x3d, 0x5a, 0xf9, 0xfb, 0x88, 0x5d},
+ {0xdf, 0x72, 0x58, 0xfe, 0x1e, 0xf, 0x50, 0x2b, 0xc1, 0x18, 0x39,
+ 0xd4, 0x2e, 0x58, 0xd6, 0x58, 0xe0, 0x3a, 0x67, 0xc9, 0x8e, 0x27,
+ 0xed, 0xe6, 0x19, 0xa3, 0x9e, 0xb1, 0x13, 0xcd, 0xe1, 0x6},
+ },
+ {
+ {0x53, 0x3, 0x5b, 0x9e, 0x62, 0xaf, 0x2b, 0x47, 0x47, 0x4, 0x8d,
+ 0x27, 0x90, 0xb, 0xaa, 0x3b, 0x27, 0xbf, 0x43, 0x96, 0x46, 0x5f,
+ 0x78, 0xc, 0x13, 0x7b, 0x83, 0x8d, 0x1a, 0x6a, 0x3a, 0x7f},
+ {0x23, 0x6f, 0x16, 0x6f, 0x51, 0xad, 0xd0, 0x40, 0xbe, 0x6a, 0xab,
+ 0x1f, 0x93, 0x32, 0x8e, 0x11, 0x8e, 0x8, 0x4d, 0xa0, 0x14, 0x5e,
+ 0xe3, 0x3f, 0x66, 0x62, 0xe1, 0x26, 0x35, 0x60, 0x80, 0x30},
+ {0xb, 0x80, 0x3d, 0x5d, 0x39, 0x44, 0xe6, 0xf7, 0xf6, 0xed, 0x1,
+ 0xc9, 0x55, 0xd5, 0xa8, 0x95, 0x39, 0x63, 0x2c, 0x59, 0x30, 0x78,
+ 0xcd, 0x68, 0x7e, 0x30, 0x51, 0x2e, 0xed, 0xfd, 0xd0, 0x30},
+ },
+ {
+ {0x50, 0x47, 0xb8, 0x68, 0x1e, 0x97, 0xb4, 0x9c, 0xcf, 0xbb, 0x64,
+ 0x66, 0x29, 0x72, 0x95, 0xa0, 0x2b, 0x41, 0xfa, 0x72, 0x26, 0xe7,
+ 0x8d, 0x5c, 0xd9, 0x89, 0xc5, 0x51, 0x43, 0x8, 0x15, 0x46},
+ {0xb3, 0x33, 0x12, 0xf2, 0x1a, 0x4d, 0x59, 0xe0, 0x9c, 0x4d, 0xcc,
+ 0xf0, 0x8e, 0xe7, 0xdb, 0x1b, 0x77, 0x9a, 0x49, 0x8f, 0x7f, 0x18,
+ 0x65, 0x69, 0x68, 0x98, 0x9, 0x2c, 0x20, 0x14, 0x92, 0xa},
+ {0x2e, 0xa0, 0xb9, 0xae, 0xc0, 0x19, 0x90, 0xbc, 0xae, 0x4c, 0x3,
+ 0x16, 0xd, 0x11, 0xc7, 0x55, 0xec, 0x32, 0x99, 0x65, 0x1, 0xf5,
+ 0x6d, 0xe, 0xfe, 0x5d, 0xca, 0x95, 0x28, 0xd, 0xca, 0x3b},
+ },
+ {
+ {0xbf, 0x1, 0xcc, 0x9e, 0xb6, 0x8e, 0x68, 0x9c, 0x6f, 0x89, 0x44,
+ 0xa6, 0xad, 0x83, 0xbc, 0xf0, 0xe2, 0x9f, 0x7a, 0x5f, 0x5f, 0x95,
+ 0x2d, 0xca, 0x41, 0x82, 0xf2, 0x8d, 0x3, 0xb4, 0xa8, 0x4e},
+ {0xa4, 0x62, 0x5d, 0x3c, 0xbc, 0x31, 0xf0, 0x40, 0x60, 0x7a, 0xf0,
+ 0xcf, 0x3e, 0x8b, 0xfc, 0x19, 0x45, 0xb5, 0xf, 0x13, 0xa2, 0x3d,
+ 0x18, 0x98, 0xcd, 0x13, 0x8f, 0xae, 0xdd, 0xde, 0x31, 0x56},
+ {0x2, 0xd2, 0xca, 0xf1, 0xa, 0x46, 0xed, 0x2a, 0x83, 0xee, 0x8c,
+ 0xa4, 0x5, 0x53, 0x30, 0x46, 0x5f, 0x1a, 0xf1, 0x49, 0x45, 0x77,
+ 0x21, 0x91, 0x63, 0xa4, 0x2c, 0x54, 0x30, 0x9, 0xce, 0x24},
+ },
+ {
+ {0x85, 0xb, 0xf3, 0xfd, 0x55, 0xa1, 0xcf, 0x3f, 0xa4, 0x2e, 0x37,
+ 0x36, 0x8e, 0x16, 0xf7, 0xd2, 0x44, 0xf8, 0x92, 0x64, 0xde, 0x64,
+ 0xe0, 0xb2, 0x80, 0x42, 0x4f, 0x32, 0xa7, 0x28, 0x99, 0x54},
+ {0x6, 0xc1, 0x6, 0xfd, 0xf5, 0x90, 0xe8, 0x1f, 0xf2, 0x10, 0x88,
+ 0x5d, 0x35, 0x68, 0xc4, 0xb5, 0x3e, 0xaf, 0x8c, 0x6e, 0xfe, 0x8,
+ 0x78, 0x82, 0x4b, 0xd7, 0x6, 0x8a, 0xc2, 0xe3, 0xd4, 0x41},
+ {0x2e, 0x1a, 0xee, 0x63, 0xa7, 0x32, 0x6e, 0xf2, 0xea, 0xfd, 0x5f,
+ 0xd2, 0xb7, 0xe4, 0x91, 0xae, 0x69, 0x4d, 0x7f, 0xd1, 0x3b, 0xd3,
+ 0x3b, 0xbc, 0x6a, 0xff, 0xdc, 0xc0, 0xde, 0x66, 0x1b, 0x49},
+ },
+ {
+ {0xa1, 0x64, 0xda, 0xd0, 0x8e, 0x4a, 0xf0, 0x75, 0x4b, 0x28, 0xe2,
+ 0x67, 0xaf, 0x2c, 0x22, 0xed, 0xa4, 0x7b, 0x7b, 0x1f, 0x79, 0xa3,
+ 0x34, 0x82, 0x67, 0x8b, 0x1, 0xb7, 0xb0, 0xb8, 0xf6, 0x4c},
+ {0xa7, 0x32, 0xea, 0xc7, 0x3d, 0xb1, 0xf5, 0x98, 0x98, 0xdb, 0x16,
+ 0x7e, 0xcc, 0xf8, 0xd5, 0xe3, 0x47, 0xd9, 0xf8, 0xcb, 0x52, 0xbf,
+ 0xa, 0xac, 0xac, 0xe4, 0x5e, 0xc8, 0xd0, 0x38, 0xf3, 0x8},
+ {0xbd, 0x73, 0x1a, 0x99, 0x21, 0xa8, 0x83, 0xc3, 0x7a, 0xc, 0x32,
+ 0xdf, 0x1, 0xbc, 0x27, 0xab, 0x63, 0x70, 0x77, 0x84, 0x1b, 0x33,
+ 0x3d, 0xc1, 0x99, 0x8a, 0x7, 0xeb, 0x82, 0x4a, 0xd, 0x53},
+ },
+ {
+ {0x9e, 0xbf, 0x9a, 0x6c, 0x45, 0x73, 0x69, 0x6d, 0x80, 0xa8, 0x0,
+ 0x49, 0xfc, 0xb2, 0x7f, 0x25, 0x50, 0xb8, 0xcf, 0xc8, 0x12, 0xf4,
+ 0xac, 0x2b, 0x5b, 0xbd, 0xbf, 0xc, 0xe0, 0xe7, 0xb3, 0xd},
+ {0x25, 0x48, 0xf9, 0xe1, 0x30, 0x36, 0x4c, 0x0, 0x5a, 0x53, 0xab,
+ 0x8c, 0x26, 0x78, 0x2d, 0x7e, 0x8b, 0xff, 0x84, 0xcc, 0x23, 0x23,
+ 0x48, 0xc7, 0xb9, 0x70, 0x17, 0x10, 0x3f, 0x75, 0xea, 0x65},
+ {0x63, 0x63, 0x9, 0xe2, 0x3e, 0xfc, 0x66, 0x3d, 0x6b, 0xcb, 0xb5,
+ 0x61, 0x7f, 0x2c, 0xd6, 0x81, 0x1a, 0x3b, 0x44, 0x13, 0x42, 0x4,
+ 0xbe, 0xf, 0xdb, 0xa1, 0xe1, 0x21, 0x19, 0xec, 0xa4, 0x2},
+ },
+ {
+ {0x5f, 0x79, 0xcf, 0xf1, 0x62, 0x61, 0xc8, 0xf5, 0xf2, 0x57, 0xee,
+ 0x26, 0x19, 0x86, 0x8c, 0x11, 0x78, 0x35, 0x6, 0x1c, 0x85, 0x24,
+ 0x21, 0x17, 0xcf, 0x7f, 0x6, 0xec, 0x5d, 0x2b, 0xd1, 0x36},
+ {0xa2, 0xb8, 0x24, 0x3b, 0x9a, 0x25, 0xe6, 0x5c, 0xb8, 0xa0, 0xaf,
+ 0x45, 0xcc, 0x7a, 0x57, 0xb8, 0x37, 0x70, 0xa0, 0x8b, 0xe8, 0xe6,
+ 0xcb, 0xcc, 0xbf, 0x9, 0x78, 0x12, 0x51, 0x3c, 0x14, 0x3d},
+ {0x57, 0x45, 0x15, 0x79, 0x91, 0x27, 0x6d, 0x12, 0xa, 0x3a, 0x78,
+ 0xfc, 0x5c, 0x8f, 0xe4, 0xd5, 0xac, 0x9b, 0x17, 0xdf, 0xe8, 0xb6,
+ 0xbd, 0x36, 0x59, 0x28, 0xa8, 0x5b, 0x88, 0x17, 0xf5, 0x2e},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 867319417678923, 620471962942542, 226032203305716,
- 342001443957629, 1761675818237336
-#else
- 30157899, 12924066, 49396814, 9245752, 19895028, 3368142,
- 43281277, 5096218, 22740376, 26251015
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1295072362439987, 931227904689414, 1355731432641687,
- 922235735834035, 892227229410209
-#else
- 2041139, 19298082, 7783686, 13876377, 41161879, 20201972,
- 24051123, 13742383, 51471265, 13295221
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1680989767906154, 535362787031440, 2136691276706570,
- 1942228485381244, 1267350086882274
-#else
- 33338218, 25048699, 12532112, 7977527, 9106186, 31839181,
- 49388668, 28941459, 62657506, 18884987
-#endif
- }},
+ {0x51, 0x2f, 0x5b, 0x30, 0xfb, 0xbf, 0xee, 0x96, 0xb8, 0x96, 0x95,
+ 0x88, 0xad, 0x38, 0xf9, 0xd3, 0x25, 0xdd, 0xd5, 0x46, 0xc7, 0x2d,
+ 0xf5, 0xf0, 0x95, 0x0, 0x3a, 0xbb, 0x90, 0x82, 0x96, 0x57},
+ {0xdc, 0xae, 0x58, 0x8c, 0x4e, 0x97, 0x37, 0x46, 0xa4, 0x41, 0xf0,
+ 0xab, 0xfb, 0x22, 0xef, 0xb9, 0x8a, 0x71, 0x80, 0xe9, 0x56, 0xd9,
+ 0x85, 0xe1, 0xa6, 0xa8, 0x43, 0xb1, 0xfa, 0x78, 0x1b, 0x2f},
+ {0x1, 0xe1, 0x20, 0xa, 0x43, 0xb8, 0x1a, 0xf7, 0x47, 0xec, 0xf0,
+ 0x24, 0x8d, 0x65, 0x93, 0xf3, 0xd1, 0xee, 0xe2, 0x6e, 0xa8, 0x9,
+ 0x75, 0xcf, 0xe1, 0xa3, 0x2a, 0xdc, 0x35, 0x3e, 0xc4, 0x7d},
+ },
+ {
+ {0x18, 0x97, 0x3e, 0x27, 0x5c, 0x2a, 0x78, 0x5a, 0x94, 0xfd, 0x4e,
+ 0x5e, 0x99, 0xc6, 0x76, 0x35, 0x3e, 0x7d, 0x23, 0x1f, 0x5, 0xd8,
+ 0x2e, 0xf, 0x99, 0xa, 0xd5, 0x82, 0x1d, 0xb8, 0x4f, 0x4},
+ {0xc3, 0xd9, 0x7d, 0x88, 0x65, 0x66, 0x96, 0x85, 0x55, 0x53, 0xb0,
+ 0x4b, 0x31, 0x9b, 0xf, 0xc9, 0xb1, 0x79, 0x20, 0xef, 0xf8, 0x8d,
+ 0xe0, 0xc6, 0x2f, 0xc1, 0x8c, 0x75, 0x16, 0x20, 0xf7, 0x7e},
+ {0xd9, 0xe3, 0x7, 0xa9, 0xc5, 0x18, 0xdf, 0xc1, 0x59, 0x63, 0x4c,
+ 0xce, 0x1d, 0x37, 0xb3, 0x57, 0x49, 0xbb, 0x1, 0xb2, 0x34, 0x45,
+ 0x70, 0xca, 0x2e, 0xdd, 0x30, 0x9c, 0x3f, 0x82, 0x79, 0x7f},
+ },
+ {
+ {0xba, 0x87, 0xf5, 0x68, 0xf0, 0x1f, 0x9c, 0x6a, 0xde, 0xc8, 0x50,
+ 0x0, 0x4e, 0x89, 0x27, 0x8, 0xe7, 0x5b, 0xed, 0x7d, 0x55, 0x99,
+ 0xbf, 0x3c, 0xf0, 0xd6, 0x6, 0x1c, 0x43, 0xb0, 0xa9, 0x64},
+ {0xe8, 0x13, 0xb5, 0xa3, 0x39, 0xd2, 0x34, 0x83, 0xd8, 0xa8, 0x1f,
+ 0xb9, 0xd4, 0x70, 0x36, 0xc1, 0x33, 0xbd, 0x90, 0xf5, 0x36, 0x41,
+ 0xb5, 0x12, 0xb4, 0xd9, 0x84, 0xd7, 0x73, 0x3, 0x4e, 0xa},
+ {0x19, 0x29, 0x7d, 0x5b, 0xa1, 0xd6, 0xb3, 0x2e, 0x35, 0x82, 0x3a,
+ 0xd5, 0xa0, 0xf6, 0xb4, 0xb0, 0x47, 0x5d, 0xa4, 0x89, 0x43, 0xce,
+ 0x56, 0x71, 0x6c, 0x34, 0x18, 0xce, 0xa, 0x7d, 0x1a, 0x7},
+ },
+ {
+ {0x31, 0x44, 0xe1, 0x20, 0x52, 0x35, 0xc, 0xcc, 0x41, 0x51, 0xb1,
+ 0x9, 0x7, 0x95, 0x65, 0xd, 0x36, 0x5f, 0x9d, 0x20, 0x1b, 0x62,
+ 0xf5, 0x9a, 0xd3, 0x55, 0x77, 0x61, 0xf7, 0xbc, 0x69, 0x7c},
+ {0xb, 0xba, 0x87, 0xc8, 0xaa, 0x2d, 0x7, 0xd3, 0xee, 0x62, 0xa5,
+ 0xbf, 0x5, 0x29, 0x26, 0x1, 0x8b, 0x76, 0xef, 0xc0, 0x2, 0x30,
+ 0x54, 0xcf, 0x9c, 0x7e, 0xea, 0x46, 0x71, 0xcc, 0x3b, 0x2c},
+ {0x5f, 0x29, 0xe8, 0x4, 0xeb, 0xd7, 0xf0, 0x7, 0x7d, 0xf3, 0x50,
+ 0x2f, 0x25, 0x18, 0xdb, 0x10, 0xd7, 0x98, 0x17, 0x17, 0xa3, 0xa9,
+ 0x51, 0xe9, 0x1d, 0xa5, 0xac, 0x22, 0x73, 0x9a, 0x5a, 0x6f},
+ },
+ {
+ {0xbe, 0x44, 0xd9, 0xa3, 0xeb, 0xd4, 0x29, 0xe7, 0x9e, 0xaf, 0x78,
+ 0x80, 0x40, 0x9, 0x9e, 0x8d, 0x3, 0x9c, 0x86, 0x47, 0x7a, 0x56,
+ 0x25, 0x45, 0x24, 0x3b, 0x8d, 0xee, 0x80, 0x96, 0xab, 0x2},
+ {0xc5, 0xc6, 0x41, 0x2f, 0xc, 0x0, 0xa1, 0x8b, 0x9b, 0xfb, 0xfe,
+ 0xc, 0xc1, 0x79, 0x9f, 0xc4, 0x9f, 0x1c, 0xc5, 0x3c, 0x70, 0x47,
+ 0xfa, 0x4e, 0xca, 0xaf, 0x47, 0xe1, 0xa2, 0x21, 0x4e, 0x49},
+ {0x9a, 0xd, 0xe5, 0xdd, 0x85, 0x8a, 0xa4, 0xef, 0x49, 0xa2, 0xb9,
+ 0xf, 0x4e, 0x22, 0x9a, 0x21, 0xd9, 0xf6, 0x1e, 0xd9, 0x1d, 0x1f,
+ 0x9, 0xfa, 0x34, 0xbb, 0x46, 0xea, 0xcb, 0x76, 0x5d, 0x6b},
+ },
+ {
+ {0x22, 0x25, 0x78, 0x1e, 0x17, 0x41, 0xf9, 0xe0, 0xd3, 0x36, 0x69,
+ 0x3, 0x74, 0xae, 0xe6, 0xf1, 0x46, 0xc7, 0xfc, 0xd0, 0xa2, 0x3e,
+ 0x8b, 0x40, 0x3e, 0x31, 0xdd, 0x3, 0x9c, 0x86, 0xfb, 0x16},
+ {0x94, 0xd9, 0xc, 0xec, 0x6c, 0x55, 0x57, 0x88, 0xba, 0x1d, 0xd0,
+ 0x5c, 0x6f, 0xdc, 0x72, 0x64, 0x77, 0xb4, 0x42, 0x8f, 0x14, 0x69,
+ 0x1, 0xaf, 0x54, 0x73, 0x27, 0x85, 0xf6, 0x33, 0xe3, 0xa},
+ {0x62, 0x9, 0xb6, 0x33, 0x97, 0x19, 0x8e, 0x28, 0x33, 0xe1, 0xab,
+ 0xd8, 0xb4, 0x72, 0xfc, 0x24, 0x3e, 0xd0, 0x91, 0x9, 0xed, 0xf7,
+ 0x11, 0x48, 0x75, 0xd0, 0x70, 0x8f, 0x8b, 0xe3, 0x81, 0x3f},
+ },
+ {
+ {0x24, 0xc8, 0x17, 0x5f, 0x35, 0x7f, 0xdb, 0xa, 0xa4, 0x99, 0x42,
+ 0xd7, 0xc3, 0x23, 0xb9, 0x74, 0xf7, 0xea, 0xf8, 0xcb, 0x8b, 0x3e,
+ 0x7c, 0xd5, 0x3d, 0xdc, 0xde, 0x4c, 0xd3, 0xe2, 0xd3, 0xa},
+ {0xfe, 0xaf, 0xd9, 0x7e, 0xcc, 0xf, 0x91, 0x7f, 0x4b, 0x87, 0x65,
+ 0x24, 0xa1, 0xb8, 0x5c, 0x54, 0x4, 0x47, 0xc, 0x4b, 0xd2, 0x7e,
+ 0x39, 0xa8, 0x93, 0x9, 0xf5, 0x4, 0xc1, 0xf, 0x51, 0x50},
+ {0x9d, 0x24, 0x6e, 0x33, 0xc5, 0xf, 0xc, 0x6f, 0xd9, 0xcf, 0x31,
+ 0xc3, 0x19, 0xde, 0x5e, 0x74, 0x1c, 0xfe, 0xee, 0x9, 0x0, 0xfd,
+ 0xd6, 0xf2, 0xbe, 0x1e, 0xfa, 0xf0, 0x8b, 0x15, 0x7c, 0x12},
+ },
+ {
+ {0x74, 0xb9, 0x51, 0xae, 0xc4, 0x8f, 0xa2, 0xde, 0x96, 0xfe, 0x4d,
+ 0x74, 0xd3, 0x73, 0x99, 0x1d, 0xa8, 0x48, 0x38, 0x87, 0xb, 0x68,
+ 0x40, 0x62, 0x95, 0xdf, 0x67, 0xd1, 0x79, 0x24, 0xd8, 0x4e},
+ {0xa2, 0x79, 0x98, 0x2e, 0x42, 0x7c, 0x19, 0xf6, 0x47, 0x36, 0xca,
+ 0x52, 0xd4, 0xdd, 0x4a, 0xa4, 0xcb, 0xac, 0x4e, 0x4b, 0xc1, 0x3f,
+ 0x41, 0x9b, 0x68, 0x4f, 0xef, 0x7, 0x7d, 0xf8, 0x4e, 0x35},
+ {0x75, 0xd9, 0xc5, 0x60, 0x22, 0xb5, 0xe3, 0xfe, 0xb8, 0xb0, 0x41,
+ 0xeb, 0xfc, 0x2e, 0x35, 0x50, 0x3c, 0x65, 0xf6, 0xa9, 0x30, 0xac,
+ 0x8, 0x88, 0x6d, 0x23, 0x39, 0x5, 0xd2, 0x92, 0x2d, 0x30},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 366018233770527, 432660629755596, 126409707644535,
- 1973842949591662, 645627343442376
-#else
- 47063583, 5454096, 52762316, 6447145, 28862071, 1883651,
- 64639598, 29412551, 7770568, 9620597
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 535509430575217, 546885533737322, 1524675609547799,
- 2138095752851703, 1260738089896827
-#else
- 23208049, 7979712, 33071466, 8149229, 1758231, 22719437,
- 30945527, 31860109, 33606523, 18786461
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1159906385590467, 2198530004321610, 714559485023225,
- 81880727882151, 1484020820037082
-#else
- 1439939, 17283952, 66028874, 32760649, 4625401, 10647766,
- 62065063, 1220117, 30494170, 22113633
-#endif
- }},
+ {0x77, 0xf1, 0xe0, 0xe4, 0xb6, 0x6f, 0xbc, 0x2d, 0x93, 0x6a, 0xbd,
+ 0xa4, 0x29, 0xbf, 0xe1, 0x4, 0xe8, 0xf6, 0x7a, 0x78, 0xd4, 0x66,
+ 0x19, 0x5e, 0x60, 0xd0, 0x26, 0xb4, 0x5e, 0x5f, 0xdc, 0xe},
+ {0x3d, 0x28, 0xa4, 0xbc, 0xa2, 0xc1, 0x13, 0x78, 0xd9, 0x3d, 0x86,
+ 0xa1, 0x91, 0xf0, 0x62, 0xed, 0x86, 0xfa, 0x68, 0xc2, 0xb8, 0xbc,
+ 0xc7, 0xae, 0x4c, 0xae, 0x1c, 0x6f, 0xb7, 0xd3, 0xe5, 0x10},
+ {0x67, 0x8e, 0xda, 0x53, 0xd6, 0xbf, 0x53, 0x54, 0x41, 0xf6, 0xa9,
+ 0x24, 0xec, 0x1e, 0xdc, 0xe9, 0x23, 0x8a, 0x57, 0x3, 0x3b, 0x26,
+ 0x87, 0xbf, 0x72, 0xba, 0x1c, 0x36, 0x51, 0x6c, 0xb4, 0x45},
+ },
+ {
+ {0xe4, 0xe3, 0x7f, 0x8a, 0xdd, 0x4d, 0x9d, 0xce, 0x30, 0xe, 0x62,
+ 0x76, 0x56, 0x64, 0x13, 0xab, 0x58, 0x99, 0xe, 0xb3, 0x7b, 0x4f,
+ 0x59, 0x4b, 0xdf, 0x29, 0x12, 0x32, 0xef, 0xa, 0x1c, 0x5c},
+ {0xa1, 0x7f, 0x4f, 0x31, 0xbf, 0x2a, 0x40, 0xa9, 0x50, 0xf4, 0x8c,
+ 0x8e, 0xdc, 0xf1, 0x57, 0xe2, 0x84, 0xbe, 0xa8, 0x23, 0x4b, 0xd5,
+ 0xbb, 0x1d, 0x3b, 0x71, 0xcb, 0x6d, 0xa3, 0xbf, 0x77, 0x21},
+ {0x8f, 0xdb, 0x79, 0xfa, 0xbc, 0x1b, 0x8, 0x37, 0xb3, 0x59, 0x5f,
+ 0xc2, 0x1e, 0x81, 0x48, 0x60, 0x87, 0x24, 0x83, 0x9c, 0x65, 0x76,
+ 0x7a, 0x8, 0xbb, 0xb5, 0x8a, 0x7d, 0x38, 0x19, 0xe6, 0x4a},
+ },
+ {
+ {0x83, 0xfb, 0x5b, 0x98, 0x44, 0x7e, 0x11, 0x61, 0x36, 0x31, 0x96,
+ 0x71, 0x2a, 0x46, 0xe0, 0xfc, 0x4b, 0x90, 0x25, 0xd4, 0x48, 0x34,
+ 0xac, 0x83, 0x64, 0x3d, 0xa4, 0x5b, 0xbe, 0x5a, 0x68, 0x75},
+ {0x2e, 0xa3, 0x44, 0x53, 0xaa, 0xf6, 0xdb, 0x8d, 0x78, 0x40, 0x1b,
+ 0xb4, 0xb4, 0xea, 0x88, 0x7d, 0x60, 0xd, 0x13, 0x4a, 0x97, 0xeb,
+ 0xb0, 0x5e, 0x3, 0x3e, 0xbf, 0x17, 0x1b, 0xd9, 0x0, 0x1a},
+ {0xb2, 0xf2, 0x61, 0xeb, 0x33, 0x9, 0x96, 0x6e, 0x52, 0x49, 0xff,
+ 0xc9, 0xa8, 0xf, 0x3d, 0x54, 0x69, 0x65, 0xf6, 0x7a, 0x10, 0x75,
+ 0x72, 0xdf, 0xaa, 0xe6, 0xb0, 0x23, 0xb6, 0x29, 0x55, 0x13},
+ },
+ {
+ {0xfe, 0x83, 0x2e, 0xe2, 0xbc, 0x16, 0xc7, 0xf5, 0xc1, 0x85, 0x9,
+ 0xe8, 0x19, 0xeb, 0x2b, 0xb4, 0xae, 0x4a, 0x25, 0x14, 0x37, 0xa6,
+ 0x9d, 0xec, 0x13, 0xa6, 0x90, 0x15, 0x5, 0xea, 0x72, 0x59},
+ {0x18, 0xd5, 0xd1, 0xad, 0xd7, 0xdb, 0xf0, 0x18, 0x11, 0x1f, 0xc1,
+ 0xcf, 0x88, 0x78, 0x9f, 0x97, 0x9b, 0x75, 0x14, 0x71, 0xf0, 0xe1,
+ 0x32, 0x87, 0x1, 0x3a, 0xca, 0x65, 0x1a, 0xb8, 0xb5, 0x79},
+ {0x11, 0x78, 0x8f, 0xdc, 0x20, 0xac, 0xd4, 0xf, 0xa8, 0x4f, 0x4d,
+ 0xac, 0x94, 0xd2, 0x9a, 0x9a, 0x34, 0x4, 0x36, 0xb3, 0x64, 0x2d,
+ 0x1b, 0xc0, 0xdb, 0x3b, 0x5f, 0x90, 0x95, 0x9c, 0x7e, 0x4f},
+ },
+ {
+ {0xfe, 0x99, 0x52, 0x35, 0x3d, 0x44, 0xc8, 0x71, 0xd7, 0xea, 0xeb,
+ 0xdb, 0x1c, 0x3b, 0xcd, 0x8b, 0x66, 0x94, 0xa4, 0xf1, 0x9e, 0x49,
+ 0x92, 0x80, 0xc8, 0xad, 0x44, 0xa1, 0xc4, 0xee, 0x42, 0x19},
+ {0x2e, 0x30, 0x81, 0x57, 0xbc, 0x4b, 0x67, 0x62, 0xf, 0xdc, 0xad,
+ 0x89, 0x39, 0xf, 0x52, 0xd8, 0xc6, 0xd9, 0xfb, 0x53, 0xae, 0x99,
+ 0x29, 0x8c, 0x4c, 0x8e, 0x63, 0x2e, 0xd9, 0x3a, 0x99, 0x31},
+ {0x92, 0x49, 0x23, 0xae, 0x19, 0x53, 0xac, 0x7d, 0x92, 0x3e, 0xea,
+ 0xc, 0x91, 0x3d, 0x1b, 0x2c, 0x22, 0x11, 0x3c, 0x25, 0x94, 0xe4,
+ 0x3c, 0x55, 0x75, 0xca, 0xf9, 0x4e, 0x31, 0x65, 0xa, 0x2a},
+ },
+ {
+ {0x3a, 0x79, 0x1c, 0x3c, 0xcd, 0x1a, 0x36, 0xcf, 0x3b, 0xbc, 0x35,
+ 0x5a, 0xac, 0xbc, 0x9e, 0x2f, 0xab, 0xa6, 0xcd, 0xa8, 0xe9, 0x60,
+ 0xe8, 0x60, 0x13, 0x1a, 0xea, 0x6d, 0x9b, 0xc3, 0x5d, 0x5},
+ {0xc2, 0x27, 0xf9, 0xf7, 0x7f, 0x93, 0xb7, 0x2d, 0x35, 0xa6, 0xd0,
+ 0x17, 0x6, 0x1f, 0x74, 0xdb, 0x76, 0xaf, 0x55, 0x11, 0xa2, 0xf3,
+ 0x82, 0x59, 0xed, 0x2d, 0x7c, 0x64, 0x18, 0xe2, 0xf6, 0x4c},
+ {0xb6, 0x5b, 0x8d, 0xc2, 0x7c, 0x22, 0x19, 0xb1, 0xab, 0xff, 0x4d,
+ 0x77, 0xbc, 0x4e, 0xe2, 0x7, 0x89, 0x2c, 0xa3, 0xe4, 0xce, 0x78,
+ 0x3c, 0xa8, 0xb6, 0x24, 0xaa, 0x10, 0x77, 0x30, 0x1a, 0x12},
+ },
+ {
+ {0xc9, 0x83, 0x74, 0xc7, 0x3e, 0x71, 0x59, 0xd6, 0xaf, 0x96, 0x2b,
+ 0xb8, 0x77, 0xe0, 0xbf, 0x88, 0xd3, 0xbc, 0x97, 0x10, 0x23, 0x28,
+ 0x9e, 0x28, 0x9b, 0x3a, 0xed, 0x6c, 0x4a, 0xb9, 0x7b, 0x52},
+ {0x97, 0x4a, 0x3, 0x9f, 0x5e, 0x5d, 0xdb, 0xe4, 0x2d, 0xbc, 0x34,
+ 0x30, 0x9, 0xfc, 0x53, 0xe1, 0xb1, 0xd3, 0x51, 0x95, 0x91, 0x46,
+ 0x5, 0x46, 0x2d, 0xe5, 0x40, 0x7a, 0x6c, 0xc7, 0x3f, 0x33},
+ {0x2e, 0x48, 0x5b, 0x99, 0x2a, 0x99, 0x3d, 0x56, 0x1, 0x38, 0x38,
+ 0x6e, 0x7c, 0xd0, 0x5, 0x34, 0xe5, 0xd8, 0x64, 0x2f, 0xde, 0x35,
+ 0x50, 0x48, 0xf7, 0xa9, 0xa7, 0x20, 0x9b, 0x6, 0x89, 0x6b},
+ },
+ {
+ {0x77, 0xdb, 0xc7, 0xb5, 0x8c, 0xfa, 0x82, 0x40, 0x55, 0xc1, 0x34,
+ 0xc7, 0xf8, 0x86, 0x86, 0x6, 0x7e, 0xa5, 0xe7, 0xf6, 0xd9, 0xc8,
+ 0xe6, 0x29, 0xcf, 0x9b, 0x63, 0xa7, 0x8, 0xd3, 0x73, 0x4},
+ {0xd, 0x22, 0x70, 0x62, 0x41, 0xa0, 0x2a, 0x81, 0x4e, 0x5b, 0x24,
+ 0xf9, 0xfa, 0x89, 0x5a, 0x99, 0x5, 0xef, 0x72, 0x50, 0xce, 0xc4,
+ 0xad, 0xff, 0x73, 0xeb, 0x73, 0xaa, 0x3, 0x21, 0xbc, 0x23},
+ {0x5, 0x9e, 0x58, 0x3, 0x26, 0x79, 0xee, 0xca, 0x92, 0xc4, 0xdc,
+ 0x46, 0x12, 0x42, 0x4b, 0x2b, 0x4f, 0xa9, 0x1, 0xe6, 0x74, 0xef,
+ 0xa1, 0x2, 0x1a, 0x34, 0x4, 0xde, 0xbf, 0x73, 0x2f, 0x10},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1377485731340769, 2046328105512000, 1802058637158797,
- 62146136768173, 1356993908853901
-#else
- 62071265, 20526136, 64138304, 30492664, 15640973, 26852766,
- 40369837, 926049, 65424525, 20220784
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 2013612215646735, 1830770575920375, 536135310219832,
- 609272325580394, 270684344495013
-#else
- 13908495, 30005160, 30919927, 27280607, 45587000, 7989038,
- 9021034, 9078865, 3353509, 4033511
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1237542585982777, 2228682050256790, 1385281931622824,
- 593183794882890, 493654978552689
-#else
- 37445433, 18440821, 32259990, 33209950, 24295848, 20642309,
- 23161162, 8839127, 27485041, 7356032
-#endif
- }},
+ {0x9a, 0x1c, 0x51, 0xb5, 0xe0, 0xda, 0xb4, 0xa2, 0x6, 0xff, 0xff,
+ 0x2b, 0x29, 0x60, 0xc8, 0x7a, 0x34, 0x42, 0x50, 0xf5, 0x5d, 0x37,
+ 0x1f, 0x98, 0x2d, 0xa1, 0x4e, 0xda, 0x25, 0xd7, 0x6b, 0x3f},
+ {0xc6, 0x45, 0x57, 0x7f, 0xab, 0xb9, 0x18, 0xeb, 0x90, 0xc6, 0x87,
+ 0x57, 0xee, 0x8a, 0x3a, 0x2, 0xa9, 0xaf, 0xf7, 0x2d, 0xda, 0x12,
+ 0x27, 0xb7, 0x3d, 0x1, 0x5c, 0xea, 0x25, 0x7d, 0x59, 0x36},
+ {0xac, 0x58, 0x60, 0x10, 0x7b, 0x8d, 0x4d, 0x73, 0x5f, 0x90, 0xc6,
+ 0x6f, 0x9e, 0x57, 0x40, 0xd9, 0x2d, 0x93, 0x2, 0x92, 0xf9, 0xf8,
+ 0x66, 0x64, 0xd0, 0xd6, 0x60, 0xda, 0x19, 0xcc, 0x7e, 0x7b},
+ },
+ {
+ {0x9b, 0xfa, 0x7c, 0xa7, 0x51, 0x4a, 0xae, 0x6d, 0x50, 0x86, 0xa3,
+ 0xe7, 0x54, 0x36, 0x26, 0x82, 0xdb, 0x82, 0x2d, 0x8f, 0xcd, 0xff,
+ 0xbb, 0x9, 0xba, 0xca, 0xf5, 0x1b, 0x66, 0xdc, 0xbe, 0x3},
+ {0xd, 0x69, 0x5c, 0x69, 0x3c, 0x37, 0xc2, 0x78, 0x6e, 0x90, 0x42,
+ 0x6, 0x66, 0x2e, 0x25, 0xdd, 0xd2, 0x2b, 0xe1, 0x4a, 0x44, 0x44,
+ 0x1d, 0x95, 0x56, 0x39, 0x74, 0x1, 0x76, 0xad, 0x35, 0x42},
+ {0xf5, 0x75, 0x89, 0x7, 0xd, 0xcb, 0x58, 0x62, 0x98, 0xf2, 0x89,
+ 0x91, 0x54, 0x42, 0x29, 0x49, 0xe4, 0x6e, 0xe3, 0xe2, 0x23, 0xb4,
+ 0xca, 0xa0, 0xa1, 0x66, 0xf0, 0xcd, 0xb0, 0xe2, 0x7c, 0xe},
+ },
+ {
+ {0xf9, 0x70, 0x4b, 0xd9, 0xdf, 0xfe, 0xa6, 0xfe, 0x2d, 0xba, 0xfc,
+ 0xc1, 0x51, 0xc0, 0x30, 0xf1, 0x89, 0xab, 0x2f, 0x7f, 0x7e, 0xd4,
+ 0x82, 0x48, 0xb5, 0xee, 0xec, 0x8a, 0x13, 0x56, 0x52, 0x61},
+ {0xa3, 0x85, 0x8c, 0xc4, 0x3a, 0x64, 0x94, 0xc4, 0xad, 0x39, 0x61,
+ 0x3c, 0xf4, 0x1d, 0x36, 0xfd, 0x48, 0x4d, 0xe9, 0x3a, 0xdd, 0x17,
+ 0xdb, 0x9, 0x4a, 0x67, 0xb4, 0x8f, 0x5d, 0xa, 0x6e, 0x66},
+ {0xd, 0xcb, 0x70, 0x48, 0x4e, 0xf6, 0xbb, 0x2a, 0x6b, 0x8b, 0x45,
+ 0xaa, 0xf0, 0xbc, 0x65, 0xcd, 0x5d, 0x98, 0xe8, 0x75, 0xba, 0x4e,
+ 0xbe, 0x9a, 0xe4, 0xde, 0x14, 0xd5, 0x10, 0xc8, 0xb, 0x7f},
+ },
+ {
+ {0xa0, 0x13, 0x72, 0x73, 0xad, 0x9d, 0xac, 0x83, 0x98, 0x2e, 0xf7,
+ 0x2e, 0xba, 0xf8, 0xf6, 0x9f, 0x57, 0x69, 0xec, 0x43, 0xdd, 0x2e,
+ 0x1e, 0x31, 0x75, 0xab, 0xc5, 0xde, 0x7d, 0x90, 0x3a, 0x1d},
+ {0x6f, 0x13, 0xf4, 0x26, 0xa4, 0x6b, 0x0, 0xb9, 0x35, 0x30, 0xe0,
+ 0x57, 0x9e, 0x36, 0x67, 0x8d, 0x28, 0x3c, 0x46, 0x4f, 0xd9, 0xdf,
+ 0xc8, 0xcb, 0xf5, 0xdb, 0xee, 0xf8, 0xbc, 0x8d, 0x1f, 0xd},
+ {0xdc, 0x81, 0xd0, 0x3e, 0x31, 0x93, 0x16, 0xba, 0x80, 0x34, 0x1b,
+ 0x85, 0xad, 0x9f, 0x32, 0x29, 0xcb, 0x21, 0x3, 0x3, 0x3c, 0x1,
+ 0x28, 0x1, 0xe3, 0xfd, 0x1b, 0xa3, 0x44, 0x1b, 0x1, 0x0},
+ },
+ {
+ {0x5c, 0xa7, 0xa, 0x6a, 0x69, 0x1f, 0x56, 0x16, 0x6a, 0xbd, 0x52,
+ 0x58, 0x5c, 0x72, 0xbf, 0xc1, 0xad, 0x66, 0x79, 0x9a, 0x7f, 0xdd,
+ 0xa8, 0x11, 0x26, 0x10, 0x85, 0xd2, 0xa2, 0x88, 0xd9, 0x63},
+ {0xc, 0x6c, 0xc6, 0x3f, 0x6c, 0xa0, 0xdf, 0x3f, 0xd2, 0xd, 0xd6,
+ 0x4d, 0x8e, 0xe3, 0x40, 0x5d, 0x71, 0x4d, 0x8e, 0x26, 0x38, 0x8b,
+ 0xe3, 0x7a, 0xe1, 0x57, 0x83, 0x6e, 0x91, 0x8d, 0xc4, 0x3a},
+ {0x2e, 0x23, 0xbd, 0xaf, 0x53, 0x7, 0x12, 0x0, 0x83, 0xf6, 0xd8,
+ 0xfd, 0xb8, 0xce, 0x2b, 0xe9, 0x91, 0x2b, 0xe7, 0x84, 0xb3, 0x69,
+ 0x16, 0xf8, 0x66, 0xa0, 0x68, 0x23, 0x2b, 0xd5, 0xfa, 0x33},
+ },
+ {
+ {0xe8, 0xcf, 0x22, 0xc4, 0xd0, 0xc8, 0x2c, 0x8d, 0xcb, 0x3a, 0xa1,
+ 0x5, 0x7b, 0x4f, 0x2b, 0x7, 0x6f, 0xa5, 0xf6, 0xec, 0xe6, 0xb6,
+ 0xfe, 0xa3, 0xe2, 0x71, 0xa, 0xb9, 0xcc, 0x55, 0xc3, 0x3c},
+ {0x16, 0x1e, 0xe4, 0xc5, 0xc6, 0x49, 0x6, 0x54, 0x35, 0x77, 0x3f,
+ 0x33, 0x30, 0x64, 0xf8, 0xa, 0x46, 0xe7, 0x5, 0xf3, 0xd2, 0xfc,
+ 0xac, 0xb2, 0xa7, 0xdc, 0x56, 0xa2, 0x29, 0xf4, 0xc0, 0x16},
+ {0x31, 0x91, 0x3e, 0x90, 0x43, 0x94, 0xb6, 0xe9, 0xce, 0x37, 0x56,
+ 0x7a, 0xcb, 0x94, 0xa4, 0xb8, 0x44, 0x92, 0xba, 0xba, 0xa4, 0xd1,
+ 0x7c, 0xc8, 0x68, 0x75, 0xae, 0x6b, 0x42, 0xaf, 0x1e, 0x63},
+ },
+ {
+ {0xe8, 0xd, 0x70, 0xa3, 0xb9, 0x75, 0xd9, 0x47, 0x52, 0x5, 0xf8,
+ 0xe2, 0xfb, 0xc5, 0x80, 0x72, 0xe1, 0x5d, 0xe4, 0x32, 0x27, 0x8f,
+ 0x65, 0x53, 0xb5, 0x80, 0x5f, 0x66, 0x7f, 0x2c, 0x1f, 0x43},
+ {0x9f, 0xfe, 0x66, 0xda, 0x10, 0x4, 0xe9, 0xb3, 0xa6, 0xe5, 0x16,
+ 0x6c, 0x52, 0x4b, 0xdd, 0x85, 0x83, 0xbf, 0xf9, 0x1e, 0x61, 0x97,
+ 0x3d, 0xbc, 0xb5, 0x19, 0xa9, 0x1e, 0x8b, 0x64, 0x99, 0x55},
+ {0x19, 0x7b, 0x8f, 0x85, 0x44, 0x63, 0x2, 0xd6, 0x4a, 0x51, 0xea,
+ 0xa1, 0x2f, 0x35, 0xab, 0x14, 0xd7, 0xa9, 0x90, 0x20, 0x1a, 0x44,
+ 0x0, 0x89, 0x26, 0x3b, 0x25, 0x91, 0x5f, 0x71, 0x4, 0x7b},
+ },
+ {
+ {0xc6, 0xba, 0xe6, 0xc4, 0x80, 0xc2, 0x76, 0xb3, 0xb, 0x9b, 0x1d,
+ 0x6d, 0xdd, 0xd3, 0xe, 0x97, 0x44, 0xf9, 0xb, 0x45, 0x58, 0x95,
+ 0x9a, 0xb0, 0x23, 0xe2, 0xcd, 0x57, 0xfa, 0xac, 0xd0, 0x48},
+ {0x43, 0xae, 0xf6, 0xac, 0x28, 0xbd, 0xed, 0x83, 0xb4, 0x7a, 0x5c,
+ 0x7d, 0x8b, 0x7c, 0x35, 0x86, 0x44, 0x2c, 0xeb, 0xb7, 0x69, 0x47,
+ 0x40, 0xc0, 0x3f, 0x58, 0xf6, 0xc2, 0xf5, 0x7b, 0xb3, 0x59},
+ {0x71, 0xe6, 0xab, 0x7d, 0xe4, 0x26, 0xf, 0xb6, 0x37, 0x3a, 0x2f,
+ 0x62, 0x97, 0xa1, 0xd1, 0xf1, 0x94, 0x3, 0x96, 0xe9, 0x7e, 0xce,
+ 0x8, 0x42, 0xdb, 0x3b, 0x6d, 0x33, 0x91, 0x41, 0x23, 0x16},
},
},
{
{
- {{
-#if defined(OPENSSL_64_BIT)
- 47341488007760, 1891414891220257, 983894663308928,
- 176161768286818, 1126261115179708
-#else
- 9661008, 705443, 11980065, 28184278, 65480320, 14661172,
- 60762722, 2625014, 28431036, 16782598
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1694030170963455, 502038567066200, 1691160065225467,
- 949628319562187, 275110186693066
-#else
- 43269631, 25243016, 41163352, 7480957, 49427195, 25200248,
- 44562891, 14150564, 15970762, 4099461
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1124515748676336, 1661673816593408, 1499640319059718,
- 1584929449166988, 558148594103306
-#else
- 29262576, 16756590, 26350592, 24760869, 8529670, 22346382,
- 13617292, 23617289, 11465738, 8317062
-#endif
- }},
+ {0x40, 0x86, 0xf3, 0x1f, 0xd6, 0x9c, 0x49, 0xdd, 0xa0, 0x25, 0x36,
+ 0x6, 0xc3, 0x9b, 0xcd, 0x29, 0xc3, 0x3d, 0xd7, 0x3d, 0x2, 0xd8,
+ 0xe2, 0x51, 0x31, 0x92, 0x3b, 0x20, 0x7a, 0x70, 0x25, 0x4a},
+ {0xf6, 0x7f, 0x26, 0xf6, 0xde, 0x99, 0xe4, 0xb9, 0x43, 0x8, 0x2c,
+ 0x74, 0x7b, 0xca, 0x72, 0x77, 0xb1, 0xf2, 0xa4, 0xe9, 0x3f, 0x15,
+ 0xa0, 0x23, 0x6, 0x50, 0xd0, 0xd5, 0xec, 0xdf, 0xdf, 0x2c},
+ {0x6a, 0xed, 0xf6, 0x53, 0x8a, 0x66, 0xb7, 0x2a, 0xa1, 0x70, 0xd1,
+ 0x1d, 0x58, 0x42, 0x42, 0x30, 0x61, 0x1, 0xe2, 0x3a, 0x4c, 0x14,
+ 0x0, 0x40, 0xfc, 0x49, 0x8e, 0x24, 0x6d, 0x89, 0x21, 0x57},
+ },
+ {
+ {0x4e, 0xda, 0xd0, 0xa1, 0x91, 0x50, 0x5d, 0x28, 0x8, 0x3e, 0xfe,
+ 0xb5, 0xa7, 0x6f, 0xaa, 0x4b, 0xb3, 0x93, 0x93, 0xe1, 0x7c, 0x17,
+ 0xe5, 0x63, 0xfd, 0x30, 0xb0, 0xc4, 0xaf, 0x35, 0xc9, 0x3},
+ {0xae, 0x1b, 0x18, 0xfd, 0x17, 0x55, 0x6e, 0xb, 0xb4, 0x63, 0xb9,
+ 0x2b, 0x9f, 0x62, 0x22, 0x90, 0x25, 0x46, 0x6, 0x32, 0xe9, 0xbc,
+ 0x9, 0x55, 0xda, 0x13, 0x3c, 0xf6, 0x74, 0xdd, 0x8e, 0x57},
+ {0x3d, 0xc, 0x2b, 0x49, 0xc6, 0x76, 0x72, 0x99, 0xfc, 0x5, 0xe2,
+ 0xdf, 0xc4, 0xc2, 0xcc, 0x47, 0x3c, 0x3a, 0x62, 0xdd, 0x84, 0x9b,
+ 0xd2, 0xdc, 0xa2, 0xc7, 0x88, 0x2, 0x59, 0xab, 0xc2, 0x3e},
+ },
+ {
+ {0xcb, 0xd1, 0x32, 0xae, 0x9, 0x3a, 0x21, 0xa7, 0xd5, 0xc2, 0xf5,
+ 0x40, 0xdf, 0x87, 0x2b, 0xf, 0x29, 0xab, 0x1e, 0xe8, 0xc6, 0xa4,
+ 0xae, 0xb, 0x5e, 0xac, 0xdb, 0x6a, 0x6c, 0xf6, 0x1b, 0xe},
+ {0xb9, 0x7b, 0xd8, 0xe4, 0x7b, 0xd2, 0xa0, 0xa1, 0xed, 0x1a, 0x39,
+ 0x61, 0xeb, 0x4d, 0x8b, 0xa9, 0x83, 0x9b, 0xcb, 0x73, 0xd0, 0xdd,
+ 0xa0, 0x99, 0xce, 0xca, 0xf, 0x20, 0x5a, 0xc2, 0xd5, 0x2d},
+ {0x7e, 0x88, 0x2c, 0x79, 0xe9, 0xd5, 0xab, 0xe2, 0x5d, 0x6d, 0x92,
+ 0xcb, 0x18, 0x0, 0x2, 0x1a, 0x1e, 0x5f, 0xae, 0xba, 0xcd, 0x69,
+ 0xba, 0xbf, 0x5f, 0x8f, 0xe8, 0x5a, 0xb3, 0x48, 0x5, 0x73},
+ },
+ {
+ {0x34, 0xe3, 0xd6, 0xa1, 0x4b, 0x9, 0x5b, 0x80, 0x19, 0x3f, 0x35,
+ 0x9, 0x77, 0xf1, 0x3e, 0xbf, 0x2b, 0x70, 0x22, 0x6, 0xcb, 0x6,
+ 0x3f, 0x42, 0xdd, 0x45, 0x78, 0xd8, 0x77, 0x22, 0x5a, 0x58},
+ {0xee, 0xb8, 0xa8, 0xcb, 0xa3, 0x51, 0x35, 0xc4, 0x16, 0x5f, 0x11,
+ 0xb2, 0x1d, 0x6f, 0xa2, 0x65, 0x50, 0x38, 0x8c, 0xab, 0x52, 0x4f,
+ 0xf, 0x76, 0xca, 0xb8, 0x1d, 0x41, 0x3b, 0x44, 0x43, 0x30},
+ {0x62, 0x89, 0xd4, 0x33, 0x82, 0x5f, 0x8a, 0xa1, 0x7f, 0x25, 0x78,
+ 0xec, 0xb5, 0xc4, 0x98, 0x66, 0xff, 0x41, 0x3e, 0x37, 0xa5, 0x6f,
+ 0x8e, 0xa7, 0x1f, 0x98, 0xef, 0x50, 0x89, 0x27, 0x56, 0x76},
+ },
+ {
+ {0x9d, 0xcf, 0x86, 0xea, 0xa3, 0x73, 0x70, 0xe1, 0xdc, 0x5f, 0x15,
+ 0x7, 0xb7, 0xfb, 0x8c, 0x3a, 0x8e, 0x8a, 0x83, 0x31, 0xfc, 0xe7,
+ 0x53, 0x48, 0x16, 0xf6, 0x13, 0xb6, 0x84, 0xf4, 0xbb, 0x28},
+ {0xc0, 0xc8, 0x1f, 0xd5, 0x59, 0xcf, 0xc3, 0x38, 0xf2, 0xb6, 0x6,
+ 0x5, 0xfd, 0xd2, 0xed, 0x9b, 0x8f, 0xe, 0x57, 0xab, 0x9f, 0x10,
+ 0xbf, 0x26, 0xa6, 0x46, 0xb8, 0xc1, 0xa8, 0x60, 0x41, 0x3f},
+ {0x7c, 0x6c, 0x13, 0x6f, 0x5c, 0x2f, 0x61, 0xf2, 0xbe, 0x11, 0xdd,
+ 0xf6, 0x7, 0xd1, 0xea, 0xaf, 0x33, 0x6f, 0xde, 0x13, 0xd2, 0x9a,
+ 0x7e, 0x52, 0x5d, 0xf7, 0x88, 0x81, 0x35, 0xcb, 0x79, 0x1e},
+ },
+ {
+ {0x81, 0x81, 0xe0, 0xf5, 0xd8, 0x53, 0xe9, 0x77, 0xd9, 0xde, 0x9d,
+ 0x29, 0x44, 0xc, 0xa5, 0x84, 0xe5, 0x25, 0x45, 0x86, 0xc, 0x2d,
+ 0x6c, 0xdc, 0xf4, 0xf2, 0xd1, 0x39, 0x2d, 0xb5, 0x8a, 0x47},
+ {0xf1, 0xe3, 0xf7, 0xee, 0xc3, 0x36, 0x34, 0x1, 0xf8, 0x10, 0x9e,
+ 0xfe, 0x7f, 0x6a, 0x8b, 0x82, 0xfc, 0xde, 0xf9, 0xbc, 0xe5, 0x8,
+ 0xf9, 0x7f, 0x31, 0x38, 0x3b, 0x3a, 0x1b, 0x95, 0xd7, 0x65},
+ {0x59, 0xd1, 0x52, 0x92, 0xd3, 0xa4, 0xa6, 0x66, 0x7, 0xc8, 0x1a,
+ 0x87, 0xbc, 0xe1, 0xdd, 0xe5, 0x6f, 0xc9, 0xc1, 0xa6, 0x40, 0x6b,
+ 0x2c, 0xb8, 0x14, 0x22, 0x21, 0x1a, 0x41, 0x7a, 0xd8, 0x16},
+ },
+ {
+ {0x83, 0x5, 0x4e, 0xd5, 0xe2, 0xd5, 0xa4, 0xfb, 0xfa, 0x99, 0xbd,
+ 0x2e, 0xd7, 0xaf, 0x1f, 0xe2, 0x8f, 0x77, 0xe9, 0x6e, 0x73, 0xc2,
+ 0x7a, 0x49, 0xde, 0x6d, 0x5a, 0x7a, 0x57, 0xb, 0x99, 0x1f},
+ {0x15, 0x62, 0x6, 0x42, 0x5a, 0x7e, 0xbd, 0xb3, 0xc1, 0x24, 0x5a,
+ 0xc, 0xcd, 0xe3, 0x9b, 0x87, 0xb7, 0x94, 0xf9, 0xd6, 0xb1, 0x5d,
+ 0xc0, 0x57, 0xa6, 0x8c, 0xf3, 0x65, 0x81, 0x7c, 0xf8, 0x28},
+ {0xd6, 0xf7, 0xe8, 0x1b, 0xad, 0x4e, 0x34, 0xa3, 0x8f, 0x79, 0xea,
+ 0xac, 0xeb, 0x50, 0x1e, 0x7d, 0x52, 0xe0, 0xd, 0x52, 0x9e, 0x56,
+ 0xc6, 0x77, 0x3e, 0x6d, 0x4d, 0x53, 0xe1, 0x2f, 0x88, 0x45},
+ },
+ {
+ {0xe4, 0x6f, 0x3c, 0x94, 0x29, 0x99, 0xac, 0xd8, 0xa2, 0x92, 0x83,
+ 0xa3, 0x61, 0xf1, 0xf9, 0xb5, 0xf3, 0x9a, 0xc8, 0xbe, 0x13, 0xdb,
+ 0x99, 0x26, 0x74, 0xf0, 0x5, 0xe4, 0x3c, 0x84, 0xcf, 0x7d},
+ {0xd6, 0x83, 0x79, 0x75, 0x5d, 0x34, 0x69, 0x66, 0xa6, 0x11, 0xaa,
+ 0x17, 0x11, 0xed, 0xb6, 0x62, 0x8f, 0x12, 0x5e, 0x98, 0x57, 0x18,
+ 0xdd, 0x7d, 0xdd, 0xf6, 0x26, 0xf6, 0xb8, 0xe5, 0x8f, 0x68},
+ {0xc0, 0x32, 0x47, 0x4a, 0x48, 0xd6, 0x90, 0x6c, 0x99, 0x32, 0x56,
+ 0xca, 0xfd, 0x43, 0x21, 0xd5, 0xe1, 0xc6, 0x5d, 0x91, 0xc3, 0x28,
+ 0xbe, 0xb3, 0x1b, 0x19, 0x27, 0x73, 0x7e, 0x68, 0x39, 0x67},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1784525599998356, 1619698033617383, 2097300287550715,
- 258265458103756, 1905684794832758
-#else
- 41615764, 26591503, 32500199, 24135381, 44070139, 31252209,
- 14898636, 3848455, 20969334, 28396916
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1288941072872766, 931787902039402, 190731008859042,
- 2006859954667190, 1005931482221702
-#else
- 46724414, 19206718, 48772458, 13884721, 34069410, 2842113,
- 45498038, 29904543, 11177094, 14989547
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1465551264822703, 152905080555927, 680334307368453,
- 173227184634745, 666407097159852
-#else
- 42612143, 21838415, 16959895, 2278463, 12066309, 10137771,
- 13515641, 2581286, 38621356, 9930239
-#endif
- }},
+ {0xc0, 0x1a, 0xc, 0xc8, 0x9d, 0xcc, 0x6d, 0xa6, 0x36, 0xa4, 0x38,
+ 0x1b, 0xf4, 0x5c, 0xa0, 0x97, 0xc6, 0xd7, 0xdb, 0x95, 0xbe, 0xf3,
+ 0xeb, 0xa7, 0xab, 0x7d, 0x7e, 0x8d, 0xf6, 0xb8, 0xa0, 0x7d},
+ {0xa6, 0x75, 0x56, 0x38, 0x14, 0x20, 0x78, 0xef, 0xe8, 0xa9, 0xfd,
+ 0xaa, 0x30, 0x9f, 0x64, 0xa2, 0xcb, 0xa8, 0xdf, 0x5c, 0x50, 0xeb,
+ 0xd1, 0x4c, 0xb3, 0xc0, 0x4d, 0x1d, 0xba, 0x5a, 0x11, 0x46},
+ {0x76, 0xda, 0xb5, 0xc3, 0x53, 0x19, 0xf, 0xd4, 0x9b, 0x9e, 0x11,
+ 0x21, 0x73, 0x6f, 0xac, 0x1d, 0x60, 0x59, 0xb2, 0xfe, 0x21, 0x60,
+ 0xcc, 0x3, 0x4b, 0x4b, 0x67, 0x83, 0x7e, 0x88, 0x5f, 0x5a},
+ },
+ {
+ {0xb9, 0x43, 0xa6, 0xa0, 0xd3, 0x28, 0x96, 0x9e, 0x64, 0x20, 0xc3,
+ 0xe6, 0x0, 0xcb, 0xc3, 0xb5, 0x32, 0xec, 0x2d, 0x7c, 0x89, 0x2,
+ 0x53, 0x9b, 0xc, 0xc7, 0xd1, 0xd5, 0xe2, 0x7a, 0xe3, 0x43},
+ {0x11, 0x3d, 0xa1, 0x70, 0xcf, 0x1, 0x63, 0x8f, 0xc4, 0xd0, 0xd,
+ 0x35, 0x15, 0xb8, 0xce, 0xcf, 0x7e, 0xa4, 0xbc, 0xa4, 0xd4, 0x97,
+ 0x2, 0xf7, 0x34, 0x14, 0x4d, 0xe4, 0x56, 0xb6, 0x69, 0x36},
+ {0x33, 0xe1, 0xa6, 0xed, 0x6, 0x3f, 0x7e, 0x38, 0xc0, 0x3a, 0xa1,
+ 0x99, 0x51, 0x1d, 0x30, 0x67, 0x11, 0x38, 0x26, 0x36, 0xf8, 0xd8,
+ 0x5a, 0xbd, 0xbe, 0xe9, 0xd5, 0x4f, 0xcd, 0xe6, 0x21, 0x6a},
+ },
+ {
+ {0xe3, 0xb2, 0x99, 0x66, 0x12, 0x29, 0x41, 0xef, 0x1, 0x13, 0x8d,
+ 0x70, 0x47, 0x8, 0xd3, 0x71, 0xbd, 0xb0, 0x82, 0x11, 0xd0, 0x32,
+ 0x54, 0x32, 0x36, 0x8b, 0x1e, 0x0, 0x7, 0x1b, 0x37, 0x45},
+ {0x5f, 0xe6, 0x46, 0x30, 0xa, 0x17, 0xc6, 0xf1, 0x24, 0x35, 0xd2,
+ 0x0, 0x2a, 0x2a, 0x71, 0x58, 0x55, 0xb7, 0x82, 0x8c, 0x3c, 0xbd,
+ 0xdb, 0x69, 0x57, 0xff, 0x95, 0xa1, 0xf1, 0xf9, 0x6b, 0x58},
+ {0xb, 0x79, 0xf8, 0x5e, 0x8d, 0x8, 0xdb, 0xa6, 0xe5, 0x37, 0x9,
+ 0x61, 0xdc, 0xf0, 0x78, 0x52, 0xb8, 0x6e, 0xa1, 0x61, 0xd2, 0x49,
+ 0x3, 0xac, 0x79, 0x21, 0xe5, 0x90, 0x37, 0xb0, 0xaf, 0xe},
+ },
+ {
+ {0x1d, 0xae, 0x75, 0xf, 0x5e, 0x80, 0x40, 0x51, 0x30, 0xcc, 0x62,
+ 0x26, 0xe3, 0xfb, 0x2, 0xec, 0x6d, 0x39, 0x92, 0xea, 0x1e, 0xdf,
+ 0xeb, 0x2c, 0xb3, 0x5b, 0x43, 0xc5, 0x44, 0x33, 0xae, 0x44},
+ {0x2f, 0x4, 0x48, 0x37, 0xc1, 0x55, 0x5, 0x96, 0x11, 0xaa, 0xb,
+ 0x82, 0xe6, 0x41, 0x9a, 0x21, 0xc, 0x6d, 0x48, 0x73, 0x38, 0xf7,
+ 0x81, 0x1c, 0x61, 0xc6, 0x2, 0x5a, 0x67, 0xcc, 0x9a, 0x30},
+ {0xee, 0x43, 0xa5, 0xbb, 0xb9, 0x89, 0xf2, 0x9c, 0x42, 0x71, 0xc9,
+ 0x5a, 0x9d, 0xe, 0x76, 0xf3, 0xaa, 0x60, 0x93, 0x4f, 0xc6, 0xe5,
+ 0x82, 0x1d, 0x8f, 0x67, 0x94, 0x7f, 0x1b, 0x22, 0xd5, 0x62},
+ },
+ {
+ {0x3c, 0x7a, 0xf7, 0x3a, 0x26, 0xd4, 0x85, 0x75, 0x4d, 0x14, 0xe9,
+ 0xfe, 0x11, 0x7b, 0xae, 0xdf, 0x3d, 0x19, 0xf7, 0x59, 0x80, 0x70,
+ 0x6, 0xa5, 0x37, 0x20, 0x92, 0x83, 0x53, 0x9a, 0xf2, 0x14},
+ {0x6d, 0x93, 0xd0, 0x18, 0x9c, 0x29, 0x4c, 0x52, 0xc, 0x1a, 0xc,
+ 0x8a, 0x6c, 0xb5, 0x6b, 0xc8, 0x31, 0x86, 0x4a, 0xdb, 0x2e, 0x5,
+ 0x75, 0xa3, 0x62, 0x45, 0x75, 0xbc, 0xe4, 0xfd, 0xe, 0x5c},
+ {0xf5, 0xd7, 0xb2, 0x25, 0xdc, 0x7e, 0x71, 0xdf, 0x40, 0x30, 0xb5,
+ 0x99, 0xdb, 0x70, 0xf9, 0x21, 0x62, 0x4c, 0xed, 0xc3, 0xb7, 0x34,
+ 0x92, 0xda, 0x3e, 0x9, 0xee, 0x7b, 0x5c, 0x36, 0x72, 0x5e},
+ },
+ {
+ {0x3e, 0xb3, 0x8, 0x2f, 0x6, 0x39, 0x93, 0x7d, 0xbe, 0x32, 0x9f,
+ 0xdf, 0xe5, 0x59, 0x96, 0x5b, 0xfd, 0xbd, 0x9e, 0x1f, 0xad, 0x3d,
+ 0xff, 0xac, 0xb7, 0x49, 0x73, 0xcb, 0x55, 0x5, 0xb2, 0x70},
+ {0x7f, 0x21, 0x71, 0x45, 0x7, 0xfc, 0x5b, 0x57, 0x5b, 0xd9, 0x94,
+ 0x6, 0x5d, 0x67, 0x79, 0x37, 0x33, 0x1e, 0x19, 0xf4, 0xbb, 0x37,
+ 0xa, 0x9a, 0xbc, 0xea, 0xb4, 0x47, 0x4c, 0x10, 0xf1, 0x77},
+ {0x4c, 0x2c, 0x11, 0x55, 0xc5, 0x13, 0x51, 0xbe, 0xcd, 0x1f, 0x88,
+ 0x9a, 0x3a, 0x42, 0x88, 0x66, 0x47, 0x3b, 0x50, 0x5e, 0x85, 0x77,
+ 0x66, 0x44, 0x4a, 0x40, 0x6, 0x4a, 0x8f, 0x39, 0x34, 0xe},
+ },
+ {
+ {0x28, 0x19, 0x4b, 0x3e, 0x9, 0xb, 0x93, 0x18, 0x40, 0xf6, 0xf3,
+ 0x73, 0xe, 0xe1, 0xe3, 0x7d, 0x6f, 0x5d, 0x39, 0x73, 0xda, 0x17,
+ 0x32, 0xf4, 0x3e, 0x9c, 0x37, 0xca, 0xd6, 0xde, 0x8a, 0x6f},
+ {0xe8, 0xbd, 0xce, 0x3e, 0xd9, 0x22, 0x7d, 0xb6, 0x7, 0x2f, 0x82,
+ 0x27, 0x41, 0xe8, 0xb3, 0x9, 0x8d, 0x6d, 0x5b, 0xb0, 0x1f, 0xa6,
+ 0x3f, 0x74, 0x72, 0x23, 0x36, 0x8a, 0x36, 0x5, 0x54, 0x5e},
+ {0x9a, 0xb2, 0xb7, 0xfd, 0x3d, 0x12, 0x40, 0xe3, 0x91, 0xb2, 0x1a,
+ 0xa2, 0xe1, 0x97, 0x7b, 0x48, 0x9e, 0x94, 0xe6, 0xfd, 0x2, 0x7d,
+ 0x96, 0xf9, 0x97, 0xde, 0xd3, 0xc8, 0x2e, 0xe7, 0xd, 0x78},
+ },
+ {
+ {0x72, 0x27, 0xf4, 0x0, 0xf3, 0xea, 0x1f, 0x67, 0xaa, 0x41, 0x8c,
+ 0x2a, 0x2a, 0xeb, 0x72, 0x8f, 0x92, 0x32, 0x37, 0x97, 0xd7, 0x7f,
+ 0xa1, 0x29, 0xa6, 0x87, 0xb5, 0x32, 0xad, 0xc6, 0xef, 0x1d},
+ {0xbc, 0xe7, 0x9a, 0x8, 0x45, 0x85, 0xe2, 0xa, 0x6, 0x4d, 0x7f,
+ 0x1c, 0xcf, 0xde, 0x8d, 0x38, 0xb8, 0x11, 0x48, 0xa, 0x51, 0x15,
+ 0xac, 0x38, 0xe4, 0x8c, 0x92, 0x71, 0xf6, 0x8b, 0xb2, 0xe},
+ {0xa7, 0x95, 0x51, 0xef, 0x1a, 0xbe, 0x5b, 0xaf, 0xed, 0x15, 0x7b,
+ 0x91, 0x77, 0x12, 0x8c, 0x14, 0x2e, 0xda, 0xe5, 0x7a, 0xfb, 0xf7,
+ 0x91, 0x29, 0x67, 0x28, 0xdd, 0xf8, 0x1b, 0x20, 0x7d, 0x46},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 2111017076203943, 1378760485794347, 1248583954016456,
- 1352289194864422, 1895180776543896
-#else
- 49357223, 31456605, 16544299, 20545132, 51194056, 18605350,
- 18345766, 20150679, 16291480, 28240394
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 171348223915638, 662766099800389, 462338943760497,
- 466917763340314, 656911292869115
-#else
- 33879670, 2553287, 32678213, 9875984, 8534129, 6889387,
- 57432090, 6957616, 4368891, 9788741
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 488623681976577, 866497561541722, 1708105560937768,
- 1673781214218839, 1506146329818807
-#else
- 16660737, 7281060, 56278106, 12911819, 20108584, 25452756,
- 45386327, 24941283, 16250551, 22443329
-#endif
- }},
+ {0xa9, 0xe7, 0x7a, 0x56, 0xbd, 0xf4, 0x1e, 0xbc, 0xbd, 0x98, 0x44,
+ 0xd6, 0xb2, 0x4c, 0x62, 0x3f, 0xc8, 0x4e, 0x1f, 0x2c, 0xd2, 0x64,
+ 0x10, 0xe4, 0x1, 0x40, 0x38, 0xba, 0xa5, 0xc5, 0xf9, 0x2e},
+ {0xad, 0x4f, 0xef, 0x74, 0x9a, 0x91, 0xfe, 0x95, 0xa2, 0x8, 0xa3,
+ 0xf6, 0xec, 0x7b, 0x82, 0x3a, 0x1, 0x7b, 0xa4, 0x9, 0xd3, 0x1,
+ 0x4e, 0x96, 0x97, 0xc7, 0xa3, 0x5b, 0x4f, 0x3c, 0xc4, 0x71},
+ {0xcd, 0x74, 0x9e, 0xfa, 0xf6, 0x6d, 0xfd, 0xb6, 0x7a, 0x26, 0xaf,
+ 0xe4, 0xbc, 0x78, 0x82, 0xf1, 0xe, 0x99, 0xef, 0xf1, 0xd0, 0xb3,
+ 0x55, 0x82, 0x93, 0xf2, 0xc5, 0x90, 0xa3, 0x8c, 0x75, 0x5a},
+ },
+ {
+ {0x94, 0xdc, 0x61, 0x1d, 0x8b, 0x91, 0xe0, 0x8c, 0x66, 0x30, 0x81,
+ 0x9a, 0x46, 0x36, 0xed, 0x8d, 0xd3, 0xaa, 0xe8, 0xaf, 0x29, 0xa8,
+ 0xe6, 0xd4, 0x3f, 0xd4, 0x39, 0xf6, 0x27, 0x80, 0x73, 0xa},
+ {0x95, 0x24, 0x46, 0xd9, 0x10, 0x27, 0xb7, 0xa2, 0x3, 0x50, 0x7d,
+ 0xd5, 0xd2, 0xc6, 0xa8, 0x3a, 0xca, 0x87, 0xb4, 0xa0, 0xbf, 0x0,
+ 0xd4, 0xe3, 0xec, 0x72, 0xeb, 0xb3, 0x44, 0xe2, 0xba, 0x2d},
+ {0xcc, 0xe1, 0xff, 0x57, 0x2f, 0x4a, 0xf, 0x98, 0x43, 0x98, 0x83,
+ 0xe1, 0xd, 0xd, 0x67, 0x0, 0xfd, 0x15, 0xfb, 0x49, 0x4a, 0x3f,
+ 0x5c, 0x10, 0x9c, 0xa6, 0x26, 0x51, 0x63, 0xca, 0x98, 0x26},
+ },
+ {
+ {0xe, 0xd9, 0x3d, 0x5e, 0x2f, 0x70, 0x3d, 0x2e, 0x86, 0x53, 0xd2,
+ 0xe4, 0x18, 0x9, 0x3f, 0x9e, 0x6a, 0xa9, 0x4d, 0x2, 0xf6, 0x3e,
+ 0x77, 0x5e, 0x32, 0x33, 0xfa, 0x4a, 0xc, 0x4b, 0x0, 0x3c},
+ {0x78, 0xba, 0xb0, 0x32, 0x88, 0x31, 0x65, 0xe7, 0x8b, 0xff, 0x5c,
+ 0x92, 0xf7, 0x31, 0x18, 0x38, 0xcc, 0x1f, 0x29, 0xa0, 0x91, 0x1b,
+ 0xa8, 0x8, 0x7, 0xeb, 0xca, 0x49, 0xcc, 0x3d, 0xb4, 0x1f},
+ {0x2b, 0xb8, 0xf4, 0x6, 0xac, 0x46, 0xa9, 0x9a, 0xf3, 0xc4, 0x6,
+ 0xa8, 0xa5, 0x84, 0xa2, 0x1c, 0x87, 0x47, 0xcd, 0xc6, 0x5f, 0x26,
+ 0xd3, 0x3e, 0x17, 0xd2, 0x1f, 0xcd, 0x1, 0xfd, 0x43, 0x6b},
+ },
+ {
+ {0xf3, 0xe, 0x76, 0x3e, 0x58, 0x42, 0xc7, 0xb5, 0x90, 0xb9, 0xa,
+ 0xee, 0xb9, 0x52, 0xdc, 0x75, 0x3f, 0x92, 0x2b, 0x7, 0xc2, 0x27,
+ 0x14, 0xbf, 0xf0, 0xd9, 0xf0, 0x6f, 0x2d, 0xb, 0x42, 0x73},
+ {0x44, 0xc5, 0x97, 0x46, 0x4b, 0x5d, 0xa7, 0xc7, 0xbf, 0xff, 0xf,
+ 0xdf, 0x48, 0xf8, 0xfd, 0x15, 0x5a, 0x78, 0x46, 0xaa, 0xeb, 0xb9,
+ 0x68, 0x28, 0x14, 0xf7, 0x52, 0x5b, 0x10, 0xd7, 0x68, 0x5a},
+ {0x6, 0x1e, 0x85, 0x9e, 0xcb, 0xf6, 0x2c, 0xaf, 0xc4, 0x38, 0x22,
+ 0xc6, 0x13, 0x39, 0x59, 0x8f, 0x73, 0xf3, 0xfb, 0x99, 0x96, 0xb8,
+ 0x8a, 0xda, 0x9e, 0xbc, 0x34, 0xea, 0x2f, 0x63, 0xb5, 0x3d},
+ },
+ {
+ {0xd5, 0x25, 0x98, 0x82, 0xb1, 0x90, 0x49, 0x2e, 0x91, 0x89, 0x9a,
+ 0x3e, 0x87, 0xeb, 0xea, 0xed, 0xf8, 0x4a, 0x70, 0x4c, 0x39, 0x3d,
+ 0xf0, 0xee, 0xe, 0x2b, 0xdf, 0x95, 0xa4, 0x7e, 0x19, 0x59},
+ {0xd8, 0xd9, 0x5d, 0xf7, 0x2b, 0xee, 0x6e, 0xf4, 0xa5, 0x59, 0x67,
+ 0x39, 0xf6, 0xb1, 0x17, 0xd, 0x73, 0x72, 0x9e, 0x49, 0x31, 0xd1,
+ 0xf2, 0x1b, 0x13, 0x5f, 0xd7, 0x49, 0xdf, 0x1a, 0x32, 0x4},
+ {0xae, 0x5a, 0xe5, 0xe4, 0x19, 0x60, 0xe1, 0x4, 0xe9, 0x92, 0x2f,
+ 0x7e, 0x7a, 0x43, 0x7b, 0xe7, 0xa4, 0x9a, 0x15, 0x6f, 0xc1, 0x2d,
+ 0xce, 0xc7, 0xc0, 0xc, 0xd7, 0xf4, 0xc1, 0xfd, 0xea, 0x45},
+ },
+ {
+ {0xed, 0xb1, 0xcc, 0xcf, 0x24, 0x46, 0xe, 0xb6, 0x95, 0x3, 0x5c,
+ 0xbd, 0x92, 0xc2, 0xdb, 0x59, 0xc9, 0x81, 0x4, 0xdc, 0x1d, 0x9d,
+ 0xa0, 0x31, 0x40, 0xd9, 0x56, 0x5d, 0xea, 0xce, 0x73, 0x3f},
+ {0x2b, 0xd7, 0x45, 0x80, 0x85, 0x1, 0x84, 0x69, 0x51, 0x6, 0x2f,
+ 0xcf, 0xa2, 0xfa, 0x22, 0x4c, 0xc6, 0x2d, 0x22, 0x6b, 0x65, 0x36,
+ 0x1a, 0x94, 0xde, 0xda, 0x62, 0x3, 0xc8, 0xeb, 0x5e, 0x5a},
+ {0xc6, 0x8d, 0x4e, 0xa, 0xd1, 0xbf, 0xa7, 0xb7, 0x39, 0xb3, 0xc9,
+ 0x44, 0x7e, 0x0, 0x57, 0xbe, 0xfa, 0xae, 0x57, 0x15, 0x7f, 0x20,
+ 0xc1, 0x60, 0xdb, 0x18, 0x62, 0x26, 0x91, 0x88, 0x5, 0x26},
+ },
+ {
+ {0x42, 0xe5, 0x76, 0xc6, 0x3c, 0x8e, 0x81, 0x4c, 0xad, 0xcc, 0xce,
+ 0x3, 0x93, 0x2c, 0x42, 0x5e, 0x8, 0x9f, 0x12, 0xb4, 0xca, 0xcc,
+ 0x7, 0xec, 0xb8, 0x43, 0x44, 0xb2, 0x10, 0xfa, 0xed, 0xd},
+ {0x4, 0xff, 0x60, 0x83, 0xa6, 0x4, 0xf7, 0x59, 0xf4, 0xe6, 0x61,
+ 0x76, 0xde, 0x3f, 0xd9, 0xc3, 0x51, 0x35, 0x87, 0x12, 0x73, 0x2a,
+ 0x1b, 0x83, 0x57, 0x5d, 0x61, 0x4e, 0x2e, 0xc, 0xad, 0x54},
+ {0x2a, 0x52, 0x2b, 0xb8, 0xd5, 0x67, 0x3b, 0xee, 0xeb, 0xc1, 0xa5,
+ 0x9f, 0x46, 0x63, 0xf1, 0x36, 0xd3, 0x9f, 0xc1, 0x6e, 0xf2, 0xd2,
+ 0xb4, 0xa5, 0x8, 0x94, 0x7a, 0xa7, 0xba, 0xb2, 0xec, 0x62},
+ },
+ {
+ {0x74, 0x28, 0xb6, 0xaf, 0x36, 0x28, 0x7, 0x92, 0xa5, 0x4, 0xe1,
+ 0x79, 0x85, 0x5e, 0xcd, 0x5f, 0x4a, 0xa1, 0x30, 0xc6, 0xad, 0x1,
+ 0xad, 0x5a, 0x98, 0x3f, 0x66, 0x75, 0x50, 0x3d, 0x91, 0x61},
+ {0x3d, 0x2b, 0x15, 0x61, 0x52, 0x79, 0xed, 0xe5, 0xd1, 0xd7, 0xdd,
+ 0xe, 0x7d, 0x35, 0x62, 0x49, 0x71, 0x4c, 0x6b, 0xb9, 0xd0, 0xc8,
+ 0x82, 0x74, 0xbe, 0xd8, 0x66, 0xa9, 0x19, 0xf9, 0x59, 0x2e},
+ {0xda, 0x31, 0x32, 0x1a, 0x36, 0x2d, 0xc6, 0xd, 0x70, 0x2, 0x20,
+ 0x94, 0x32, 0x58, 0x47, 0xfa, 0xce, 0x94, 0x95, 0x3f, 0x51, 0x1,
+ 0xd8, 0x2, 0x5c, 0x5d, 0xc0, 0x31, 0xa1, 0xc2, 0xdb, 0x3d},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 160425464456957, 950394373239689, 430497123340934,
- 711676555398832, 320964687779005
-#else
- 47343357, 2390525, 50557833, 14161979, 1905286, 6414907,
- 4689584, 10604807, 36918461, 4782746
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 988979367990485, 1359729327576302, 1301834257246029,
- 294141160829308, 29348272277475
-#else
- 65754325, 14736940, 59741422, 20261545, 7710541, 19398842,
- 57127292, 4383044, 22546403, 437323
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1434382743317910, 100082049942065, 221102347892623,
- 186982837860588, 1305765053501834
-#else
- 31665558, 21373968, 50922033, 1491338, 48740239, 3294681,
- 27343084, 2786261, 36475274, 19457415
-#endif
- }},
+ {0x14, 0xbb, 0x96, 0x27, 0xa2, 0x57, 0xaa, 0xf3, 0x21, 0xda, 0x7,
+ 0x9b, 0xb7, 0xba, 0x3a, 0x88, 0x1c, 0x39, 0xa0, 0x31, 0x18, 0xe2,
+ 0x4b, 0xe5, 0xf9, 0x5, 0x32, 0xd8, 0x38, 0xfb, 0xe7, 0x5e},
+ {0x4b, 0xc5, 0x5e, 0xce, 0xf9, 0xf, 0xdc, 0x9a, 0xd, 0x13, 0x2f,
+ 0x8c, 0x6b, 0x2a, 0x9c, 0x3, 0x15, 0x95, 0xf8, 0xf0, 0xc7, 0x7,
+ 0x80, 0x2, 0x6b, 0xb3, 0x4, 0xac, 0x14, 0x83, 0x96, 0x78},
+ {0x8e, 0x6a, 0x44, 0x41, 0xcb, 0xfd, 0x8d, 0x53, 0xf9, 0x37, 0x49,
+ 0x43, 0xa9, 0xfd, 0xac, 0xa5, 0x78, 0x8c, 0x3c, 0x26, 0x8d, 0x90,
+ 0xaf, 0x46, 0x9, 0xd, 0xca, 0x9b, 0x3c, 0x63, 0xd0, 0x61},
+ },
+ {
+ {0xdf, 0x73, 0xfc, 0xf8, 0xbc, 0x28, 0xa3, 0xad, 0xfc, 0x37, 0xf0,
+ 0xa6, 0x5d, 0x69, 0x84, 0xee, 0x9, 0xa9, 0xc2, 0x38, 0xdb, 0xb4,
+ 0x7f, 0x63, 0xdc, 0x7b, 0x6, 0xf8, 0x2d, 0xac, 0x23, 0x5b},
+ {0x66, 0x25, 0xdb, 0xff, 0x35, 0x49, 0x74, 0x63, 0xbb, 0x68, 0xb,
+ 0x78, 0x89, 0x6b, 0xbd, 0xc5, 0x3, 0xec, 0x3e, 0x55, 0x80, 0x32,
+ 0x1b, 0x6f, 0xf5, 0xd7, 0xae, 0x47, 0xd8, 0x5f, 0x96, 0x6e},
+ {0x7b, 0x52, 0x80, 0xee, 0x53, 0xb9, 0xd2, 0x9a, 0x8d, 0x6d, 0xde,
+ 0xfa, 0xaa, 0x19, 0x8f, 0xe8, 0xcf, 0x82, 0xe, 0x15, 0x4, 0x17,
+ 0x71, 0xe, 0xdc, 0xde, 0x95, 0xdd, 0xb9, 0xbb, 0xb9, 0x79},
+ },
+ {
+ {0x74, 0x73, 0x9f, 0x8e, 0xae, 0x7d, 0x99, 0xd1, 0x16, 0x8, 0xbb,
+ 0xcf, 0xf8, 0xa2, 0x32, 0xa0, 0xa, 0x5f, 0x44, 0x6d, 0x12, 0xba,
+ 0x6c, 0xcd, 0x34, 0xb8, 0xcc, 0xa, 0x46, 0x11, 0xa8, 0x1b},
+ {0xc2, 0x26, 0x31, 0x6a, 0x40, 0x55, 0xb3, 0xeb, 0x93, 0xc3, 0xc8,
+ 0x68, 0xa8, 0x83, 0x63, 0xd2, 0x82, 0x7a, 0xb9, 0xe5, 0x29, 0x64,
+ 0xc, 0x6c, 0x47, 0x21, 0xfd, 0xc9, 0x58, 0xf1, 0x65, 0x50},
+ {0x54, 0x99, 0x42, 0xc, 0xfb, 0x69, 0x81, 0x70, 0x67, 0xcf, 0x6e,
+ 0xd7, 0xac, 0x0, 0x46, 0xe1, 0xba, 0x45, 0xe6, 0x70, 0x8a, 0xb9,
+ 0xaa, 0x2e, 0xf2, 0xfa, 0xa4, 0x58, 0x9e, 0xf3, 0x81, 0x39},
+ },
+ {
+ {0xde, 0x6f, 0xe6, 0x6d, 0xa5, 0xdf, 0x45, 0xc8, 0x3a, 0x48, 0x40,
+ 0x2c, 0x0, 0xa5, 0x52, 0xe1, 0x32, 0xf6, 0xb4, 0xc7, 0x63, 0xe1,
+ 0xd2, 0xe9, 0x65, 0x1b, 0xbc, 0xdc, 0x2e, 0x45, 0xf4, 0x30},
+ {0x93, 0xa, 0x23, 0x59, 0x75, 0x8a, 0xfb, 0x18, 0x5d, 0xf4, 0xe6,
+ 0x60, 0x69, 0x8f, 0x16, 0x1d, 0xb5, 0x3c, 0xa9, 0x14, 0x45, 0xa9,
+ 0x85, 0x3a, 0xfd, 0xd0, 0xac, 0x5, 0x37, 0x8, 0xdc, 0x38},
+ {0x40, 0x97, 0x75, 0xc5, 0x82, 0x27, 0x6d, 0x85, 0xcc, 0xbe, 0x9c,
+ 0xf9, 0x69, 0x45, 0x13, 0xfa, 0x71, 0x4e, 0xea, 0xc0, 0x73, 0xfc,
+ 0x44, 0x88, 0x69, 0x24, 0x3f, 0x59, 0x1a, 0x9a, 0x2d, 0x63},
+ },
+ {
+ {0xa7, 0x84, 0xc, 0xed, 0x11, 0xfd, 0x9, 0xbf, 0x3a, 0x69, 0x9f,
+ 0xd, 0x81, 0x71, 0xf0, 0x63, 0x79, 0x87, 0xcf, 0x57, 0x2d, 0x8c,
+ 0x90, 0x21, 0xa2, 0x4b, 0xf6, 0x8a, 0xf2, 0x7d, 0x5a, 0x3a},
+ {0xa6, 0xcb, 0x7, 0xb8, 0x15, 0x6b, 0xbb, 0xf6, 0xd7, 0xf0, 0x54,
+ 0xbc, 0xdf, 0xc7, 0x23, 0x18, 0xb, 0x67, 0x29, 0x6e, 0x3, 0x97,
+ 0x1d, 0xbb, 0x57, 0x4a, 0xed, 0x47, 0x88, 0xf4, 0x24, 0xb},
+ {0xc7, 0xea, 0x1b, 0x51, 0xbe, 0xd4, 0xda, 0xdc, 0xf2, 0xcc, 0x26,
+ 0xed, 0x75, 0x80, 0x53, 0xa4, 0x65, 0x9a, 0x5f, 0x0, 0x9f, 0xff,
+ 0x9c, 0xe1, 0x63, 0x1f, 0x48, 0x75, 0x44, 0xf7, 0xfc, 0x34},
+ },
+ {
+ {0x98, 0xaa, 0xcf, 0x78, 0xab, 0x1d, 0xbb, 0xa5, 0xf2, 0x72, 0xb,
+ 0x19, 0x67, 0xa2, 0xed, 0x5c, 0x8e, 0x60, 0x92, 0xa, 0x11, 0xc9,
+ 0x9, 0x93, 0xb0, 0x74, 0xb3, 0x2f, 0x4, 0xa3, 0x19, 0x1},
+ {0xca, 0x67, 0x97, 0x78, 0x4c, 0xe0, 0x97, 0xc1, 0x7d, 0x46, 0xd9,
+ 0x38, 0xcb, 0x4d, 0x71, 0xb8, 0xa8, 0x5f, 0xf9, 0x83, 0x82, 0x88,
+ 0xde, 0x55, 0xf7, 0x63, 0xfa, 0x4d, 0x16, 0xdc, 0x3b, 0x3d},
+ {0x7d, 0x17, 0xc2, 0xe8, 0x9c, 0xd8, 0xa2, 0x67, 0xc1, 0xd0, 0x95,
+ 0x68, 0xf6, 0xa5, 0x9d, 0x66, 0xb0, 0xa2, 0x82, 0xb2, 0xe5, 0x98,
+ 0x65, 0xf5, 0x73, 0xa, 0xe2, 0xed, 0xf1, 0x88, 0xc0, 0x56},
+ },
+ {
+ {0x2, 0x8f, 0xf3, 0x24, 0xac, 0x5f, 0x1b, 0x58, 0xbd, 0xc, 0xe3,
+ 0xba, 0xfe, 0xe9, 0xb, 0xa9, 0xf0, 0x92, 0xcf, 0x8a, 0x2, 0x69,
+ 0x21, 0x9a, 0x8f, 0x3, 0x59, 0x83, 0xa4, 0x7e, 0x8b, 0x3},
+ {0x17, 0x6e, 0xa8, 0x10, 0x11, 0x3d, 0x6d, 0x33, 0xfa, 0xb2, 0x75,
+ 0xb, 0x32, 0x88, 0xf3, 0xd7, 0x88, 0x29, 0x7, 0x25, 0x76, 0x33,
+ 0x15, 0xf9, 0x87, 0x8b, 0x10, 0x99, 0x6b, 0x4c, 0x67, 0x9},
+ {0xf8, 0x6f, 0x31, 0x99, 0x21, 0xf8, 0x4e, 0x9f, 0x4f, 0x8d, 0xa7,
+ 0xea, 0x82, 0xd2, 0x49, 0x2f, 0x74, 0x31, 0xef, 0x5a, 0xab, 0xa5,
+ 0x71, 0x9, 0x65, 0xeb, 0x69, 0x59, 0x2, 0x31, 0x5e, 0x6e},
+ },
+ {
+ {0x22, 0x62, 0x6, 0x63, 0xe, 0xfb, 0x4, 0x33, 0x3f, 0xba, 0xac,
+ 0x87, 0x89, 0x6, 0x35, 0xfb, 0xa3, 0x61, 0x10, 0x8c, 0x77, 0x24,
+ 0x19, 0xbd, 0x20, 0x86, 0x83, 0xd1, 0x43, 0xad, 0x58, 0x30},
+ {0xfb, 0x93, 0xe5, 0x87, 0xf5, 0x62, 0x6c, 0xb1, 0x71, 0x3e, 0x5d,
+ 0xca, 0xde, 0xed, 0x99, 0x49, 0x6d, 0x3e, 0xcc, 0x14, 0xe0, 0xc1,
+ 0x91, 0xb4, 0xa8, 0xdb, 0xa8, 0x89, 0x47, 0x11, 0xf5, 0x8},
+ {0xd0, 0x63, 0x76, 0xe5, 0xfd, 0xf, 0x3c, 0x32, 0x10, 0xa6, 0x2e,
+ 0xa2, 0x38, 0xdf, 0xc3, 0x5, 0x9a, 0x4f, 0x99, 0xac, 0xbd, 0x8a,
+ 0xc7, 0xbd, 0x99, 0xdc, 0xe3, 0xef, 0xa4, 0x9f, 0x54, 0x26},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 2205916462268190, 499863829790820, 961960554686616,
- 158062762756985, 1841471168298305
-#else
- 52641566, 32870716, 33734756, 7448551, 19294360, 14334329,
- 47418233, 2355318, 47824193, 27440058
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1191737341426592, 1847042034978363, 1382213545049056,
- 1039952395710448, 788812858896859
-#else
- 15121312, 17758270, 6377019, 27523071, 56310752, 20596586,
- 18952176, 15496498, 37728731, 11754227
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1346965964571152, 1291881610839830, 2142916164336056,
- 786821641205979, 1571709146321039
-#else
- 64471568, 20071356, 8488726, 19250536, 12728760, 31931939,
- 7141595, 11724556, 22761615, 23420291
-#endif
- }},
+ {0x6e, 0x66, 0x3f, 0xaf, 0x49, 0x85, 0x46, 0xdb, 0xa5, 0xe, 0x4a,
+ 0xf1, 0x4, 0xcf, 0x7f, 0xd7, 0x47, 0xc, 0xba, 0xa4, 0xf7, 0x3f,
+ 0xf2, 0x3d, 0x85, 0x3c, 0xce, 0x32, 0xe1, 0xdf, 0x10, 0x3a},
+ {0xd6, 0xf9, 0x6b, 0x1e, 0x46, 0x5a, 0x1d, 0x74, 0x81, 0xa5, 0x77,
+ 0x77, 0xfc, 0xb3, 0x5, 0x23, 0xd9, 0xd3, 0x74, 0x64, 0xa2, 0x74,
+ 0x55, 0xd4, 0xff, 0xe0, 0x1, 0x64, 0xdc, 0xe1, 0x26, 0x19},
+ {0xa0, 0xce, 0x17, 0xea, 0x8a, 0x4e, 0x7f, 0xe0, 0xfd, 0xc1, 0x1f,
+ 0x3a, 0x46, 0x15, 0xd5, 0x2f, 0xf1, 0xc0, 0xf2, 0x31, 0xfd, 0x22,
+ 0x53, 0x17, 0x15, 0x5d, 0x1e, 0x86, 0x1d, 0xd0, 0xa1, 0x1f},
+ },
+ {
+ {0xab, 0x94, 0xdf, 0xd1, 0x0, 0xac, 0xdc, 0x38, 0xe9, 0xd, 0x8,
+ 0xd1, 0xdd, 0x2b, 0x71, 0x2e, 0x62, 0xe2, 0xd5, 0xfd, 0x3e, 0xe9,
+ 0x13, 0x7f, 0xe5, 0x1, 0x9a, 0xee, 0x18, 0xed, 0xfc, 0x73},
+ {0x32, 0x98, 0x59, 0x7d, 0x94, 0x55, 0x80, 0xcc, 0x20, 0x55, 0xf1,
+ 0x37, 0xda, 0x56, 0x46, 0x1e, 0x20, 0x93, 0x5, 0x4e, 0x74, 0xf7,
+ 0xf6, 0x99, 0x33, 0xcf, 0x75, 0x6a, 0xbc, 0x63, 0x35, 0x77},
+ {0xb3, 0x9c, 0x13, 0x63, 0x8, 0xe9, 0xb1, 0x6, 0xcd, 0x3e, 0xa0,
+ 0xc5, 0x67, 0xda, 0x93, 0xa4, 0x32, 0x89, 0x63, 0xad, 0xc8, 0xce,
+ 0x77, 0x8d, 0x44, 0x4f, 0x86, 0x1b, 0x70, 0x6b, 0x42, 0x1f},
+ },
+ {
+ {0x52, 0x25, 0xa1, 0x91, 0xc8, 0x35, 0x7e, 0xf1, 0x76, 0x9c, 0x5e,
+ 0x57, 0x53, 0x81, 0x6b, 0xb7, 0x3e, 0x72, 0x9b, 0xd, 0x6f, 0x40,
+ 0x83, 0xfa, 0x38, 0xe4, 0xa7, 0x3f, 0x1b, 0xbb, 0x76, 0xb},
+ {0x1, 0x1c, 0x91, 0x41, 0x4c, 0x26, 0xc9, 0xef, 0x25, 0x2c, 0xa2,
+ 0x17, 0xb8, 0xb7, 0xa3, 0xf1, 0x47, 0x14, 0xf, 0xf3, 0x6b, 0xda,
+ 0x75, 0x58, 0x90, 0xb0, 0x31, 0x1d, 0x27, 0xf5, 0x1a, 0x4e},
+ {0x9b, 0x93, 0x92, 0x7f, 0xf9, 0xc1, 0xb8, 0x8, 0x6e, 0xab, 0x44,
+ 0xd4, 0xcb, 0x71, 0x67, 0xbe, 0x17, 0x80, 0xbb, 0x99, 0x63, 0x64,
+ 0xe5, 0x22, 0x55, 0xa9, 0x72, 0xb7, 0x1e, 0xd6, 0x6d, 0x7b},
+ },
+ {
+ {0xc7, 0xd2, 0x1, 0xab, 0xf9, 0xab, 0x30, 0x57, 0x18, 0x3b, 0x14,
+ 0x40, 0xdc, 0x76, 0xfb, 0x16, 0x81, 0xb2, 0xcb, 0xa0, 0x65, 0xbe,
+ 0x6c, 0x86, 0xfe, 0x6a, 0xff, 0x9b, 0x65, 0x9b, 0xfa, 0x53},
+ {0x92, 0x3d, 0xf3, 0x50, 0xe8, 0xc1, 0xad, 0xb7, 0xcf, 0xd5, 0x8c,
+ 0x60, 0x4f, 0xfa, 0x98, 0x79, 0xdb, 0x5b, 0xfc, 0x8d, 0xbd, 0x2d,
+ 0x96, 0xad, 0x4f, 0x2f, 0x1d, 0xaf, 0xce, 0x9b, 0x3e, 0x70},
+ {0x55, 0x54, 0x88, 0x94, 0xe9, 0xc8, 0x14, 0x6c, 0xe5, 0xd4, 0xae,
+ 0x65, 0x66, 0x5d, 0x3a, 0x84, 0xf1, 0x5a, 0xd6, 0xbc, 0x3e, 0xb7,
+ 0x1b, 0x18, 0x50, 0x1f, 0xc6, 0xc4, 0xe5, 0x93, 0x8d, 0x39},
+ },
+ {
+ {0xf2, 0xe3, 0xe7, 0xd2, 0x60, 0x7c, 0x87, 0xc3, 0xb1, 0x8b, 0x82,
+ 0x30, 0xa0, 0xaa, 0x34, 0x3b, 0x38, 0xf1, 0x9e, 0x73, 0xe7, 0x26,
+ 0x3e, 0x28, 0x77, 0x5, 0xc3, 0x2, 0x90, 0x9c, 0x9c, 0x69},
+ {0xf3, 0x48, 0xe2, 0x33, 0x67, 0xd1, 0x4b, 0x1c, 0x5f, 0xa, 0xbf,
+ 0x15, 0x87, 0x12, 0x9e, 0xbd, 0x76, 0x3, 0xb, 0xa1, 0xf0, 0x8c,
+ 0x3f, 0xd4, 0x13, 0x1b, 0x19, 0xdf, 0x5d, 0x9b, 0xb0, 0x53},
+ {0xcc, 0xf1, 0x46, 0x59, 0x23, 0xa7, 0x6, 0xf3, 0x7d, 0xd9, 0xe5,
+ 0xcc, 0xb5, 0x18, 0x17, 0x92, 0x75, 0xe9, 0xb4, 0x81, 0x47, 0xd2,
+ 0xcd, 0x28, 0x7, 0xd9, 0xcd, 0x6f, 0xc, 0xf3, 0xca, 0x51},
+ },
+ {
+ {0xc7, 0x54, 0xac, 0x18, 0x9a, 0xf9, 0x7a, 0x73, 0xf, 0xb3, 0x1c,
+ 0xc5, 0xdc, 0x78, 0x33, 0x90, 0xc7, 0xc, 0xe1, 0x4c, 0x33, 0xbc,
+ 0x89, 0x2b, 0x9a, 0xe9, 0xf8, 0x89, 0xc1, 0x29, 0xae, 0x12},
+ {0xa, 0xe0, 0x74, 0x76, 0x42, 0xa7, 0xb, 0xa6, 0xf3, 0x7b, 0x7a,
+ 0xa1, 0x70, 0x85, 0xe, 0x63, 0xcc, 0x24, 0x33, 0xcf, 0x3d, 0x56,
+ 0x58, 0x37, 0xaa, 0xfd, 0x83, 0x23, 0x29, 0xaa, 0x4, 0x55},
+ {0xcf, 0x1, 0xd, 0x1f, 0xcb, 0xc0, 0x9e, 0xa9, 0xae, 0xf7, 0x34,
+ 0x3a, 0xcc, 0xef, 0xd1, 0xd, 0x22, 0x4e, 0x9c, 0xd0, 0x21, 0x75,
+ 0xca, 0x55, 0xea, 0xa5, 0xeb, 0x58, 0xe9, 0x4f, 0xd1, 0x5f},
+ },
+ {
+ {0x8e, 0xcb, 0x93, 0xbf, 0x5e, 0xfe, 0x42, 0x3c, 0x5f, 0x56, 0xd4,
+ 0x36, 0x51, 0xa8, 0xdf, 0xbe, 0xe8, 0x20, 0x42, 0x88, 0x9e, 0x85,
+ 0xf0, 0xe0, 0x28, 0xd1, 0x25, 0x7, 0x96, 0x3f, 0xd7, 0x7d},
+ {0x2c, 0xab, 0x45, 0x28, 0xdf, 0x2d, 0xdc, 0xb5, 0x93, 0xe9, 0x7f,
+ 0xa, 0xb1, 0x91, 0x94, 0x6, 0x46, 0xe3, 0x2, 0x40, 0xd6, 0xf3,
+ 0xaa, 0x4d, 0xd1, 0x74, 0x64, 0x58, 0x6e, 0xf2, 0x3f, 0x9},
+ {0x29, 0x98, 0x5, 0x68, 0xfe, 0x24, 0xd, 0xb1, 0xe5, 0x23, 0xaf,
+ 0xdb, 0x72, 0x6, 0x73, 0x75, 0x29, 0xac, 0x57, 0xb4, 0x3a, 0x25,
+ 0x67, 0x13, 0xa4, 0x70, 0xb4, 0x86, 0xbc, 0xbc, 0x59, 0x2f},
+ },
+ {
+ {0x1, 0xc3, 0x91, 0xb6, 0x60, 0xd5, 0x41, 0x70, 0x1e, 0xe7, 0xd7,
+ 0xad, 0x3f, 0x1b, 0x20, 0x85, 0x85, 0x55, 0x33, 0x11, 0x63, 0xe1,
+ 0xc2, 0x16, 0xb1, 0x28, 0x8, 0x1, 0x3d, 0x5e, 0xa5, 0x2a},
+ {0x5f, 0x13, 0x17, 0x99, 0x42, 0x7d, 0x84, 0x83, 0xd7, 0x3, 0x7d,
+ 0x56, 0x1f, 0x91, 0x1b, 0xad, 0xd1, 0xaa, 0x77, 0xbe, 0xd9, 0x48,
+ 0x77, 0x7e, 0x4a, 0xaf, 0x51, 0x2e, 0x2e, 0xb4, 0x58, 0x54},
+ {0x4f, 0x44, 0x7, 0xc, 0xe6, 0x92, 0x51, 0xed, 0x10, 0x1d, 0x42,
+ 0x74, 0x2d, 0x4e, 0xc5, 0x42, 0x64, 0xc8, 0xb5, 0xfd, 0x82, 0x4c,
+ 0x2b, 0x35, 0x64, 0x86, 0x76, 0x8a, 0x4a, 0x0, 0xe9, 0x13},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 787164375951248, 202869205373189, 1356590421032140,
- 1431233331032510, 786341368775957
-#else
- 16918416, 11729663, 49025285, 3022986, 36093132, 20214772,
- 38367678, 21327038, 32851221, 11717399
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 492448143532951, 304105152670757, 1761767168301056,
- 233782684697790, 1981295323106089
-#else
- 11166615, 7338049, 60386341, 4531519, 37640192, 26252376,
- 31474878, 3483633, 65915689, 29523600
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 665807507761866, 1343384868355425, 895831046139653,
- 439338948736892, 1986828765695105
-#else
- 66923210, 9921304, 31456609, 20017994, 55095045, 13348922,
- 33142652, 6546660, 47123585, 29606055
-#endif
- }},
+ {0x7f, 0x87, 0x3b, 0x19, 0xc9, 0x0, 0x2e, 0xbb, 0x6b, 0x50, 0xdc,
+ 0xe0, 0x90, 0xa8, 0xe3, 0xec, 0x9f, 0x64, 0xde, 0x36, 0xc0, 0xb7,
+ 0xf3, 0xec, 0x1a, 0x9e, 0xde, 0x98, 0x8, 0x4, 0x46, 0x5f},
+ {0xdb, 0xce, 0x2f, 0x83, 0x45, 0x88, 0x9d, 0x73, 0x63, 0xf8, 0x6b,
+ 0xae, 0xc9, 0xd6, 0x38, 0xfa, 0xf7, 0xfe, 0x4f, 0xb7, 0xca, 0xd,
+ 0xbc, 0x32, 0x5e, 0xe4, 0xbc, 0x14, 0x88, 0x7e, 0x93, 0x73},
+ {0x8d, 0xf4, 0x7b, 0x29, 0x16, 0x71, 0x3, 0xb9, 0x34, 0x68, 0xf0,
+ 0xd4, 0x22, 0x3b, 0xd1, 0xa9, 0xc6, 0xbd, 0x96, 0x46, 0x57, 0x15,
+ 0x97, 0xe1, 0x35, 0xe8, 0xd5, 0x91, 0xe8, 0xa4, 0xf8, 0x2c},
+ },
+ {
+ {0xa2, 0x6b, 0xd0, 0x17, 0x7e, 0x48, 0xb5, 0x2c, 0x6b, 0x19, 0x50,
+ 0x39, 0x1c, 0x38, 0xd2, 0x24, 0x30, 0x8a, 0x97, 0x85, 0x81, 0x9c,
+ 0x65, 0xd7, 0xf6, 0xa4, 0xd6, 0x91, 0x28, 0x7f, 0x6f, 0x7a},
+ {0x67, 0xf, 0x11, 0x7, 0x87, 0xfd, 0x93, 0x6d, 0x49, 0xb5, 0x38,
+ 0x7c, 0xd3, 0x9, 0x4c, 0xdd, 0x86, 0x6a, 0x73, 0xc2, 0x4c, 0x6a,
+ 0xb1, 0x7c, 0x9, 0x2a, 0x25, 0x58, 0x6e, 0xbd, 0x49, 0x20},
+ {0x49, 0xef, 0x9a, 0x6a, 0x8d, 0xfd, 0x9, 0x7d, 0xb, 0xb9, 0x3d,
+ 0x5b, 0xbe, 0x60, 0xee, 0xf0, 0xd4, 0xbf, 0x9e, 0x51, 0x2c, 0xb5,
+ 0x21, 0x4c, 0x1d, 0x94, 0x45, 0xc5, 0xdf, 0xaa, 0x11, 0x60},
+ },
+ {
+ {0x90, 0xf8, 0xcb, 0x2, 0xc8, 0xd0, 0xde, 0x63, 0xaa, 0x6a, 0xff,
+ 0xd, 0xca, 0x98, 0xd0, 0xfb, 0x99, 0xed, 0xb6, 0xb9, 0xfd, 0xa,
+ 0x4d, 0x62, 0x1e, 0xb, 0x34, 0x79, 0xb7, 0x18, 0xce, 0x69},
+ {0x3c, 0xf8, 0x95, 0xcf, 0x6d, 0x92, 0x67, 0x5f, 0x71, 0x90, 0x28,
+ 0x71, 0x61, 0x85, 0x7e, 0x7c, 0x5b, 0x7a, 0x8f, 0x99, 0xf3, 0xe7,
+ 0xa1, 0xd6, 0xe0, 0xf9, 0x62, 0xb, 0x1b, 0xcc, 0xc5, 0x6f},
+ {0xcb, 0x79, 0x98, 0xb2, 0x28, 0x55, 0xef, 0xd1, 0x92, 0x90, 0x7e,
+ 0xd4, 0x3c, 0xae, 0x1a, 0xdd, 0x52, 0x23, 0x9f, 0x18, 0x42, 0x4,
+ 0x7e, 0x12, 0xf1, 0x1, 0x71, 0xe5, 0x3a, 0x6b, 0x59, 0x15},
+ },
+ {
+ {0xca, 0x24, 0x51, 0x7e, 0x16, 0x31, 0xff, 0x9, 0xdf, 0x45, 0xc7,
+ 0xd9, 0x8b, 0x15, 0xe4, 0xb, 0xe5, 0x56, 0xf5, 0x7e, 0x22, 0x7d,
+ 0x2b, 0x29, 0x38, 0xd1, 0xb6, 0xaf, 0x41, 0xe2, 0xa4, 0x3a},
+ {0xa2, 0x79, 0x91, 0x3f, 0xd2, 0x39, 0x27, 0x46, 0xcf, 0xdd, 0xd6,
+ 0x97, 0x31, 0x12, 0x83, 0xff, 0x8a, 0x14, 0xf2, 0x53, 0xb5, 0xde,
+ 0x7, 0x13, 0xda, 0x4d, 0x5f, 0x7b, 0x68, 0x37, 0x22, 0xd},
+ {0xf5, 0x5, 0x33, 0x2a, 0xbf, 0x38, 0xc1, 0x2c, 0xc3, 0x26, 0xe9,
+ 0xa2, 0x8f, 0x3f, 0x58, 0x48, 0xeb, 0xd2, 0x49, 0x55, 0xa2, 0xb1,
+ 0x3a, 0x8, 0x6c, 0xa3, 0x87, 0x46, 0x6e, 0xaa, 0xfc, 0x32},
+ },
+ {
+ {0xdf, 0xcc, 0x87, 0x27, 0x73, 0xa4, 0x7, 0x32, 0xf8, 0xe3, 0x13,
+ 0xf2, 0x8, 0x19, 0xe3, 0x17, 0x4e, 0x96, 0xd, 0xf6, 0xd7, 0xec,
+ 0xb2, 0xd5, 0xe9, 0xb, 0x60, 0xc2, 0x36, 0x63, 0x6f, 0x74},
+ {0xf5, 0x9a, 0x7d, 0xc5, 0x8d, 0x6e, 0xc5, 0x7b, 0xf2, 0xbd, 0xf0,
+ 0x9d, 0xed, 0xd2, 0xb, 0x3e, 0xa3, 0xe4, 0xef, 0x22, 0xde, 0x14,
+ 0xc0, 0xaa, 0x5c, 0x6a, 0xbd, 0xfe, 0xce, 0xe9, 0x27, 0x46},
+ {0x1c, 0x97, 0x6c, 0xab, 0x45, 0xf3, 0x4a, 0x3f, 0x1f, 0x73, 0x43,
+ 0x99, 0x72, 0xeb, 0x88, 0xe2, 0x6d, 0x18, 0x44, 0x3, 0x8a, 0x6a,
+ 0x59, 0x33, 0x93, 0x62, 0xd6, 0x7e, 0x0, 0x17, 0x49, 0x7b},
+ },
+ {
+ {0xdd, 0xa2, 0x53, 0xdd, 0x28, 0x1b, 0x34, 0x54, 0x3f, 0xfc, 0x42,
+ 0xdf, 0x5b, 0x90, 0x17, 0xaa, 0xf4, 0xf8, 0xd2, 0x4d, 0xd9, 0x92,
+ 0xf5, 0xf, 0x7d, 0xd3, 0x8c, 0xe0, 0xf, 0x62, 0x3, 0x1d},
+ {0x64, 0xb0, 0x84, 0xab, 0x5c, 0xfb, 0x85, 0x2d, 0x14, 0xbc, 0xf3,
+ 0x89, 0xd2, 0x10, 0x78, 0x49, 0xc, 0xce, 0x15, 0x7b, 0x44, 0xdc,
+ 0x6a, 0x47, 0x7b, 0xfd, 0x44, 0xf8, 0x76, 0xa3, 0x2b, 0x12},
+ {0x54, 0xe5, 0xb4, 0xa2, 0xcd, 0x32, 0x2, 0xc2, 0x7f, 0x18, 0x5d,
+ 0x11, 0x42, 0xfd, 0xd0, 0x9e, 0xd9, 0x79, 0xd4, 0x7d, 0xbe, 0xb4,
+ 0xab, 0x2e, 0x4c, 0xec, 0x68, 0x2b, 0xf5, 0xb, 0xc7, 0x2},
+ },
+ {
+ {0xe1, 0x72, 0x8d, 0x45, 0xbf, 0x32, 0xe5, 0xac, 0xb5, 0x3c, 0xb7,
+ 0x7c, 0xe0, 0x68, 0xe7, 0x5b, 0xe7, 0xbd, 0x8b, 0xee, 0x94, 0x7d,
+ 0xcf, 0x56, 0x3, 0x3a, 0xb4, 0xfe, 0xe3, 0x97, 0x6, 0x6b},
+ {0xbb, 0x2f, 0xb, 0x5d, 0x4b, 0xec, 0x87, 0xa2, 0xca, 0x82, 0x48,
+ 0x7, 0x90, 0x57, 0x5c, 0x41, 0x5c, 0x81, 0xd0, 0xc1, 0x1e, 0xa6,
+ 0x44, 0xe0, 0xe0, 0xf5, 0x9e, 0x40, 0xa, 0x4f, 0x33, 0x26},
+ {0xc0, 0xa3, 0x62, 0xdf, 0x4a, 0xf0, 0xc8, 0xb6, 0x5d, 0xa4, 0x6d,
+ 0x7, 0xef, 0x0, 0xf0, 0x3e, 0xa9, 0xd2, 0xf0, 0x49, 0x58, 0xb9,
+ 0x9c, 0x9c, 0xae, 0x2f, 0x1b, 0x44, 0x43, 0x7f, 0xc3, 0x1c},
+ },
+ {
+ {0xb9, 0xae, 0xce, 0xc9, 0xf1, 0x56, 0x66, 0xd7, 0x6a, 0x65, 0xe5,
+ 0x18, 0xf8, 0x15, 0x5b, 0x1c, 0x34, 0x23, 0x4c, 0x84, 0x32, 0x28,
+ 0xe7, 0x26, 0x38, 0x68, 0x19, 0x2f, 0x77, 0x6f, 0x34, 0x3a},
+ {0x4f, 0x32, 0xc7, 0x5c, 0x5a, 0x56, 0x8f, 0x50, 0x22, 0xa9, 0x6,
+ 0xe5, 0xc0, 0xc4, 0x61, 0xd0, 0x19, 0xac, 0x45, 0x5c, 0xdb, 0xab,
+ 0x18, 0xfb, 0x4a, 0x31, 0x80, 0x3, 0xc1, 0x9, 0x68, 0x6c},
+ {0xc8, 0x6a, 0xda, 0xe2, 0x12, 0x51, 0xd5, 0xd2, 0xed, 0x51, 0xe8,
+ 0xb1, 0x31, 0x3, 0xbd, 0xe9, 0x62, 0x72, 0xc6, 0x8e, 0xdd, 0x46,
+ 0x7, 0x96, 0xd0, 0xc5, 0xf7, 0x6e, 0x9f, 0x1b, 0x91, 0x5},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 756096210874553, 1721699973539149, 258765301727885,
- 1390588532210645, 1212530909934781
-#else
- 34648249, 11266711, 55911757, 25655328, 31703693, 3855903,
- 58571733, 20721383, 36336829, 18068118
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 852891097972275, 1816988871354562, 1543772755726524,
- 1174710635522444, 202129090724628
-#else
- 49102387, 12709067, 3991746, 27075244, 45617340, 23004006,
- 35973516, 17504552, 10928916, 3011958
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1205281565824323, 22430498399418, 992947814485516,
- 1392458699738672, 688441466734558
-#else
- 60151107, 17960094, 31696058, 334240, 29576716, 14796075,
- 36277808, 20749251, 18008030, 10258577
-#endif
- }},
+ {0xef, 0xea, 0x2e, 0x51, 0xf3, 0xac, 0x49, 0x53, 0x49, 0xcb, 0xc1,
+ 0x1c, 0xd3, 0x41, 0xc1, 0x20, 0x8d, 0x68, 0x9a, 0xa9, 0x7, 0xc,
+ 0x18, 0x24, 0x17, 0x2d, 0x4b, 0xc6, 0xd1, 0xf9, 0x5e, 0x55},
+ {0xbb, 0xe, 0xdf, 0xf5, 0x83, 0x99, 0x33, 0xc1, 0xac, 0x4c, 0x2c,
+ 0x51, 0x8f, 0x75, 0xf3, 0xc0, 0xe1, 0x98, 0xb3, 0xb, 0xa, 0x13,
+ 0xf1, 0x2c, 0x62, 0xc, 0x27, 0xaa, 0xf9, 0xec, 0x3c, 0x6b},
+ {0x8, 0xbd, 0x73, 0x3b, 0xba, 0x70, 0xa7, 0x36, 0xc, 0xbf, 0xaf,
+ 0xa3, 0x8, 0xef, 0x4a, 0x62, 0xf2, 0x46, 0x9, 0xb4, 0x98, 0xff,
+ 0x37, 0x57, 0x9d, 0x74, 0x81, 0x33, 0xe1, 0x4d, 0x5f, 0x67},
+ },
+ {
+ {0x1d, 0xb3, 0xda, 0x3b, 0xd9, 0xf6, 0x2f, 0xa1, 0xfe, 0x2d, 0x65,
+ 0x9d, 0xf, 0xd8, 0x25, 0x7, 0x87, 0x94, 0xbe, 0x9a, 0xf3, 0x4f,
+ 0x9c, 0x1, 0x43, 0x3c, 0xcd, 0x82, 0xb8, 0x50, 0xf4, 0x60},
+ {0xfc, 0x82, 0x17, 0x6b, 0x3, 0x52, 0x2c, 0xe, 0xb4, 0x83, 0xad,
+ 0x6c, 0x81, 0x6c, 0x81, 0x64, 0x3e, 0x7, 0x64, 0x69, 0xd9, 0xbd,
+ 0xdc, 0xd0, 0x20, 0xc5, 0x64, 0x1, 0xf7, 0x9d, 0xd9, 0x13},
+ {0xca, 0xc0, 0xe5, 0x21, 0xc3, 0x5e, 0x4b, 0x1, 0xa2, 0xbf, 0x19,
+ 0xd7, 0xc9, 0x69, 0xcb, 0x4f, 0xa0, 0x23, 0x0, 0x75, 0x18, 0x1c,
+ 0x5f, 0x4e, 0x80, 0xac, 0xed, 0x55, 0x9e, 0xde, 0x6, 0x1c},
+ },
+ {
+ {0xaa, 0x69, 0x6d, 0xff, 0x40, 0x2b, 0xd5, 0xff, 0xbb, 0x49, 0x40,
+ 0xdc, 0x18, 0xb, 0x53, 0x34, 0x97, 0x98, 0x4d, 0xa3, 0x2f, 0x5c,
+ 0x4a, 0x5e, 0x2d, 0xba, 0x32, 0x7d, 0x8e, 0x6f, 0x9, 0x78},
+ {0xe2, 0xc4, 0x3e, 0xa3, 0xd6, 0x7a, 0xf, 0x99, 0x8e, 0xe0, 0x2e,
+ 0xbe, 0x38, 0xf9, 0x8, 0x66, 0x15, 0x45, 0x28, 0x63, 0xc5, 0x43,
+ 0xa1, 0x9c, 0xd, 0xb6, 0x2d, 0xec, 0x1f, 0x8a, 0xf3, 0x4c},
+ {0xe7, 0x5c, 0xfa, 0xd, 0x65, 0xaa, 0xaa, 0xa0, 0x8c, 0x47, 0xb5,
+ 0x48, 0x2a, 0x9e, 0xc4, 0xf9, 0x5b, 0x72, 0x3, 0x70, 0x7d, 0xcc,
+ 0x9, 0x4f, 0xbe, 0x1a, 0x9, 0x26, 0x3a, 0xad, 0x3c, 0x37},
+ },
+ {
+ {0xad, 0xbb, 0xdd, 0x89, 0xfb, 0xa8, 0xbe, 0xf1, 0xcb, 0xae, 0xae,
+ 0x61, 0xbc, 0x2c, 0xcb, 0x3b, 0x9d, 0x8d, 0x9b, 0x1f, 0xbb, 0xa7,
+ 0x58, 0x8f, 0x86, 0xa6, 0x12, 0x51, 0xda, 0x7e, 0x54, 0x21},
+ {0x7c, 0xf5, 0xc9, 0x82, 0x4d, 0x63, 0x94, 0xb2, 0x36, 0x45, 0x93,
+ 0x24, 0xe1, 0xfd, 0xcb, 0x1f, 0x5a, 0xdb, 0x8c, 0x41, 0xb3, 0x4d,
+ 0x9c, 0x9e, 0xfc, 0x19, 0x44, 0x45, 0xd9, 0xf3, 0x40, 0x0},
+ {0xd3, 0x86, 0x59, 0xfd, 0x39, 0xe9, 0xfd, 0xde, 0xc, 0x38, 0xa,
+ 0x51, 0x89, 0x2c, 0x27, 0xf4, 0xb9, 0x19, 0x31, 0xbb, 0x7, 0xa4,
+ 0x2b, 0xb7, 0xf4, 0x4d, 0x25, 0x4a, 0x33, 0xa, 0x55, 0x63},
+ },
+ {
+ {0x49, 0x7b, 0x54, 0x72, 0x45, 0x58, 0xba, 0x9b, 0xe0, 0x8, 0xc4,
+ 0xe2, 0xfa, 0xc6, 0x5, 0xf3, 0x8d, 0xf1, 0x34, 0xc7, 0x69, 0xfa,
+ 0xe8, 0x60, 0x7a, 0x76, 0x7d, 0xaa, 0xaf, 0x2b, 0xa9, 0x39},
+ {0x37, 0xcf, 0x69, 0xb5, 0xed, 0xd6, 0x7, 0x65, 0xe1, 0x2e, 0xa5,
+ 0xc, 0xb0, 0x29, 0x84, 0x17, 0x5d, 0xd6, 0x6b, 0xeb, 0x90, 0x0,
+ 0x7c, 0xea, 0x51, 0x8f, 0xf7, 0xda, 0xc7, 0x62, 0xea, 0x3e},
+ {0x4e, 0x27, 0x93, 0xe6, 0x13, 0xc7, 0x24, 0x9d, 0x75, 0xd3, 0xdb,
+ 0x68, 0x77, 0x85, 0x63, 0x5f, 0x9a, 0xb3, 0x8a, 0xeb, 0x60, 0x55,
+ 0x52, 0x70, 0xcd, 0xc4, 0xc9, 0x65, 0x6, 0x6a, 0x43, 0x68},
+ },
+ {
+ {0x7c, 0x10, 0x20, 0xe8, 0x17, 0xd3, 0x56, 0x1e, 0x65, 0xe9, 0xa,
+ 0x84, 0x44, 0x68, 0x26, 0xc5, 0x7a, 0xfc, 0xf, 0x32, 0xc6, 0xa1,
+ 0xe0, 0xc1, 0x72, 0x14, 0x61, 0x91, 0x9c, 0x66, 0x73, 0x53},
+ {0x27, 0x3f, 0x2f, 0x20, 0xe8, 0x35, 0x2, 0xbc, 0xb0, 0x75, 0xf9,
+ 0x64, 0xe2, 0x0, 0x5c, 0xc7, 0x16, 0x24, 0x8c, 0xa3, 0xd5, 0xe9,
+ 0xa4, 0x91, 0xf9, 0x89, 0xb7, 0x8a, 0xf6, 0xe7, 0xb6, 0x17},
+ {0x57, 0x52, 0xe, 0x9a, 0xab, 0x14, 0x28, 0x5d, 0xfc, 0xb3, 0xca,
+ 0xc9, 0x84, 0x20, 0x8f, 0x90, 0xca, 0x1e, 0x2d, 0x5b, 0x88, 0xf5,
+ 0xca, 0xaf, 0x11, 0x7d, 0xf8, 0x78, 0xa6, 0xb5, 0xb4, 0x1c},
+ },
+ {
+ {0xe7, 0x7, 0xa0, 0xa2, 0x62, 0xaa, 0x74, 0x6b, 0xb1, 0xc7, 0x71,
+ 0xf0, 0xb0, 0xe0, 0x11, 0xf3, 0x23, 0xe2, 0xb, 0x0, 0x38, 0xe4,
+ 0x7, 0x57, 0xac, 0x6e, 0xef, 0x82, 0x2d, 0xfd, 0xc0, 0x2d},
+ {0x6c, 0xfc, 0x4a, 0x39, 0x6b, 0xc0, 0x64, 0xb6, 0xb1, 0x5f, 0xda,
+ 0x98, 0x24, 0xde, 0x88, 0xc, 0x34, 0xd8, 0xca, 0x4b, 0x16, 0x3,
+ 0x8d, 0x4f, 0xa2, 0x34, 0x74, 0xde, 0x78, 0xca, 0xb, 0x33},
+ {0x4e, 0x74, 0x19, 0x11, 0x84, 0xff, 0x2e, 0x98, 0x24, 0x47, 0x7,
+ 0x2b, 0x96, 0x5e, 0x69, 0xf9, 0xfb, 0x53, 0xc9, 0xbf, 0x4f, 0xc1,
+ 0x8a, 0xc5, 0xf5, 0x1c, 0x9f, 0x36, 0x1b, 0xbe, 0x31, 0x3c},
+ },
+ {
+ {0x72, 0x42, 0xcb, 0xf9, 0x93, 0xbc, 0x68, 0xc1, 0x98, 0xdb, 0xce,
+ 0xc7, 0x1f, 0x71, 0xb8, 0xae, 0x7a, 0x8d, 0xac, 0x34, 0xaa, 0x52,
+ 0xe, 0x7f, 0xbb, 0x55, 0x7d, 0x7e, 0x9, 0xc1, 0xce, 0x41},
+ {0xee, 0x8a, 0x94, 0x8, 0x4d, 0x86, 0xf4, 0xb0, 0x6f, 0x1c, 0xba,
+ 0x91, 0xee, 0x19, 0xdc, 0x7, 0x58, 0xa1, 0xac, 0xa6, 0xae, 0xcd,
+ 0x75, 0x79, 0xbb, 0xd4, 0x62, 0x42, 0x13, 0x61, 0xb, 0x33},
+ {0x8a, 0x80, 0x6d, 0xa2, 0xd7, 0x19, 0x96, 0xf7, 0x6d, 0x15, 0x9e,
+ 0x1d, 0x9e, 0xd4, 0x1f, 0xbb, 0x27, 0xdf, 0xa1, 0xdb, 0x6c, 0xc3,
+ 0xd7, 0x73, 0x7d, 0x77, 0x28, 0x1f, 0xd9, 0x4c, 0xb4, 0x26},
},
+ },
+ {
{
- {{
-#if defined(OPENSSL_64_BIT)
- 1050627428414972, 1955849529137135, 2171162376368357,
- 91745868298214, 447733118757826
-#else
- 44660220, 15655568, 7018479, 29144429, 36794597, 32352840,
- 65255398, 1367119, 25127874, 6671743
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1287181461435438, 622722465530711, 880952150571872,
- 741035693459198, 311565274989772
-#else
- 29701166, 19180498, 56230743, 9279287, 67091296, 13127209,
- 21382910, 11042292, 25838796, 4642684
-#endif
- }},
- {{
-#if defined(OPENSSL_64_BIT)
- 1003649078149734, 545233927396469, 1849786171789880,
- 1318943684880434, 280345687170552
-#else
- 46678630, 14955536, 42982517, 8124618, 61739576, 27563961,
- 30468146, 19653792, 18423288, 4177476
-#endif
- }},
+ {0x83, 0x3, 0x73, 0x62, 0x93, 0xf2, 0xb7, 0xe1, 0x2c, 0x8a, 0xca,
+ 0xeb, 0xff, 0x79, 0x52, 0x4b, 0x14, 0x13, 0xd4, 0xbf, 0x8a, 0x77,
+ 0xfc, 0xda, 0xf, 0x61, 0x72, 0x9c, 0x14, 0x10, 0xeb, 0x7d},
+ {0x75, 0x74, 0x38, 0x8f, 0x47, 0x48, 0xf0, 0x51, 0x3c, 0xcb, 0xbe,
+ 0x9c, 0xf4, 0xbc, 0x5d, 0xb2, 0x55, 0x20, 0x9f, 0xd9, 0x44, 0x12,
+ 0xab, 0x9a, 0xd6, 0xa5, 0x10, 0x1c, 0x6c, 0x9e, 0x70, 0x2c},
+ {0x7a, 0xee, 0x66, 0x87, 0x6a, 0xaf, 0x62, 0xcb, 0xe, 0xcd, 0x53,
+ 0x55, 0x4, 0xec, 0xcb, 0x66, 0xb5, 0xe4, 0xb, 0xf, 0x38, 0x1,
+ 0x80, 0x58, 0xea, 0xe2, 0x2c, 0xf6, 0x9f, 0x8e, 0xe6, 0x8},
+ },
+ {
+ {0xf9, 0xf2, 0xb8, 0xa, 0xd5, 0x9, 0x2d, 0x2f, 0xdf, 0x23, 0x59,
+ 0xc5, 0x8d, 0x21, 0xb9, 0xac, 0xb9, 0x6c, 0x76, 0x73, 0x26, 0x34,
+ 0x8f, 0x4a, 0xf5, 0x19, 0xf7, 0x38, 0xd7, 0x3b, 0xb1, 0x4c},
+ {0xad, 0x30, 0xc1, 0x4b, 0xa, 0x50, 0xad, 0x34, 0x9c, 0xd4, 0xb,
+ 0x3d, 0x49, 0xdb, 0x38, 0x8d, 0xbe, 0x89, 0xa, 0x50, 0x98, 0x3d,
+ 0x5c, 0xa2, 0x9, 0x3b, 0xba, 0xee, 0x87, 0x3f, 0x1f, 0x2f},
+ {0x4a, 0xb6, 0x15, 0xe5, 0x75, 0x8c, 0x84, 0xf7, 0x38, 0x90, 0x4a,
+ 0xdb, 0xba, 0x1, 0x95, 0xa5, 0x50, 0x1b, 0x75, 0x3f, 0x3f, 0x31,
+ 0xd, 0xc2, 0xe8, 0x2e, 0xae, 0xc0, 0x53, 0xe3, 0xa1, 0x19},
+ },
+ {
+ {0xbd, 0xbd, 0x96, 0xd5, 0xcd, 0x72, 0x21, 0xb4, 0x40, 0xfc, 0xee,
+ 0x98, 0x43, 0x45, 0xe0, 0x93, 0xb5, 0x9, 0x41, 0xb4, 0x47, 0x53,
+ 0xb1, 0x9f, 0x34, 0xae, 0x66, 0x2, 0x99, 0xd3, 0x6b, 0x73},
+ {0xc3, 0x5, 0xfa, 0xba, 0x60, 0x75, 0x1c, 0x7d, 0x61, 0x5e, 0xe5,
+ 0xc6, 0xa0, 0xa0, 0xe1, 0xb3, 0x73, 0x64, 0xd6, 0xc0, 0x18, 0x97,
+ 0x52, 0xe3, 0x86, 0x34, 0xc, 0xc2, 0x11, 0x6b, 0x54, 0x41},
+ {0xb4, 0xb3, 0x34, 0x93, 0x50, 0x2d, 0x53, 0x85, 0x73, 0x65, 0x81,
+ 0x60, 0x4b, 0x11, 0xfd, 0x46, 0x75, 0x83, 0x5c, 0x42, 0x30, 0x5f,
+ 0x5f, 0xcc, 0x5c, 0xab, 0x7f, 0xb8, 0xa2, 0x95, 0x22, 0x41},
+ },
+ {
+ {0xc6, 0xea, 0x93, 0xe2, 0x61, 0x52, 0x65, 0x2e, 0xdb, 0xac, 0x33,
+ 0x21, 0x3, 0x92, 0x5a, 0x84, 0x6b, 0x99, 0x0, 0x79, 0xcb, 0x75,
+ 0x9, 0x46, 0x80, 0xdd, 0x5a, 0x19, 0x8d, 0xbb, 0x60, 0x7},
+ {0xe9, 0xd6, 0x7e, 0xf5, 0x88, 0x9b, 0xc9, 0x19, 0x25, 0xc8, 0xf8,
+ 0x6d, 0x26, 0xcb, 0x93, 0x53, 0x73, 0xd2, 0xa, 0xb3, 0x13, 0x32,
+ 0xee, 0x5c, 0x34, 0x2e, 0x2d, 0xb5, 0xeb, 0x53, 0xe1, 0x14},
+ {0x8a, 0x81, 0xe6, 0xcd, 0x17, 0x1a, 0x3e, 0x41, 0x84, 0xa0, 0x69,
+ 0xed, 0xa9, 0x6d, 0x15, 0x57, 0xb1, 0xcc, 0xca, 0x46, 0x8f, 0x26,
+ 0xbf, 0x2c, 0xf2, 0xc5, 0x3a, 0xc3, 0x9b, 0xbe, 0x34, 0x6b},
+ },
+ {
+ {0xd3, 0xf2, 0x71, 0x65, 0x65, 0x69, 0xfc, 0x11, 0x7a, 0x73, 0xe,
+ 0x53, 0x45, 0xe8, 0xc9, 0xc6, 0x35, 0x50, 0xfe, 0xd4, 0xa2, 0xe7,
+ 0x3a, 0xe3, 0xb, 0xd3, 0x6d, 0x2e, 0xb6, 0xc7, 0xb9, 0x1},
+ {0xb2, 0xc0, 0x78, 0x3a, 0x64, 0x2f, 0xdf, 0xf3, 0x7c, 0x2, 0x2e,
+ 0xf2, 0x1e, 0x97, 0x3e, 0x4c, 0xa3, 0xb5, 0xc1, 0x49, 0x5e, 0x1c,
+ 0x7d, 0xec, 0x2d, 0xdd, 0x22, 0x9, 0x8f, 0xc1, 0x12, 0x20},
+ {0x29, 0x9d, 0xc8, 0x5a, 0xe5, 0x55, 0xb, 0x88, 0x63, 0xa7, 0xa0,
+ 0x45, 0x1f, 0x24, 0x83, 0x14, 0x1f, 0x6c, 0xe7, 0xc2, 0xdf, 0xef,
+ 0x36, 0x3d, 0xe8, 0xad, 0x4b, 0x4e, 0x78, 0x5b, 0xaf, 0x8},
+ },
+ {
+ {0x4b, 0x2c, 0xcc, 0x89, 0xd2, 0x14, 0x73, 0xe2, 0x8d, 0x17, 0x87,
+ 0xa2, 0x11, 0xbd, 0xe4, 0x4b, 0xce, 0x64, 0x33, 0xfa, 0xd6, 0x28,
+ 0xd5, 0x18, 0x6e, 0x82, 0xd9, 0xaf, 0xd5, 0xc1, 0x23, 0x64},
+ {0x33, 0x25, 0x1f, 0x88, 0xdc, 0x99, 0x34, 0x28, 0xb6, 0x23, 0x93,
+ 0x77, 0xda, 0x25, 0x5, 0x9d, 0xf4, 0x41, 0x34, 0x67, 0xfb, 0xdd,
+ 0x7a, 0x89, 0x8d, 0x16, 0x3a, 0x16, 0x71, 0x9d, 0xb7, 0x32},
+ {0x6a, 0xb3, 0xfc, 0xed, 0xd9, 0xf8, 0x85, 0xcc, 0xf9, 0xe5, 0x46,
+ 0x37, 0x8f, 0xc2, 0xbc, 0x22, 0xcd, 0xd3, 0xe5, 0xf9, 0x38, 0xe3,
+ 0x9d, 0xe4, 0xcc, 0x2d, 0x3e, 0xc1, 0xfb, 0x5e, 0xa, 0x48},
+ },
+ {
+ {0x1f, 0x22, 0xce, 0x42, 0xe4, 0x4c, 0x61, 0xb6, 0x28, 0x39, 0x5,
+ 0x4c, 0xcc, 0x9d, 0x19, 0x6e, 0x3, 0xbe, 0x1c, 0xdc, 0xa4, 0xb4,
+ 0x3f, 0x66, 0x6, 0x8e, 0x1c, 0x69, 0x47, 0x1d, 0xb3, 0x24},
+ {0x71, 0x20, 0x62, 0x1, 0xb, 0xe7, 0x51, 0xb, 0xc5, 0xaf, 0x1d,
+ 0x8b, 0xcf, 0x5, 0xb5, 0x6, 0xcd, 0xab, 0x5a, 0xef, 0x61, 0xb0,
+ 0x6b, 0x2c, 0x31, 0xbf, 0xb7, 0xc, 0x60, 0x27, 0xaa, 0x47},
+ {0xc3, 0xf8, 0x15, 0xc0, 0xed, 0x1e, 0x54, 0x2a, 0x7c, 0x3f, 0x69,
+ 0x7c, 0x7e, 0xfe, 0xa4, 0x11, 0xd6, 0x78, 0xa2, 0x4e, 0x13, 0x66,
+ 0xaf, 0xf0, 0x94, 0xa0, 0xdd, 0x14, 0x5d, 0x58, 0x5b, 0x54},
+ },
+ {
+ {0xe1, 0x21, 0xb3, 0xe3, 0xd0, 0xe4, 0x4, 0x62, 0x95, 0x1e, 0xff,
+ 0x28, 0x7a, 0x63, 0xaa, 0x3b, 0x9e, 0xbd, 0x99, 0x5b, 0xfd, 0xcf,
+ 0xc, 0xb, 0x71, 0xd0, 0xc8, 0x64, 0x3e, 0xdc, 0x22, 0x4d},
+ {0xf, 0x3a, 0xd4, 0xa0, 0x5e, 0x27, 0xbf, 0x67, 0xbe, 0xee, 0x9b,
+ 0x8, 0x34, 0x8e, 0xe6, 0xad, 0x2e, 0xe7, 0x79, 0xd4, 0x4c, 0x13,
+ 0x89, 0x42, 0x54, 0x54, 0xba, 0x32, 0xc3, 0xf9, 0x62, 0xf},
+ {0x39, 0x5f, 0x3b, 0xd6, 0x89, 0x65, 0xb4, 0xfc, 0x61, 0xcf, 0xcb,
+ 0x57, 0x3f, 0x6a, 0xae, 0x5c, 0x5, 0xfa, 0x3a, 0x95, 0xd2, 0xc2,
+ 0xba, 0xfe, 0x36, 0x14, 0x37, 0x36, 0x1a, 0xa0, 0xf, 0x1c},
+ },
+ },
+ {
+ {
+ {0x50, 0x6a, 0x93, 0x8c, 0xe, 0x2b, 0x8, 0x69, 0xb6, 0xc5, 0xda,
+ 0xc1, 0x35, 0xa0, 0xc9, 0xf9, 0x34, 0xb6, 0xdf, 0xc4, 0x54, 0x3e,
+ 0xb7, 0x6f, 0x40, 0xc1, 0x2b, 0x1d, 0x9b, 0x41, 0x5, 0x40},
+ {0xff, 0x3d, 0x94, 0x22, 0xb6, 0x4, 0xc6, 0xd2, 0xa0, 0xb3, 0xcf,
+ 0x44, 0xce, 0xbe, 0x8c, 0xbc, 0x78, 0x86, 0x80, 0x97, 0xf3, 0x4f,
+ 0x25, 0x5d, 0xbf, 0xa6, 0x1c, 0x3b, 0x4f, 0x61, 0xa3, 0xf},
+ {0xf0, 0x82, 0xbe, 0xb9, 0xbd, 0xfe, 0x3, 0xa0, 0x90, 0xac, 0x44,
+ 0x3a, 0xaf, 0xc1, 0x89, 0x20, 0x8e, 0xfa, 0x54, 0x19, 0x91, 0x9f,
+ 0x49, 0xf8, 0x42, 0xab, 0x40, 0xef, 0x8a, 0x21, 0xba, 0x1f},
+ },
+ {
+ {0x94, 0x1, 0x7b, 0x3e, 0x4, 0x57, 0x3e, 0x4f, 0x7f, 0xaf, 0xda,
+ 0x8, 0xee, 0x3e, 0x1d, 0xa8, 0xf1, 0xde, 0xdc, 0x99, 0xab, 0xc6,
+ 0x39, 0xc8, 0xd5, 0x61, 0x77, 0xff, 0x13, 0x5d, 0x53, 0x6c},
+ {0x3e, 0xf5, 0xc8, 0xfa, 0x48, 0x94, 0x54, 0xab, 0x41, 0x37, 0xa6,
+ 0x7b, 0x9a, 0xe8, 0xf6, 0x81, 0x1, 0x5e, 0x2b, 0x6c, 0x7d, 0x6c,
+ 0xfd, 0x74, 0x42, 0x6e, 0xc8, 0xa8, 0xca, 0x3a, 0x2e, 0x39},
+ {0xaf, 0x35, 0x8a, 0x3e, 0xe9, 0x34, 0xbd, 0x4c, 0x16, 0xe8, 0x87,
+ 0x58, 0x44, 0x81, 0x7, 0x2e, 0xab, 0xb0, 0x9a, 0xf2, 0x76, 0x9c,
+ 0x31, 0x19, 0x3b, 0xc1, 0xa, 0xd5, 0xe4, 0x7f, 0xe1, 0x25},
+ },
+ {
+ {0xa7, 0x21, 0xf1, 0x76, 0xf5, 0x7f, 0x5f, 0x91, 0xe3, 0x87, 0xcd,
+ 0x2f, 0x27, 0x32, 0x4a, 0xc3, 0x26, 0xe5, 0x1b, 0x4d, 0xde, 0x2f,
+ 0xba, 0xcc, 0x9b, 0x89, 0x69, 0x89, 0x8f, 0x82, 0xba, 0x6b},
+ {0x76, 0xf6, 0x4, 0x1e, 0xd7, 0x9b, 0x28, 0xa, 0x95, 0xf, 0x42,
+ 0xd6, 0x52, 0x1c, 0x8e, 0x20, 0xab, 0x1f, 0x69, 0x34, 0xb0, 0xd8,
+ 0x86, 0x51, 0x51, 0xb3, 0x9f, 0x2a, 0x44, 0x51, 0x57, 0x25},
+ {0x1, 0x39, 0xfe, 0x90, 0x66, 0xbc, 0xd1, 0xe2, 0xd5, 0x7a, 0x99,
+ 0xa0, 0x18, 0x4a, 0xb5, 0x4c, 0xd4, 0x60, 0x84, 0xaf, 0x14, 0x69,
+ 0x1d, 0x97, 0xe4, 0x7b, 0x6b, 0x7f, 0x4f, 0x50, 0x9d, 0x55},
+ },
+ {
+ {0xfd, 0x66, 0xd2, 0xf6, 0xe7, 0x91, 0x48, 0x9c, 0x1b, 0x78, 0x7,
+ 0x3, 0x9b, 0xa1, 0x44, 0x7, 0x3b, 0xe2, 0x61, 0x60, 0x1d, 0x8f,
+ 0x38, 0x88, 0xe, 0xd5, 0x4b, 0x35, 0xa3, 0xa6, 0x3e, 0x12},
+ {0xd5, 0x54, 0xeb, 0xb3, 0x78, 0x83, 0x73, 0xa7, 0x7c, 0x3c, 0x55,
+ 0xa5, 0x66, 0xd3, 0x69, 0x1d, 0xba, 0x0, 0x28, 0xf9, 0x62, 0xcf,
+ 0x26, 0xa, 0x17, 0x32, 0x7e, 0x80, 0xd5, 0x12, 0xab, 0x1},
+ {0x96, 0x2d, 0xe3, 0x41, 0x90, 0x18, 0x8d, 0x11, 0x48, 0x58, 0x31,
+ 0xd8, 0xc2, 0xe3, 0xed, 0xb9, 0xd9, 0x45, 0x32, 0xd8, 0x71, 0x42,
+ 0xab, 0x1e, 0x54, 0xa1, 0x18, 0xc9, 0xe2, 0x61, 0x39, 0x4a},
+ },
+ {
+ {0x1e, 0x3f, 0x23, 0xf3, 0x44, 0xd6, 0x27, 0x3, 0x16, 0xf0, 0xfc,
+ 0x34, 0xe, 0x26, 0x9a, 0x49, 0x79, 0xb9, 0xda, 0xf2, 0x16, 0xa7,
+ 0xb5, 0x83, 0x1f, 0x11, 0xd4, 0x9b, 0xad, 0xee, 0xac, 0x68},
+ {0xa0, 0xbb, 0xe6, 0xf8, 0xe0, 0x3b, 0xdc, 0x71, 0xa, 0xe3, 0xff,
+ 0x7e, 0x34, 0xf8, 0xce, 0xd6, 0x6a, 0x47, 0x3a, 0xe1, 0x5f, 0x42,
+ 0x92, 0xa9, 0x63, 0xb7, 0x1d, 0xfb, 0xe3, 0xbc, 0xd6, 0x2c},
+ {0x10, 0xc2, 0xd7, 0xf3, 0xe, 0xc9, 0xb4, 0x38, 0xc, 0x4, 0xad,
+ 0xb7, 0x24, 0x6e, 0x8e, 0x30, 0x23, 0x3e, 0xe7, 0xb7, 0xf1, 0xd9,
+ 0x60, 0x38, 0x97, 0xf5, 0x8, 0xb5, 0xd5, 0x60, 0x57, 0x59},
+ },
+ {
+ {0x90, 0x27, 0x2, 0xfd, 0xeb, 0xcb, 0x2a, 0x88, 0x60, 0x57, 0x11,
+ 0xc4, 0x5, 0x33, 0xaf, 0x89, 0xf4, 0x73, 0x34, 0x7d, 0xe3, 0x92,
+ 0xf4, 0x65, 0x2b, 0x5a, 0x51, 0x54, 0xdf, 0xc5, 0xb2, 0x2c},
+ {0x97, 0x63, 0xaa, 0x4, 0xe1, 0xbf, 0x29, 0x61, 0xcb, 0xfc, 0xa7,
+ 0xa4, 0x8, 0x0, 0x96, 0x8f, 0x58, 0x94, 0x90, 0x7d, 0x89, 0xc0,
+ 0x8b, 0x3f, 0xa9, 0x91, 0xb2, 0xdc, 0x3e, 0xa4, 0x9f, 0x70},
+ {0xca, 0x2a, 0xfd, 0x63, 0x8c, 0x5d, 0xa, 0xeb, 0xff, 0x4e, 0x69,
+ 0x2e, 0x66, 0xc1, 0x2b, 0xd2, 0x3a, 0xb0, 0xcb, 0xf8, 0x6e, 0xf3,
+ 0x23, 0x27, 0x1f, 0x13, 0xc8, 0xf0, 0xec, 0x29, 0xf0, 0x70},
+ },
+ {
+ {0xb9, 0xb0, 0x10, 0x5e, 0xaa, 0xaf, 0x6a, 0x2a, 0xa9, 0x1a, 0x4,
+ 0xef, 0x70, 0xa3, 0xf0, 0x78, 0x1f, 0xd6, 0x3a, 0xaa, 0x77, 0xfb,
+ 0x3e, 0x77, 0xe1, 0xd9, 0x4b, 0xa7, 0xa2, 0xa5, 0xec, 0x44},
+ {0x33, 0x3e, 0xed, 0x2e, 0xb3, 0x7, 0x13, 0x46, 0xe7, 0x81, 0x55,
+ 0xa4, 0x33, 0x2f, 0x4, 0xae, 0x66, 0x3, 0x5f, 0x19, 0xd3, 0x49,
+ 0x44, 0xc9, 0x58, 0x48, 0x31, 0x6c, 0x8a, 0x5d, 0x7d, 0xb},
+ {0x43, 0xd5, 0x95, 0x7b, 0x32, 0x48, 0xd4, 0x25, 0x1d, 0xf, 0x34,
+ 0xa3, 0x0, 0x83, 0xd3, 0x70, 0x2b, 0xc5, 0xe1, 0x60, 0x1c, 0x53,
+ 0x1c, 0xde, 0xe4, 0xe9, 0x7d, 0x2c, 0x51, 0x24, 0x22, 0x27},
+ },
+ {
+ {0xfc, 0x75, 0xa9, 0x42, 0x8a, 0xbb, 0x7b, 0xbf, 0x58, 0xa3, 0xad,
+ 0x96, 0x77, 0x39, 0x5c, 0x8c, 0x48, 0xaa, 0xed, 0xcd, 0x6f, 0xc7,
+ 0x7f, 0xe2, 0xa6, 0x20, 0xbc, 0xf6, 0xd7, 0x5f, 0x73, 0x19},
+ {0x2e, 0x34, 0xc5, 0x49, 0xaf, 0x92, 0xbc, 0x1a, 0xd0, 0xfa, 0xe6,
+ 0xb2, 0x11, 0xd8, 0xee, 0xff, 0x29, 0x4e, 0xc8, 0xfc, 0x8d, 0x8c,
+ 0xa2, 0xef, 0x43, 0xc5, 0x4c, 0xa4, 0x18, 0xdf, 0xb5, 0x11},
+ {0x66, 0x42, 0xc8, 0x42, 0xd0, 0x90, 0xab, 0xe3, 0x7e, 0x54, 0x19,
+ 0x7f, 0xf, 0x8e, 0x84, 0xeb, 0xb9, 0x97, 0xa4, 0x65, 0xd0, 0xa1,
+ 0x3, 0x25, 0x5f, 0x89, 0xdf, 0x91, 0x11, 0x91, 0xef, 0xf},
},
},
};
diff --git a/Sources/CJWTKitBoringSSL/crypto/curve25519/internal.h b/Sources/CJWTKitBoringSSL/crypto/curve25519/internal.h
index bd05f503..536deb0f 100644
--- a/Sources/CJWTKitBoringSSL/crypto/curve25519/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/internal.h
@@ -15,14 +15,13 @@
#ifndef OPENSSL_HEADER_CURVE25519_INTERNAL_H
#define OPENSSL_HEADER_CURVE25519_INTERNAL_H
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include
+#include
#include "../internal.h"
+#if defined(__cplusplus)
+extern "C" {
+#endif
#if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE)
#define BORINGSSL_X25519_NEON
@@ -32,6 +31,27 @@ void x25519_NEON(uint8_t out[32], const uint8_t scalar[32],
const uint8_t point[32]);
#endif
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL) && \
+ defined(__GNUC__) && defined(__x86_64__) && !defined(OPENSSL_WINDOWS)
+#define BORINGSSL_FE25519_ADX
+
+// fiat_curve25519_adx_mul is defined in
+// third_party/fiat/asm/fiat_curve25519_adx_mul.S
+void __attribute__((sysv_abi))
+fiat_curve25519_adx_mul(uint64_t out[4], const uint64_t in1[4],
+ const uint64_t in2[4]);
+
+// fiat_curve25519_adx_square is defined in
+// third_party/fiat/asm/fiat_curve25519_adx_square.S
+void __attribute__((sysv_abi))
+fiat_curve25519_adx_square(uint64_t out[4], const uint64_t in[4]);
+
+// x25519_scalar_mult_adx is defined in third_party/fiat/curve25519_64_adx.h
+void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32],
+ const uint8_t point[32]);
+void x25519_ge_scalarmult_base_adx(uint8_t h[4][32], const uint8_t a[32]);
+#endif
+
#if defined(OPENSSL_64_BIT)
// fe means field element. Here the field is \Z/(2^255-19). An element t,
// entries t[0]...t[4], represents the integer t[0]+2^51 t[1]+2^102 t[2]+2^153
@@ -135,6 +155,8 @@ struct spake2_ctx_st {
};
+extern const uint8_t k25519Precomp[32][8][3][32];
+
#if defined(__cplusplus)
} // extern C
#endif
diff --git a/Sources/CJWTKitBoringSSL/crypto/curve25519/spake25519.c b/Sources/CJWTKitBoringSSL/crypto/curve25519/spake25519.c
index 590fdc3f..8794cbb6 100644
--- a/Sources/CJWTKitBoringSSL/crypto/curve25519/spake25519.c
+++ b/Sources/CJWTKitBoringSSL/crypto/curve25519/spake25519.c
@@ -272,12 +272,11 @@ static const uint8_t kSpakeMSmallPrecomp[15 * 2 * 32] = {
SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role,
const uint8_t *my_name, size_t my_name_len,
const uint8_t *their_name, size_t their_name_len) {
- SPAKE2_CTX *ctx = OPENSSL_malloc(sizeof(SPAKE2_CTX));
+ SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX));
if (ctx == NULL) {
return NULL;
}
- OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX));
ctx->my_role = my_role;
CBS my_name_cbs, their_name_cbs;
diff --git a/Sources/CJWTKitBoringSSL/crypto/des/des.c b/Sources/CJWTKitBoringSSL/crypto/des/des.c
index 0636a531..643b18f1 100644
--- a/Sources/CJWTKitBoringSSL/crypto/des/des.c
+++ b/Sources/CJWTKitBoringSSL/crypto/des/des.c
@@ -61,6 +61,91 @@
#include "internal.h"
+/* IP and FP
+ * The problem is more of a geometric problem that random bit fiddling.
+ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
+ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
+16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
+24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
+
+32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
+40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
+48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
+56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
+
+The output has been subject to swaps of the form
+0 1 -> 3 1 but the odd and even bits have been put into
+2 3 2 0
+different words. The main trick is to remember that
+t=((l>>size)^r)&(mask);
+r^=t;
+l^=(t<> (n)) ^ (b)) & (m)); \
+ (b) ^= (t); \
+ (a) ^= ((t) << (n)); \
+ } while (0)
+
+#define IP(l, r) \
+ do { \
+ uint32_t tt; \
+ PERM_OP(r, l, tt, 4, 0x0f0f0f0fL); \
+ PERM_OP(l, r, tt, 16, 0x0000ffffL); \
+ PERM_OP(r, l, tt, 2, 0x33333333L); \
+ PERM_OP(l, r, tt, 8, 0x00ff00ffL); \
+ PERM_OP(r, l, tt, 1, 0x55555555L); \
+ } while (0)
+
+#define FP(l, r) \
+ do { \
+ uint32_t tt; \
+ PERM_OP(l, r, tt, 1, 0x55555555L); \
+ PERM_OP(r, l, tt, 8, 0x00ff00ffL); \
+ PERM_OP(l, r, tt, 2, 0x33333333L); \
+ PERM_OP(r, l, tt, 16, 0x0000ffffL); \
+ PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \
+ } while (0)
+
+#define LOAD_DATA(ks, R, S, u, t, E0, E1) \
+ do { \
+ (u) = (R) ^ (ks)->subkeys[S][0]; \
+ (t) = (R) ^ (ks)->subkeys[S][1]; \
+ } while (0)
+
+#define D_ENCRYPT(ks, LL, R, S) \
+ do { \
+ LOAD_DATA(ks, R, S, u, t, E0, E1); \
+ t = CRYPTO_rotr_u32(t, 4); \
+ (LL) ^= \
+ DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ \
+ DES_SPtrans[4][(u >> 18L) & 0x3f] ^ \
+ DES_SPtrans[6][(u >> 26L) & 0x3f] ^ DES_SPtrans[1][(t >> 2L) & 0x3f] ^ \
+ DES_SPtrans[3][(t >> 10L) & 0x3f] ^ \
+ DES_SPtrans[5][(t >> 18L) & 0x3f] ^ DES_SPtrans[7][(t >> 26L) & 0x3f]; \
+ } while (0)
+
+#define ITERATIONS 16
+#define HALF_ITERATIONS 8
+
static const uint32_t des_skb[8][64] = {
{ // for C bits (numbered as per FIPS 46) 1 2 3 4 5 6
0x00000000, 0x00000010, 0x20000000, 0x20000010, 0x00010000,
@@ -294,13 +379,17 @@ static const uint32_t DES_SPtrans[8][64] = {
(a) = (a) ^ (t) ^ ((t) >> (16 - (n))))
void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) {
+ DES_set_key_ex(key->bytes, schedule);
+}
+
+void DES_set_key_ex(const uint8_t key[8], DES_key_schedule *schedule) {
static const int shifts2[16] = {0, 0, 1, 1, 1, 1, 1, 1,
0, 1, 1, 1, 1, 1, 1, 0};
uint32_t c, d, t, s, t2;
const uint8_t *in;
int i;
- in = key->bytes;
+ in = key;
c2l(in, c);
c2l(in, d);
@@ -378,7 +467,8 @@ void DES_set_odd_parity(DES_cblock *key) {
}
}
-static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
+static void DES_encrypt1(uint32_t data[2], const DES_key_schedule *ks,
+ int enc) {
uint32_t l, r, t, u;
r = data[0];
@@ -442,7 +532,8 @@ static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) {
data[1] = r;
}
-static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
+static void DES_encrypt2(uint32_t data[2], const DES_key_schedule *ks,
+ int enc) {
uint32_t l, r, t, u;
r = data[0];
@@ -499,7 +590,7 @@ static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) {
data[1] = CRYPTO_rotr_u32(r, 3);
}
-void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
+void DES_encrypt3(uint32_t data[2], const DES_key_schedule *ks1,
const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
uint32_t l, r;
@@ -508,9 +599,9 @@ void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
IP(l, r);
data[0] = l;
data[1] = r;
- DES_encrypt2((uint32_t *)data, ks1, DES_ENCRYPT);
- DES_encrypt2((uint32_t *)data, ks2, DES_DECRYPT);
- DES_encrypt2((uint32_t *)data, ks3, DES_ENCRYPT);
+ DES_encrypt2(data, ks1, DES_ENCRYPT);
+ DES_encrypt2(data, ks2, DES_DECRYPT);
+ DES_encrypt2(data, ks3, DES_ENCRYPT);
l = data[0];
r = data[1];
FP(r, l);
@@ -518,7 +609,7 @@ void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1,
data[1] = r;
}
-void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
+void DES_decrypt3(uint32_t data[2], const DES_key_schedule *ks1,
const DES_key_schedule *ks2, const DES_key_schedule *ks3) {
uint32_t l, r;
@@ -527,9 +618,9 @@ void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
IP(l, r);
data[0] = l;
data[1] = r;
- DES_encrypt2((uint32_t *)data, ks3, DES_DECRYPT);
- DES_encrypt2((uint32_t *)data, ks2, DES_ENCRYPT);
- DES_encrypt2((uint32_t *)data, ks1, DES_DECRYPT);
+ DES_encrypt2(data, ks3, DES_DECRYPT);
+ DES_encrypt2(data, ks2, DES_ENCRYPT);
+ DES_encrypt2(data, ks1, DES_DECRYPT);
l = data[0];
r = data[1];
FP(r, l);
@@ -539,32 +630,34 @@ void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1,
void DES_ecb_encrypt(const DES_cblock *in_block, DES_cblock *out_block,
const DES_key_schedule *schedule, int is_encrypt) {
- uint32_t l;
- uint32_t ll[2];
- const uint8_t *in = in_block->bytes;
- uint8_t *out = out_block->bytes;
+ DES_ecb_encrypt_ex(in_block->bytes, out_block->bytes, schedule, is_encrypt);
+}
- c2l(in, l);
- ll[0] = l;
- c2l(in, l);
- ll[1] = l;
+void DES_ecb_encrypt_ex(const uint8_t in[8], uint8_t out[8],
+ const DES_key_schedule *schedule, int is_encrypt) {
+ uint32_t ll[2];
+ ll[0] = CRYPTO_load_u32_le(in);
+ ll[1] = CRYPTO_load_u32_le(in + 4);
DES_encrypt1(ll, schedule, is_encrypt);
- l = ll[0];
- l2c(l, out);
- l = ll[1];
- l2c(l, out);
- ll[0] = ll[1] = 0;
+ CRYPTO_store_u32_le(out, ll[0]);
+ CRYPTO_store_u32_le(out + 4, ll[1]);
}
void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const DES_key_schedule *schedule, DES_cblock *ivec,
int enc) {
+ DES_ncbc_encrypt_ex(in, out, len, schedule, ivec->bytes, enc);
+}
+
+void DES_ncbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len,
+ const DES_key_schedule *schedule, uint8_t ivec[8],
+ int enc) {
uint32_t tin0, tin1;
uint32_t tout0, tout1, xor0, xor1;
uint32_t tin[2];
unsigned char *iv;
- iv = ivec->bytes;
+ iv = ivec;
if (enc) {
c2l(iv, tout0);
@@ -576,7 +669,7 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin1 ^= tout1;
tin[1] = tin1;
- DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
+ DES_encrypt1(tin, schedule, DES_ENCRYPT);
tout0 = tin[0];
l2c(tout0, out);
tout1 = tin[1];
@@ -588,13 +681,13 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin1 ^= tout1;
tin[1] = tin1;
- DES_encrypt1((uint32_t *)tin, schedule, DES_ENCRYPT);
+ DES_encrypt1(tin, schedule, DES_ENCRYPT);
tout0 = tin[0];
l2c(tout0, out);
tout1 = tin[1];
l2c(tout1, out);
}
- iv = ivec->bytes;
+ iv = ivec;
l2c(tout0, iv);
l2c(tout1, iv);
} else {
@@ -605,7 +698,7 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
c2l(in, tin1);
tin[1] = tin1;
- DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
+ DES_encrypt1(tin, schedule, DES_DECRYPT);
tout0 = tin[0] ^ xor0;
tout1 = tin[1] ^ xor1;
l2c(tout0, out);
@@ -618,14 +711,14 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
c2l(in, tin1);
tin[1] = tin1;
- DES_encrypt1((uint32_t *)tin, schedule, DES_DECRYPT);
+ DES_encrypt1(tin, schedule, DES_DECRYPT);
tout0 = tin[0] ^ xor0;
tout1 = tin[1] ^ xor1;
l2cn(tout0, tout1, out, len);
xor0 = tin0;
xor1 = tin1;
}
- iv = ivec->bytes;
+ iv = ivec;
l2c(xor0, iv);
l2c(xor1, iv);
}
@@ -635,24 +728,23 @@ void DES_ncbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
void DES_ecb3_encrypt(const DES_cblock *input, DES_cblock *output,
const DES_key_schedule *ks1, const DES_key_schedule *ks2,
const DES_key_schedule *ks3, int enc) {
- uint32_t l0, l1;
- uint32_t ll[2];
- const uint8_t *in = input->bytes;
- uint8_t *out = output->bytes;
+ DES_ecb3_encrypt_ex(input->bytes, output->bytes, ks1, ks2, ks3, enc);
+}
- c2l(in, l0);
- c2l(in, l1);
- ll[0] = l0;
- ll[1] = l1;
+void DES_ecb3_encrypt_ex(const uint8_t in[8], uint8_t out[8],
+ const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3, int enc) {
+ uint32_t ll[2];
+ ll[0] = CRYPTO_load_u32_le(in);
+ ll[1] = CRYPTO_load_u32_le(in + 4);
if (enc) {
DES_encrypt3(ll, ks1, ks2, ks3);
} else {
DES_decrypt3(ll, ks1, ks2, ks3);
}
- l0 = ll[0];
- l1 = ll[1];
- l2c(l0, out);
- l2c(l1, out);
+ CRYPTO_store_u32_le(out, ll[0]);
+ CRYPTO_store_u32_le(out + 4, ll[1]);
}
void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
@@ -660,12 +752,20 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const DES_key_schedule *ks2,
const DES_key_schedule *ks3, DES_cblock *ivec,
int enc) {
+ DES_ede3_cbc_encrypt_ex(in, out, len, ks1, ks2, ks3, ivec->bytes, enc);
+}
+
+void DES_ede3_cbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len,
+ const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3, uint8_t ivec[8],
+ int enc) {
uint32_t tin0, tin1;
uint32_t tout0, tout1, xor0, xor1;
uint32_t tin[2];
uint8_t *iv;
- iv = ivec->bytes;
+ iv = ivec;
if (enc) {
c2l(iv, tout0);
@@ -678,7 +778,7 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin[1] = tin1;
- DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
+ DES_encrypt3(tin, ks1, ks2, ks3);
tout0 = tin[0];
tout1 = tin[1];
@@ -692,14 +792,14 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin[1] = tin1;
- DES_encrypt3((uint32_t *)tin, ks1, ks2, ks3);
+ DES_encrypt3(tin, ks1, ks2, ks3);
tout0 = tin[0];
tout1 = tin[1];
l2c(tout0, out);
l2c(tout1, out);
}
- iv = ivec->bytes;
+ iv = ivec;
l2c(tout0, iv);
l2c(tout1, iv);
} else {
@@ -716,7 +816,7 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin[1] = tin1;
- DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
+ DES_decrypt3(tin, ks1, ks2, ks3);
tout0 = tin[0];
tout1 = tin[1];
@@ -736,7 +836,7 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
tin[0] = tin0;
tin[1] = tin1;
- DES_decrypt3((uint32_t *)tin, ks1, ks2, ks3);
+ DES_decrypt3(tin, ks1, ks2, ks3);
tout0 = tin[0];
tout1 = tin[1];
@@ -747,7 +847,7 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
xor1 = t1;
}
- iv = ivec->bytes;
+ iv = ivec;
l2c(xor0, iv);
l2c(xor1, iv);
}
@@ -769,16 +869,3 @@ void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) {
DES_set_key(key, schedule);
}
-
-#undef HPERM_OP
-#undef c2l
-#undef l2c
-#undef c2ln
-#undef l2cn
-#undef PERM_OP
-#undef IP
-#undef FP
-#undef LOAD_DATA
-#undef D_ENCRYPT
-#undef ITERATIONS
-#undef HALF_ITERATIONS
diff --git a/Sources/CJWTKitBoringSSL/crypto/des/internal.h b/Sources/CJWTKitBoringSSL/crypto/des/internal.h
index 4de2b259..47311761 100644
--- a/Sources/CJWTKitBoringSSL/crypto/des/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/des/internal.h
@@ -58,6 +58,7 @@
#define OPENSSL_HEADER_DES_INTERNAL_H
#include
+#include
#include "../internal.h"
@@ -66,6 +67,9 @@ extern "C" {
#endif
+// TODO(davidben): Ideally these macros would be replaced with
+// |CRYPTO_load_u32_le| and |CRYPTO_store_u32_le|.
+
#define c2l(c, l) \
do { \
(l) = ((uint32_t)(*((c)++))); \
@@ -145,90 +149,39 @@ extern "C" {
} \
} while (0)
-/* IP and FP
- * The problem is more of a geometric problem that random bit fiddling.
- 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
- 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
-16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
-24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
-
-32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
-40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
-48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
-56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
-
-The output has been subject to swaps of the form
-0 1 -> 3 1 but the odd and even bits have been put into
-2 3 2 0
-different words. The main trick is to remember that
-t=((l>>size)^r)&(mask);
-r^=t;
-l^=(t<> (n)) ^ (b)) & (m)); \
- (b) ^= (t); \
- (a) ^= ((t) << (n)); \
- } while (0)
-
-#define IP(l, r) \
- do { \
- uint32_t tt; \
- PERM_OP(r, l, tt, 4, 0x0f0f0f0fL); \
- PERM_OP(l, r, tt, 16, 0x0000ffffL); \
- PERM_OP(r, l, tt, 2, 0x33333333L); \
- PERM_OP(l, r, tt, 8, 0x00ff00ffL); \
- PERM_OP(r, l, tt, 1, 0x55555555L); \
- } while (0)
-
-#define FP(l, r) \
- do { \
- uint32_t tt; \
- PERM_OP(l, r, tt, 1, 0x55555555L); \
- PERM_OP(r, l, tt, 8, 0x00ff00ffL); \
- PERM_OP(l, r, tt, 2, 0x33333333L); \
- PERM_OP(r, l, tt, 16, 0x0000ffffL); \
- PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \
- } while (0)
-
-#define LOAD_DATA(ks, R, S, u, t, E0, E1) \
- do { \
- (u) = (R) ^ (ks)->subkeys[S][0]; \
- (t) = (R) ^ (ks)->subkeys[S][1]; \
- } while (0)
-
-#define D_ENCRYPT(ks, LL, R, S) \
- do { \
- LOAD_DATA(ks, R, S, u, t, E0, E1); \
- t = CRYPTO_rotr_u32(t, 4); \
- (LL) ^= \
- DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ \
- DES_SPtrans[4][(u >> 18L) & 0x3f] ^ \
- DES_SPtrans[6][(u >> 26L) & 0x3f] ^ DES_SPtrans[1][(t >> 2L) & 0x3f] ^ \
- DES_SPtrans[3][(t >> 10L) & 0x3f] ^ \
- DES_SPtrans[5][(t >> 18L) & 0x3f] ^ DES_SPtrans[7][(t >> 26L) & 0x3f]; \
- } while (0)
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
+// Correctly-typed versions of DES functions.
+//
+// See https://crbug.com/boringssl/683.
+
+void DES_set_key_ex(const uint8_t key[8], DES_key_schedule *schedule);
+void DES_ecb_encrypt_ex(const uint8_t in[8], uint8_t out[8],
+ const DES_key_schedule *schedule, int is_encrypt);
+void DES_ncbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len,
+ const DES_key_schedule *schedule, uint8_t ivec[8],
+ int enc);
+void DES_ecb3_encrypt_ex(const uint8_t input[8], uint8_t output[8],
+ const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3, int enc);
+void DES_ede3_cbc_encrypt_ex(const uint8_t *in, uint8_t *out, size_t len,
+ const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3, uint8_t ivec[8],
+ int enc);
+
+
+// Private functions.
+//
+// These functions are only exported for use in |decrepit|.
+
+OPENSSL_EXPORT void DES_decrypt3(uint32_t data[2], const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3);
+
+OPENSSL_EXPORT void DES_encrypt3(uint32_t data[2], const DES_key_schedule *ks1,
+ const DES_key_schedule *ks2,
+ const DES_key_schedule *ks3);
#if defined(__cplusplus)
diff --git a/Sources/CJWTKitBoringSSL/crypto/dh_extra/dh_asn1.c b/Sources/CJWTKitBoringSSL/crypto/dh_extra/dh_asn1.c
index eaab1881..75dd9e74 100644
--- a/Sources/CJWTKitBoringSSL/crypto/dh_extra/dh_asn1.c
+++ b/Sources/CJWTKitBoringSSL/crypto/dh_extra/dh_asn1.c
@@ -110,6 +110,10 @@ DH *DH_parse_parameters(CBS *cbs) {
goto err;
}
+ if (!dh_check_params_fast(ret)) {
+ goto err;
+ }
+
return ret;
err:
diff --git a/Sources/CJWTKitBoringSSL/crypto/dh_extra/params.c b/Sources/CJWTKitBoringSSL/crypto/dh_extra/params.c
index c50a1089..c17e860d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/dh_extra/params.c
+++ b/Sources/CJWTKitBoringSSL/crypto/dh_extra/params.c
@@ -337,6 +337,11 @@ int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator,
// It's just as OK (and in some sense better) to use a generator of the
// order-q subgroup.
+ if (prime_bits <= 0 || prime_bits > OPENSSL_DH_MAX_MODULUS_BITS) {
+ OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
BIGNUM *t1, *t2;
int g, ok = 0;
BN_CTX *ctx = NULL;
diff --git a/Sources/CJWTKitBoringSSL/crypto/dsa/dsa.c b/Sources/CJWTKitBoringSSL/crypto/dsa/dsa.c
index 223ab0e2..f473d246 100644
--- a/Sources/CJWTKitBoringSSL/crypto/dsa/dsa.c
+++ b/Sources/CJWTKitBoringSSL/crypto/dsa/dsa.c
@@ -88,18 +88,14 @@ static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
DSA *DSA_new(void) {
- DSA *dsa = OPENSSL_malloc(sizeof(DSA));
+ DSA *dsa = OPENSSL_zalloc(sizeof(DSA));
if (dsa == NULL) {
return NULL;
}
- OPENSSL_memset(dsa, 0, sizeof(DSA));
-
dsa->references = 1;
-
CRYPTO_MUTEX_init(&dsa->method_mont_lock);
CRYPTO_new_ex_data(&dsa->ex_data);
-
return dsa;
}
@@ -533,16 +529,7 @@ int DSA_generate_key(DSA *dsa) {
return ok;
}
-DSA_SIG *DSA_SIG_new(void) {
- DSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(DSA_SIG));
- if (!sig) {
- return NULL;
- }
- sig->r = NULL;
- sig->s = NULL;
- return sig;
-}
+DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); }
void DSA_SIG_free(DSA_SIG *sig) {
if (!sig) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/dsa/internal.h b/Sources/CJWTKitBoringSSL/crypto/dsa/internal.h
index ae87177f..30cf1795 100644
--- a/Sources/CJWTKitBoringSSL/crypto/dsa/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/dsa/internal.h
@@ -17,11 +17,31 @@
#include
+#include
+
+#include "../internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
+struct dsa_st {
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+
+ BIGNUM *pub_key;
+ BIGNUM *priv_key;
+
+ // Normally used to cache montgomery values
+ CRYPTO_MUTEX method_mont_lock;
+ BN_MONT_CTX *method_mont_p;
+ BN_MONT_CTX *method_mont_q;
+ CRYPTO_refcount_t references;
+ CRYPTO_EX_DATA ex_data;
+};
+
// dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within
// DoS bounds. It returns one on success and zero on error.
int dsa_check_key(const DSA *dsa);
diff --git a/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_asn1.c b/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_asn1.c
index 405b9f78..9ecfbc48 100644
--- a/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_asn1.c
+++ b/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_asn1.c
@@ -72,6 +72,16 @@ static const CBS_ASN1_TAG kParametersTag =
static const CBS_ASN1_TAG kPublicKeyTag =
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
+// TODO(https://crbug.com/boringssl/497): Allow parsers to specify a list of
+// acceptable groups, so parsers don't have to pull in all four.
+typedef const EC_GROUP *(*ec_group_func)(void);
+static const ec_group_func kAllGroups[] = {
+ &EC_group_p224,
+ &EC_group_p256,
+ &EC_group_p384,
+ &EC_group_p521,
+};
+
EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
CBS ec_private_key, private_key;
uint64_t version;
@@ -84,7 +94,6 @@ EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
}
// Parse the optional parameters field.
- EC_GROUP *inner_group = NULL;
EC_KEY *ret = NULL;
BIGNUM *priv_key = NULL;
if (CBS_peek_asn1_tag(&ec_private_key, kParametersTag)) {
@@ -97,7 +106,7 @@ EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
OPENSSL_PUT_ERROR(EC, EC_R_DECODE_ERROR);
goto err;
}
- inner_group = EC_KEY_parse_parameters(&child);
+ const EC_GROUP *inner_group = EC_KEY_parse_parameters(&child);
if (inner_group == NULL) {
goto err;
}
@@ -179,13 +188,11 @@ EC_KEY *EC_KEY_parse_private_key(CBS *cbs, const EC_GROUP *group) {
}
BN_free(priv_key);
- EC_GROUP_free(inner_group);
return ret;
err:
EC_KEY_free(ret);
BN_free(priv_key);
- EC_GROUP_free(inner_group);
return NULL;
}
@@ -244,9 +251,12 @@ int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
// kPrimeFieldOID is the encoding of 1.2.840.10045.1.1.
static const uint8_t kPrimeField[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01};
-static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
- CBS *out_b, CBS *out_base_x,
- CBS *out_base_y, CBS *out_order) {
+struct explicit_prime_curve {
+ CBS prime, a, b, base_x, base_y, order;
+};
+
+static int parse_explicit_prime_curve(CBS *in,
+ struct explicit_prime_curve *out) {
// See RFC 3279, section 2.3.5. Note that RFC 3279 calls this structure an
// ECParameters while RFC 5480 calls it a SpecifiedECDomain.
CBS params, field_id, field_type, curve, base, cofactor;
@@ -260,18 +270,18 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
CBS_len(&field_type) != sizeof(kPrimeField) ||
OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) !=
0 ||
- !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) ||
- !CBS_is_unsigned_asn1_integer(out_prime) ||
+ !CBS_get_asn1(&field_id, &out->prime, CBS_ASN1_INTEGER) ||
+ !CBS_is_unsigned_asn1_integer(&out->prime) ||
CBS_len(&field_id) != 0 ||
!CBS_get_asn1(¶ms, &curve, CBS_ASN1_SEQUENCE) ||
- !CBS_get_asn1(&curve, out_a, CBS_ASN1_OCTETSTRING) ||
- !CBS_get_asn1(&curve, out_b, CBS_ASN1_OCTETSTRING) ||
+ !CBS_get_asn1(&curve, &out->a, CBS_ASN1_OCTETSTRING) ||
+ !CBS_get_asn1(&curve, &out->b, CBS_ASN1_OCTETSTRING) ||
// |curve| has an optional BIT STRING seed which we ignore.
!CBS_get_optional_asn1(&curve, NULL, NULL, CBS_ASN1_BITSTRING) ||
CBS_len(&curve) != 0 ||
!CBS_get_asn1(¶ms, &base, CBS_ASN1_OCTETSTRING) ||
- !CBS_get_asn1(¶ms, out_order, CBS_ASN1_INTEGER) ||
- !CBS_is_unsigned_asn1_integer(out_order) ||
+ !CBS_get_asn1(¶ms, &out->order, CBS_ASN1_INTEGER) ||
+ !CBS_is_unsigned_asn1_integer(&out->order) ||
!CBS_get_optional_asn1(¶ms, &cofactor, &has_cofactor,
CBS_ASN1_INTEGER) ||
CBS_len(¶ms) != 0) {
@@ -300,25 +310,33 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
return 0;
}
size_t field_len = CBS_len(&base) / 2;
- CBS_init(out_base_x, CBS_data(&base), field_len);
- CBS_init(out_base_y, CBS_data(&base) + field_len, field_len);
+ CBS_init(&out->base_x, CBS_data(&base), field_len);
+ CBS_init(&out->base_y, CBS_data(&base) + field_len, field_len);
return 1;
}
-// integers_equal returns one if |a| and |b| are equal, up to leading zeros, and
+// integers_equal returns one if |bytes| is a big-endian encoding of |bn|, and
// zero otherwise.
-static int integers_equal(const CBS *a, const uint8_t *b, size_t b_len) {
- // Remove leading zeros from |a| and |b|.
- CBS a_copy = *a;
- while (CBS_len(&a_copy) > 0 && CBS_data(&a_copy)[0] == 0) {
- CBS_skip(&a_copy, 1);
+static int integers_equal(const CBS *bytes, const BIGNUM *bn) {
+ // Although, in SEC 1, Field-Element-to-Octet-String has a fixed width,
+ // OpenSSL mis-encodes the |a| and |b|, so we tolerate any number of leading
+ // zeros. (This matters for P-521 whose |b| has a leading 0.)
+ CBS copy = *bytes;
+ while (CBS_len(©) > 0 && CBS_data(©)[0] == 0) {
+ CBS_skip(©, 1);
}
- while (b_len > 0 && b[0] == 0) {
- b++;
- b_len--;
+
+ if (CBS_len(©) > EC_MAX_BYTES) {
+ return 0;
}
- return CBS_mem_equal(&a_copy, b, b_len);
+ uint8_t buf[EC_MAX_BYTES];
+ if (!BN_bn2bin_padded(buf, CBS_len(©), bn)) {
+ ERR_clear_error();
+ return 0;
+ }
+
+ return CBS_mem_equal(©, buf, CBS_len(©));
}
EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs) {
@@ -329,13 +347,10 @@ EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs) {
}
// Look for a matching curve.
- const struct built_in_curves *const curves = OPENSSL_built_in_curves();
- for (size_t i = 0; i < OPENSSL_NUM_BUILT_IN_CURVES; i++) {
- const struct built_in_curve *curve = &curves->curves[i];
- if (CBS_len(&named_curve) == curve->oid_len &&
- OPENSSL_memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) ==
- 0) {
- return EC_GROUP_new_by_curve_name(curve->nid);
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kAllGroups); i++) {
+ const EC_GROUP *group = kAllGroups[i]();
+ if (CBS_mem_equal(&named_curve, group->oid, group->oid_len)) {
+ return (EC_GROUP *)group;
}
}
@@ -344,25 +359,15 @@ EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs) {
}
int EC_KEY_marshal_curve_name(CBB *cbb, const EC_GROUP *group) {
- int nid = EC_GROUP_get_curve_name(group);
- if (nid == NID_undef) {
+ if (group->oid_len == 0) {
OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
return 0;
}
- const struct built_in_curves *const curves = OPENSSL_built_in_curves();
- for (size_t i = 0; i < OPENSSL_NUM_BUILT_IN_CURVES; i++) {
- const struct built_in_curve *curve = &curves->curves[i];
- if (curve->nid == nid) {
- CBB child;
- return CBB_add_asn1(cbb, &child, CBS_ASN1_OBJECT) &&
- CBB_add_bytes(&child, curve->oid, curve->oid_len) &&
- CBB_flush(cbb);
- }
- }
-
- OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
- return 0;
+ CBB child;
+ return CBB_add_asn1(cbb, &child, CBS_ASN1_OBJECT) &&
+ CBB_add_bytes(&child, group->oid, group->oid_len) && //
+ CBB_flush(cbb);
}
EC_GROUP *EC_KEY_parse_parameters(CBS *cbs) {
@@ -374,34 +379,56 @@ EC_GROUP *EC_KEY_parse_parameters(CBS *cbs) {
// of named curves.
//
// TODO(davidben): Remove support for this.
- CBS prime, a, b, base_x, base_y, order;
- if (!parse_explicit_prime_curve(cbs, &prime, &a, &b, &base_x, &base_y,
- &order)) {
+ struct explicit_prime_curve curve;
+ if (!parse_explicit_prime_curve(cbs, &curve)) {
return NULL;
}
- // Look for a matching prime curve.
- const struct built_in_curves *const curves = OPENSSL_built_in_curves();
- for (size_t i = 0; i < OPENSSL_NUM_BUILT_IN_CURVES; i++) {
- const struct built_in_curve *curve = &curves->curves[i];
- const unsigned param_len = curve->param_len;
- // |curve->params| is ordered p, a, b, x, y, order, each component
- // zero-padded up to the field length. Although SEC 1 states that the
- // Field-Element-to-Octet-String conversion also pads, OpenSSL mis-encodes
- // |a| and |b|, so this comparison must allow omitting leading zeros. (This
- // is relevant for P-521 whose |b| has a leading 0.)
- if (integers_equal(&prime, curve->params, param_len) &&
- integers_equal(&a, curve->params + param_len, param_len) &&
- integers_equal(&b, curve->params + param_len * 2, param_len) &&
- integers_equal(&base_x, curve->params + param_len * 3, param_len) &&
- integers_equal(&base_y, curve->params + param_len * 4, param_len) &&
- integers_equal(&order, curve->params + param_len * 5, param_len)) {
- return EC_GROUP_new_by_curve_name(curve->nid);
+ const EC_GROUP *ret = NULL;
+ BIGNUM *p = BN_new(), *a = BN_new(), *b = BN_new(), *x = BN_new(),
+ *y = BN_new();
+ if (p == NULL || a == NULL || b == NULL || x == NULL || y == NULL) {
+ goto err;
+ }
+
+ for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kAllGroups); i++) {
+ const EC_GROUP *group = kAllGroups[i]();
+ if (!integers_equal(&curve.order, EC_GROUP_get0_order(group))) {
+ continue;
+ }
+
+ // The order alone uniquely identifies the group, but we check the other
+ // parameters to avoid misinterpreting the group.
+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, NULL)) {
+ goto err;
+ }
+ if (!integers_equal(&curve.prime, p) || !integers_equal(&curve.a, a) ||
+ !integers_equal(&curve.b, b)) {
+ break;
+ }
+ if (!EC_POINT_get_affine_coordinates_GFp(
+ group, EC_GROUP_get0_generator(group), x, y, NULL)) {
+ goto err;
}
+ if (!integers_equal(&curve.base_x, x) ||
+ !integers_equal(&curve.base_y, y)) {
+ break;
+ }
+ ret = group;
+ break;
}
- OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
- return NULL;
+ if (ret == NULL) {
+ OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
+ }
+
+err:
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ BN_free(x);
+ BN_free(y);
+ return (EC_GROUP *)ret;
}
int EC_POINT_point2cbb(CBB *out, const EC_GROUP *group, const EC_POINT *point,
@@ -458,18 +485,16 @@ EC_KEY *d2i_ECParameters(EC_KEY **out_key, const uint8_t **inp, long len) {
CBS cbs;
CBS_init(&cbs, *inp, (size_t)len);
- EC_GROUP *group = EC_KEY_parse_parameters(&cbs);
+ const EC_GROUP *group = EC_KEY_parse_parameters(&cbs);
if (group == NULL) {
return NULL;
}
EC_KEY *ret = EC_KEY_new();
if (ret == NULL || !EC_KEY_set_group(ret, group)) {
- EC_GROUP_free(group);
EC_KEY_free(ret);
return NULL;
}
- EC_GROUP_free(group);
if (out_key != NULL) {
EC_KEY_free(*out_key);
@@ -532,3 +557,16 @@ int i2o_ECPublicKey(const EC_KEY *key, uint8_t **outp) {
// Historically, this function used the wrong return value on error.
return ret > 0 ? ret : 0;
}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
+ size_t max_num_curves) {
+ if (max_num_curves > OPENSSL_ARRAY_SIZE(kAllGroups)) {
+ max_num_curves = OPENSSL_ARRAY_SIZE(kAllGroups);
+ }
+ for (size_t i = 0; i < max_num_curves; i++) {
+ const EC_GROUP *group = kAllGroups[i]();
+ out_curves[i].nid = group->curve_name;
+ out_curves[i].comment = group->comment;
+ }
+ return OPENSSL_ARRAY_SIZE(kAllGroups);
+}
diff --git a/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_derive.c b/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_derive.c
index 9b62820c..40953614 100644
--- a/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_derive.c
+++ b/Sources/CJWTKitBoringSSL/crypto/ec_extra/ec_derive.c
@@ -55,7 +55,8 @@ EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group, const uint8_t *secret,
}
uint8_t derived[EC_KEY_DERIVE_EXTRA_BYTES + EC_MAX_BYTES];
- size_t derived_len = BN_num_bytes(&group->order) + EC_KEY_DERIVE_EXTRA_BYTES;
+ size_t derived_len =
+ BN_num_bytes(EC_GROUP_get0_order(group)) + EC_KEY_DERIVE_EXTRA_BYTES;
assert(derived_len <= sizeof(derived));
if (!HKDF(derived, derived_len, EVP_sha256(), secret, secret_len,
/*salt=*/NULL, /*salt_len=*/0, (const uint8_t *)info,
@@ -74,10 +75,10 @@ EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group, const uint8_t *secret,
// enough. 2^(num_bytes(order)) < 2^8 * order, so:
//
// priv < 2^8 * order * 2^128 < order * order < order * R
- !BN_from_montgomery(priv, priv, group->order_mont, ctx) ||
+ !BN_from_montgomery(priv, priv, &group->order, ctx) ||
// Multiply by R^2 and do another Montgomery reduction to compute
// priv * R^-1 * R^2 * R^-1 = priv mod order.
- !BN_to_montgomery(priv, priv, group->order_mont, ctx) ||
+ !BN_to_montgomery(priv, priv, &group->order, ctx) ||
!EC_POINT_mul(group, pub, priv, NULL, NULL, ctx) ||
!EC_KEY_set_group(key, group) || !EC_KEY_set_public_key(key, pub) ||
!EC_KEY_set_private_key(key, priv)) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/ec_extra/hash_to_curve.c b/Sources/CJWTKitBoringSSL/crypto/ec_extra/hash_to_curve.c
index 0fdc3cce..02e2cb6d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/ec_extra/hash_to_curve.c
+++ b/Sources/CJWTKitBoringSSL/crypto/ec_extra/hash_to_curve.c
@@ -26,8 +26,7 @@
#include "../internal.h"
-// This file implements hash-to-curve, as described in
-// draft-irtf-cfrg-hash-to-curve-16.
+// This file implements hash-to-curve, as described in RFC 9380.
//
// This hash-to-curve implementation is written generically with the
// expectation that we will eventually wish to support other curves. If it
@@ -48,8 +47,7 @@
// templates to make specializing more convenient.
// expand_message_xmd implements the operation described in section 5.3.1 of
-// draft-irtf-cfrg-hash-to-curve-16. It returns one on success and zero on
-// error.
+// RFC 9380. It returns one on success and zero on error.
static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len,
const uint8_t *msg, size_t msg_len,
const uint8_t *dst, size_t dst_len) {
@@ -138,7 +136,7 @@ static int expand_message_xmd(const EVP_MD *md, uint8_t *out, size_t out_len,
// num_bytes_to_derive determines the number of bytes to derive when hashing to
// a number modulo |modulus|. See the hash_to_field operation defined in
-// section 5.2 of draft-irtf-cfrg-hash-to-curve-16.
+// section 5.2 of RFC 9380.
static int num_bytes_to_derive(size_t *out, const BIGNUM *modulus, unsigned k) {
size_t bits = BN_num_bits(modulus);
size_t L = (bits + k + 7) / 8;
@@ -171,20 +169,19 @@ static void big_endian_to_words(BN_ULONG *out, size_t num_words,
}
// hash_to_field implements the operation described in section 5.2
-// of draft-irtf-cfrg-hash-to-curve-16, with count = 2. |k| is the security
-// factor.
+// of RFC 9380, with count = 2. |k| is the security factor.
static int hash_to_field2(const EC_GROUP *group, const EVP_MD *md,
EC_FELEM *out1, EC_FELEM *out2, const uint8_t *dst,
size_t dst_len, unsigned k, const uint8_t *msg,
size_t msg_len) {
size_t L;
uint8_t buf[4 * EC_MAX_BYTES];
- if (!num_bytes_to_derive(&L, &group->field, k) ||
+ if (!num_bytes_to_derive(&L, &group->field.N, k) ||
!expand_message_xmd(md, buf, 2 * L, msg, msg_len, dst, dst_len)) {
return 0;
}
BN_ULONG words[2 * EC_MAX_WORDS];
- size_t num_words = 2 * group->field.width;
+ size_t num_words = 2 * group->field.N.width;
big_endian_to_words(words, num_words, buf, L);
group->meth->felem_reduce(group, out1, words, num_words);
big_endian_to_words(words, num_words, buf + L, L);
@@ -197,15 +194,16 @@ static int hash_to_field2(const EC_GROUP *group, const EVP_MD *md,
static int hash_to_scalar(const EC_GROUP *group, const EVP_MD *md,
EC_SCALAR *out, const uint8_t *dst, size_t dst_len,
unsigned k, const uint8_t *msg, size_t msg_len) {
+ const BIGNUM *order = EC_GROUP_get0_order(group);
size_t L;
uint8_t buf[EC_MAX_BYTES * 2];
- if (!num_bytes_to_derive(&L, &group->order, k) ||
+ if (!num_bytes_to_derive(&L, order, k) ||
!expand_message_xmd(md, buf, L, msg, msg_len, dst, dst_len)) {
return 0;
}
BN_ULONG words[2 * EC_MAX_WORDS];
- size_t num_words = 2 * group->order.width;
+ size_t num_words = 2 * order->width;
big_endian_to_words(words, num_words, buf, L);
ec_scalar_reduce(group, out, words, num_words);
return 1;
@@ -220,8 +218,7 @@ static inline void mul_A(const EC_GROUP *group, EC_FELEM *out,
ec_felem_sub(group, out, in, &tmp); // out = -3*in
}
-// sgn0 implements the operation described in section 4.1.2 of
-// draft-irtf-cfrg-hash-to-curve-16.
+// sgn0 implements the operation described in section 4.1.2 of RFC 9380.
static BN_ULONG sgn0(const EC_GROUP *group, const EC_FELEM *a) {
uint8_t buf[EC_MAX_BYTES];
size_t len;
@@ -230,11 +227,11 @@ static BN_ULONG sgn0(const EC_GROUP *group, const EC_FELEM *a) {
}
OPENSSL_UNUSED static int is_3mod4(const EC_GROUP *group) {
- return group->field.width > 0 && (group->field.d[0] & 3) == 3;
+ return group->field.N.width > 0 && (group->field.N.d[0] & 3) == 3;
}
// sqrt_ratio_3mod4 implements the operation described in appendix F.2.1.2
-// of draft-irtf-cfrg-hash-to-curve-16.
+// of RFC 9380.
static BN_ULONG sqrt_ratio_3mod4(const EC_GROUP *group, const EC_FELEM *Z,
const BN_ULONG *c1, size_t num_c1,
const EC_FELEM *c2, EC_FELEM *out_y,
@@ -269,8 +266,7 @@ static BN_ULONG sqrt_ratio_3mod4(const EC_GROUP *group, const EC_FELEM *Z,
}
// map_to_curve_simple_swu implements the operation described in section 6.6.2
-// of draft-irtf-cfrg-hash-to-curve-16, using the straight-line implementation
-// in appendix F.2.
+// of RFC 9380, using the straight-line implementation in appendix F.2.
static void map_to_curve_simple_swu(const EC_GROUP *group, const EC_FELEM *Z,
const BN_ULONG *c1, size_t num_c1,
const EC_FELEM *c2, EC_JACOBIAN *out,
@@ -285,12 +281,12 @@ static void map_to_curve_simple_swu(const EC_GROUP *group, const EC_FELEM *Z,
group->meth->felem_sqr;
EC_FELEM tv1, tv2, tv3, tv4, tv5, tv6, x, y, y1;
- felem_sqr(group, &tv1, u); // 1. tv1 = u^2
- felem_mul(group, &tv1, Z, &tv1); // 2. tv1 = Z * tv1
- felem_sqr(group, &tv2, &tv1); // 3. tv2 = tv1^2
- ec_felem_add(group, &tv2, &tv2, &tv1); // 4. tv2 = tv2 + tv1
- ec_felem_add(group, &tv3, &tv2, &group->one); // 5. tv3 = tv2 + 1
- felem_mul(group, &tv3, &group->b, &tv3); // 6. tv3 = B * tv3
+ felem_sqr(group, &tv1, u); // 1. tv1 = u^2
+ felem_mul(group, &tv1, Z, &tv1); // 2. tv1 = Z * tv1
+ felem_sqr(group, &tv2, &tv1); // 3. tv2 = tv1^2
+ ec_felem_add(group, &tv2, &tv2, &tv1); // 4. tv2 = tv2 + tv1
+ ec_felem_add(group, &tv3, &tv2, ec_felem_one(group)); // 5. tv3 = tv2 + 1
+ felem_mul(group, &tv3, &group->b, &tv3); // 6. tv3 = B * tv3
// 7. tv4 = CMOV(Z, -tv2, tv2 != 0)
const BN_ULONG tv2_non_zero = ec_felem_non_zero_mask(group, &tv2);
@@ -353,8 +349,8 @@ static int hash_to_curve(const EC_GROUP *group, const EVP_MD *md,
// Compute |c1| = (p - 3) / 4.
BN_ULONG c1[EC_MAX_WORDS];
- size_t num_c1 = group->field.width;
- if (!bn_copy_words(c1, num_c1, &group->field)) {
+ size_t num_c1 = group->field.N.width;
+ if (!bn_copy_words(c1, num_c1, &group->field.N)) {
return 0;
}
bn_rshift_words(c1, c1, /*shift=*/2, /*num=*/num_c1);
@@ -370,7 +366,7 @@ static int hash_to_curve(const EC_GROUP *group, const EVP_MD *md,
static int felem_from_u8(const EC_GROUP *group, EC_FELEM *out, uint8_t a) {
uint8_t bytes[EC_MAX_BYTES] = {0};
- size_t len = BN_num_bytes(&group->field);
+ size_t len = BN_num_bytes(&group->field.N);
bytes[len - 1] = a;
return ec_felem_from_bytes(group, out, bytes, len);
}
@@ -404,7 +400,7 @@ int ec_hash_to_curve_p256_xmd_sha256_sswu(const EC_GROUP *group,
EC_JACOBIAN *out, const uint8_t *dst,
size_t dst_len, const uint8_t *msg,
size_t msg_len) {
- // See section 8.3 of draft-irtf-cfrg-hash-to-curve-16.
+ // See section 8.3 of RFC 9380.
if (EC_GROUP_get_curve_name(group) != NID_X9_62_prime256v1) {
OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
return 0;
@@ -437,7 +433,7 @@ int ec_hash_to_curve_p384_xmd_sha384_sswu(const EC_GROUP *group,
EC_JACOBIAN *out, const uint8_t *dst,
size_t dst_len, const uint8_t *msg,
size_t msg_len) {
- // See section 8.3 of draft-irtf-cfrg-hash-to-curve-16.
+ // See section 8.3 of RFC 9380.
if (EC_GROUP_get_curve_name(group) != NID_secp384r1) {
OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
return 0;
diff --git a/Sources/CJWTKitBoringSSL/crypto/ec_extra/internal.h b/Sources/CJWTKitBoringSSL/crypto/ec_extra/internal.h
index fe5f6619..5d4aaf94 100644
--- a/Sources/CJWTKitBoringSSL/crypto/ec_extra/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/ec_extra/internal.h
@@ -30,24 +30,22 @@ extern "C" {
// ec_hash_to_curve_p256_xmd_sha256_sswu hashes |msg| to a point on |group| and
// writes the result to |out|, implementing the P256_XMD:SHA-256_SSWU_RO_ suite
-// from draft-irtf-cfrg-hash-to-curve-16. It returns one on success and zero on
-// error.
+// from RFC 9380. It returns one on success and zero on error.
OPENSSL_EXPORT int ec_hash_to_curve_p256_xmd_sha256_sswu(
const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
const uint8_t *msg, size_t msg_len);
// ec_hash_to_curve_p384_xmd_sha384_sswu hashes |msg| to a point on |group| and
// writes the result to |out|, implementing the P384_XMD:SHA-384_SSWU_RO_ suite
-// from draft-irtf-cfrg-hash-to-curve-16. It returns one on success and zero on
-// error.
+// from RFC 9380. It returns one on success and zero on error.
OPENSSL_EXPORT int ec_hash_to_curve_p384_xmd_sha384_sswu(
const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
const uint8_t *msg, size_t msg_len);
// ec_hash_to_scalar_p384_xmd_sha384 hashes |msg| to a scalar on |group|
// and writes the result to |out|, using the hash_to_field operation from the
-// P384_XMD:SHA-384_SSWU_RO_ suite from draft-irtf-cfrg-hash-to-curve-16, but
-// generating a value modulo the group order rather than a field element.
+// P384_XMD:SHA-384_SSWU_RO_ suite from RFC 9380, but generating a value modulo
+// the group order rather than a field element.
OPENSSL_EXPORT int ec_hash_to_scalar_p384_xmd_sha384(
const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len,
const uint8_t *msg, size_t msg_len);
diff --git a/Sources/CJWTKitBoringSSL/crypto/engine/engine.c b/Sources/CJWTKitBoringSSL/crypto/engine/engine.c
index d2ef9b73..b252d66a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/engine/engine.c
+++ b/Sources/CJWTKitBoringSSL/crypto/engine/engine.c
@@ -31,15 +31,7 @@ struct engine_st {
ECDSA_METHOD *ecdsa_method;
};
-ENGINE *ENGINE_new(void) {
- ENGINE *engine = OPENSSL_malloc(sizeof(ENGINE));
- if (engine == NULL) {
- return NULL;
- }
-
- OPENSSL_memset(engine, 0, sizeof(ENGINE));
- return engine;
-}
+ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); }
int ENGINE_free(ENGINE *engine) {
// Methods are currently required to be static so are not unref'ed.
diff --git a/Sources/CJWTKitBoringSSL/crypto/err/err.c b/Sources/CJWTKitBoringSSL/crypto/err/err.c
index 41a7b710..d4a35a9b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/err/err.c
+++ b/Sources/CJWTKitBoringSSL/crypto/err/err.c
@@ -146,13 +146,13 @@ struct err_error_st {
// ERR_STATE contains the per-thread, error queue.
typedef struct err_state_st {
- // errors contains the ERR_NUM_ERRORS most recent errors, organised as a ring
- // buffer.
+ // errors contains up to ERR_NUM_ERRORS - 1 most recent errors, organised as a
+ // ring buffer.
struct err_error_st errors[ERR_NUM_ERRORS];
- // top contains the index one past the most recent error. If |top| equals
- // |bottom| then the queue is empty.
+ // top contains the index of the most recent error. If |top| equals |bottom|
+ // then the queue is empty.
unsigned top;
- // bottom contains the index of the last error in the queue.
+ // bottom contains the index before the least recent error in the queue.
unsigned bottom;
// to_free, if not NULL, contains a pointer owned by this structure that was
@@ -192,8 +192,7 @@ static int global_next_library = ERR_NUM_LIBS;
// global_next_library_mutex protects |global_next_library| from concurrent
// updates.
-static struct CRYPTO_STATIC_MUTEX global_next_library_mutex =
- CRYPTO_STATIC_MUTEX_INIT;
+static CRYPTO_MUTEX global_next_library_mutex = CRYPTO_MUTEX_INIT;
static void err_state_free(void *statep) {
ERR_STATE *state = statep;
@@ -367,9 +366,9 @@ void ERR_remove_thread_state(const CRYPTO_THREADID *tid) {
int ERR_get_next_error_library(void) {
int ret;
- CRYPTO_STATIC_MUTEX_lock_write(&global_next_library_mutex);
+ CRYPTO_MUTEX_lock_write(&global_next_library_mutex);
ret = global_next_library++;
- CRYPTO_STATIC_MUTEX_unlock_write(&global_next_library_mutex);
+ CRYPTO_MUTEX_unlock_write(&global_next_library_mutex);
return ret;
}
@@ -553,22 +552,21 @@ char *ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
const char *lib_str = err_lib_error_string(packed_error);
const char *reason_str = err_reason_error_string(packed_error);
- char lib_buf[64], reason_buf[64];
+ char lib_buf[32], reason_buf[32];
if (lib_str == NULL) {
- BIO_snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
+ snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
lib_str = lib_buf;
}
- if (reason_str == NULL) {
- BIO_snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
+ if (reason_str == NULL) {
+ snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
reason_str = reason_buf;
}
- BIO_snprintf(buf, len, "error:%08" PRIx32 ":%s:OPENSSL_internal:%s",
- packed_error, lib_str, reason_str);
-
- if (strlen(buf) == len - 1) {
- // output may be truncated; make sure we always have 5 colon-separated
+ int ret = snprintf(buf, len, "error:%08" PRIx32 ":%s:OPENSSL_internal:%s",
+ packed_error, lib_str, reason_str);
+ if (ret >= 0 && (size_t)ret >= len) {
+ // The output was truncated; make sure we always have 5 colon-separated
// fields, i.e. 4 colons.
static const unsigned num_colons = 4;
unsigned i;
@@ -618,8 +616,8 @@ void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) {
}
ERR_error_string_n(packed_error, buf, sizeof(buf));
- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", thread_hash, buf,
- file, line, (flags & ERR_FLAG_STRING) ? data : "");
+ snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", thread_hash, buf, file,
+ line, (flags & ERR_FLAG_STRING) ? data : "");
if (callback(buf2, strlen(buf2), ctx) <= 0) {
break;
}
@@ -867,6 +865,10 @@ void ERR_restore_state(const ERR_SAVE_STATE *state) {
return;
}
+ if (state->num_errors >= ERR_NUM_ERRORS) {
+ abort();
+ }
+
ERR_STATE *const dst = err_get_state();
if (dst == NULL) {
return;
@@ -875,6 +877,6 @@ void ERR_restore_state(const ERR_SAVE_STATE *state) {
for (size_t i = 0; i < state->num_errors; i++) {
err_copy(&dst->errors[i], &state->errors[i]);
}
- dst->top = state->num_errors - 1;
+ dst->top = (unsigned)(state->num_errors - 1);
dst->bottom = ERR_NUM_ERRORS - 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/err/err_data.c b/Sources/CJWTKitBoringSSL/crypto/err/err_data.c
index aeadc76b..04c2e3a4 100644
--- a/Sources/CJWTKitBoringSSL/crypto/err/err_data.c
+++ b/Sources/CJWTKitBoringSSL/crypto/err/err_data.c
@@ -81,7 +81,7 @@ const uint32_t kOpenSSLReasonValues[] = {
0x10339666,
0x10341679,
0x10348f93,
- 0x10350ccc,
+ 0x10350cdf,
0x1035968c,
0x103616b6,
0x103696c9,
@@ -103,7 +103,7 @@ const uint32_t kOpenSSLReasonValues[] = {
0x103e9839,
0x103f1850,
0x103f9863,
- 0x10400c90,
+ 0x10400ca3,
0x10409876,
0x10411894,
0x104198a7,
@@ -125,11 +125,12 @@ const uint32_t kOpenSSLReasonValues[] = {
0x104997d7,
0x104a16a1,
0x14320c73,
- 0x14328c81,
- 0x14330c90,
- 0x14338ca2,
+ 0x14328c94,
+ 0x14330ca3,
+ 0x14338cb5,
0x143400b9,
0x143480f7,
+ 0x14350c81,
0x18320090,
0x18328fe9,
0x183300b9,
@@ -163,7 +164,7 @@ const uint32_t kOpenSSLReasonValues[] = {
0x18411164,
0x1841912f,
0x1842114e,
- 0x18428cd8,
+ 0x18428c81,
0x1843110a,
0x18439176,
0x18441028,
@@ -185,60 +186,60 @@ const uint32_t kOpenSSLReasonValues[] = {
0x2438133b,
0x24389348,
0x2439135b,
- 0x28320cc0,
+ 0x28320cd3,
0x28328ceb,
- 0x28330c90,
+ 0x28330ca3,
0x28338cfe,
- 0x28340ccc,
+ 0x28340cdf,
0x283480b9,
0x283500f7,
- 0x28358cd8,
+ 0x28358c81,
0x2836099a,
- 0x2c3232e0,
+ 0x2c3232e7,
0x2c329372,
- 0x2c3332ee,
- 0x2c33b300,
- 0x2c343314,
- 0x2c34b326,
- 0x2c353341,
- 0x2c35b353,
- 0x2c363383,
+ 0x2c3332f5,
+ 0x2c33b307,
+ 0x2c34331b,
+ 0x2c34b32d,
+ 0x2c353348,
+ 0x2c35b35a,
+ 0x2c36338a,
0x2c36833a,
- 0x2c373390,
- 0x2c37b3bc,
- 0x2c3833fa,
- 0x2c38b411,
- 0x2c39342f,
- 0x2c39b43f,
- 0x2c3a3451,
- 0x2c3ab465,
- 0x2c3b3476,
- 0x2c3bb495,
+ 0x2c373397,
+ 0x2c37b3c3,
+ 0x2c383401,
+ 0x2c38b418,
+ 0x2c393436,
+ 0x2c39b446,
+ 0x2c3a3458,
+ 0x2c3ab46c,
+ 0x2c3b347d,
+ 0x2c3bb49c,
0x2c3c1384,
0x2c3c939a,
- 0x2c3d34da,
+ 0x2c3d34e1,
0x2c3d93b3,
- 0x2c3e3504,
- 0x2c3eb512,
- 0x2c3f352a,
- 0x2c3fb542,
- 0x2c40356c,
+ 0x2c3e350b,
+ 0x2c3eb519,
+ 0x2c3f3531,
+ 0x2c3fb549,
+ 0x2c403573,
0x2c409285,
- 0x2c41357d,
- 0x2c41b590,
+ 0x2c413584,
+ 0x2c41b597,
0x2c42124b,
- 0x2c42b5a1,
+ 0x2c42b5a8,
0x2c43076d,
- 0x2c43b487,
- 0x2c4433cf,
- 0x2c44b54f,
- 0x2c453366,
- 0x2c45b3a2,
- 0x2c46341f,
- 0x2c46b4a9,
- 0x2c4734be,
- 0x2c47b4f7,
- 0x2c4833e1,
+ 0x2c43b48e,
+ 0x2c4433d6,
+ 0x2c44b556,
+ 0x2c45336d,
+ 0x2c45b3a9,
+ 0x2c463426,
+ 0x2c46b4b0,
+ 0x2c4734c5,
+ 0x2c47b4fe,
+ 0x2c4833e8,
0x30320000,
0x30328015,
0x3033001f,
@@ -436,203 +437,203 @@ const uint32_t kOpenSSLReasonValues[] = {
0x404da092,
0x404e20a6,
0x404ea0b3,
- 0x404f214d,
- 0x404fa1c3,
- 0x40502232,
- 0x4050a246,
- 0x40512279,
- 0x40522289,
- 0x4052a2ad,
- 0x405322c5,
- 0x4053a2d8,
- 0x405422ed,
- 0x4054a310,
- 0x4055233b,
- 0x4055a378,
- 0x4056239d,
- 0x4056a3b6,
- 0x405723ce,
- 0x4057a3e1,
- 0x405823f6,
- 0x4058a41d,
- 0x4059244c,
- 0x4059a479,
- 0x405a248d,
- 0x405aa49d,
- 0x405b24b5,
- 0x405ba4c6,
- 0x405c24d9,
- 0x405ca518,
- 0x405d2525,
- 0x405da54a,
- 0x405e2588,
+ 0x404f2164,
+ 0x404fa1da,
+ 0x40502249,
+ 0x4050a25d,
+ 0x40512290,
+ 0x405222a0,
+ 0x4052a2c4,
+ 0x405322dc,
+ 0x4053a2ef,
+ 0x40542304,
+ 0x4054a327,
+ 0x40552352,
+ 0x4055a38f,
+ 0x405623b4,
+ 0x4056a3cd,
+ 0x405723e5,
+ 0x4057a3f8,
+ 0x4058240d,
+ 0x4058a434,
+ 0x40592463,
+ 0x4059a490,
+ 0x405aa4a4,
+ 0x405b24bc,
+ 0x405ba4cd,
+ 0x405c24e0,
+ 0x405ca51f,
+ 0x405d252c,
+ 0x405da551,
+ 0x405e258f,
0x405e8afe,
- 0x405f25a9,
- 0x405fa5b6,
- 0x406025c4,
- 0x4060a5e6,
- 0x40612647,
- 0x4061a67f,
- 0x40622696,
- 0x4062a6a7,
- 0x406326f4,
- 0x4063a709,
- 0x40642720,
- 0x4064a74c,
- 0x40652767,
- 0x4065a77e,
- 0x40662796,
- 0x4066a7c0,
- 0x406727eb,
- 0x4067a830,
- 0x40682878,
- 0x4068a899,
- 0x406928cb,
- 0x4069a8f9,
- 0x406a291a,
- 0x406aa93a,
- 0x406b2ac2,
- 0x406baae5,
- 0x406c2afb,
- 0x406cae05,
- 0x406d2e34,
- 0x406dae5c,
- 0x406e2e8a,
- 0x406eaed7,
- 0x406f2f30,
- 0x406faf68,
- 0x40702f7b,
- 0x4070af98,
+ 0x405f25b0,
+ 0x405fa5bd,
+ 0x406025cb,
+ 0x4060a5ed,
+ 0x4061264e,
+ 0x4061a686,
+ 0x4062269d,
+ 0x4062a6ae,
+ 0x406326fb,
+ 0x4063a710,
+ 0x40642727,
+ 0x4064a753,
+ 0x4065276e,
+ 0x4065a785,
+ 0x4066279d,
+ 0x4066a7c7,
+ 0x406727f2,
+ 0x4067a837,
+ 0x4068287f,
+ 0x4068a8a0,
+ 0x406928d2,
+ 0x4069a900,
+ 0x406a2921,
+ 0x406aa941,
+ 0x406b2ac9,
+ 0x406baaec,
+ 0x406c2b02,
+ 0x406cae0c,
+ 0x406d2e3b,
+ 0x406dae63,
+ 0x406e2e91,
+ 0x406eaede,
+ 0x406f2f37,
+ 0x406faf6f,
+ 0x40702f82,
+ 0x4070af9f,
0x4071084d,
- 0x4071afaa,
- 0x40722fbd,
- 0x4072aff3,
- 0x4073300b,
+ 0x4071afb1,
+ 0x40722fc4,
+ 0x4072affa,
+ 0x40733012,
0x4073959c,
- 0x4074301f,
- 0x4074b039,
- 0x4075304a,
- 0x4075b05e,
- 0x4076306c,
+ 0x40743026,
+ 0x4074b040,
+ 0x40753051,
+ 0x4075b065,
+ 0x40763073,
0x40769348,
- 0x40773091,
- 0x4077b0d1,
- 0x407830ec,
- 0x4078b125,
- 0x4079313c,
- 0x4079b152,
- 0x407a317e,
- 0x407ab191,
- 0x407b31a6,
- 0x407bb1b8,
- 0x407c31e9,
- 0x407cb1f2,
- 0x407d28b4,
- 0x407da1eb,
- 0x407e3101,
- 0x407ea42d,
+ 0x40773098,
+ 0x4077b0d8,
+ 0x407830f3,
+ 0x4078b12c,
+ 0x40793143,
+ 0x4079b159,
+ 0x407a3185,
+ 0x407ab198,
+ 0x407b31ad,
+ 0x407bb1bf,
+ 0x407c31f0,
+ 0x407cb1f9,
+ 0x407d28bb,
+ 0x407da202,
+ 0x407e3108,
+ 0x407ea444,
0x407f1e27,
0x407f9ffa,
- 0x4080215d,
+ 0x40802174,
0x40809e4f,
- 0x4081229b,
+ 0x408122b2,
0x4081a101,
- 0x40822e75,
+ 0x40822e7c,
0x40829ba2,
- 0x40832408,
- 0x4083a731,
+ 0x4083241f,
+ 0x4083a738,
0x40841e63,
- 0x4084a465,
- 0x408524ea,
- 0x4085a60e,
- 0x4086256a,
- 0x4086a205,
- 0x40872ebb,
- 0x4087a65c,
+ 0x4084a47c,
+ 0x408524f1,
+ 0x4085a615,
+ 0x40862571,
+ 0x4086a21c,
+ 0x40872ec2,
+ 0x4087a663,
0x40881be0,
- 0x4088a843,
+ 0x4088a84a,
0x40891c2f,
0x40899bbc,
- 0x408a2b33,
+ 0x408a2b3a,
0x408a99b4,
- 0x408b31cd,
- 0x408baf45,
- 0x408c24fa,
+ 0x408b31d4,
+ 0x408baf4c,
+ 0x408c2501,
0x408c99ec,
0x408d1f4b,
0x408d9e95,
0x408e207b,
- 0x408ea358,
- 0x408f2857,
- 0x408fa62a,
- 0x4090280c,
- 0x4090a53c,
- 0x40912b1b,
+ 0x408ea36f,
+ 0x408f285e,
+ 0x408fa631,
+ 0x40902813,
+ 0x4090a543,
+ 0x40912b22,
0x40919a12,
0x40921c7c,
- 0x4092aef6,
- 0x40932fd6,
- 0x4093a216,
+ 0x4092aefd,
+ 0x40932fdd,
+ 0x4093a22d,
0x40941e77,
- 0x4094ab4c,
- 0x409526b8,
- 0x4095b15e,
- 0x40962ea2,
- 0x4096a176,
- 0x40972261,
+ 0x4094ab53,
+ 0x409526bf,
+ 0x4095b165,
+ 0x40962ea9,
+ 0x4096a18d,
+ 0x40972278,
0x4097a0ca,
0x40981cdc,
- 0x4098a6cc,
- 0x40992f12,
- 0x4099a385,
- 0x409a231e,
+ 0x4098a6d3,
+ 0x40992f19,
+ 0x4099a39c,
+ 0x409a2335,
0x409a99d0,
0x409b1ed1,
0x409b9efc,
- 0x409c30b3,
+ 0x409c30ba,
0x409c9f24,
- 0x409d2132,
+ 0x409d2149,
0x409da117,
0x409e1d6d,
- 0x409ea1ab,
- 0x409f2193,
+ 0x409ea1c2,
+ 0x409f21aa,
0x409f9ec4,
- 0x40a021d3,
+ 0x40a021ea,
0x40a0a0e4,
- 0x41f429ed,
- 0x41f92a7f,
- 0x41fe2972,
- 0x41feac28,
- 0x41ff2d56,
- 0x42032a06,
- 0x42082a28,
- 0x4208aa64,
- 0x42092956,
- 0x4209aa9e,
- 0x420a29ad,
- 0x420aa98d,
- 0x420b29cd,
- 0x420baa46,
- 0x420c2d72,
- 0x420cab5c,
- 0x420d2c0f,
- 0x420dac46,
- 0x42122c79,
- 0x42172d39,
- 0x4217acbb,
- 0x421c2cdd,
- 0x421f2c98,
- 0x42212dea,
- 0x42262d1c,
- 0x422b2dc8,
- 0x422babea,
- 0x422c2daa,
- 0x422cab9d,
- 0x422d2b76,
- 0x422dad89,
- 0x422e2bc9,
- 0x42302cf8,
- 0x4230ac60,
+ 0x40a12132,
+ 0x41f429f4,
+ 0x41f92a86,
+ 0x41fe2979,
+ 0x41feac2f,
+ 0x41ff2d5d,
+ 0x42032a0d,
+ 0x42082a2f,
+ 0x4208aa6b,
+ 0x4209295d,
+ 0x4209aaa5,
+ 0x420a29b4,
+ 0x420aa994,
+ 0x420b29d4,
+ 0x420baa4d,
+ 0x420c2d79,
+ 0x420cab63,
+ 0x420d2c16,
+ 0x420dac4d,
+ 0x42122c80,
+ 0x42172d40,
+ 0x4217acc2,
+ 0x421c2ce4,
+ 0x421f2c9f,
+ 0x42212df1,
+ 0x42262d23,
+ 0x422b2dcf,
+ 0x422babf1,
+ 0x422c2db1,
+ 0x422caba4,
+ 0x422d2b7d,
+ 0x422dad90,
+ 0x422e2bd0,
+ 0x42302cff,
+ 0x4230ac67,
0x44320778,
0x44328787,
0x44330793,
@@ -677,7 +678,7 @@ const uint32_t kOpenSSLReasonValues[] = {
0x4c3c1574,
0x4c3c9583,
0x4c3d159c,
- 0x4c3d8cb3,
+ 0x4c3d8cc6,
0x4c3e1609,
0x4c3e95ab,
0x4c3f162b,
@@ -688,71 +689,71 @@ const uint32_t kOpenSSLReasonValues[] = {
0x4c41947c,
0x4c4215e5,
0x4c4293c4,
- 0x503235b3,
- 0x5032b5c2,
- 0x503335cd,
- 0x5033b5dd,
- 0x503435f6,
- 0x5034b610,
- 0x5035361e,
- 0x5035b634,
- 0x50363646,
- 0x5036b65c,
- 0x50373675,
- 0x5037b688,
- 0x503836a0,
- 0x5038b6b1,
- 0x503936c6,
- 0x5039b6da,
- 0x503a36fa,
- 0x503ab710,
- 0x503b3728,
- 0x503bb73a,
- 0x503c3756,
- 0x503cb76d,
- 0x503d3786,
- 0x503db79c,
- 0x503e37a9,
- 0x503eb7bf,
- 0x503f37d1,
+ 0x503235ba,
+ 0x5032b5c9,
+ 0x503335d4,
+ 0x5033b5e4,
+ 0x503435fd,
+ 0x5034b617,
+ 0x50353625,
+ 0x5035b63b,
+ 0x5036364d,
+ 0x5036b663,
+ 0x5037367c,
+ 0x5037b68f,
+ 0x503836a7,
+ 0x5038b6b8,
+ 0x503936cd,
+ 0x5039b6e1,
+ 0x503a3701,
+ 0x503ab717,
+ 0x503b372f,
+ 0x503bb741,
+ 0x503c375d,
+ 0x503cb774,
+ 0x503d378d,
+ 0x503db7a3,
+ 0x503e37b0,
+ 0x503eb7c6,
+ 0x503f37d8,
0x503f83b3,
- 0x504037e4,
- 0x5040b7f4,
- 0x5041380e,
- 0x5041b81d,
- 0x50423837,
- 0x5042b854,
- 0x50433864,
- 0x5043b874,
- 0x50443891,
+ 0x504037eb,
+ 0x5040b7fb,
+ 0x50413815,
+ 0x5041b824,
+ 0x5042383e,
+ 0x5042b85b,
+ 0x5043386b,
+ 0x5043b87b,
+ 0x50443898,
0x50448469,
- 0x504538a5,
- 0x5045b8c3,
- 0x504638d6,
- 0x5046b8ec,
- 0x504738fe,
- 0x5047b913,
- 0x50483939,
- 0x5048b947,
- 0x5049395a,
- 0x5049b96f,
- 0x504a3985,
- 0x504ab995,
- 0x504b39b5,
- 0x504bb9c8,
- 0x504c39eb,
- 0x504cba19,
- 0x504d3a46,
- 0x504dba63,
- 0x504e3a7e,
- 0x504eba9a,
- 0x504f3aac,
- 0x504fbac3,
- 0x50503ad2,
+ 0x504538ac,
+ 0x5045b8ca,
+ 0x504638dd,
+ 0x5046b8f3,
+ 0x50473905,
+ 0x5047b91a,
+ 0x50483940,
+ 0x5048b94e,
+ 0x50493961,
+ 0x5049b976,
+ 0x504a398c,
+ 0x504ab99c,
+ 0x504b39bc,
+ 0x504bb9cf,
+ 0x504c39f2,
+ 0x504cba20,
+ 0x504d3a4d,
+ 0x504dba6a,
+ 0x504e3a85,
+ 0x504ebaa1,
+ 0x504f3ab3,
+ 0x504fbaca,
+ 0x50503ad9,
0x50508729,
- 0x50513ae5,
- 0x5051b883,
- 0x50523a2b,
+ 0x50513aec,
+ 0x5051b88a,
+ 0x50523a32,
0x58320fd1,
0x68320f93,
0x68328ceb,
@@ -762,12 +763,12 @@ const uint32_t kOpenSSLReasonValues[] = {
0x683480f7,
0x6835099a,
0x6c320f59,
- 0x6c328ca2,
+ 0x6c328cb5,
0x6c330f64,
0x6c338f7d,
0x74320a66,
0x743280b9,
- 0x74330cb3,
+ 0x74330cc6,
0x783209cb,
0x783289e0,
0x783309ec,
@@ -797,19 +798,19 @@ const uint32_t kOpenSSLReasonValues[] = {
0x7c321261,
0x8032148f,
0x80328090,
- 0x803332af,
+ 0x803332b6,
0x803380b9,
- 0x803432be,
- 0x8034b226,
- 0x80353244,
- 0x8035b2d2,
- 0x80363286,
- 0x8036b235,
- 0x80373278,
- 0x8037b213,
- 0x80383299,
- 0x8038b255,
- 0x8039326a,
+ 0x803432c5,
+ 0x8034b22d,
+ 0x8035324b,
+ 0x8035b2d9,
+ 0x8036328d,
+ 0x8036b23c,
+ 0x8037327f,
+ 0x8037b21a,
+ 0x803832a0,
+ 0x8038b25c,
+ 0x80393271,
};
const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]);
@@ -982,13 +983,13 @@ const char kOpenSSLReasonStringData[] =
"VARIABLE_EXPANSION_TOO_LONG\0"
"VARIABLE_HAS_NO_VALUE\0"
"BAD_GENERATOR\0"
+ "INVALID_PARAMETERS\0"
"INVALID_PUBKEY\0"
"MODULUS_TOO_LARGE\0"
"NO_PRIVATE_VALUE\0"
"UNKNOWN_HASH\0"
"BAD_Q_VALUE\0"
"BAD_VERSION\0"
- "INVALID_PARAMETERS\0"
"MISSING_PARAMETERS\0"
"NEED_NEW_SETUP_VALUES\0"
"BIGNUM_OUT_OF_RANGE\0"
@@ -1230,6 +1231,7 @@ const char kOpenSSLReasonStringData[] =
"INCONSISTENT_ECH_NEGOTIATION\0"
"INVALID_ALPN_PROTOCOL\0"
"INVALID_ALPN_PROTOCOL_LIST\0"
+ "INVALID_ALPS_CODEPOINT\0"
"INVALID_CLIENT_HELLO_INNER\0"
"INVALID_COMMAND\0"
"INVALID_COMPRESSION_LIST\0"
@@ -1268,7 +1270,6 @@ const char kOpenSSLReasonStringData[] =
"NO_COMPRESSION_SPECIFIED\0"
"NO_GROUPS_SPECIFIED\0"
"NO_METHOD_SPECIFIED\0"
- "NO_P256_SUPPORT\0"
"NO_PRIVATE_KEY_ASSIGNED\0"
"NO_RENEGOTIATION\0"
"NO_REQUIRED_DIGEST\0"
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/evp.c b/Sources/CJWTKitBoringSSL/crypto/evp/evp.c
index 0f6942a0..4ee49e42 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/evp.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/evp.c
@@ -81,17 +81,13 @@ OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH)
OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK)
EVP_PKEY *EVP_PKEY_new(void) {
- EVP_PKEY *ret;
-
- ret = OPENSSL_malloc(sizeof(EVP_PKEY));
+ EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY));
if (ret == NULL) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(EVP_PKEY));
ret->type = EVP_PKEY_NONE;
ret->references = 1;
-
return ret;
}
@@ -229,6 +225,13 @@ static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
}
}
+static void evp_pkey_set_method(EVP_PKEY *pkey,
+ const EVP_PKEY_ASN1_METHOD *method) {
+ free_it(pkey);
+ pkey->ameth = method;
+ pkey->type = pkey->ameth->pkey_id;
+}
+
int EVP_PKEY_type(int nid) {
const EVP_PKEY_ASN1_METHOD *meth = evp_pkey_asn1_find(nid);
if (meth == NULL) {
@@ -246,7 +249,9 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) {
}
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
- return EVP_PKEY_assign(pkey, EVP_PKEY_RSA, key);
+ evp_pkey_set_method(pkey, &rsa_asn1_meth);
+ pkey->pkey = key;
+ return key != NULL;
}
RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
@@ -274,7 +279,9 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) {
}
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) {
- return EVP_PKEY_assign(pkey, EVP_PKEY_DSA, key);
+ evp_pkey_set_method(pkey, &dsa_asn1_meth);
+ pkey->pkey = key;
+ return key != NULL;
}
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) {
@@ -302,7 +309,9 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
}
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
- return EVP_PKEY_assign(pkey, EVP_PKEY_EC, key);
+ evp_pkey_set_method(pkey, &ec_asn1_meth);
+ pkey->pkey = key;
+ return key != NULL;
}
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
@@ -325,21 +334,32 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { return NULL; }
DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { return NULL; }
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) {
- if (!EVP_PKEY_set_type(pkey, type)) {
- return 0;
+ // This function can only be used to assign RSA, DSA, and EC keys. Other key
+ // types have internal representations which are not exposed through the
+ // public API.
+ switch (type) {
+ case EVP_PKEY_RSA:
+ return EVP_PKEY_assign_RSA(pkey, key);
+ case EVP_PKEY_DSA:
+ return EVP_PKEY_assign_DSA(pkey, key);
+ case EVP_PKEY_EC:
+ return EVP_PKEY_assign_EC_KEY(pkey, key);
}
- pkey->pkey = key;
- return key != NULL;
+
+ OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
+ ERR_add_error_dataf("algorithm %d", type);
+ return 0;
}
int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
- const EVP_PKEY_ASN1_METHOD *ameth;
-
if (pkey && pkey->pkey) {
+ // This isn't strictly necessary, but historically |EVP_PKEY_set_type| would
+ // clear |pkey| even if |evp_pkey_asn1_find| failed, so we preserve that
+ // behavior.
free_it(pkey);
}
- ameth = evp_pkey_asn1_find(type);
+ const EVP_PKEY_ASN1_METHOD *ameth = evp_pkey_asn1_find(type);
if (ameth == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
ERR_add_error_dataf("algorithm %d", type);
@@ -347,8 +367,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
}
if (pkey) {
- pkey->ameth = ameth;
- pkey->type = pkey->ameth->pkey_id;
+ evp_pkey_set_method(pkey, ameth);
}
return 1;
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/evp_ctx.c b/Sources/CJWTKitBoringSSL/crypto/evp/evp_ctx.c
index 920bca02..8e9f2191 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/evp_ctx.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/evp_ctx.c
@@ -86,11 +86,10 @@ static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {
static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e,
const EVP_PKEY_METHOD *pmeth) {
- EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+ EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX));
if (!ret) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX));
ret->engine = e;
ret->pmeth = pmeth;
@@ -156,13 +155,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx) {
return NULL;
}
- EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
+ EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX));
if (!ret) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX));
-
ret->pmeth = ctx->pmeth;
ret->engine = ctx->engine;
ret->operation = ctx->operation;
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/p_ec.c b/Sources/CJWTKitBoringSSL/crypto/evp/p_ec.c
index d6026748..11f9cbae 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/p_ec.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/p_ec.c
@@ -75,20 +75,17 @@
typedef struct {
// message digest
const EVP_MD *md;
- EC_GROUP *gen_group;
+ const EC_GROUP *gen_group;
} EC_PKEY_CTX;
static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
- EC_PKEY_CTX *dctx;
- dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
+ EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX));
if (!dctx) {
return 0;
}
- OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX));
ctx->data = dctx;
-
return 1;
}
@@ -111,7 +108,6 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
return;
}
- EC_GROUP_free(dctx->gen_group);
OPENSSL_free(dctx);
}
@@ -195,11 +191,10 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
return 1;
case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: {
- EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
+ const EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
if (group == NULL) {
return 0;
}
- EC_GROUP_free(dctx->gen_group);
dctx->gen_group = group;
return 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/p_ec_asn1.c b/Sources/CJWTKitBoringSSL/crypto/evp/p_ec_asn1.c
index 0d194288..69b68590 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/p_ec_asn1.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/p_ec_asn1.c
@@ -94,7 +94,7 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
// The parameters are a named curve.
EC_KEY *eckey = NULL;
- EC_GROUP *group = EC_KEY_parse_curve_name(params);
+ const EC_GROUP *group = EC_KEY_parse_curve_name(params);
if (group == NULL || CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
@@ -107,12 +107,10 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
goto err;
}
- EC_GROUP_free(group);
EVP_PKEY_assign_EC_KEY(out, eckey);
return 1;
err:
- EC_GROUP_free(group);
EC_KEY_free(eckey);
return 0;
}
@@ -135,15 +133,13 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
static int eckey_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {
// See RFC 5915.
- EC_GROUP *group = EC_KEY_parse_parameters(params);
+ const EC_GROUP *group = EC_KEY_parse_parameters(params);
if (group == NULL || CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
- EC_GROUP_free(group);
return 0;
}
EC_KEY *ec_key = EC_KEY_parse_private_key(key, group);
- EC_GROUP_free(group);
if (ec_key == NULL || CBS_len(key) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
EC_KEY_free(ec_key);
@@ -215,7 +211,7 @@ static int ec_bits(const EVP_PKEY *pkey) {
ERR_clear_error();
return 0;
}
- return BN_num_bits(EC_GROUP_get0_order(group));
+ return EC_GROUP_order_bits(group);
}
static int ec_missing_parameters(const EVP_PKEY *pkey) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/p_hkdf.c b/Sources/CJWTKitBoringSSL/crypto/evp/p_hkdf.c
index 14830c9f..570f66c7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/p_hkdf.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/p_hkdf.c
@@ -35,12 +35,11 @@ typedef struct {
} HKDF_PKEY_CTX;
static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) {
- HKDF_PKEY_CTX *hctx = OPENSSL_malloc(sizeof(HKDF_PKEY_CTX));
+ HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX));
if (hctx == NULL) {
return 0;
}
- OPENSSL_memset(hctx, 0, sizeof(HKDF_PKEY_CTX));
if (!CBB_init(&hctx->info, 0)) {
OPENSSL_free(hctx);
return 0;
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/p_rsa.c b/Sources/CJWTKitBoringSSL/crypto/evp/p_rsa.c
index 184fe5ef..66243e7b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/p_rsa.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/p_rsa.c
@@ -97,12 +97,10 @@ typedef struct {
} RSA_OAEP_LABEL_PARAMS;
static int pkey_rsa_init(EVP_PKEY_CTX *ctx) {
- RSA_PKEY_CTX *rctx;
- rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
+ RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX));
if (!rctx) {
return 0;
}
- OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX));
rctx->nbits = 2048;
rctx->pad_mode = RSA_PKCS1_PADDING;
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/pbkdf.c b/Sources/CJWTKitBoringSSL/crypto/evp/pbkdf.c
index abc20c83..3ad83ba8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/pbkdf.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/pbkdf.c
@@ -63,7 +63,7 @@
int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
- const uint8_t *salt, size_t salt_len, unsigned iterations,
+ const uint8_t *salt, size_t salt_len, uint32_t iterations,
const EVP_MD *digest, size_t key_len, uint8_t *out_key) {
// See RFC 8018, section 5.2.
int ret = 0;
@@ -98,7 +98,7 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
}
OPENSSL_memcpy(out_key, digest_tmp, todo);
- for (unsigned j = 1; j < iterations; j++) {
+ for (uint32_t j = 1; j < iterations; j++) {
// Compute the remaining U_* values and XOR.
if (!HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL) ||
!HMAC_Update(&hctx, digest_tmp, md_len) ||
@@ -139,7 +139,7 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
int PKCS5_PBKDF2_HMAC_SHA1(const char *password, size_t password_len,
const uint8_t *salt, size_t salt_len,
- unsigned iterations, size_t key_len,
+ uint32_t iterations, size_t key_len,
uint8_t *out_key) {
return PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, iterations,
EVP_sha1(), key_len, out_key);
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/print.c b/Sources/CJWTKitBoringSSL/crypto/evp/print.c
index 3486fcc4..6df35b83 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/print.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/print.c
@@ -196,12 +196,12 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {
const BIGNUM *priv_key = NULL;
if (ptype == 2) {
- priv_key = x->priv_key;
+ priv_key = DSA_get0_priv_key(x);
}
const BIGNUM *pub_key = NULL;
if (ptype > 0) {
- pub_key = x->pub_key;
+ pub_key = DSA_get0_pub_key(x);
}
const char *ktype = "DSA-Parameters";
@@ -212,14 +212,15 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {
}
if (!BIO_indent(bp, off, 128) ||
- BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(x->p)) <= 0 ||
+ BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(DSA_get0_p(x))) <=
+ 0 ||
// |priv_key| and |pub_key| may be NULL, in which case |bn_print| will
// silently skip them.
!bn_print(bp, "priv:", priv_key, off) ||
!bn_print(bp, "pub:", pub_key, off) ||
- !bn_print(bp, "P:", x->p, off) ||
- !bn_print(bp, "Q:", x->q, off) ||
- !bn_print(bp, "G:", x->g, off)) {
+ !bn_print(bp, "P:", DSA_get0_p(x), off) ||
+ !bn_print(bp, "Q:", DSA_get0_q(x), off) ||
+ !bn_print(bp, "G:", DSA_get0_g(x), off)) {
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/evp/scrypt.c b/Sources/CJWTKitBoringSSL/crypto/evp/scrypt.c
index bd4c5761..4e1e13ae 100644
--- a/Sources/CJWTKitBoringSSL/crypto/evp/scrypt.c
+++ b/Sources/CJWTKitBoringSSL/crypto/evp/scrypt.c
@@ -170,12 +170,12 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
// Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
// is no bigger than uint64_t, so none of these operations may overflow.
- static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
+ static_assert(UINT64_MAX >= SIZE_MAX, "size_t exceeds uint64_t");
size_t B_blocks = p * 2 * r;
size_t B_bytes = B_blocks * sizeof(block_t);
size_t T_blocks = 2 * r;
size_t V_blocks = N * 2 * r;
- block_t *B = OPENSSL_malloc((B_blocks + T_blocks + V_blocks) * sizeof(block_t));
+ block_t *B = OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t));
if (B == NULL) {
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/ex_data.c b/Sources/CJWTKitBoringSSL/crypto/ex_data.c
index 198245b7..78386518 100644
--- a/Sources/CJWTKitBoringSSL/crypto/ex_data.c
+++ b/Sources/CJWTKitBoringSSL/crypto/ex_data.c
@@ -144,13 +144,13 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
funcs->free_func = free_func;
funcs->next = NULL;
- CRYPTO_STATIC_MUTEX_lock_write(&ex_data_class->lock);
+ CRYPTO_MUTEX_lock_write(&ex_data_class->lock);
uint32_t num_funcs = CRYPTO_atomic_load_u32(&ex_data_class->num_funcs);
// The index must fit in |int|.
if (num_funcs > (size_t)(INT_MAX - ex_data_class->num_reserved)) {
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
- CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
+ CRYPTO_MUTEX_unlock_write(&ex_data_class->lock);
return 0;
}
@@ -165,7 +165,7 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
}
CRYPTO_atomic_store_u32(&ex_data_class->num_funcs, num_funcs + 1);
- CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
+ CRYPTO_MUTEX_unlock_write(&ex_data_class->lock);
*out_index = (int)num_funcs + ex_data_class->num_reserved;
return 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S
index 0b6a7ef7..47ea31d8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.type _aesni_ctr32_ghash_6x,@function
@@ -345,7 +338,7 @@ _aesni_ctr32_ghash_6x:
vpxor 16+8(%rsp),%xmm8,%xmm8
vpxor %xmm4,%xmm8,%xmm8
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
.globl aesni_gcm_decrypt
@@ -355,6 +348,7 @@ _aesni_ctr32_ghash_6x:
aesni_gcm_decrypt:
.cfi_startproc
+_CET_ENDBR
xorq %rax,%rax
@@ -474,7 +468,7 @@ aesni_gcm_decrypt:
.cfi_adjust_cfa_offset -8
.cfi_restore %rbp
.Lgcm_dec_abort:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aesni_gcm_decrypt,.-aesni_gcm_decrypt
@@ -545,7 +539,7 @@ _aesni_ctr32_6x:
vmovups %xmm14,80(%rsi)
leaq 96(%rsi),%rsi
- .byte 0xf3,0xc3
+ ret
.align 32
.Lhandle_ctr32_2:
vpshufb %xmm0,%xmm1,%xmm6
@@ -578,6 +572,7 @@ _aesni_ctr32_6x:
aesni_gcm_encrypt:
.cfi_startproc
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
.extern BORINGSSL_function_hit
.hidden BORINGSSL_function_hit
@@ -868,10 +863,10 @@ aesni_gcm_encrypt:
.cfi_adjust_cfa_offset -8
.cfi_restore %rbp
.Lgcm_enc_abort:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
-.size aesni_gcm_decrypt,.-aesni_gcm_decrypt
+.size aesni_gcm_encrypt,.-aesni_gcm_encrypt
.section .rodata
.align 64
.Lbswap_mask:
@@ -888,10 +883,6 @@ aesni_gcm_encrypt:
.align 64
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S
index 396477c5..a8ba1185 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-gcm-x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
@@ -345,7 +338,7 @@ L$6x_done:
vpxor 16+8(%rsp),%xmm8,%xmm8
vpxor %xmm4,%xmm8,%xmm8
- .byte 0xf3,0xc3
+ ret
.globl _aesni_gcm_decrypt
@@ -355,6 +348,7 @@ L$6x_done:
_aesni_gcm_decrypt:
+_CET_ENDBR
xorq %rax,%rax
@@ -467,7 +461,7 @@ L$dec_no_key_aliasing:
popq %rbp
L$gcm_dec_abort:
- .byte 0xf3,0xc3
+ ret
@@ -538,7 +532,7 @@ L$oop_ctr32:
vmovups %xmm14,80(%rsi)
leaq 96(%rsi),%rsi
- .byte 0xf3,0xc3
+ ret
.p2align 5
L$handle_ctr32_2:
vpshufb %xmm0,%xmm1,%xmm6
@@ -571,6 +565,7 @@ L$handle_ctr32_2:
_aesni_gcm_encrypt:
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,_BORINGSSL_function_hit+2(%rip)
@@ -853,7 +848,7 @@ L$enc_no_key_aliasing:
popq %rbp
L$gcm_enc_abort:
- .byte 0xf3,0xc3
+ ret
@@ -873,10 +868,6 @@ L$one_lsb:
.p2align 6
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86-linux.linux.x86.S
index b614cc09..8e7e52c2 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
#ifdef BORINGSSL_DISPATCH_TEST
#endif
@@ -2517,11 +2510,7 @@ aes_hw_set_decrypt_key:
.byte 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
.byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
.byte 115,108,46,111,114,103,62,0
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S
index 80124f8a..4c0c95dd 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.extern OPENSSL_ia32cap_P
.hidden OPENSSL_ia32cap_P
@@ -22,6 +15,7 @@
.align 16
aes_hw_encrypt:
.cfi_startproc
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
.extern BORINGSSL_function_hit
.hidden BORINGSSL_function_hit
@@ -44,7 +38,7 @@ aes_hw_encrypt:
pxor %xmm1,%xmm1
movups %xmm2,(%rsi)
pxor %xmm2,%xmm2
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes_hw_encrypt,.-aes_hw_encrypt
@@ -54,6 +48,7 @@ aes_hw_encrypt:
.align 16
aes_hw_decrypt:
.cfi_startproc
+_CET_ENDBR
movups (%rdi),%xmm2
movl 240(%rdx),%eax
movups (%rdx),%xmm0
@@ -71,7 +66,7 @@ aes_hw_decrypt:
pxor %xmm1,%xmm1
movups %xmm2,(%rsi)
pxor %xmm2,%xmm2
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes_hw_decrypt, .-aes_hw_decrypt
.type _aesni_encrypt2,@function
@@ -102,7 +97,7 @@ _aesni_encrypt2:
.byte 102,15,56,220,217
.byte 102,15,56,221,208
.byte 102,15,56,221,216
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_encrypt2,.-_aesni_encrypt2
.type _aesni_decrypt2,@function
@@ -133,7 +128,7 @@ _aesni_decrypt2:
.byte 102,15,56,222,217
.byte 102,15,56,223,208
.byte 102,15,56,223,216
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_decrypt2,.-_aesni_decrypt2
.type _aesni_encrypt3,@function
@@ -169,7 +164,7 @@ _aesni_encrypt3:
.byte 102,15,56,221,208
.byte 102,15,56,221,216
.byte 102,15,56,221,224
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_encrypt3,.-_aesni_encrypt3
.type _aesni_decrypt3,@function
@@ -205,7 +200,7 @@ _aesni_decrypt3:
.byte 102,15,56,223,208
.byte 102,15,56,223,216
.byte 102,15,56,223,224
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_decrypt3,.-_aesni_decrypt3
.type _aesni_encrypt4,@function
@@ -247,7 +242,7 @@ _aesni_encrypt4:
.byte 102,15,56,221,216
.byte 102,15,56,221,224
.byte 102,15,56,221,232
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_encrypt4,.-_aesni_encrypt4
.type _aesni_decrypt4,@function
@@ -289,7 +284,7 @@ _aesni_decrypt4:
.byte 102,15,56,223,216
.byte 102,15,56,223,224
.byte 102,15,56,223,232
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_decrypt4,.-_aesni_decrypt4
.type _aesni_encrypt6,@function
@@ -345,7 +340,7 @@ _aesni_encrypt6:
.byte 102,15,56,221,232
.byte 102,15,56,221,240
.byte 102,15,56,221,248
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_encrypt6,.-_aesni_encrypt6
.type _aesni_decrypt6,@function
@@ -401,7 +396,7 @@ _aesni_decrypt6:
.byte 102,15,56,223,232
.byte 102,15,56,223,240
.byte 102,15,56,223,248
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_decrypt6,.-_aesni_decrypt6
.type _aesni_encrypt8,@function
@@ -467,7 +462,7 @@ _aesni_encrypt8:
.byte 102,15,56,221,248
.byte 102,68,15,56,221,192
.byte 102,68,15,56,221,200
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_encrypt8,.-_aesni_encrypt8
.type _aesni_decrypt8,@function
@@ -533,7 +528,7 @@ _aesni_decrypt8:
.byte 102,15,56,223,248
.byte 102,68,15,56,223,192
.byte 102,68,15,56,223,200
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size _aesni_decrypt8,.-_aesni_decrypt8
.globl aes_hw_ecb_encrypt
@@ -542,6 +537,7 @@ _aesni_decrypt8:
.align 16
aes_hw_ecb_encrypt:
.cfi_startproc
+_CET_ENDBR
andq $-16,%rdx
jz .Lecb_ret
@@ -878,7 +874,7 @@ aes_hw_ecb_encrypt:
.Lecb_ret:
xorps %xmm0,%xmm0
pxor %xmm1,%xmm1
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes_hw_ecb_encrypt,.-aes_hw_ecb_encrypt
.globl aes_hw_ctr32_encrypt_blocks
@@ -887,6 +883,7 @@ aes_hw_ecb_encrypt:
.align 16
aes_hw_ctr32_encrypt_blocks:
.cfi_startproc
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,BORINGSSL_function_hit(%rip)
#endif
@@ -976,10 +973,7 @@ aes_hw_ctr32_encrypt_blocks:
leaq 7(%r8),%r9
movl %r10d,96+12(%rsp)
bswapl %r9d
- leaq OPENSSL_ia32cap_P(%rip),%r10
- movl 4(%r10),%r10d
xorl %ebp,%r9d
- andl $71303168,%r10d
movl %r9d,112+12(%rsp)
movups 16(%rcx),%xmm1
@@ -990,104 +984,10 @@ aes_hw_ctr32_encrypt_blocks:
cmpq $8,%rdx
jb .Lctr32_tail
- subq $6,%rdx
- cmpl $4194304,%r10d
- je .Lctr32_6x
-
leaq 128(%rcx),%rcx
- subq $2,%rdx
+ subq $8,%rdx
jmp .Lctr32_loop8
-.align 16
-.Lctr32_6x:
- shll $4,%eax
- movl $48,%r10d
- bswapl %ebp
- leaq 32(%rcx,%rax,1),%rcx
- subq %rax,%r10
- jmp .Lctr32_loop6
-
-.align 16
-.Lctr32_loop6:
- addl $6,%r8d
- movups -48(%rcx,%r10,1),%xmm0
-.byte 102,15,56,220,209
- movl %r8d,%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,217
-.byte 0x0f,0x38,0xf1,0x44,0x24,12
- leal 1(%r8),%eax
-.byte 102,15,56,220,225
- xorl %ebp,%eax
-.byte 0x0f,0x38,0xf1,0x44,0x24,28
-.byte 102,15,56,220,233
- leal 2(%r8),%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,241
-.byte 0x0f,0x38,0xf1,0x44,0x24,44
- leal 3(%r8),%eax
-.byte 102,15,56,220,249
- movups -32(%rcx,%r10,1),%xmm1
- xorl %ebp,%eax
-
-.byte 102,15,56,220,208
-.byte 0x0f,0x38,0xf1,0x44,0x24,60
- leal 4(%r8),%eax
-.byte 102,15,56,220,216
- xorl %ebp,%eax
-.byte 0x0f,0x38,0xf1,0x44,0x24,76
-.byte 102,15,56,220,224
- leal 5(%r8),%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,232
-.byte 0x0f,0x38,0xf1,0x44,0x24,92
- movq %r10,%rax
-.byte 102,15,56,220,240
-.byte 102,15,56,220,248
- movups -16(%rcx,%r10,1),%xmm0
-
- call .Lenc_loop6
-
- movdqu (%rdi),%xmm8
- movdqu 16(%rdi),%xmm9
- movdqu 32(%rdi),%xmm10
- movdqu 48(%rdi),%xmm11
- movdqu 64(%rdi),%xmm12
- movdqu 80(%rdi),%xmm13
- leaq 96(%rdi),%rdi
- movups -64(%rcx,%r10,1),%xmm1
- pxor %xmm2,%xmm8
- movaps 0(%rsp),%xmm2
- pxor %xmm3,%xmm9
- movaps 16(%rsp),%xmm3
- pxor %xmm4,%xmm10
- movaps 32(%rsp),%xmm4
- pxor %xmm5,%xmm11
- movaps 48(%rsp),%xmm5
- pxor %xmm6,%xmm12
- movaps 64(%rsp),%xmm6
- pxor %xmm7,%xmm13
- movaps 80(%rsp),%xmm7
- movdqu %xmm8,(%rsi)
- movdqu %xmm9,16(%rsi)
- movdqu %xmm10,32(%rsi)
- movdqu %xmm11,48(%rsi)
- movdqu %xmm12,64(%rsi)
- movdqu %xmm13,80(%rsi)
- leaq 96(%rsi),%rsi
-
- subq $6,%rdx
- jnc .Lctr32_loop6
-
- addq $6,%rdx
- jz .Lctr32_done
-
- leal -48(%r10),%eax
- leaq -80(%rcx,%r10,1),%rcx
- negl %eax
- shrl $4,%eax
- jmp .Lctr32_tail
-
.align 32
.Lctr32_loop8:
addl $8,%r8d
@@ -1463,7 +1363,7 @@ aes_hw_ctr32_encrypt_blocks:
leaq (%r11),%rsp
.cfi_def_cfa_register %rsp
.Lctr32_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
.globl aes_hw_cbc_encrypt
@@ -1472,6 +1372,7 @@ aes_hw_ctr32_encrypt_blocks:
.align 16
aes_hw_cbc_encrypt:
.cfi_startproc
+_CET_ENDBR
testq %rdx,%rdx
jz .Lcbc_ret
@@ -1588,16 +1489,10 @@ aes_hw_cbc_encrypt:
movdqa %xmm5,%xmm14
movdqu 80(%rdi),%xmm7
movdqa %xmm6,%xmm15
- leaq OPENSSL_ia32cap_P(%rip),%r9
- movl 4(%r9),%r9d
cmpq $0x70,%rdx
jbe .Lcbc_dec_six_or_seven
- andl $71303168,%r9d
- subq $0x50,%rdx
- cmpl $4194304,%r9d
- je .Lcbc_dec_loop6_enter
- subq $0x20,%rdx
+ subq $0x70,%rdx
leaq 112(%rcx),%rcx
jmp .Lcbc_dec_loop8_enter
.align 16
@@ -1868,51 +1763,6 @@ aes_hw_cbc_encrypt:
pxor %xmm9,%xmm9
jmp .Lcbc_dec_tail_collected
-.align 16
-.Lcbc_dec_loop6:
- movups %xmm7,(%rsi)
- leaq 16(%rsi),%rsi
- movdqu 0(%rdi),%xmm2
- movdqu 16(%rdi),%xmm3
- movdqa %xmm2,%xmm11
- movdqu 32(%rdi),%xmm4
- movdqa %xmm3,%xmm12
- movdqu 48(%rdi),%xmm5
- movdqa %xmm4,%xmm13
- movdqu 64(%rdi),%xmm6
- movdqa %xmm5,%xmm14
- movdqu 80(%rdi),%xmm7
- movdqa %xmm6,%xmm15
-.Lcbc_dec_loop6_enter:
- leaq 96(%rdi),%rdi
- movdqa %xmm7,%xmm8
-
- call _aesni_decrypt6
-
- pxor %xmm10,%xmm2
- movdqa %xmm8,%xmm10
- pxor %xmm11,%xmm3
- movdqu %xmm2,(%rsi)
- pxor %xmm12,%xmm4
- movdqu %xmm3,16(%rsi)
- pxor %xmm13,%xmm5
- movdqu %xmm4,32(%rsi)
- pxor %xmm14,%xmm6
- movq %rbp,%rcx
- movdqu %xmm5,48(%rsi)
- pxor %xmm15,%xmm7
- movl %r10d,%eax
- movdqu %xmm6,64(%rsi)
- leaq 80(%rsi),%rsi
- subq $0x60,%rdx
- ja .Lcbc_dec_loop6
-
- movdqa %xmm7,%xmm2
- addq $0x50,%rdx
- jle .Lcbc_dec_clear_tail_collected
- movups %xmm7,(%rsi)
- leaq 16(%rsi),%rsi
-
.Lcbc_dec_tail:
movups (%rdi),%xmm2
subq $0x10,%rdx
@@ -2056,7 +1906,7 @@ aes_hw_cbc_encrypt:
leaq (%r11),%rsp
.cfi_def_cfa_register %rsp
.Lcbc_ret:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size aes_hw_cbc_encrypt,.-aes_hw_cbc_encrypt
.globl aes_hw_set_decrypt_key
@@ -2065,6 +1915,7 @@ aes_hw_cbc_encrypt:
.align 16
aes_hw_set_decrypt_key:
.cfi_startproc
+_CET_ENDBR
.byte 0x48,0x83,0xEC,0x08
.cfi_adjust_cfa_offset 8
call __aesni_set_encrypt_key
@@ -2100,7 +1951,7 @@ aes_hw_set_decrypt_key:
.Ldec_key_ret:
addq $8,%rsp
.cfi_adjust_cfa_offset -8
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_set_decrypt_key:
.size aes_hw_set_decrypt_key,.-aes_hw_set_decrypt_key
@@ -2111,6 +1962,7 @@ aes_hw_set_decrypt_key:
aes_hw_set_encrypt_key:
__aesni_set_encrypt_key:
.cfi_startproc
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,BORINGSSL_function_hit+3(%rip)
#endif
@@ -2410,7 +2262,7 @@ __aesni_set_encrypt_key:
pxor %xmm5,%xmm5
addq $8,%rsp
.cfi_adjust_cfa_offset -8
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_set_encrypt_key:
@@ -2425,7 +2277,7 @@ __aesni_set_encrypt_key:
xorps %xmm4,%xmm0
shufps $255,%xmm1,%xmm1
xorps %xmm1,%xmm0
- .byte 0xf3,0xc3
+ ret
.align 16
.Lkey_expansion_192a:
@@ -2445,7 +2297,7 @@ __aesni_set_encrypt_key:
pxor %xmm1,%xmm0
pshufd $255,%xmm0,%xmm3
pxor %xmm3,%xmm2
- .byte 0xf3,0xc3
+ ret
.align 16
.Lkey_expansion_192b:
@@ -2468,7 +2320,7 @@ __aesni_set_encrypt_key:
xorps %xmm4,%xmm0
shufps $255,%xmm1,%xmm1
xorps %xmm1,%xmm0
- .byte 0xf3,0xc3
+ ret
.align 16
.Lkey_expansion_256b:
@@ -2481,7 +2333,7 @@ __aesni_set_encrypt_key:
xorps %xmm4,%xmm2
shufps $170,%xmm1,%xmm1
xorps %xmm1,%xmm2
- .byte 0xf3,0xc3
+ ret
.size aes_hw_set_encrypt_key,.-aes_hw_set_encrypt_key
.size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key
.section .rodata
@@ -2509,10 +2361,6 @@ __aesni_set_encrypt_key:
.align 64
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S
index 765a42fa..a0fb2316 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesni-x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
.globl _aes_hw_encrypt
@@ -21,6 +14,7 @@
.p2align 4
_aes_hw_encrypt:
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,_BORINGSSL_function_hit+1(%rip)
@@ -42,7 +36,7 @@ L$oop_enc1_1:
pxor %xmm1,%xmm1
movups %xmm2,(%rsi)
pxor %xmm2,%xmm2
- .byte 0xf3,0xc3
+ ret
@@ -52,6 +46,7 @@ L$oop_enc1_1:
.p2align 4
_aes_hw_decrypt:
+_CET_ENDBR
movups (%rdi),%xmm2
movl 240(%rdx),%eax
movups (%rdx),%xmm0
@@ -69,7 +64,7 @@ L$oop_dec1_2:
pxor %xmm1,%xmm1
movups %xmm2,(%rsi)
pxor %xmm2,%xmm2
- .byte 0xf3,0xc3
+ ret
@@ -100,7 +95,7 @@ L$enc_loop2:
.byte 102,15,56,220,217
.byte 102,15,56,221,208
.byte 102,15,56,221,216
- .byte 0xf3,0xc3
+ ret
@@ -131,7 +126,7 @@ L$dec_loop2:
.byte 102,15,56,222,217
.byte 102,15,56,223,208
.byte 102,15,56,223,216
- .byte 0xf3,0xc3
+ ret
@@ -167,7 +162,7 @@ L$enc_loop3:
.byte 102,15,56,221,208
.byte 102,15,56,221,216
.byte 102,15,56,221,224
- .byte 0xf3,0xc3
+ ret
@@ -203,7 +198,7 @@ L$dec_loop3:
.byte 102,15,56,223,208
.byte 102,15,56,223,216
.byte 102,15,56,223,224
- .byte 0xf3,0xc3
+ ret
@@ -245,7 +240,7 @@ L$enc_loop4:
.byte 102,15,56,221,216
.byte 102,15,56,221,224
.byte 102,15,56,221,232
- .byte 0xf3,0xc3
+ ret
@@ -287,7 +282,7 @@ L$dec_loop4:
.byte 102,15,56,223,216
.byte 102,15,56,223,224
.byte 102,15,56,223,232
- .byte 0xf3,0xc3
+ ret
@@ -343,7 +338,7 @@ L$enc_loop6_enter:
.byte 102,15,56,221,232
.byte 102,15,56,221,240
.byte 102,15,56,221,248
- .byte 0xf3,0xc3
+ ret
@@ -399,7 +394,7 @@ L$dec_loop6_enter:
.byte 102,15,56,223,232
.byte 102,15,56,223,240
.byte 102,15,56,223,248
- .byte 0xf3,0xc3
+ ret
@@ -465,7 +460,7 @@ L$enc_loop8_enter:
.byte 102,15,56,221,248
.byte 102,68,15,56,221,192
.byte 102,68,15,56,221,200
- .byte 0xf3,0xc3
+ ret
@@ -531,7 +526,7 @@ L$dec_loop8_enter:
.byte 102,15,56,223,248
.byte 102,68,15,56,223,192
.byte 102,68,15,56,223,200
- .byte 0xf3,0xc3
+ ret
.globl _aes_hw_ecb_encrypt
@@ -540,6 +535,7 @@ L$dec_loop8_enter:
.p2align 4
_aes_hw_ecb_encrypt:
+_CET_ENDBR
andq $-16,%rdx
jz L$ecb_ret
@@ -876,7 +872,7 @@ L$ecb_dec_six:
L$ecb_ret:
xorps %xmm0,%xmm0
pxor %xmm1,%xmm1
- .byte 0xf3,0xc3
+ ret
.globl _aes_hw_ctr32_encrypt_blocks
@@ -885,6 +881,7 @@ L$ecb_ret:
.p2align 4
_aes_hw_ctr32_encrypt_blocks:
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,_BORINGSSL_function_hit(%rip)
#endif
@@ -974,10 +971,7 @@ L$ctr32_bulk:
leaq 7(%r8),%r9
movl %r10d,96+12(%rsp)
bswapl %r9d
- leaq _OPENSSL_ia32cap_P(%rip),%r10
- movl 4(%r10),%r10d
xorl %ebp,%r9d
- andl $71303168,%r10d
movl %r9d,112+12(%rsp)
movups 16(%rcx),%xmm1
@@ -988,104 +982,10 @@ L$ctr32_bulk:
cmpq $8,%rdx
jb L$ctr32_tail
- subq $6,%rdx
- cmpl $4194304,%r10d
- je L$ctr32_6x
-
leaq 128(%rcx),%rcx
- subq $2,%rdx
+ subq $8,%rdx
jmp L$ctr32_loop8
-.p2align 4
-L$ctr32_6x:
- shll $4,%eax
- movl $48,%r10d
- bswapl %ebp
- leaq 32(%rcx,%rax,1),%rcx
- subq %rax,%r10
- jmp L$ctr32_loop6
-
-.p2align 4
-L$ctr32_loop6:
- addl $6,%r8d
- movups -48(%rcx,%r10,1),%xmm0
-.byte 102,15,56,220,209
- movl %r8d,%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,217
-.byte 0x0f,0x38,0xf1,0x44,0x24,12
- leal 1(%r8),%eax
-.byte 102,15,56,220,225
- xorl %ebp,%eax
-.byte 0x0f,0x38,0xf1,0x44,0x24,28
-.byte 102,15,56,220,233
- leal 2(%r8),%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,241
-.byte 0x0f,0x38,0xf1,0x44,0x24,44
- leal 3(%r8),%eax
-.byte 102,15,56,220,249
- movups -32(%rcx,%r10,1),%xmm1
- xorl %ebp,%eax
-
-.byte 102,15,56,220,208
-.byte 0x0f,0x38,0xf1,0x44,0x24,60
- leal 4(%r8),%eax
-.byte 102,15,56,220,216
- xorl %ebp,%eax
-.byte 0x0f,0x38,0xf1,0x44,0x24,76
-.byte 102,15,56,220,224
- leal 5(%r8),%eax
- xorl %ebp,%eax
-.byte 102,15,56,220,232
-.byte 0x0f,0x38,0xf1,0x44,0x24,92
- movq %r10,%rax
-.byte 102,15,56,220,240
-.byte 102,15,56,220,248
- movups -16(%rcx,%r10,1),%xmm0
-
- call L$enc_loop6
-
- movdqu (%rdi),%xmm8
- movdqu 16(%rdi),%xmm9
- movdqu 32(%rdi),%xmm10
- movdqu 48(%rdi),%xmm11
- movdqu 64(%rdi),%xmm12
- movdqu 80(%rdi),%xmm13
- leaq 96(%rdi),%rdi
- movups -64(%rcx,%r10,1),%xmm1
- pxor %xmm2,%xmm8
- movaps 0(%rsp),%xmm2
- pxor %xmm3,%xmm9
- movaps 16(%rsp),%xmm3
- pxor %xmm4,%xmm10
- movaps 32(%rsp),%xmm4
- pxor %xmm5,%xmm11
- movaps 48(%rsp),%xmm5
- pxor %xmm6,%xmm12
- movaps 64(%rsp),%xmm6
- pxor %xmm7,%xmm13
- movaps 80(%rsp),%xmm7
- movdqu %xmm8,(%rsi)
- movdqu %xmm9,16(%rsi)
- movdqu %xmm10,32(%rsi)
- movdqu %xmm11,48(%rsi)
- movdqu %xmm12,64(%rsi)
- movdqu %xmm13,80(%rsi)
- leaq 96(%rsi),%rsi
-
- subq $6,%rdx
- jnc L$ctr32_loop6
-
- addq $6,%rdx
- jz L$ctr32_done
-
- leal -48(%r10),%eax
- leaq -80(%rcx,%r10,1),%rcx
- negl %eax
- shrl $4,%eax
- jmp L$ctr32_tail
-
.p2align 5
L$ctr32_loop8:
addl $8,%r8d
@@ -1461,7 +1361,7 @@ L$ctr32_done:
leaq (%r11),%rsp
L$ctr32_epilogue:
- .byte 0xf3,0xc3
+ ret
.globl _aes_hw_cbc_encrypt
@@ -1470,6 +1370,7 @@ L$ctr32_epilogue:
.p2align 4
_aes_hw_cbc_encrypt:
+_CET_ENDBR
testq %rdx,%rdx
jz L$cbc_ret
@@ -1586,16 +1487,10 @@ L$cbc_decrypt_bulk:
movdqa %xmm5,%xmm14
movdqu 80(%rdi),%xmm7
movdqa %xmm6,%xmm15
- leaq _OPENSSL_ia32cap_P(%rip),%r9
- movl 4(%r9),%r9d
cmpq $0x70,%rdx
jbe L$cbc_dec_six_or_seven
- andl $71303168,%r9d
- subq $0x50,%rdx
- cmpl $4194304,%r9d
- je L$cbc_dec_loop6_enter
- subq $0x20,%rdx
+ subq $0x70,%rdx
leaq 112(%rcx),%rcx
jmp L$cbc_dec_loop8_enter
.p2align 4
@@ -1866,51 +1761,6 @@ L$cbc_dec_seven:
pxor %xmm9,%xmm9
jmp L$cbc_dec_tail_collected
-.p2align 4
-L$cbc_dec_loop6:
- movups %xmm7,(%rsi)
- leaq 16(%rsi),%rsi
- movdqu 0(%rdi),%xmm2
- movdqu 16(%rdi),%xmm3
- movdqa %xmm2,%xmm11
- movdqu 32(%rdi),%xmm4
- movdqa %xmm3,%xmm12
- movdqu 48(%rdi),%xmm5
- movdqa %xmm4,%xmm13
- movdqu 64(%rdi),%xmm6
- movdqa %xmm5,%xmm14
- movdqu 80(%rdi),%xmm7
- movdqa %xmm6,%xmm15
-L$cbc_dec_loop6_enter:
- leaq 96(%rdi),%rdi
- movdqa %xmm7,%xmm8
-
- call _aesni_decrypt6
-
- pxor %xmm10,%xmm2
- movdqa %xmm8,%xmm10
- pxor %xmm11,%xmm3
- movdqu %xmm2,(%rsi)
- pxor %xmm12,%xmm4
- movdqu %xmm3,16(%rsi)
- pxor %xmm13,%xmm5
- movdqu %xmm4,32(%rsi)
- pxor %xmm14,%xmm6
- movq %rbp,%rcx
- movdqu %xmm5,48(%rsi)
- pxor %xmm15,%xmm7
- movl %r10d,%eax
- movdqu %xmm6,64(%rsi)
- leaq 80(%rsi),%rsi
- subq $0x60,%rdx
- ja L$cbc_dec_loop6
-
- movdqa %xmm7,%xmm2
- addq $0x50,%rdx
- jle L$cbc_dec_clear_tail_collected
- movups %xmm7,(%rsi)
- leaq 16(%rsi),%rsi
-
L$cbc_dec_tail:
movups (%rdi),%xmm2
subq $0x10,%rdx
@@ -2054,7 +1904,7 @@ L$cbc_dec_ret:
leaq (%r11),%rsp
L$cbc_ret:
- .byte 0xf3,0xc3
+ ret
.globl _aes_hw_set_decrypt_key
@@ -2063,6 +1913,7 @@ L$cbc_ret:
.p2align 4
_aes_hw_set_decrypt_key:
+_CET_ENDBR
.byte 0x48,0x83,0xEC,0x08
call __aesni_set_encrypt_key
@@ -2098,7 +1949,7 @@ L$dec_key_inverse:
L$dec_key_ret:
addq $8,%rsp
- .byte 0xf3,0xc3
+ ret
L$SEH_end_set_decrypt_key:
@@ -2109,6 +1960,7 @@ L$SEH_end_set_decrypt_key:
_aes_hw_set_encrypt_key:
__aesni_set_encrypt_key:
+_CET_ENDBR
#ifdef BORINGSSL_DISPATCH_TEST
movb $1,_BORINGSSL_function_hit+3(%rip)
#endif
@@ -2408,7 +2260,7 @@ L$enc_key_ret:
pxor %xmm5,%xmm5
addq $8,%rsp
- .byte 0xf3,0xc3
+ ret
L$SEH_end_set_encrypt_key:
@@ -2423,7 +2275,7 @@ L$key_expansion_128_cold:
xorps %xmm4,%xmm0
shufps $255,%xmm1,%xmm1
xorps %xmm1,%xmm0
- .byte 0xf3,0xc3
+ ret
.p2align 4
L$key_expansion_192a:
@@ -2443,7 +2295,7 @@ L$key_expansion_192b_warm:
pxor %xmm1,%xmm0
pshufd $255,%xmm0,%xmm3
pxor %xmm3,%xmm2
- .byte 0xf3,0xc3
+ ret
.p2align 4
L$key_expansion_192b:
@@ -2466,7 +2318,7 @@ L$key_expansion_256a_cold:
xorps %xmm4,%xmm0
shufps $255,%xmm1,%xmm1
xorps %xmm1,%xmm0
- .byte 0xf3,0xc3
+ ret
.p2align 4
L$key_expansion_256b:
@@ -2479,7 +2331,7 @@ L$key_expansion_256b:
xorps %xmm4,%xmm2
shufps $170,%xmm1,%xmm1
xorps %xmm1,%xmm2
- .byte 0xf3,0xc3
+ ret
.section __DATA,__const
@@ -2507,10 +2359,6 @@ L$key_rcon1b:
.p2align 6
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-ios.ios.arm.S
index ec75d992..2a55b428 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -808,11 +800,7 @@ Lctr32_done:
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-linux.linux.arm.S
index 83c6e3e0..86983859 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv7-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -796,11 +788,7 @@ aes_hw_ctr32_encrypt_blocks:
ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S
index 28933996..3148dfee 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -798,11 +790,7 @@ Lctr32_done:
ret
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S
index b191cf2e..3d5b9da9 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -798,11 +790,7 @@ aes_hw_ctr32_encrypt_blocks:
ret
.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S
index 5d83e082..973ac490 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
#if __ARM_MAX_ARCH__ >= 8
@@ -1562,11 +1554,7 @@ Ldec_blocks_less_than_1: // blocks left <= 1
ret
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S
index 12d24b83..20b0f1ce 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/aesv8-gcm-armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
#if __ARM_MAX_ARCH__ >= 8
@@ -1562,11 +1554,7 @@ aes_gcm_dec_kernel:
ret
.size aes_gcm_dec_kernel,.-aes_gcm_dec_kernel
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-ios.ios.arm.S
index 4717f11c..68695eb0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -28,40 +20,16 @@
.code 32
#endif
-#if __ARM_MAX_ARCH__>=7
-.align 5
-LOPENSSL_armcap:
-.word OPENSSL_armcap_P-Lbn_mul_mont
-#endif
-
-.globl _bn_mul_mont
-.private_extern _bn_mul_mont
+.globl _bn_mul_mont_nohw
+.private_extern _bn_mul_mont_nohw
#ifdef __thumb2__
-.thumb_func _bn_mul_mont
+.thumb_func _bn_mul_mont_nohw
#endif
.align 5
-_bn_mul_mont:
-Lbn_mul_mont:
+_bn_mul_mont_nohw:
ldr ip,[sp,#4] @ load num
stmdb sp!,{r0,r2} @ sp points at argument block
-#if __ARM_MAX_ARCH__>=7
- tst ip,#7
- bne Lialu
- adr r0,Lbn_mul_mont
- ldr r2,LOPENSSL_armcap
- ldr r0,[r0,r2]
-#ifdef __APPLE__
- ldr r0,[r0]
-#endif
- tst r0,#ARMV7_NEON @ NEON available?
- ldmia sp, {r0,r2}
- beq Lialu
- add sp,sp,#8
- b bn_mul8x_mont_neon
-.align 4
-Lialu:
-#endif
cmp ip,#2
mov r0,ip @ load num
#ifdef __thumb2__
@@ -205,7 +173,7 @@ Lcopy: ldr r7,[r4] @ conditional copy
add sp,sp,#2*4 @ skip over {r0,r2}
mov r0,#1
Labrt:
-#if __ARM_ARCH__>=5
+#if __ARM_ARCH>=5
bx lr @ bx lr
#else
tst lr,#1
@@ -217,11 +185,13 @@ Labrt:
+.globl _bn_mul8x_mont_neon
+.private_extern _bn_mul8x_mont_neon
#ifdef __thumb2__
-.thumb_func bn_mul8x_mont_neon
+.thumb_func _bn_mul8x_mont_neon
#endif
.align 5
-bn_mul8x_mont_neon:
+_bn_mul8x_mont_neon:
mov ip,sp
stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11}
vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
@@ -972,20 +942,7 @@ LNEON_copy_n_zap:
#endif
.byte 77,111,110,116,103,111,109,101,114,121,32,109,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
-.align 2
-#if __ARM_MAX_ARCH__>=7
-.comm _OPENSSL_armcap_P,4
-.non_lazy_symbol_pointer
-OPENSSL_armcap_P:
-.indirect_symbol _OPENSSL_armcap_P
-.long 0
-.private_extern _OPENSSL_armcap_P
-#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-linux.linux.arm.S
index d400d622..1abab6f8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv4-mont-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -28,38 +20,14 @@
.code 32
#endif
-#if __ARM_MAX_ARCH__>=7
-.align 5
-.LOPENSSL_armcap:
-.word OPENSSL_armcap_P-.Lbn_mul_mont
-#endif
-
-.globl bn_mul_mont
-.hidden bn_mul_mont
-.type bn_mul_mont,%function
+.globl bn_mul_mont_nohw
+.hidden bn_mul_mont_nohw
+.type bn_mul_mont_nohw,%function
.align 5
-bn_mul_mont:
-.Lbn_mul_mont:
+bn_mul_mont_nohw:
ldr ip,[sp,#4] @ load num
stmdb sp!,{r0,r2} @ sp points at argument block
-#if __ARM_MAX_ARCH__>=7
- tst ip,#7
- bne .Lialu
- adr r0,.Lbn_mul_mont
- ldr r2,.LOPENSSL_armcap
- ldr r0,[r0,r2]
-#ifdef __APPLE__
- ldr r0,[r0]
-#endif
- tst r0,#ARMV7_NEON @ NEON available?
- ldmia sp, {r0,r2}
- beq .Lialu
- add sp,sp,#8
- b bn_mul8x_mont_neon
-.align 4
-.Lialu:
-#endif
cmp ip,#2
mov r0,ip @ load num
#ifdef __thumb2__
@@ -203,18 +171,20 @@ bn_mul_mont:
add sp,sp,#2*4 @ skip over {r0,r2}
mov r0,#1
.Labrt:
-#if __ARM_ARCH__>=5
+#if __ARM_ARCH>=5
bx lr @ bx lr
#else
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
.word 0xe12fff1e @ interoperable with Thumb ISA:-)
#endif
-.size bn_mul_mont,.-bn_mul_mont
+.size bn_mul_mont_nohw,.-bn_mul_mont_nohw
#if __ARM_MAX_ARCH__>=7
.arch armv7-a
.fpu neon
+.globl bn_mul8x_mont_neon
+.hidden bn_mul8x_mont_neon
.type bn_mul8x_mont_neon,%function
.align 5
bn_mul8x_mont_neon:
@@ -968,16 +938,7 @@ bn_mul8x_mont_neon:
#endif
.byte 77,111,110,116,103,111,109,101,114,121,32,109,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
-.align 2
-#if __ARM_MAX_ARCH__>=7
-.comm OPENSSL_armcap_P,4,4
-.hidden OPENSSL_armcap_P
-#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S
index 8c588791..060bb231 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
.text
@@ -1432,11 +1424,7 @@ Lmul4x_done:
.byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 4
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S
index 87485298..18912f11 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/armv8-mont-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
.text
@@ -1432,11 +1424,7 @@ __bn_mul4x_mont:
.byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 4
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-586-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-586-linux.linux.x86.S
index 970e7c49..da539fb3 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-586-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-586-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl bn_mul_add_words
.hidden bn_mul_add_words
@@ -1001,11 +994,7 @@ bn_sub_words:
popl %ebp
ret
.size bn_sub_words,.-.L_bn_sub_words_begin
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S
index 1f30dfb9..14d9d9a7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
.text
@@ -96,11 +88,7 @@ Lsub_exit:
cset x0, cc
ret
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S
index 7a174c53..64c785c8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn-armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
.text
@@ -96,11 +88,7 @@ bn_sub_words:
cset x0, cc
ret
.size bn_sub_words,.-bn_sub_words
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/add.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/add.c
index 3130c9e5..e87c7a26 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/add.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/add.c
@@ -117,10 +117,7 @@ int bn_uadd_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) {
BN_ULONG carry = bn_add_words(r->d, a->d, b->d, min);
for (int i = min; i < max; i++) {
- // |r| and |a| may alias, so use a temporary.
- BN_ULONG tmp = carry + a->d[i];
- carry = tmp < a->d[i];
- r->d[i] = tmp;
+ r->d[i] = CRYPTO_addc_w(a->d[i], 0, carry, &carry);
}
r->d[max] = carry;
@@ -241,10 +238,7 @@ int bn_usub_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) {
BN_ULONG borrow = bn_sub_words(r->d, a->d, b->d, b_width);
for (int i = b_width; i < a->width; i++) {
- // |r| and |a| may alias, so use a temporary.
- BN_ULONG tmp = a->d[i];
- r->d[i] = a->d[i] - borrow;
- borrow = tmp < r->d[i];
+ r->d[i] = CRYPTO_subc_w(a->d[i], 0, borrow, &borrow);
}
if (borrow) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bn.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bn.c
index 01779936..24b004d0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bn.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bn.c
@@ -361,7 +361,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
return 0;
}
- a = OPENSSL_malloc(sizeof(BN_ULONG) * words);
+ a = OPENSSL_calloc(words, sizeof(BN_ULONG));
if (a == NULL) {
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bytes.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bytes.c
index 79b9d474..928bec62 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bytes.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/bytes.c
@@ -63,26 +63,31 @@
void bn_big_endian_to_words(BN_ULONG *out, size_t out_len, const uint8_t *in,
size_t in_len) {
- for (size_t i = 0; i < out_len; i++) {
- if (in_len < sizeof(BN_ULONG)) {
- // Load the last partial word.
- BN_ULONG word = 0;
- for (size_t j = 0; j < in_len; j++) {
- word = (word << 8) | in[j];
- }
- in_len = 0;
- out[i] = word;
- // Fill the remainder with zeros.
- OPENSSL_memset(out + i + 1, 0, (out_len - i - 1) * sizeof(BN_ULONG));
- break;
- }
+ // The caller should have sized |out| to fit |in| without truncating. This
+ // condition ensures we do not overflow |out|, so use a runtime check.
+ BSSL_CHECK(in_len <= out_len * sizeof(BN_ULONG));
+ // Load whole words.
+ while (in_len >= sizeof(BN_ULONG)) {
in_len -= sizeof(BN_ULONG);
- out[i] = CRYPTO_load_word_be(in + in_len);
+ out[0] = CRYPTO_load_word_be(in + in_len);
+ out++;
+ out_len--;
+ }
+
+ // Load the last partial word.
+ if (in_len != 0) {
+ BN_ULONG word = 0;
+ for (size_t i = 0; i < in_len; i++) {
+ word = (word << 8) | in[i];
+ }
+ out[0] = word;
+ out++;
+ out_len--;
}
- // The caller should have sized the output to avoid truncation.
- assert(in_len == 0);
+ // Fill the remainder with zeros.
+ OPENSSL_memset(out, 0, out_len * sizeof(BN_ULONG));
}
BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
@@ -116,7 +121,7 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
return ret;
}
-BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
+BIGNUM *BN_lebin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
BIGNUM *bn = NULL;
if (ret == NULL) {
bn = BN_new();
@@ -149,6 +154,10 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
return ret;
}
+BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
+ return BN_lebin2bn(in, len, ret);
+}
+
// fits_in_bytes returns one if the |num_words| words in |words| can be
// represented in |num_bytes| bytes.
static int fits_in_bytes(const BN_ULONG *words, size_t num_words,
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/ctx.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/ctx.c
index 5a74baca..7eed7dd9 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/ctx.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/ctx.c
@@ -210,7 +210,7 @@ static int BN_STACK_push(BN_STACK *st, size_t idx) {
// This function intentionally does not push to the error queue on error.
// Error-reporting is deferred to |BN_CTX_get|.
size_t new_size = st->size != 0 ? st->size * 3 / 2 : BN_CTX_START_FRAMES;
- if (new_size <= st->size || new_size > ((size_t)-1) / sizeof(size_t)) {
+ if (new_size <= st->size || new_size > SIZE_MAX / sizeof(size_t)) {
return 0;
}
size_t *new_indexes =
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/div.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/div.c
index 4fdc7c13..b1a8614c 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/div.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/div.c
@@ -711,15 +711,22 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
BN_CTX *ctx) {
- if (!BN_copy(r, a)) {
+ if (!BN_copy(r, a) ||
+ !bn_resize_words(r, m->width)) {
return 0;
}
- for (int i = 0; i < n; i++) {
- if (!bn_mod_lshift1_consttime(r, r, m, ctx)) {
- return 0;
+
+ BN_CTX_start(ctx);
+ BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx);
+ int ok = tmp != NULL;
+ if (ok) {
+ for (int i = 0; i < n; i++) {
+ bn_mod_add_words(r->d, r->d, r->d, m->d, tmp->d, m->width);
}
+ r->neg = 0;
}
- return 1;
+ BN_CTX_end(ctx);
+ return ok;
}
int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/exponentiation.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/exponentiation.c
index 4be4b730..7dee3df8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/exponentiation.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/exponentiation.c
@@ -724,7 +724,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
const BN_ULONG *p, size_t num_p,
const BN_MONT_CTX *mont) {
if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS ||
- num_p > ((size_t)-1) / BN_BITS2) {
+ num_p > SIZE_MAX / BN_BITS2) {
abort();
}
assert(BN_is_odd(&mont->N));
@@ -898,7 +898,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
return 0;
}
- if (a->neg || BN_ucmp(a, m) >= 0) {
+ // |a| is secret, but it is required to be in range, so these comparisons may
+ // be leaked.
+ if (a->neg || constant_time_declassify_int(BN_ucmp(a, m) >= 0)) {
OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED);
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/gcd.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/gcd.c
index 9ce49ca6..3d5f84a0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/gcd.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/gcd.c
@@ -263,15 +263,14 @@ int BN_mod_inverse_odd(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
// Now Y*a == A (mod |n|).
// Y*a == 1 (mod |n|)
- if (!Y->neg && BN_ucmp(Y, n) < 0) {
- if (!BN_copy(R, Y)) {
- goto err;
- }
- } else {
- if (!BN_nnmod(R, Y, n, ctx)) {
+ if (Y->neg || BN_ucmp(Y, n) >= 0) {
+ if (!BN_nnmod(Y, Y, n, ctx)) {
goto err;
}
}
+ if (!BN_copy(R, Y)) {
+ goto err;
+ }
ret = 1;
@@ -328,7 +327,10 @@ int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
const BN_MONT_CTX *mont, BN_CTX *ctx) {
*out_no_inverse = 0;
- if (BN_is_negative(a) || BN_cmp(a, &mont->N) >= 0) {
+ // |a| is secret, but it is required to be in range, so these comparisons may
+ // be leaked.
+ if (BN_is_negative(a) ||
+ constant_time_declassify_int(BN_cmp(a, &mont->N) >= 0)) {
OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED);
return 0;
}
@@ -337,11 +339,29 @@ int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
BIGNUM blinding_factor;
BN_init(&blinding_factor);
- if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N) ||
- !BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx) ||
- !BN_mod_inverse_odd(out, out_no_inverse, out, &mont->N, ctx) ||
+ // |BN_mod_inverse_odd| is leaky, so generate a secret blinding factor and
+ // blind |a|. This works because (ar)^-1 * r = a^-1, supposing r is
+ // invertible. If r is not invertible, this function will fail. However, we
+ // only use this in RSA, where stumbling on an uninvertible element means
+ // stumbling on the key's factorization. That is, if this function fails, the
+ // RSA key was not actually a product of two large primes.
+ //
+ // TODO(crbug.com/boringssl/677): When the PRNG output is marked secret by
+ // default, the explicit |bn_secret| call can be removed.
+ if (!BN_rand_range_ex(&blinding_factor, 1, &mont->N)) {
+ goto err;
+ }
+ bn_secret(&blinding_factor);
+ if (!BN_mod_mul_montgomery(out, &blinding_factor, a, mont, ctx)) {
+ goto err;
+ }
+
+ // Once blinded, |out| is no longer secret, so it may be passed to a leaky
+ // mod inverse function. Note |blinding_factor| is secret, so |out| will be
+ // secret again after multiplying.
+ bn_declassify(out);
+ if (!BN_mod_inverse_odd(out, out_no_inverse, out, &mont->N, ctx) ||
!BN_mod_mul_montgomery(out, &blinding_factor, out, mont, ctx)) {
- OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB);
goto err;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/generic.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/generic.c
index 2ee0d5df..0aa005f6 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/generic.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/generic.c
@@ -567,37 +567,6 @@ void bn_sqr_comba4(BN_ULONG r[8], const BN_ULONG a[4]) {
#if !defined(BN_ADD_ASM)
-// bn_add_with_carry returns |x + y + carry|, and sets |*out_carry| to the
-// carry bit. |carry| must be zero or one.
-static inline BN_ULONG bn_add_with_carry(BN_ULONG x, BN_ULONG y, BN_ULONG carry,
- BN_ULONG *out_carry) {
- assert(carry == 0 || carry == 1);
-#if defined(BN_ULLONG)
- BN_ULLONG ret = carry;
- ret += (BN_ULLONG)x + y;
- *out_carry = (BN_ULONG)(ret >> BN_BITS2);
- return (BN_ULONG)ret;
-#else
- x += carry;
- carry = x < carry;
- BN_ULONG ret = x + y;
- carry += ret < x;
- *out_carry = carry;
- return ret;
-#endif
-}
-
-// bn_sub_with_borrow returns |x - y - borrow|, and sets |*out_borrow| to the
-// borrow bit. |borrow| must be zero or one.
-static inline BN_ULONG bn_sub_with_borrow(BN_ULONG x, BN_ULONG y,
- BN_ULONG borrow,
- BN_ULONG *out_borrow) {
- assert(borrow == 0 || borrow == 1);
- BN_ULONG ret = x - y - borrow;
- *out_borrow = (x < y) | ((x == y) & borrow);
- return ret;
-}
-
BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
size_t n) {
if (n == 0) {
@@ -606,17 +575,17 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
BN_ULONG carry = 0;
while (n & ~3) {
- r[0] = bn_add_with_carry(a[0], b[0], carry, &carry);
- r[1] = bn_add_with_carry(a[1], b[1], carry, &carry);
- r[2] = bn_add_with_carry(a[2], b[2], carry, &carry);
- r[3] = bn_add_with_carry(a[3], b[3], carry, &carry);
+ r[0] = CRYPTO_addc_w(a[0], b[0], carry, &carry);
+ r[1] = CRYPTO_addc_w(a[1], b[1], carry, &carry);
+ r[2] = CRYPTO_addc_w(a[2], b[2], carry, &carry);
+ r[3] = CRYPTO_addc_w(a[3], b[3], carry, &carry);
a += 4;
b += 4;
r += 4;
n -= 4;
}
while (n) {
- r[0] = bn_add_with_carry(a[0], b[0], carry, &carry);
+ r[0] = CRYPTO_addc_w(a[0], b[0], carry, &carry);
a++;
b++;
r++;
@@ -633,17 +602,17 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
BN_ULONG borrow = 0;
while (n & ~3) {
- r[0] = bn_sub_with_borrow(a[0], b[0], borrow, &borrow);
- r[1] = bn_sub_with_borrow(a[1], b[1], borrow, &borrow);
- r[2] = bn_sub_with_borrow(a[2], b[2], borrow, &borrow);
- r[3] = bn_sub_with_borrow(a[3], b[3], borrow, &borrow);
+ r[0] = CRYPTO_subc_w(a[0], b[0], borrow, &borrow);
+ r[1] = CRYPTO_subc_w(a[1], b[1], borrow, &borrow);
+ r[2] = CRYPTO_subc_w(a[2], b[2], borrow, &borrow);
+ r[3] = CRYPTO_subc_w(a[3], b[3], borrow, &borrow);
a += 4;
b += 4;
r += 4;
n -= 4;
}
while (n) {
- r[0] = bn_sub_with_borrow(a[0], b[0], borrow, &borrow);
+ r[0] = CRYPTO_subc_w(a[0], b[0], borrow, &borrow);
a++;
b++;
r++;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/internal.h b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/internal.h
index 515d9cde..316132d1 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/internal.h
@@ -149,6 +149,7 @@ extern "C" {
#endif
#define BN_BITS2 64
+#define BN_BITS2_LG 6
#define BN_BYTES 8
#define BN_BITS4 32
#define BN_MASK2 (0xffffffffffffffffUL)
@@ -165,6 +166,7 @@ extern "C" {
#define BN_ULLONG uint64_t
#define BN_CAN_DIVIDE_ULLONG
#define BN_BITS2 32
+#define BN_BITS2_LG 5
#define BN_BYTES 4
#define BN_BITS4 16
#define BN_MASK2 (0xffffffffUL)
@@ -269,6 +271,18 @@ int bn_copy_words(BN_ULONG *out, size_t num, const BIGNUM *bn);
// validation.
void bn_assert_fits_in_bytes(const BIGNUM *bn, size_t num);
+// bn_secret marks |bn|'s contents, but not its width or sign, as secret. See
+// |CONSTTIME_SECRET| for details.
+OPENSSL_INLINE void bn_secret(BIGNUM *bn) {
+ CONSTTIME_SECRET(bn->d, bn->width * sizeof(BN_ULONG));
+}
+
+// bn_declassify marks |bn|'s value as public. See |CONSTTIME_DECLASSIFY| for
+// details.
+OPENSSL_INLINE void bn_declassify(BIGNUM *bn) {
+ CONSTTIME_DECLASSIFY(bn->d, bn->width * sizeof(BN_ULONG));
+}
+
// bn_mul_add_words multiples |ap| by |w|, adds the result to |rp|, and places
// the result in |rp|. |ap| and |rp| must both be |num| words long. It returns
// the carry word of the operation. |ap| and |rp| may be equal but otherwise may
@@ -386,8 +400,41 @@ int bn_rand_secret_range(BIGNUM *r, int *out_is_uniform, BN_ULONG min_inclusive,
// inputs.
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+
+#if defined(OPENSSL_X86_64)
+OPENSSL_INLINE int bn_mulx_adx_capable(void) {
+ // MULX is in BMI2.
+ return CRYPTO_is_BMI2_capable() && CRYPTO_is_ADX_capable();
+}
+int bn_mul_mont_nohw(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+OPENSSL_INLINE int bn_mul4x_mont_capable(size_t num) {
+ return num >= 8 && (num & 3) == 0;
+}
+int bn_mul4x_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+OPENSSL_INLINE int bn_mulx4x_mont_capable(size_t num) {
+ return bn_mul4x_mont_capable(num) && bn_mulx_adx_capable();
+}
+int bn_mulx4x_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+OPENSSL_INLINE int bn_sqr8x_mont_capable(size_t num) {
+ return num >= 8 && (num & 7) == 0;
+}
+int bn_sqr8x_mont(BN_ULONG *rp, const BN_ULONG *ap, BN_ULONG mulx_adx_capable,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+#elif defined(OPENSSL_ARM)
+OPENSSL_INLINE int bn_mul8x_mont_neon_capable(size_t num) {
+ return (num & 7) == 0 && CRYPTO_is_NEON_capable();
+}
+int bn_mul8x_mont_neon(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
+int bn_mul_mont_nohw(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num);
#endif
+#endif // OPENSSL_BN_ASM_MONT
+
#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64)
#define OPENSSL_BN_ASM_MONT5
@@ -431,12 +478,11 @@ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table,
uint64_t bn_mont_n0(const BIGNUM *n);
-// bn_mod_exp_base_2_consttime calculates r = 2**p (mod n). |p| must be larger
-// than log_2(n); i.e. 2**p must be larger than |n|. |n| must be positive and
-// odd. |p| and the bit width of |n| are assumed public, but |n| is otherwise
-// treated as secret.
-int bn_mod_exp_base_2_consttime(BIGNUM *r, unsigned p, const BIGNUM *n,
- BN_CTX *ctx);
+// bn_mont_ctx_set_RR_consttime initializes |mont->RR|. It returns one on
+// success and zero on error. |mont->N| and |mont->n0| must have been
+// initialized already. The bit width of |mont->N| is assumed public, but
+// |mont->N| is otherwise treated as secret.
+int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx);
#if defined(_MSC_VER)
#if defined(OPENSSL_X86_64)
@@ -600,6 +646,13 @@ OPENSSL_EXPORT int bn_is_relatively_prime(int *out_relatively_prime,
OPENSSL_EXPORT int bn_lcm_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_CTX *ctx);
+// bn_mont_ctx_init zero-initialies |mont|.
+void bn_mont_ctx_init(BN_MONT_CTX *mont);
+
+// bn_mont_ctx_cleanup releases memory associated with |mont|, without freeing
+// |mont| itself.
+void bn_mont_ctx_cleanup(BN_MONT_CTX *mont);
+
// Constant-time modular arithmetic.
//
@@ -748,8 +801,8 @@ void bn_mod_inverse0_prime_mont_small(BN_ULONG *r, const BN_ULONG *a,
// bn_big_endian_to_words interprets |in_len| bytes from |in| as a big-endian,
// unsigned integer and writes the result to |out_len| words in |out|. |out_len|
-// must be large enough to represent any |in_len|-byte value. That is, |out_len|
-// must be at least |BN_BYTES * in_len|.
+// must be large enough to represent any |in_len|-byte value. That is, |in_len|
+// must be at most |BN_BYTES * out_len|.
void bn_big_endian_to_words(BN_ULONG *out, size_t out_len, const uint8_t *in,
size_t in_len);
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery.c
index fe7af3eb..761aa27e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery.c
@@ -121,17 +121,24 @@
#include "../../internal.h"
+void bn_mont_ctx_init(BN_MONT_CTX *mont) {
+ OPENSSL_memset(mont, 0, sizeof(BN_MONT_CTX));
+ BN_init(&mont->RR);
+ BN_init(&mont->N);
+}
+
+void bn_mont_ctx_cleanup(BN_MONT_CTX *mont) {
+ BN_free(&mont->RR);
+ BN_free(&mont->N);
+}
+
BN_MONT_CTX *BN_MONT_CTX_new(void) {
BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX));
-
if (ret == NULL) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(BN_MONT_CTX));
- BN_init(&ret->RR);
- BN_init(&ret->N);
-
+ bn_mont_ctx_init(ret);
return ret;
}
@@ -140,8 +147,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
return;
}
- BN_free(&mont->RR);
- BN_free(&mont->N);
+ bn_mont_ctx_cleanup(mont);
OPENSSL_free(mont);
}
@@ -248,19 +254,12 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) {
BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) {
BN_MONT_CTX *mont = BN_MONT_CTX_new();
if (mont == NULL ||
- !bn_mont_ctx_set_N_and_n0(mont, mod)) {
- goto err;
- }
- unsigned lgBigR = mont->N.width * BN_BITS2;
- if (!bn_mod_exp_base_2_consttime(&mont->RR, lgBigR * 2, &mont->N, ctx) ||
- !bn_resize_words(&mont->RR, mont->N.width)) {
- goto err;
+ !bn_mont_ctx_set_N_and_n0(mont, mod) ||
+ !bn_mont_ctx_set_RR_consttime(mont, ctx)) {
+ BN_MONT_CTX_free(mont);
+ return NULL;
}
return mont;
-
-err:
- BN_MONT_CTX_free(mont);
- return NULL;
}
int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
@@ -505,3 +504,29 @@ void bn_mod_mul_montgomery_small(BN_ULONG *r, const BN_ULONG *a,
}
OPENSSL_cleanse(tmp, 2 * num * sizeof(BN_ULONG));
}
+
+#if defined(OPENSSL_BN_ASM_MONT) && defined(OPENSSL_X86_64)
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num) {
+ if (ap == bp && bn_sqr8x_mont_capable(num)) {
+ return bn_sqr8x_mont(rp, ap, bn_mulx_adx_capable(), np, n0, num);
+ }
+ if (bn_mulx4x_mont_capable(num)) {
+ return bn_mulx4x_mont(rp, ap, bp, np, n0, num);
+ }
+ if (bn_mul4x_mont_capable(num)) {
+ return bn_mul4x_mont(rp, ap, bp, np, n0, num);
+ }
+ return bn_mul_mont_nohw(rp, ap, bp, np, n0, num);
+}
+#endif
+
+#if defined(OPENSSL_BN_ASM_MONT) && defined(OPENSSL_ARM)
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, size_t num) {
+ if (bn_mul8x_mont_neon_capable(num)) {
+ return bn_mul8x_mont_neon(rp, ap, bp, np, n0, num);
+ }
+ return bn_mul_mont_nohw(rp, ap, bp, np, n0, num);
+}
+#endif
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c
index 4c51954b..a82f45bd 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/montgomery_inv.c
@@ -159,27 +159,64 @@ static uint64_t bn_neg_inv_mod_r_u64(uint64_t n) {
return v;
}
-int bn_mod_exp_base_2_consttime(BIGNUM *r, unsigned p, const BIGNUM *n,
- BN_CTX *ctx) {
- assert(!BN_is_zero(n));
- assert(!BN_is_negative(n));
- assert(BN_is_odd(n));
+int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx) {
+ assert(!BN_is_zero(&mont->N));
+ assert(!BN_is_negative(&mont->N));
+ assert(BN_is_odd(&mont->N));
+ assert(bn_minimal_width(&mont->N) == mont->N.width);
- BN_zero(r);
-
- unsigned n_bits = BN_num_bits(n);
+ unsigned n_bits = BN_num_bits(&mont->N);
assert(n_bits != 0);
- assert(p > n_bits);
if (n_bits == 1) {
- return 1;
+ BN_zero(&mont->RR);
+ return bn_resize_words(&mont->RR, mont->N.width);
}
- // Set |r| to the larger power of two smaller than |n|, then shift with
- // reductions the rest of the way.
- if (!BN_set_bit(r, n_bits - 1) ||
- !bn_mod_lshift_consttime(r, r, p - (n_bits - 1), n, ctx)) {
+ unsigned lgBigR = mont->N.width * BN_BITS2;
+ assert(lgBigR >= n_bits);
+
+ // RR is R, or 2^lgBigR, in the Montgomery domain. We can compute 2 in the
+ // Montgomery domain, 2R or 2^(lgBigR+1), and then use Montgomery
+ // square-and-multiply to exponentiate.
+ //
+ // The square steps take 2^n R to (2^n)*(2^n) R = 2^2n R. This is the same as
+ // doubling 2^n R, n times (doubling any x, n times, computes 2^n * x). When n
+ // is below some threshold, doubling is faster; when above, squaring is
+ // faster. From benchmarking various 32-bit and 64-bit architectures, the word
+ // count seems to work well as a threshold. (Doubling scales linearly and
+ // Montgomery reduction scales quadratically, so the threshold should scale
+ // roughly linearly.)
+ //
+ // The multiply steps take 2^n R to 2*2^n R = 2^(n+1) R. It is faster to
+ // double the value instead, so the square-and-multiply exponentiation would
+ // become square-and-double. However, when using the word count as the
+ // threshold, it turns out that no multiply/double steps will be needed at
+ // all, because squaring any x, i times, computes x^(2^i):
+ //
+ // (2^threshold)^(2^BN_BITS2_LG) R
+ // (2^mont->N.width)^BN_BITS2 R
+ // = 2^(mont->N.width*BN_BITS2) R
+ // = 2^lgBigR R
+ // = RR
+ int threshold = mont->N.width;
+
+ // Calculate 2^threshold R = 2^(threshold + lgBigR) by doubling. The
+ // first n_bits - 1 doubles can be skipped because we don't need to reduce.
+ if (!BN_set_bit(&mont->RR, n_bits - 1) ||
+ !bn_mod_lshift_consttime(&mont->RR, &mont->RR,
+ threshold + (lgBigR - (n_bits - 1)),
+ &mont->N, ctx)) {
return 0;
}
- return 1;
+ // The above steps are the same regardless of the threshold. The steps below
+ // need to be modified if the threshold changes.
+ assert(threshold == mont->N.width);
+ for (unsigned i = 0; i < BN_BITS2_LG; i++) {
+ if (!BN_mod_mul_montgomery(&mont->RR, &mont->RR, &mont->RR, mont, ctx)) {
+ return 0;
+ }
+ }
+
+ return bn_resize_words(&mont->RR, mont->N.width);
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/mul.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/mul.c
index 559b2d6d..c0e170ec 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/mul.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/mul.c
@@ -143,17 +143,13 @@ static BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a,
// in |a| were zeros.
dl = -dl;
for (int i = 0; i < dl; i++) {
- r[i] = 0u - b[i] - borrow;
- borrow |= r[i] != 0;
+ r[i] = CRYPTO_subc_w(0, b[i], borrow, &borrow);
}
} else {
// |b| is shorter than |a|. Complete the subtraction as if the excess words
// in |b| were zeros.
for (int i = 0; i < dl; i++) {
- // |r| and |a| may alias, so use a temporary.
- BN_ULONG tmp = a[i];
- r[i] = a[i] - borrow;
- borrow = tmp < r[i];
+ r[i] = CRYPTO_subc_w(a[i], 0, borrow, &borrow);
}
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/prime.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/prime.c
index 3f6b0515..dd53dfe8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/prime.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/prime.c
@@ -359,14 +359,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add,
static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
const BIGNUM *rem, BN_CTX *ctx);
-BN_GENCB *BN_GENCB_new(void) {
- BN_GENCB *callback = OPENSSL_malloc(sizeof(BN_GENCB));
- if (callback == NULL) {
- return NULL;
- }
- OPENSSL_memset(callback, 0, sizeof(BN_GENCB));
- return callback;
-}
+BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); }
void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); }
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/random.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/random.c
index c1deda92..88985f2e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/random.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/random.c
@@ -281,8 +281,14 @@ int bn_rand_range_words(BN_ULONG *out, BN_ULONG min_inclusive,
out[words - 1] &= mask;
// If out >= max_exclusive or out < min_inclusive, retry. This implements
- // the equivalent of steps 6 and 7 without leaking the value of |out|.
- } while (!bn_in_range_words(out, min_inclusive, max_exclusive, words));
+ // the equivalent of steps 6 and 7 without leaking the value of |out|. The
+ // result of this comparison may be treated as public. It only reveals how
+ // many attempts were needed before we found a value in range. This is
+ // independent of the final secret output, and has a distribution that
+ // depends only on |min_inclusive| and |max_exclusive|, both of which are
+ // public.
+ } while (!constant_time_declassify_int(
+ bn_in_range_words(out, min_inclusive, max_exclusive, words)));
return 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c
index 6e125c4b..8f9295ae 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bn/rsaz_exp.c
@@ -24,13 +24,13 @@
#include "../../internal.h"
-// one is 1 in RSAZ's representation.
-alignas(64) static const BN_ULONG one[40] = {
+// rsaz_one is 1 in RSAZ's representation.
+alignas(64) static const BN_ULONG rsaz_one[40] = {
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
-// two80 is 2^80 in RSAZ's representation. Note RSAZ uses base 2^29, so this is
+// rsaz_two80 is 2^80 in RSAZ's representation. Note RSAZ uses base 2^29, so this is
// 2^(29*2 + 22) = 2^80, not 2^(64*2 + 22).
-alignas(64) static const BN_ULONG two80[40] = {
+alignas(64) static const BN_ULONG rsaz_two80[40] = {
0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
@@ -64,12 +64,12 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
// giving R = 2^(36*29) = 2^1044.
rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
// R2 = 2^2048 * 2^2048 / 2^1044 = 2^3052
- rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
+ rsaz_1024_mul_avx2(R2, R2, rsaz_two80, m, k0);
// R2 = 2^3052 * 2^80 / 2^1044 = 2^2088 = (2^1044)^2
// table[0] = 1
// table[1] = a_inv^1
- rsaz_1024_mul_avx2(result, R2, one, m, k0);
+ rsaz_1024_mul_avx2(result, R2, rsaz_one, m, k0);
rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
rsaz_1024_scatter5_avx2(table_s, result, 0);
rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
@@ -125,7 +125,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
// Convert from Montgomery.
- rsaz_1024_mul_avx2(result, result, one, m, k0);
+ rsaz_1024_mul_avx2(result, result, rsaz_one, m, k0);
rsaz_1024_red2norm_avx2(result_norm, result);
BN_ULONG scratch[16];
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S
index abb26c2f..a583109b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
@ Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
@
@ Licensed under the OpenSSL license (the "License"). You may not use
@@ -77,7 +69,6 @@
# define VFP_ABI_FRAME 0
# define BSAES_ASM_EXTENDED_KEY
# define XTS_CHAIN_TWEAK
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
# define __ARM_MAX_ARCH__ 7
#endif
@@ -1535,11 +1526,7 @@ Lctr_enc_bzero:@ wipe key schedule [if any]
@ out to retain a constant-time implementation.
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-linux.linux.arm.S
index cf4188f8..213f31e6 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/bsaes-armv7-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
@ Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
@
@ Licensed under the OpenSSL license (the "License"). You may not use
@@ -77,7 +69,6 @@
# define VFP_ABI_FRAME 0
# define BSAES_ASM_EXTENDED_KEY
# define XTS_CHAIN_TWEAK
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
# define __ARM_MAX_ARCH__ 7
#endif
@@ -1525,11 +1516,7 @@ bsaes_ctr32_encrypt_blocks:
@ out to retain a constant-time implementation.
.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/cipher.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/cipher.c
index f9b6e75d..ffd4cfe8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/cipher.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/cipher.c
@@ -113,12 +113,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX));
if (in->cipher_data && in->cipher->ctx_size) {
- out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+ out->cipher_data = OPENSSL_memdup(in->cipher_data, in->cipher->ctx_size);
if (!out->cipher_data) {
out->cipher = NULL;
return 0;
}
- OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
@@ -586,6 +585,16 @@ unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) {
}
unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) {
+ if (EVP_CIPHER_mode(ctx->cipher) == EVP_CIPH_GCM_MODE) {
+ int length;
+ int res = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0,
+ &length);
+ // EVP_CIPHER_CTX_ctrl returning an error should be impossible under this
+ // circumstance. If it somehow did, fallback to the static cipher iv_len.
+ if (res == 1) {
+ return length;
+ }
+ }
return ctx->cipher->iv_len;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aes.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aes.c
index 90da5d3f..16c1c9d0 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aes.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aes.c
@@ -408,22 +408,6 @@ static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) {
}
}
-// increment counter (64-bit int) by 1
-static void ctr64_inc(uint8_t *counter) {
- int n = 8;
- uint8_t c;
-
- do {
- --n;
- c = counter[n];
- ++c;
- counter[n] = c;
- if (c) {
- return;
- }
- } while (n);
-}
-
static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
EVP_AES_GCM_CTX *gctx = aes_gcm_from_cipher_ctx(c);
switch (type) {
@@ -454,6 +438,10 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
gctx->ivlen = arg;
return 1;
+ case EVP_CTRL_GET_IVLEN:
+ *(int *)ptr = gctx->ivlen;
+ return 1;
+
case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || c->encrypt) {
return 0;
@@ -481,9 +469,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (arg < 4 || (gctx->ivlen - arg) < 8) {
return 0;
}
- if (arg) {
- OPENSSL_memcpy(gctx->iv, ptr, arg);
- }
+ OPENSSL_memcpy(gctx->iv, ptr, arg);
if (c->encrypt) {
// |RAND_bytes| calls within the fipsmodule should be wrapped with state
// lock functions to avoid updating the service indicator with the DRBG
@@ -495,7 +481,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
gctx->iv_gen = 1;
return 1;
- case EVP_CTRL_GCM_IV_GEN:
+ case EVP_CTRL_GCM_IV_GEN: {
if (gctx->iv_gen == 0 || gctx->key_set == 0) {
return 0;
}
@@ -504,12 +490,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
arg = gctx->ivlen;
}
OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
- // Invocation field will be at least 8 bytes in size and
- // so no need to check wrap around or increment more than
- // last 8 bytes.
- ctr64_inc(gctx->iv + gctx->ivlen - 8);
+ // Invocation field will be at least 8 bytes in size, so no need to check
+ // wrap around or increment more than last 8 bytes.
+ uint8_t *ctr = gctx->iv + gctx->ivlen - 8;
+ CRYPTO_store_u64_be(ctr, CRYPTO_load_u64_be(ctr) + 1);
gctx->iv_set = 1;
return 1;
+ }
case EVP_CTRL_GCM_SET_IV_INV:
if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c
index e7a36f43..8a2dc56f 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/cipher/e_aesccm.c
@@ -55,6 +55,7 @@
#include
#include "../delocate.h"
+#include "../modes/internal.h"
#include "../service_indicator/internal.h"
#include "internal.h"
@@ -66,10 +67,8 @@ struct ccm128_context {
};
struct ccm128_state {
- union {
- uint64_t u[2];
- uint8_t c[16];
- } nonce, cmac;
+ alignas(16) uint8_t nonce[16];
+ alignas(16) uint8_t cmac[16];
};
static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
@@ -86,7 +85,7 @@ static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
}
static size_t CRYPTO_ccm128_max_input(const struct ccm128_context *ctx) {
- return ctx->L >= sizeof(size_t) ? (size_t)-1
+ return ctx->L >= sizeof(size_t) ? SIZE_MAX
: (((size_t)1) << (ctx->L * 8)) - 1;
}
@@ -107,16 +106,16 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
// Assemble the first block for computing the MAC.
OPENSSL_memset(state, 0, sizeof(*state));
- state->nonce.c[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
+ state->nonce[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
if (aad_len != 0) {
- state->nonce.c[0] |= 0x40; // Set AAD Flag
+ state->nonce[0] |= 0x40; // Set AAD Flag
}
- OPENSSL_memcpy(&state->nonce.c[1], nonce, nonce_len);
+ OPENSSL_memcpy(&state->nonce[1], nonce, nonce_len);
for (unsigned i = 0; i < L; i++) {
- state->nonce.c[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
+ state->nonce[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
}
- (*block)(state->nonce.c, state->cmac.c, key);
+ (*block)(state->nonce, state->cmac, key);
size_t blocks = 1;
if (aad_len != 0) {
@@ -124,38 +123,38 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
// Cast to u64 to avoid the compiler complaining about invalid shifts.
uint64_t aad_len_u64 = aad_len;
if (aad_len_u64 < 0x10000 - 0x100) {
- state->cmac.c[0] ^= (uint8_t)(aad_len_u64 >> 8);
- state->cmac.c[1] ^= (uint8_t)aad_len_u64;
+ state->cmac[0] ^= (uint8_t)(aad_len_u64 >> 8);
+ state->cmac[1] ^= (uint8_t)aad_len_u64;
i = 2;
} else if (aad_len_u64 <= 0xffffffff) {
- state->cmac.c[0] ^= 0xff;
- state->cmac.c[1] ^= 0xfe;
- state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 24);
- state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 16);
- state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 8);
- state->cmac.c[5] ^= (uint8_t)aad_len_u64;
+ state->cmac[0] ^= 0xff;
+ state->cmac[1] ^= 0xfe;
+ state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 24);
+ state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 16);
+ state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 8);
+ state->cmac[5] ^= (uint8_t)aad_len_u64;
i = 6;
} else {
- state->cmac.c[0] ^= 0xff;
- state->cmac.c[1] ^= 0xff;
- state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 56);
- state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 48);
- state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 40);
- state->cmac.c[5] ^= (uint8_t)(aad_len_u64 >> 32);
- state->cmac.c[6] ^= (uint8_t)(aad_len_u64 >> 24);
- state->cmac.c[7] ^= (uint8_t)(aad_len_u64 >> 16);
- state->cmac.c[8] ^= (uint8_t)(aad_len_u64 >> 8);
- state->cmac.c[9] ^= (uint8_t)aad_len_u64;
+ state->cmac[0] ^= 0xff;
+ state->cmac[1] ^= 0xff;
+ state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 56);
+ state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 48);
+ state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 40);
+ state->cmac[5] ^= (uint8_t)(aad_len_u64 >> 32);
+ state->cmac[6] ^= (uint8_t)(aad_len_u64 >> 24);
+ state->cmac[7] ^= (uint8_t)(aad_len_u64 >> 16);
+ state->cmac[8] ^= (uint8_t)(aad_len_u64 >> 8);
+ state->cmac[9] ^= (uint8_t)aad_len_u64;
i = 10;
}
do {
for (; i < 16 && aad_len != 0; i++) {
- state->cmac.c[i] ^= *aad;
+ state->cmac[i] ^= *aad;
aad++;
aad_len--;
}
- (*block)(state->cmac.c, state->cmac.c, key);
+ (*block)(state->cmac, state->cmac, key);
blocks++;
i = 0;
} while (aad_len != 0);
@@ -174,7 +173,7 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
// Assemble the first block for encrypting and decrypting. The bottom |L|
// bytes are replaced with a counter and all bit the encoding of |L| is
// cleared in the first byte.
- state->nonce.c[0] &= 7;
+ state->nonce[0] &= 7;
return 1;
}
@@ -183,17 +182,17 @@ static int ccm128_encrypt(const struct ccm128_context *ctx,
uint8_t *out, const uint8_t *in, size_t len) {
// The counter for encryption begins at one.
for (unsigned i = 0; i < ctx->L; i++) {
- state->nonce.c[15 - i] = 0;
+ state->nonce[15 - i] = 0;
}
- state->nonce.c[15] = 1;
+ state->nonce[15] = 1;
uint8_t partial_buf[16];
unsigned num = 0;
if (ctx->ctr != NULL) {
- CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce.c, partial_buf,
+ CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce, partial_buf,
&num, ctx->ctr);
} else {
- CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce.c, partial_buf, &num,
+ CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce, partial_buf, &num,
ctx->block);
}
return 1;
@@ -209,34 +208,28 @@ static int ccm128_compute_mac(const struct ccm128_context *ctx,
}
// Incorporate |in| into the MAC.
- union {
- uint64_t u[2];
- uint8_t c[16];
- } tmp;
while (len >= 16) {
- OPENSSL_memcpy(tmp.c, in, 16);
- state->cmac.u[0] ^= tmp.u[0];
- state->cmac.u[1] ^= tmp.u[1];
- (*block)(state->cmac.c, state->cmac.c, key);
+ CRYPTO_xor16(state->cmac, state->cmac, in);
+ (*block)(state->cmac, state->cmac, key);
in += 16;
len -= 16;
}
if (len > 0) {
for (size_t i = 0; i < len; i++) {
- state->cmac.c[i] ^= in[i];
+ state->cmac[i] ^= in[i];
}
- (*block)(state->cmac.c, state->cmac.c, key);
+ (*block)(state->cmac, state->cmac, key);
}
// Encrypt the MAC with counter zero.
for (unsigned i = 0; i < ctx->L; i++) {
- state->nonce.c[15 - i] = 0;
+ state->nonce[15 - i] = 0;
}
- (*block)(state->nonce.c, tmp.c, key);
- state->cmac.u[0] ^= tmp.u[0];
- state->cmac.u[1] ^= tmp.u[1];
+ alignas(16) uint8_t tmp[16];
+ (*block)(state->nonce, tmp, key);
+ CRYPTO_xor16(state->cmac, state->cmac, tmp);
- OPENSSL_memcpy(out_tag, state->cmac.c, tag_len);
+ OPENSSL_memcpy(out_tag, state->cmac, tag_len);
return 1;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/co-586-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/co-586-linux.linux.x86.S
index c2108489..5b2d8b42 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/co-586-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/co-586-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl bn_mul_comba8
.hidden bn_mul_comba8
@@ -1270,11 +1263,7 @@ bn_sqr_comba4:
popl %esi
ret
.size bn_sqr_comba4,.-.L_bn_sqr_comba4_begin
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/delocate.h b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/delocate.h
index 57763fd4..7bfeb730 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/delocate.h
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/delocate.h
@@ -27,9 +27,8 @@
type *name##_bss_get(void) __attribute__((const));
// For FIPS builds we require that CRYPTO_ONCE_INIT be zero.
#define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name)
-// For FIPS builds we require that CRYPTO_STATIC_MUTEX_INIT be zero.
-#define DEFINE_STATIC_MUTEX(name) \
- DEFINE_BSS_GET(struct CRYPTO_STATIC_MUTEX, name)
+// For FIPS builds we require that CRYPTO_MUTEX_INIT be zero.
+#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name)
// For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero.
#define DEFINE_STATIC_EX_DATA_CLASS(name) \
DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name)
@@ -40,9 +39,9 @@
#define DEFINE_STATIC_ONCE(name) \
static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \
static CRYPTO_once_t *name##_bss_get(void) { return &name; }
-#define DEFINE_STATIC_MUTEX(name) \
- static struct CRYPTO_STATIC_MUTEX name = CRYPTO_STATIC_MUTEX_INIT; \
- static struct CRYPTO_STATIC_MUTEX *name##_bss_get(void) { return &name; }
+#define DEFINE_STATIC_MUTEX(name) \
+ static CRYPTO_MUTEX name = CRYPTO_MUTEX_INIT; \
+ static CRYPTO_MUTEX *name##_bss_get(void) { return &name; }
#define DEFINE_STATIC_EX_DATA_CLASS(name) \
static CRYPTO_EX_DATA_CLASS name = CRYPTO_EX_DATA_CLASS_INIT; \
static CRYPTO_EX_DATA_CLASS *name##_bss_get(void) { return &name; }
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/check.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/check.c
index 993e02d7..bca8133e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/check.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/check.c
@@ -57,12 +57,40 @@
#include
#include
+#include
#include "internal.h"
+int dh_check_params_fast(const DH *dh) {
+ // Most operations scale with p and q.
+ if (BN_is_negative(dh->p) || !BN_is_odd(dh->p) ||
+ BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PARAMETERS);
+ return 0;
+ }
+
+ // q must be bounded by p.
+ if (dh->q != NULL && (BN_is_negative(dh->q) || BN_ucmp(dh->q, dh->p) > 0)) {
+ OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PARAMETERS);
+ return 0;
+ }
+
+ // g must be an element of p's multiplicative group.
+ if (BN_is_negative(dh->g) || BN_is_zero(dh->g) ||
+ BN_ucmp(dh->g, dh->p) >= 0) {
+ OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PARAMETERS);
+ return 0;
+ }
+
+ return 1;
+}
+
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *out_flags) {
*out_flags = 0;
+ if (!dh_check_params_fast(dh)) {
+ return 0;
+ }
BN_CTX *ctx = BN_CTX_new();
if (ctx == NULL) {
@@ -73,17 +101,14 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *out_flags) {
int ok = 0;
// Check |pub_key| is greater than 1.
- BIGNUM *tmp = BN_CTX_get(ctx);
- if (tmp == NULL ||
- !BN_set_word(tmp, 1)) {
- goto err;
- }
- if (BN_cmp(pub_key, tmp) <= 0) {
+ if (BN_cmp(pub_key, BN_value_one()) <= 0) {
*out_flags |= DH_CHECK_PUBKEY_TOO_SMALL;
}
// Check |pub_key| is less than |dh->p| - 1.
- if (!BN_copy(tmp, dh->p) ||
+ BIGNUM *tmp = BN_CTX_get(ctx);
+ if (tmp == NULL ||
+ !BN_copy(tmp, dh->p) ||
!BN_sub_word(tmp, 1)) {
goto err;
}
@@ -113,6 +138,11 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *out_flags) {
int DH_check(const DH *dh, int *out_flags) {
+ *out_flags = 0;
+ if (!dh_check_params_fast(dh)) {
+ return 0;
+ }
+
// Check that p is a safe prime and if g is 2, 3 or 5, check that it is a
// suitable generator where:
// for 2, p mod 24 == 11
@@ -124,7 +154,6 @@ int DH_check(const DH *dh, int *out_flags) {
BN_ULONG l;
BIGNUM *t1 = NULL, *t2 = NULL;
- *out_flags = 0;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/dh.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/dh.c
index bf28215f..445ac755 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/dh.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/dh.c
@@ -70,20 +70,14 @@
#include "internal.h"
-#define OPENSSL_DH_MAX_MODULUS_BITS 10000
-
DH *DH_new(void) {
- DH *dh = OPENSSL_malloc(sizeof(DH));
+ DH *dh = OPENSSL_zalloc(sizeof(DH));
if (dh == NULL) {
return NULL;
}
- OPENSSL_memset(dh, 0, sizeof(DH));
-
CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
-
dh->references = 1;
-
return dh;
}
@@ -191,15 +185,14 @@ int DH_set_length(DH *dh, unsigned priv_length) {
int DH_generate_key(DH *dh) {
boringssl_ensure_ffdh_self_test();
+ if (!dh_check_params_fast(dh)) {
+ return 0;
+ }
+
int ok = 0;
int generate_new_key = 0;
BN_CTX *ctx = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
- OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
+ BIGNUM *pub_key = NULL, *priv_key = NULL, *priv_key_limit = NULL;
ctx = BN_CTX_new();
if (ctx == NULL) {
@@ -232,22 +225,44 @@ int DH_generate_key(DH *dh) {
if (generate_new_key) {
if (dh->q) {
- if (!BN_rand_range_ex(priv_key, 2, dh->q)) {
+ // Section 5.6.1.1.4 of SP 800-56A Rev3 generates a private key uniformly
+ // from [1, min(2^N-1, q-1)].
+ //
+ // Although SP 800-56A Rev3 now permits a private key length N,
+ // |dh->priv_length| historically was ignored when q is available. We
+ // continue to ignore it and interpret such a configuration as N = len(q).
+ if (!BN_rand_range_ex(priv_key, 1, dh->q)) {
goto err;
}
} else {
- // secret exponent length
- unsigned priv_bits = dh->priv_length;
- if (priv_bits == 0) {
- const unsigned p_bits = BN_num_bits(dh->p);
- if (p_bits == 0) {
+ // If q is unspecified, we expect p to be a safe prime, with g generating
+ // the (p-1)/2 subgroup. So, we use q = (p-1)/2. (If g generates a smaller
+ // prime-order subgroup, q will still divide (p-1)/2.)
+ //
+ // We set N from |dh->priv_length|. Section 5.6.1.1.4 of SP 800-56A Rev3
+ // says to reject N > len(q), or N > num_bits(p) - 1. However, this logic
+ // originally aligned with PKCS#3, which allows num_bits(p). Instead, we
+ // clamp |dh->priv_length| before invoking the algorithm.
+
+ // Compute M = min(2^N, q).
+ priv_key_limit = BN_new();
+ if (priv_key_limit == NULL) {
+ goto err;
+ }
+ if (dh->priv_length == 0 || dh->priv_length >= BN_num_bits(dh->p) - 1) {
+ // M = q = (p - 1) / 2.
+ if (!BN_rshift1(priv_key_limit, dh->p)) {
+ goto err;
+ }
+ } else {
+ // M = 2^N.
+ if (!BN_set_bit(priv_key_limit, dh->priv_length)) {
goto err;
}
-
- priv_bits = p_bits - 1;
}
- if (!BN_rand(priv_key, priv_bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) {
+ // Choose a private key uniformly from [1, M-1].
+ if (!BN_rand_range_ex(priv_key, 1, priv_key_limit)) {
goto err;
}
}
@@ -273,14 +288,14 @@ int DH_generate_key(DH *dh) {
if (dh->priv_key == NULL) {
BN_free(priv_key);
}
+ BN_free(priv_key_limit);
BN_CTX_free(ctx);
return ok;
}
static int dh_compute_key(DH *dh, BIGNUM *out_shared_key,
const BIGNUM *peers_key, BN_CTX *ctx) {
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
- OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
+ if (!dh_check_params_fast(dh)) {
return 0;
}
@@ -379,7 +394,7 @@ int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
size_t max_out_len, const BIGNUM *peers_key,
const EVP_MD *digest) {
- *out_len = (size_t)-1;
+ *out_len = SIZE_MAX;
const size_t digest_len = EVP_MD_size(digest);
if (digest_len > max_out_len) {
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/internal.h b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/internal.h
index 7e07652c..5b259730 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/dh/internal.h
@@ -19,11 +19,15 @@
#include
+#include "../../internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
+#define OPENSSL_DH_MAX_MODULUS_BITS 10000
+
struct dh_st {
BIGNUM *p;
BIGNUM *g;
@@ -42,6 +46,11 @@ struct dh_st {
CRYPTO_refcount_t references;
};
+// dh_check_params_fast checks basic invariants on |dh|'s domain parameters. It
+// does not check that |dh| forms a valid group, only that the sizes are within
+// DoS bounds.
+int dh_check_params_fast(const DH *dh);
+
// dh_compute_key_padded_no_self_test does the same as |DH_compute_key_padded|,
// but doesn't try to run the self-test first. This is for use in the self tests
// themselves, to prevent an infinite loop.
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/digest/digest.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/digest/digest.c
index 5ddc50f0..c7eec59d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/digest/digest.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/digest/digest.c
@@ -185,6 +185,10 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in) {
EVP_MD_CTX_cleanup(out);
// While not guaranteed, |EVP_MD_CTX| is currently safe to move with |memcpy|.
+ // bssl-crypto currently relies on this, however, so if we change this, we
+ // need to box the |HMAC_CTX|. (Relying on this is only fine because we assume
+ // BoringSSL and bssl-crypto will always be updated atomically. We do not
+ // allow any version skew between the two.)
OPENSSL_memcpy(out, in, sizeof(EVP_MD_CTX));
EVP_MD_CTX_init(in);
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/builtin_curves.h b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/builtin_curves.h
new file mode 100644
index 00000000..0b489ab5
--- /dev/null
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/builtin_curves.h
@@ -0,0 +1,277 @@
+/* Copyright (c) 2023, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// This file is generated by make_tables.go.
+
+// P-224
+OPENSSL_UNUSED static const uint64_t kP224FieldN0 = 0xffffffffffffffff;
+OPENSSL_UNUSED static const uint64_t kP224OrderN0 = 0xd6e242706a1fc2eb;
+#if defined(OPENSSL_64_BIT)
+OPENSSL_UNUSED static const uint64_t kP224Field[] = {
+ 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff,
+ 0x00000000ffffffff};
+OPENSSL_UNUSED static const uint64_t kP224Order[] = {
+ 0x13dd29455c5c2a3d, 0xffff16a2e0b8f03e, 0xffffffffffffffff,
+ 0x00000000ffffffff};
+OPENSSL_UNUSED static const uint64_t kP224B[] = {
+ 0x270b39432355ffb4, 0x5044b0b7d7bfd8ba, 0x0c04b3abf5413256,
+ 0x00000000b4050a85};
+OPENSSL_UNUSED static const uint64_t kP224GX[] = {
+ 0x343280d6115c1d21, 0x4a03c1d356c21122, 0x6bb4bf7f321390b9,
+ 0x00000000b70e0cbd};
+OPENSSL_UNUSED static const uint64_t kP224GY[] = {
+ 0x44d5819985007e34, 0xcd4375a05a074764, 0xb5f723fb4c22dfe6,
+ 0x00000000bd376388};
+OPENSSL_UNUSED static const uint64_t kP224FieldR[] = {
+ 0xffffffff00000000, 0xffffffffffffffff, 0x0000000000000000,
+ 0x0000000000000000};
+OPENSSL_UNUSED static const uint64_t kP224FieldRR[] = {
+ 0xffffffff00000001, 0xffffffff00000000, 0xfffffffe00000000,
+ 0x00000000ffffffff};
+OPENSSL_UNUSED static const uint64_t kP224OrderRR[] = {
+ 0x29947a695f517d15, 0xabc8ff5931d63f4b, 0x6ad15f7cd9714856,
+ 0x00000000b1e97961};
+OPENSSL_UNUSED static const uint64_t kP224MontB[] = {
+ 0xe768cdf663c059cd, 0x107ac2f3ccf01310, 0x3dceba98c8528151,
+ 0x000000007fc02f93};
+OPENSSL_UNUSED static const uint64_t kP224MontGX[] = {
+ 0xbc9052266d0a4aea, 0x852597366018bfaa, 0x6dd3af9bf96bec05,
+ 0x00000000a21b5e60};
+OPENSSL_UNUSED static const uint64_t kP224MontGY[] = {
+ 0x2edca1e5eff3ede8, 0xf8cd672b05335a6b, 0xaea9c5ae03dfe878,
+ 0x00000000614786f1};
+#elif defined(OPENSSL_32_BIT)
+OPENSSL_UNUSED static const uint32_t kP224Field[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0xffffffff, 0xffffffff, 0xffffffff,
+ 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP224Order[] = {
+ 0x5c5c2a3d, 0x13dd2945, 0xe0b8f03e, 0xffff16a2, 0xffffffff, 0xffffffff,
+ 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP224B[] = {
+ 0x2355ffb4, 0x270b3943, 0xd7bfd8ba, 0x5044b0b7, 0xf5413256, 0x0c04b3ab,
+ 0xb4050a85};
+OPENSSL_UNUSED static const uint32_t kP224GX[] = {
+ 0x115c1d21, 0x343280d6, 0x56c21122, 0x4a03c1d3, 0x321390b9, 0x6bb4bf7f,
+ 0xb70e0cbd};
+OPENSSL_UNUSED static const uint32_t kP224GY[] = {
+ 0x85007e34, 0x44d58199, 0x5a074764, 0xcd4375a0, 0x4c22dfe6, 0xb5f723fb,
+ 0xbd376388};
+OPENSSL_UNUSED static const uint32_t kP224FieldR[] = {
+ 0xffffffff, 0xffffffff, 0xffffffff, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP224FieldRR[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0xfffffffe, 0xffffffff, 0xffffffff,
+ 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP224OrderRR[] = {
+ 0x3ad01289, 0x6bdaae6c, 0x97a54552, 0x6ad09d91, 0xb1e97961, 0x1822bc47,
+ 0xd4baa4cf};
+OPENSSL_UNUSED static const uint32_t kP224MontB[] = {
+ 0xe768cdf7, 0xccf01310, 0x743b1cc0, 0xc8528150, 0x3dceba98, 0x7fc02f93,
+ 0x9c3fa633};
+OPENSSL_UNUSED static const uint32_t kP224MontGX[] = {
+ 0xbc905227, 0x6018bfaa, 0xf22fe220, 0xf96bec04, 0x6dd3af9b, 0xa21b5e60,
+ 0x92f5b516};
+OPENSSL_UNUSED static const uint32_t kP224MontGY[] = {
+ 0x2edca1e6, 0x05335a6b, 0xe8c15513, 0x03dfe878, 0xaea9c5ae, 0x614786f1,
+ 0x100c1218};
+#else
+#error "unknown word size"
+#endif
+
+// P-256
+OPENSSL_UNUSED static const uint64_t kP256FieldN0 = 0x0000000000000001;
+OPENSSL_UNUSED static const uint64_t kP256OrderN0 = 0xccd1c8aaee00bc4f;
+#if defined(OPENSSL_64_BIT)
+OPENSSL_UNUSED static const uint64_t kP256Field[] = {
+ 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000,
+ 0xffffffff00000001};
+OPENSSL_UNUSED static const uint64_t kP256Order[] = {
+ 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff,
+ 0xffffffff00000000};
+OPENSSL_UNUSED static const uint64_t kP256FieldR[] = {
+ 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff,
+ 0x00000000fffffffe};
+OPENSSL_UNUSED static const uint64_t kP256FieldRR[] = {
+ 0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe,
+ 0x00000004fffffffd};
+OPENSSL_UNUSED static const uint64_t kP256OrderRR[] = {
+ 0x83244c95be79eea2, 0x4699799c49bd6fa6, 0x2845b2392b6bec59,
+ 0x66e12d94f3d95620};
+OPENSSL_UNUSED static const uint64_t kP256MontB[] = {
+ 0xd89cdf6229c4bddf, 0xacf005cd78843090, 0xe5a220abf7212ed6,
+ 0xdc30061d04874834};
+OPENSSL_UNUSED static const uint64_t kP256MontGX[] = {
+ 0x79e730d418a9143c, 0x75ba95fc5fedb601, 0x79fb732b77622510,
+ 0x18905f76a53755c6};
+OPENSSL_UNUSED static const uint64_t kP256MontGY[] = {
+ 0xddf25357ce95560a, 0x8b4ab8e4ba19e45c, 0xd2e88688dd21f325,
+ 0x8571ff1825885d85};
+#elif defined(OPENSSL_32_BIT)
+OPENSSL_UNUSED static const uint32_t kP256Field[] = {
+ 0xffffffff, 0xffffffff, 0xffffffff, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000001, 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP256Order[] = {
+ 0xfc632551, 0xf3b9cac2, 0xa7179e84, 0xbce6faad, 0xffffffff, 0xffffffff,
+ 0x00000000, 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP256FieldR[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0xffffffff, 0xffffffff, 0xffffffff,
+ 0xfffffffe, 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP256FieldRR[] = {
+ 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb, 0xfffffffe, 0xffffffff,
+ 0xfffffffd, 0x00000004};
+OPENSSL_UNUSED static const uint32_t kP256OrderRR[] = {
+ 0xbe79eea2, 0x83244c95, 0x49bd6fa6, 0x4699799c, 0x2b6bec59, 0x2845b239,
+ 0xf3d95620, 0x66e12d94};
+OPENSSL_UNUSED static const uint32_t kP256MontB[] = {
+ 0x29c4bddf, 0xd89cdf62, 0x78843090, 0xacf005cd, 0xf7212ed6, 0xe5a220ab,
+ 0x04874834, 0xdc30061d};
+OPENSSL_UNUSED static const uint32_t kP256MontGX[] = {
+ 0x18a9143c, 0x79e730d4, 0x5fedb601, 0x75ba95fc, 0x77622510, 0x79fb732b,
+ 0xa53755c6, 0x18905f76};
+OPENSSL_UNUSED static const uint32_t kP256MontGY[] = {
+ 0xce95560a, 0xddf25357, 0xba19e45c, 0x8b4ab8e4, 0xdd21f325, 0xd2e88688,
+ 0x25885d85, 0x8571ff18};
+#else
+#error "unknown word size"
+#endif
+
+// P-384
+OPENSSL_UNUSED static const uint64_t kP384FieldN0 = 0x0000000100000001;
+OPENSSL_UNUSED static const uint64_t kP384OrderN0 = 0x6ed46089e88fdc45;
+#if defined(OPENSSL_64_BIT)
+OPENSSL_UNUSED static const uint64_t kP384Field[] = {
+ 0x00000000ffffffff, 0xffffffff00000000, 0xfffffffffffffffe,
+ 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};
+OPENSSL_UNUSED static const uint64_t kP384Order[] = {
+ 0xecec196accc52973, 0x581a0db248b0a77a, 0xc7634d81f4372ddf,
+ 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff};
+OPENSSL_UNUSED static const uint64_t kP384FieldR[] = {
+ 0xffffffff00000001, 0x00000000ffffffff, 0x0000000000000001,
+ 0x0000000000000000, 0x0000000000000000, 0x0000000000000000};
+OPENSSL_UNUSED static const uint64_t kP384FieldRR[] = {
+ 0xfffffffe00000001, 0x0000000200000000, 0xfffffffe00000000,
+ 0x0000000200000000, 0x0000000000000001, 0x0000000000000000};
+OPENSSL_UNUSED static const uint64_t kP384OrderRR[] = {
+ 0x2d319b2419b409a9, 0xff3d81e5df1aa419, 0xbc3e483afcb82947,
+ 0xd40d49174aab1cc5, 0x3fb05b7a28266895, 0x0c84ee012b39bf21};
+OPENSSL_UNUSED static const uint64_t kP384MontB[] = {
+ 0x081188719d412dcc, 0xf729add87a4c32ec, 0x77f2209b1920022e,
+ 0xe3374bee94938ae2, 0xb62b21f41f022094, 0xcd08114b604fbff9};
+OPENSSL_UNUSED static const uint64_t kP384MontGX[] = {
+ 0x3dd0756649c0b528, 0x20e378e2a0d6ce38, 0x879c3afc541b4d6e,
+ 0x6454868459a30eff, 0x812ff723614ede2b, 0x4d3aadc2299e1513};
+OPENSSL_UNUSED static const uint64_t kP384MontGY[] = {
+ 0x23043dad4b03a4fe, 0xa1bfa8bf7bb4a9ac, 0x8bade7562e83b050,
+ 0xc6c3521968f4ffd9, 0xdd8002263969a840, 0x2b78abc25a15c5e9};
+#elif defined(OPENSSL_32_BIT)
+OPENSSL_UNUSED static const uint32_t kP384Field[] = {
+ 0xffffffff, 0x00000000, 0x00000000, 0xffffffff, 0xfffffffe, 0xffffffff,
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP384Order[] = {
+ 0xccc52973, 0xecec196a, 0x48b0a77a, 0x581a0db2, 0xf4372ddf, 0xc7634d81,
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff};
+OPENSSL_UNUSED static const uint32_t kP384FieldR[] = {
+ 0x00000001, 0xffffffff, 0xffffffff, 0x00000000, 0x00000001, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP384FieldRR[] = {
+ 0x00000001, 0xfffffffe, 0x00000000, 0x00000002, 0x00000000, 0xfffffffe,
+ 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP384OrderRR[] = {
+ 0x19b409a9, 0x2d319b24, 0xdf1aa419, 0xff3d81e5, 0xfcb82947, 0xbc3e483a,
+ 0x4aab1cc5, 0xd40d4917, 0x28266895, 0x3fb05b7a, 0x2b39bf21, 0x0c84ee01};
+OPENSSL_UNUSED static const uint32_t kP384MontB[] = {
+ 0x9d412dcc, 0x08118871, 0x7a4c32ec, 0xf729add8, 0x1920022e, 0x77f2209b,
+ 0x94938ae2, 0xe3374bee, 0x1f022094, 0xb62b21f4, 0x604fbff9, 0xcd08114b};
+OPENSSL_UNUSED static const uint32_t kP384MontGX[] = {
+ 0x49c0b528, 0x3dd07566, 0xa0d6ce38, 0x20e378e2, 0x541b4d6e, 0x879c3afc,
+ 0x59a30eff, 0x64548684, 0x614ede2b, 0x812ff723, 0x299e1513, 0x4d3aadc2};
+OPENSSL_UNUSED static const uint32_t kP384MontGY[] = {
+ 0x4b03a4fe, 0x23043dad, 0x7bb4a9ac, 0xa1bfa8bf, 0x2e83b050, 0x8bade756,
+ 0x68f4ffd9, 0xc6c35219, 0x3969a840, 0xdd800226, 0x5a15c5e9, 0x2b78abc2};
+#else
+#error "unknown word size"
+#endif
+
+// P-521
+OPENSSL_UNUSED static const uint64_t kP521FieldN0 = 0x0000000000000001;
+OPENSSL_UNUSED static const uint64_t kP521OrderN0 = 0x1d2f5ccd79a995c7;
+#if defined(OPENSSL_64_BIT)
+OPENSSL_UNUSED static const uint64_t kP521Field[] = {
+ 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
+ 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff,
+ 0xffffffffffffffff, 0xffffffffffffffff, 0x00000000000001ff};
+OPENSSL_UNUSED static const uint64_t kP521Order[] = {
+ 0xbb6fb71e91386409, 0x3bb5c9b8899c47ae, 0x7fcc0148f709a5d0,
+ 0x51868783bf2f966b, 0xfffffffffffffffa, 0xffffffffffffffff,
+ 0xffffffffffffffff, 0xffffffffffffffff, 0x00000000000001ff};
+OPENSSL_UNUSED static const uint64_t kP521FieldR[] = {
+ 0x0080000000000000, 0x0000000000000000, 0x0000000000000000,
+ 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
+ 0x0000000000000000, 0x0000000000000000, 0x0000000000000000};
+OPENSSL_UNUSED static const uint64_t kP521FieldRR[] = {
+ 0x0000000000000000, 0x0000400000000000, 0x0000000000000000,
+ 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
+ 0x0000000000000000, 0x0000000000000000, 0x0000000000000000};
+OPENSSL_UNUSED static const uint64_t kP521OrderRR[] = {
+ 0x137cd04dcf15dd04, 0xf707badce5547ea3, 0x12a78d38794573ff,
+ 0xd3721ef557f75e06, 0xdd6e23d82e49c7db, 0xcff3d142b7756e3e,
+ 0x5bcc6d61a8e567bc, 0x2d8e03d1492d0d45, 0x000000000000003d};
+OPENSSL_UNUSED static const uint64_t kP521MontB[] = {
+ 0x8014654fae586387, 0x78f7a28fea35a81f, 0x839ab9efc41e961a,
+ 0xbd8b29605e9dd8df, 0xf0ab0c9ca8f63f49, 0xf9dc5a44c8c77884,
+ 0x77516d392dccd98a, 0x0fc94d10d05b42a0, 0x000000000000004d};
+OPENSSL_UNUSED static const uint64_t kP521MontGX[] = {
+ 0xb331a16381adc101, 0x4dfcbf3f18e172de, 0x6f19a459e0c2b521,
+ 0x947f0ee093d17fd4, 0xdd50a5af3bf7f3ac, 0x90fc1457b035a69e,
+ 0x214e32409c829fda, 0xe6cf1f65b311cada, 0x0000000000000074};
+OPENSSL_UNUSED static const uint64_t kP521MontGY[] = {
+ 0x28460e4a5a9e268e, 0x20445f4a3b4fe8b3, 0xb09a9e3843513961,
+ 0x2062a85c809fd683, 0x164bf7394caf7a13, 0x340bd7de8b939f33,
+ 0xeccc7aa224abcda2, 0x022e452fda163e8d, 0x00000000000001e0};
+#elif defined(OPENSSL_32_BIT)
+OPENSSL_UNUSED static const uint32_t kP521Field[] = {
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff,
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x000001ff};
+OPENSSL_UNUSED static const uint32_t kP521Order[] = {
+ 0x91386409, 0xbb6fb71e, 0x899c47ae, 0x3bb5c9b8, 0xf709a5d0, 0x7fcc0148,
+ 0xbf2f966b, 0x51868783, 0xfffffffa, 0xffffffff, 0xffffffff, 0xffffffff,
+ 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x000001ff};
+OPENSSL_UNUSED static const uint32_t kP521FieldR[] = {
+ 0x00800000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP521FieldRR[] = {
+ 0x00000000, 0x00004000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000};
+OPENSSL_UNUSED static const uint32_t kP521OrderRR[] = {
+ 0x61c64ca7, 0x1163115a, 0x4374a642, 0x18354a56, 0x0791d9dc, 0x5d4dd6d3,
+ 0xd3402705, 0x4fb35b72, 0xb7756e3a, 0xcff3d142, 0xa8e567bc, 0x5bcc6d61,
+ 0x492d0d45, 0x2d8e03d1, 0x8c44383d, 0x5b5a3afe, 0x0000019a};
+OPENSSL_UNUSED static const uint32_t kP521MontB[] = {
+ 0x8014654f, 0xea35a81f, 0x78f7a28f, 0xc41e961a, 0x839ab9ef, 0x5e9dd8df,
+ 0xbd8b2960, 0xa8f63f49, 0xf0ab0c9c, 0xc8c77884, 0xf9dc5a44, 0x2dccd98a,
+ 0x77516d39, 0xd05b42a0, 0x0fc94d10, 0xb0c70e4d, 0x0000015c};
+OPENSSL_UNUSED static const uint32_t kP521MontGX[] = {
+ 0xb331a163, 0x18e172de, 0x4dfcbf3f, 0xe0c2b521, 0x6f19a459, 0x93d17fd4,
+ 0x947f0ee0, 0x3bf7f3ac, 0xdd50a5af, 0xb035a69e, 0x90fc1457, 0x9c829fda,
+ 0x214e3240, 0xb311cada, 0xe6cf1f65, 0x5b820274, 0x00000103};
+OPENSSL_UNUSED static const uint32_t kP521MontGY[] = {
+ 0x28460e4a, 0x3b4fe8b3, 0x20445f4a, 0x43513961, 0xb09a9e38, 0x809fd683,
+ 0x2062a85c, 0x4caf7a13, 0x164bf739, 0x8b939f33, 0x340bd7de, 0x24abcda2,
+ 0xeccc7aa2, 0xda163e8d, 0x022e452f, 0x3c4d1de0, 0x000000b5};
+#else
+#error "unknown word size"
+#endif
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec.c
index 82eedd63..ee17cb84 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec.c
@@ -80,270 +80,147 @@
#include "../bn/internal.h"
#include "../delocate.h"
+#include "builtin_curves.h"
-static void ec_point_free(EC_POINT *point, int free_group);
-
-static const uint8_t kP224Params[6 * 28] = {
- // p = 2^224 - 2^96 + 1
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01,
- // a
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFE,
- // b
- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
- 0x23, 0x55, 0xFF, 0xB4,
- // x
- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
- 0x11, 0x5C, 0x1D, 0x21,
- // y
- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
- 0x85, 0x00, 0x7e, 0x34,
- // order
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
- 0x5C, 0x5C, 0x2A, 0x3D,
-};
-
-static const uint8_t kP256Params[6 * 32] = {
- // p = 2^256 - 2^224 + 2^192 + 2^96 - 1
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- // a
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- // b
- 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
- 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
- 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
- // x
- 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
- 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
- 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
- // y
- 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
- 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
- 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
- // order
- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
- 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51,
-};
-
-static const uint8_t kP384Params[6 * 48] = {
- // p = 2^384 - 2^128 - 2^96 + 2^32 - 1
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
- // a
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
- // b
- 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
- 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
- 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
- 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
- // x
- 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
- 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
- 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
- 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
- // y
- 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
- 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
- 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
- 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
- // order
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
- 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73,
-};
-
-static const uint8_t kP521Params[6 * 66] = {
- // p = 2^521 - 1
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- // a
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
- // b
- 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
- 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
- 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
- 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
- 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
- 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
- // x
- 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
- 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
- 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
- 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
- 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
- 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
- // y
- 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
- 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
- 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
- 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
- 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
- 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
- // order
- 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
- 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
- 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
- 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09,
-};
-
-DEFINE_METHOD_FUNCTION(struct built_in_curves, OPENSSL_built_in_curves) {
- // 1.3.132.0.35
- static const uint8_t kOIDP521[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
- out->curves[0].nid = NID_secp521r1;
- out->curves[0].oid = kOIDP521;
- out->curves[0].oid_len = sizeof(kOIDP521);
- out->curves[0].comment = "NIST P-521";
- out->curves[0].param_len = 66;
- out->curves[0].params = kP521Params;
- out->curves[0].method = EC_GFp_mont_method();
- // 1.3.132.0.34
- static const uint8_t kOIDP384[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
- out->curves[1].nid = NID_secp384r1;
- out->curves[1].oid = kOIDP384;
- out->curves[1].oid_len = sizeof(kOIDP384);
- out->curves[1].comment = "NIST P-384";
- out->curves[1].param_len = 48;
- out->curves[1].params = kP384Params;
- out->curves[1].method = EC_GFp_mont_method();
+static void ec_point_free(EC_POINT *point, int free_group);
- // 1.2.840.10045.3.1.7
- static const uint8_t kOIDP256[] = {0x2a, 0x86, 0x48, 0xce,
- 0x3d, 0x03, 0x01, 0x07};
- out->curves[2].nid = NID_X9_62_prime256v1;
- out->curves[2].oid = kOIDP256;
- out->curves[2].oid_len = sizeof(kOIDP256);
- out->curves[2].comment = "NIST P-256";
- out->curves[2].param_len = 32;
- out->curves[2].params = kP256Params;
- out->curves[2].method =
-#if !defined(OPENSSL_NO_ASM) && \
- (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
- !defined(OPENSSL_SMALL)
- EC_GFp_nistz256_method();
+static void ec_group_init_static_mont(BN_MONT_CTX *mont, size_t num_words,
+ const BN_ULONG *modulus,
+ const BN_ULONG *rr, uint64_t n0) {
+ bn_set_static_words(&mont->N, modulus, num_words);
+ bn_set_static_words(&mont->RR, rr, num_words);
+#if defined(OPENSSL_64_BIT)
+ mont->n0[0] = n0;
+#elif defined(OPENSSL_32_BIT)
+ mont->n0[0] = (uint32_t)n0;
+ mont->n0[1] = (uint32_t)(n0 >> 32);
#else
- EC_GFp_nistp256_method();
+#error "unknown word length"
#endif
+}
+static void ec_group_set_a_minus3(EC_GROUP *group) {
+ const EC_FELEM *one = ec_felem_one(group);
+ group->a_is_minus3 = 1;
+ ec_felem_neg(group, &group->a, one);
+ ec_felem_sub(group, &group->a, &group->a, one);
+ ec_felem_sub(group, &group->a, &group->a, one);
+}
+
+DEFINE_METHOD_FUNCTION(EC_GROUP, EC_group_p224) {
+ out->curve_name = NID_secp224r1;
+ out->comment = "NIST P-224";
// 1.3.132.0.33
static const uint8_t kOIDP224[] = {0x2b, 0x81, 0x04, 0x00, 0x21};
- out->curves[3].nid = NID_secp224r1;
- out->curves[3].oid = kOIDP224;
- out->curves[3].oid_len = sizeof(kOIDP224);
- out->curves[3].comment = "NIST P-224";
- out->curves[3].param_len = 28;
- out->curves[3].params = kP224Params;
- out->curves[3].method =
+ OPENSSL_memcpy(out->oid, kOIDP224, sizeof(kOIDP224));
+ out->oid_len = sizeof(kOIDP224);
+
+ ec_group_init_static_mont(&out->field, OPENSSL_ARRAY_SIZE(kP224Field),
+ kP224Field, kP224FieldRR, kP224FieldN0);
+ ec_group_init_static_mont(&out->order, OPENSSL_ARRAY_SIZE(kP224Order),
+ kP224Order, kP224OrderRR, kP224OrderN0);
+
#if defined(BORINGSSL_HAS_UINT128) && !defined(OPENSSL_SMALL)
- EC_GFp_nistp224_method();
+ out->meth = EC_GFp_nistp224_method();
+ OPENSSL_memcpy(out->generator.raw.X.words, kP224GX, sizeof(kP224GX));
+ OPENSSL_memcpy(out->generator.raw.Y.words, kP224GY, sizeof(kP224GY));
+ out->generator.raw.Z.words[0] = 1;
+ OPENSSL_memcpy(out->b.words, kP224B, sizeof(kP224B));
#else
- EC_GFp_mont_method();
+ out->meth = EC_GFp_mont_method();
+ OPENSSL_memcpy(out->generator.raw.X.words, kP224MontGX, sizeof(kP224MontGX));
+ OPENSSL_memcpy(out->generator.raw.Y.words, kP224MontGY, sizeof(kP224MontGY));
+ OPENSSL_memcpy(out->generator.raw.Z.words, kP224FieldR, sizeof(kP224FieldR));
+ OPENSSL_memcpy(out->b.words, kP224MontB, sizeof(kP224MontB));
#endif
-}
-
-EC_GROUP *ec_group_new(const EC_METHOD *meth) {
- EC_GROUP *ret;
-
- if (meth == NULL) {
- OPENSSL_PUT_ERROR(EC, EC_R_SLOT_FULL);
- return NULL;
- }
+ out->generator.group = out;
- if (meth->group_init == 0) {
- OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return NULL;
- }
-
- ret = OPENSSL_malloc(sizeof(EC_GROUP));
- if (ret == NULL) {
- return NULL;
- }
- OPENSSL_memset(ret, 0, sizeof(EC_GROUP));
-
- ret->references = 1;
- ret->meth = meth;
- BN_init(&ret->order);
-
- if (!meth->group_init(ret)) {
- OPENSSL_free(ret);
- return NULL;
- }
-
- return ret;
+ ec_group_set_a_minus3(out);
+ out->has_order = 1;
+ out->field_greater_than_order = 1;
}
-static int ec_group_set_generator(EC_GROUP *group, const EC_AFFINE *generator,
- const BIGNUM *order) {
- assert(group->generator == NULL);
-
- if (!BN_copy(&group->order, order)) {
- return 0;
- }
- // Store the order in minimal form, so it can be used with |BN_ULONG| arrays.
- bn_set_minimal_width(&group->order);
+DEFINE_METHOD_FUNCTION(EC_GROUP, EC_group_p256) {
+ out->curve_name = NID_X9_62_prime256v1;
+ out->comment = "NIST P-256";
+ // 1.2.840.10045.3.1.7
+ static const uint8_t kOIDP256[] = {0x2a, 0x86, 0x48, 0xce,
+ 0x3d, 0x03, 0x01, 0x07};
+ OPENSSL_memcpy(out->oid, kOIDP256, sizeof(kOIDP256));
+ out->oid_len = sizeof(kOIDP256);
- BN_MONT_CTX_free(group->order_mont);
- group->order_mont = BN_MONT_CTX_new_for_modulus(&group->order, NULL);
- if (group->order_mont == NULL) {
- return 0;
- }
+ ec_group_init_static_mont(&out->field, OPENSSL_ARRAY_SIZE(kP256Field),
+ kP256Field, kP256FieldRR, kP256FieldN0);
+ ec_group_init_static_mont(&out->order, OPENSSL_ARRAY_SIZE(kP256Order),
+ kP256Order, kP256OrderRR, kP256OrderN0);
- group->field_greater_than_order = BN_cmp(&group->field, order) > 0;
- if (group->field_greater_than_order) {
- BIGNUM tmp;
- BN_init(&tmp);
- int ok =
- BN_sub(&tmp, &group->field, order) &&
- bn_copy_words(group->field_minus_order.words, group->field.width, &tmp);
- BN_free(&tmp);
- if (!ok) {
- return 0;
- }
- }
-
- group->generator = EC_POINT_new(group);
- if (group->generator == NULL) {
- return 0;
- }
- ec_affine_to_jacobian(group, &group->generator->raw, generator);
- assert(ec_felem_equal(group, &group->one, &group->generator->raw.Z));
+#if !defined(OPENSSL_NO_ASM) && \
+ (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
+ !defined(OPENSSL_SMALL)
+ out->meth = EC_GFp_nistz256_method();
+#else
+ out->meth = EC_GFp_nistp256_method();
+#endif
+ out->generator.group = out;
+ OPENSSL_memcpy(out->generator.raw.X.words, kP256MontGX, sizeof(kP256MontGX));
+ OPENSSL_memcpy(out->generator.raw.Y.words, kP256MontGY, sizeof(kP256MontGY));
+ OPENSSL_memcpy(out->generator.raw.Z.words, kP256FieldR, sizeof(kP256FieldR));
+ OPENSSL_memcpy(out->b.words, kP256MontB, sizeof(kP256MontB));
+
+ ec_group_set_a_minus3(out);
+ out->has_order = 1;
+ out->field_greater_than_order = 1;
+}
- // Avoid a reference cycle. |group->generator| does not maintain an owning
- // pointer to |group|.
- int is_zero = CRYPTO_refcount_dec_and_test_zero(&group->references);
+DEFINE_METHOD_FUNCTION(EC_GROUP, EC_group_p384) {
+ out->curve_name = NID_secp384r1;
+ out->comment = "NIST P-384";
+ // 1.3.132.0.34
+ static const uint8_t kOIDP384[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
+ OPENSSL_memcpy(out->oid, kOIDP384, sizeof(kOIDP384));
+ out->oid_len = sizeof(kOIDP384);
+
+ ec_group_init_static_mont(&out->field, OPENSSL_ARRAY_SIZE(kP384Field),
+ kP384Field, kP384FieldRR, kP384FieldN0);
+ ec_group_init_static_mont(&out->order, OPENSSL_ARRAY_SIZE(kP384Order),
+ kP384Order, kP384OrderRR, kP384OrderN0);
+
+ out->meth = EC_GFp_mont_method();
+ out->generator.group = out;
+ OPENSSL_memcpy(out->generator.raw.X.words, kP384MontGX, sizeof(kP384MontGX));
+ OPENSSL_memcpy(out->generator.raw.Y.words, kP384MontGY, sizeof(kP384MontGY));
+ OPENSSL_memcpy(out->generator.raw.Z.words, kP384FieldR, sizeof(kP384FieldR));
+ OPENSSL_memcpy(out->b.words, kP384MontB, sizeof(kP384MontB));
+
+ ec_group_set_a_minus3(out);
+ out->has_order = 1;
+ out->field_greater_than_order = 1;
+}
- assert(!is_zero);
- (void)is_zero;
- return 1;
+DEFINE_METHOD_FUNCTION(EC_GROUP, EC_group_p521) {
+ out->curve_name = NID_secp521r1;
+ out->comment = "NIST P-521";
+ // 1.3.132.0.35
+ static const uint8_t kOIDP521[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
+ OPENSSL_memcpy(out->oid, kOIDP521, sizeof(kOIDP521));
+ out->oid_len = sizeof(kOIDP521);
+
+ ec_group_init_static_mont(&out->field, OPENSSL_ARRAY_SIZE(kP521Field),
+ kP521Field, kP521FieldRR, kP521FieldN0);
+ ec_group_init_static_mont(&out->order, OPENSSL_ARRAY_SIZE(kP521Order),
+ kP521Order, kP521OrderRR, kP521OrderN0);
+
+ out->meth = EC_GFp_mont_method();
+ out->generator.group = out;
+ OPENSSL_memcpy(out->generator.raw.X.words, kP521MontGX, sizeof(kP521MontGX));
+ OPENSSL_memcpy(out->generator.raw.Y.words, kP521MontGY, sizeof(kP521MontGY));
+ OPENSSL_memcpy(out->generator.raw.Z.words, kP521FieldR, sizeof(kP521FieldR));
+ OPENSSL_memcpy(out->b.words, kP521MontB, sizeof(kP521MontB));
+
+ ec_group_set_a_minus3(out);
+ out->has_order = 1;
+ out->field_greater_than_order = 1;
}
EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
@@ -373,9 +250,16 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
goto err;
}
- ret = ec_group_new(EC_GFp_mont_method());
- if (ret == NULL ||
- !ret->meth->group_set_curve(ret, p, a_reduced, b_reduced, ctx)) {
+ ret = OPENSSL_zalloc(sizeof(EC_GROUP));
+ if (ret == NULL) {
+ return NULL;
+ }
+ ret->references = 1;
+ ret->meth = EC_GFp_mont_method();
+ bn_mont_ctx_init(&ret->field);
+ bn_mont_ctx_init(&ret->order);
+ ret->generator.group = ret;
+ if (!ec_GFp_simple_group_set_curve(ret, p, a_reduced, b_reduced, ctx)) {
EC_GROUP_free(ret);
ret = NULL;
goto err;
@@ -389,7 +273,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
const BIGNUM *order, const BIGNUM *cofactor) {
- if (group->curve_name != NID_undef || group->generator != NULL ||
+ if (group->curve_name != NID_undef || group->has_order ||
generator->group != group) {
// |EC_GROUP_set_generator| may only be used with |EC_GROUP|s returned by
// |EC_GROUP_new_curve_GFp| and may only used once on each group.
@@ -421,17 +305,22 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
!BN_lshift1(tmp, order)) {
goto err;
}
- if (BN_cmp(tmp, &group->field) <= 0) {
+ if (BN_cmp(tmp, &group->field.N) <= 0) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
goto err;
}
EC_AFFINE affine;
if (!ec_jacobian_to_affine(group, &affine, &generator->raw) ||
- !ec_group_set_generator(group, &affine, order)) {
+ !BN_MONT_CTX_set(&group->order, order, NULL)) {
goto err;
}
+ group->field_greater_than_order = BN_cmp(&group->field.N, order) > 0;
+ group->generator.raw.X = affine.X;
+ group->generator.raw.Y = affine.Y;
+ // |raw.Z| was set to 1 by |EC_GROUP_new_curve_GFp|.
+ group->has_order = 1;
ret = 1;
err:
@@ -439,114 +328,20 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
return ret;
}
-static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) {
- EC_GROUP *group = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL;
- int ok = 0;
-
- BN_CTX *ctx = BN_CTX_new();
- if (ctx == NULL) {
- goto err;
- }
-
- const unsigned param_len = curve->param_len;
- const uint8_t *params = curve->params;
-
- if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) ||
- !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) ||
- !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) ||
- !(order = BN_bin2bn(params + 5 * param_len, param_len, NULL))) {
- OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
- goto err;
- }
-
- group = ec_group_new(curve->method);
- if (group == NULL ||
- !group->meth->group_set_curve(group, p, a, b, ctx)) {
- OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
- goto err;
- }
-
- EC_AFFINE G;
- EC_FELEM x, y;
- if (!ec_felem_from_bytes(group, &x, params + 3 * param_len, param_len) ||
- !ec_felem_from_bytes(group, &y, params + 4 * param_len, param_len) ||
- !ec_point_set_affine_coordinates(group, &G, &x, &y)) {
- goto err;
- }
-
- if (!ec_group_set_generator(group, &G, order)) {
- goto err;
- }
-
- ok = 1;
-
-err:
- if (!ok) {
- EC_GROUP_free(group);
- group = NULL;
- }
- BN_CTX_free(ctx);
- BN_free(p);
- BN_free(a);
- BN_free(b);
- BN_free(order);
- return group;
-}
-
-// Built-in groups are allocated lazily and static once allocated.
-// TODO(davidben): Make these actually static. https://crbug.com/boringssl/20.
-struct built_in_groups_st {
- EC_GROUP *groups[OPENSSL_NUM_BUILT_IN_CURVES];
-};
-DEFINE_BSS_GET(struct built_in_groups_st, built_in_groups)
-DEFINE_STATIC_MUTEX(built_in_groups_lock)
-
EC_GROUP *EC_GROUP_new_by_curve_name(int nid) {
- struct built_in_groups_st *groups = built_in_groups_bss_get();
- EC_GROUP **group_ptr = NULL;
- const struct built_in_curves *const curves = OPENSSL_built_in_curves();
- const struct built_in_curve *curve = NULL;
- for (size_t i = 0; i < OPENSSL_NUM_BUILT_IN_CURVES; i++) {
- if (curves->curves[i].nid == nid) {
- curve = &curves->curves[i];
- group_ptr = &groups->groups[i];
- break;
- }
- }
-
- if (curve == NULL) {
- OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
- return NULL;
- }
-
- CRYPTO_STATIC_MUTEX_lock_read(built_in_groups_lock_bss_get());
- EC_GROUP *ret = *group_ptr;
- CRYPTO_STATIC_MUTEX_unlock_read(built_in_groups_lock_bss_get());
- if (ret != NULL) {
- return ret;
- }
-
- ret = ec_group_new_from_data(curve);
- if (ret == NULL) {
- return NULL;
- }
-
- EC_GROUP *to_free = NULL;
- CRYPTO_STATIC_MUTEX_lock_write(built_in_groups_lock_bss_get());
- if (*group_ptr == NULL) {
- *group_ptr = ret;
- // Filling in |ret->curve_name| makes |EC_GROUP_free| and |EC_GROUP_dup|
- // into no-ops. At this point, |ret| is considered static.
- ret->curve_name = nid;
- } else {
- to_free = ret;
- ret = *group_ptr;
+ switch (nid) {
+ case NID_secp224r1:
+ return (EC_GROUP *)EC_group_p224();
+ case NID_X9_62_prime256v1:
+ return (EC_GROUP *)EC_group_p256();
+ case NID_secp384r1:
+ return (EC_GROUP *)EC_group_p384();
+ case NID_secp521r1:
+ return (EC_GROUP *)EC_group_p521();
+ default:
+ OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP);
+ return NULL;
}
- CRYPTO_STATIC_MUTEX_unlock_write(built_in_groups_lock_bss_get());
-
- EC_GROUP_free(to_free);
- return ret;
}
void EC_GROUP_free(EC_GROUP *group) {
@@ -557,14 +352,8 @@ void EC_GROUP_free(EC_GROUP *group) {
return;
}
- if (group->meth->group_finish != NULL) {
- group->meth->group_finish(group);
- }
-
- ec_point_free(group->generator, 0 /* don't free group */);
- BN_free(&group->order);
- BN_MONT_CTX_free(group->order_mont);
-
+ bn_mont_ctx_cleanup(&group->order);
+ bn_mont_ctx_cleanup(&group->field);
OPENSSL_free(group);
}
@@ -599,23 +388,22 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
// structure. If |a| or |b| is incomplete (due to legacy OpenSSL mistakes,
// custom curve construction is sadly done in two parts) but otherwise not the
// same object, we consider them always unequal.
- return a->meth != b->meth ||
- a->generator == NULL ||
- b->generator == NULL ||
- BN_cmp(&a->order, &b->order) != 0 ||
- BN_cmp(&a->field, &b->field) != 0 ||
- !ec_felem_equal(a, &a->a, &b->a) ||
+ return a->meth != b->meth || //
+ !a->has_order || !b->has_order ||
+ BN_cmp(&a->order.N, &b->order.N) != 0 ||
+ BN_cmp(&a->field.N, &b->field.N) != 0 ||
+ !ec_felem_equal(a, &a->a, &b->a) || //
!ec_felem_equal(a, &a->b, &b->b) ||
- !ec_GFp_simple_points_equal(a, &a->generator->raw, &b->generator->raw);
+ !ec_GFp_simple_points_equal(a, &a->generator.raw, &b->generator.raw);
}
const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
- return group->generator;
+ return group->has_order ? &group->generator : NULL;
}
const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group) {
- assert(!BN_is_zero(&group->order));
- return &group->order;
+ assert(group->has_order);
+ return &group->order.N;
}
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
@@ -626,7 +414,7 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) {
}
int EC_GROUP_order_bits(const EC_GROUP *group) {
- return BN_num_bits(&group->order);
+ return BN_num_bits(&group->order.N);
}
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
@@ -643,7 +431,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, BIGNUM *out_a,
int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; }
unsigned EC_GROUP_get_degree(const EC_GROUP *group) {
- return BN_num_bits(&group->field);
+ return BN_num_bits(&group->field.N);
}
const char *EC_curve_nid2nist(int nid) {
@@ -805,7 +593,7 @@ void ec_affine_to_jacobian(const EC_GROUP *group, EC_JACOBIAN *out,
const EC_AFFINE *p) {
out->X = p->X;
out->Y = p->Y;
- out->Z = group->one;
+ out->Z = *ec_felem_one(group);
}
int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
@@ -842,10 +630,9 @@ int ec_point_set_affine_coordinates(const EC_GROUP *group, EC_AFFINE *out,
// return value by setting a known safe value. Note this may not be possible
// if the caller is in the process of constructing an arbitrary group and
// the generator is missing.
- if (group->generator != NULL) {
- assert(ec_felem_equal(group, &group->one, &group->generator->raw.Z));
- out->X = group->generator->raw.X;
- out->Y = group->generator->raw.Y;
+ if (group->has_order) {
+ out->X = group->generator.raw.X;
+ out->Y = group->generator.raw.Y;
}
return 0;
}
@@ -931,11 +718,10 @@ static int arbitrary_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
ERR_clear_error();
// This is an unusual input, so we do not guarantee constant-time processing.
- const BIGNUM *order = &group->order;
BN_CTX_start(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
int ok = tmp != NULL &&
- BN_nnmod(tmp, in, order, ctx) &&
+ BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) &&
ec_bignum_to_scalar(group, out, tmp);
BN_CTX_end(ctx);
return ok;
@@ -1193,7 +979,7 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
//
// Additionally, one can manually check this property for built-in curves. It
// is enforced for legacy custom curves in |EC_GROUP_set_generator|.
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = EC_GROUP_get0_order(group);
BN_ULONG words[EC_MAX_WORDS + 1] = {0};
bn_big_endian_to_words(words, order->width + 1, bytes, len);
bn_reduce_once(out->words, words, /*carry=*/words[order->width], order->d,
@@ -1204,7 +990,7 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
size_t *out_len, size_t max_out,
const EC_JACOBIAN *p) {
- size_t len = BN_num_bytes(&group->field);
+ size_t len = BN_num_bytes(&group->field.N);
assert(len <= EC_MAX_BYTES);
if (max_out < len) {
OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
@@ -1222,8 +1008,8 @@ int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
}
void ec_set_to_safe_point(const EC_GROUP *group, EC_JACOBIAN *out) {
- if (group->generator != NULL) {
- ec_GFp_simple_point_copy(out, &group->generator->raw);
+ if (group->has_order) {
+ ec_GFp_simple_point_copy(out, &group->generator.raw);
} else {
// The generator can be missing if the caller is in the process of
// constructing an arbitrary group. In this case, we give up and use the
@@ -1255,16 +1041,3 @@ void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
abort();
}
}
-
-size_t EC_get_builtin_curves(EC_builtin_curve *out_curves,
- size_t max_num_curves) {
- const struct built_in_curves *const curves = OPENSSL_built_in_curves();
-
- for (size_t i = 0; i < max_num_curves && i < OPENSSL_NUM_BUILT_IN_CURVES;
- i++) {
- out_curves[i].comment = curves->curves[i].comment;
- out_curves[i].nid = curves->curves[i].nid;
- }
-
- return OPENSSL_NUM_BUILT_IN_CURVES;
-}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_key.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_key.c
index 59f26187..62a0d2d9 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_key.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_key.c
@@ -86,15 +86,14 @@
DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class)
static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
- EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR));
+ EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR));
if (wrapped == NULL) {
return NULL;
}
- OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR));
wrapped->bignum.d = wrapped->scalar.words;
- wrapped->bignum.width = group->order.width;
- wrapped->bignum.dmax = group->order.width;
+ wrapped->bignum.width = group->order.N.width;
+ wrapped->bignum.dmax = group->order.N.width;
wrapped->bignum.flags = BN_FLG_STATIC_DATA;
return wrapped;
}
@@ -106,13 +105,11 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) {
EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
- EC_KEY *ret = OPENSSL_malloc(sizeof(EC_KEY));
+ EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY));
if (ret == NULL) {
return NULL;
}
- OPENSSL_memset(ret, 0, sizeof(EC_KEY));
-
if (engine) {
ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);
}
@@ -166,12 +163,12 @@ void EC_KEY_free(EC_KEY *r) {
METHOD_unref(r->ecdsa_meth);
}
+ CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
+
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
ec_wrapped_scalar_free(r->priv_key);
- CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
-
OPENSSL_free(r);
}
@@ -317,8 +314,10 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
return 0;
}
- if (!ec_GFp_simple_points_equal(eckey->group, &point,
- &eckey->pub_key->raw)) {
+ // Leaking this comparison only leaks whether |eckey|'s public key was
+ // correct.
+ if (!constant_time_declassify_int(ec_GFp_simple_points_equal(
+ eckey->group, &point, &eckey->pub_key->raw))) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY);
return 0;
}
@@ -485,7 +484,7 @@ int EC_KEY_generate_key(EC_KEY *key) {
}
// Check that the group order is FIPS compliant (FIPS 186-4 B.4.2).
- if (BN_num_bits(EC_GROUP_get0_order(key->group)) < 160) {
+ if (EC_GROUP_order_bits(key->group) < 160) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
return 0;
}
@@ -503,6 +502,14 @@ int EC_KEY_generate_key(EC_KEY *key) {
return 0;
}
+ // The public key is derived from the private key, but it is public.
+ //
+ // TODO(crbug.com/boringssl/677): This isn't quite right. While |pub_key|
+ // represents a public point, it is still in Jacobian form and the exact
+ // Jacobian representation is secret. We need to make it affine first. See
+ // discussion in the bug.
+ CONSTTIME_DECLASSIFY(&pub_key->raw, sizeof(pub_key->raw));
+
ec_wrapped_scalar_free(key->priv_key);
key->priv_key = priv_key;
EC_POINT_free(key->pub_key);
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c
index e285bd40..44b831a6 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/ec_montgomery.c
@@ -76,67 +76,35 @@
#include "internal.h"
-int ec_GFp_mont_group_init(EC_GROUP *group) {
- int ok;
-
- ok = ec_GFp_simple_group_init(group);
- group->mont = NULL;
- return ok;
-}
-
-void ec_GFp_mont_group_finish(EC_GROUP *group) {
- BN_MONT_CTX_free(group->mont);
- group->mont = NULL;
- ec_GFp_simple_group_finish(group);
-}
-
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) {
- BN_MONT_CTX_free(group->mont);
- group->mont = BN_MONT_CTX_new_for_modulus(p, ctx);
- if (group->mont == NULL) {
- OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB);
- return 0;
- }
-
- if (!ec_GFp_simple_group_set_curve(group, p, a, b, ctx)) {
- BN_MONT_CTX_free(group->mont);
- group->mont = NULL;
- return 0;
- }
-
- return 1;
-}
-
static void ec_GFp_mont_felem_to_montgomery(const EC_GROUP *group,
EC_FELEM *out, const EC_FELEM *in) {
- bn_to_montgomery_small(out->words, in->words, group->field.width,
- group->mont);
+ bn_to_montgomery_small(out->words, in->words, group->field.N.width,
+ &group->field);
}
static void ec_GFp_mont_felem_from_montgomery(const EC_GROUP *group,
EC_FELEM *out,
const EC_FELEM *in) {
- bn_from_montgomery_small(out->words, group->field.width, in->words,
- group->field.width, group->mont);
+ bn_from_montgomery_small(out->words, group->field.N.width, in->words,
+ group->field.N.width, &group->field);
}
static void ec_GFp_mont_felem_inv0(const EC_GROUP *group, EC_FELEM *out,
const EC_FELEM *a) {
- bn_mod_inverse0_prime_mont_small(out->words, a->words, group->field.width,
- group->mont);
+ bn_mod_inverse0_prime_mont_small(out->words, a->words, group->field.N.width,
+ &group->field);
}
void ec_GFp_mont_felem_mul(const EC_GROUP *group, EC_FELEM *r,
const EC_FELEM *a, const EC_FELEM *b) {
- bn_mod_mul_montgomery_small(r->words, a->words, b->words, group->field.width,
- group->mont);
+ bn_mod_mul_montgomery_small(r->words, a->words, b->words,
+ group->field.N.width, &group->field);
}
void ec_GFp_mont_felem_sqr(const EC_GROUP *group, EC_FELEM *r,
const EC_FELEM *a) {
- bn_mod_mul_montgomery_small(r->words, a->words, a->words, group->field.width,
- group->mont);
+ bn_mod_mul_montgomery_small(r->words, a->words, a->words,
+ group->field.N.width, &group->field);
}
void ec_GFp_mont_felem_to_bytes(const EC_GROUP *group, uint8_t *out,
@@ -159,8 +127,8 @@ int ec_GFp_mont_felem_from_bytes(const EC_GROUP *group, EC_FELEM *out,
void ec_GFp_mont_felem_reduce(const EC_GROUP *group, EC_FELEM *out,
const BN_ULONG *words, size_t num) {
// Convert "from" Montgomery form so the value is reduced mod p.
- bn_from_montgomery_small(out->words, group->field.width, words, num,
- group->mont);
+ bn_from_montgomery_small(out->words, group->field.N.width, words, num,
+ &group->field);
// Convert "to" Montgomery form to remove the R^-1 factor added.
ec_GFp_mont_felem_to_montgomery(group, out, out);
// Convert to Montgomery form to match this implementation's representation.
@@ -170,8 +138,8 @@ void ec_GFp_mont_felem_reduce(const EC_GROUP *group, EC_FELEM *out,
void ec_GFp_mont_felem_exp(const EC_GROUP *group, EC_FELEM *out,
const EC_FELEM *a, const BN_ULONG *exp,
size_t num_exp) {
- bn_mod_exp_mont_small(out->words, a->words, group->field.width, exp, num_exp,
- group->mont);
+ bn_mod_exp_mont_small(out->words, a->words, group->field.N.width, exp,
+ num_exp, &group->field);
}
static int ec_GFp_mont_point_get_affine_coordinates(const EC_GROUP *group,
@@ -457,7 +425,7 @@ static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
const EC_JACOBIAN *p,
const EC_SCALAR *r) {
if (!group->field_greater_than_order ||
- group->field.width != group->order.width) {
+ group->field.N.width != group->order.N.width) {
// Do not bother optimizing this case. p > order in all commonly-used
// curves.
return ec_GFp_simple_cmp_x_coordinate(group, p, r);
@@ -473,7 +441,7 @@ static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
EC_FELEM r_Z2, Z2_mont, X;
ec_GFp_mont_felem_mul(group, &Z2_mont, &p->Z, &p->Z);
// r < order < p, so this is valid.
- OPENSSL_memcpy(r_Z2.words, r->words, group->field.width * sizeof(BN_ULONG));
+ OPENSSL_memcpy(r_Z2.words, r->words, group->field.N.width * sizeof(BN_ULONG));
ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
ec_GFp_mont_felem_from_montgomery(group, &X, &p->X);
@@ -485,10 +453,11 @@ static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
// Therefore there is a small possibility, less than 1/2^128, that group_order
// < p.x < P. in that case we need not only to compare against |r| but also to
// compare against r+group_order.
- if (bn_less_than_words(r->words, group->field_minus_order.words,
- group->field.width)) {
- // We can ignore the carry because: r + group_order < p < 2^256.
- bn_add_words(r_Z2.words, r->words, group->order.d, group->field.width);
+ BN_ULONG carry = bn_add_words(r_Z2.words, r->words, group->order.N.d,
+ group->field.N.width);
+ if (carry == 0 &&
+ bn_less_than_words(r_Z2.words, group->field.N.d, group->field.N.width)) {
+ // r + group_order < p, so compare (r + group_order) * Z^2 against X.
ec_GFp_mont_felem_mul(group, &r_Z2, &r_Z2, &Z2_mont);
if (ec_felem_equal(group, &r_Z2, &X)) {
return 1;
@@ -499,9 +468,6 @@ static int ec_GFp_mont_cmp_x_coordinate(const EC_GROUP *group,
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_mont_method) {
- out->group_init = ec_GFp_mont_group_init;
- out->group_finish = ec_GFp_mont_group_finish;
- out->group_set_curve = ec_GFp_mont_group_set_curve;
out->point_get_affine_coordinates = ec_GFp_mont_point_get_affine_coordinates;
out->jacobian_to_affine_batch = ec_GFp_mont_jacobian_to_affine_batch;
out->add = ec_GFp_mont_add;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/felem.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/felem.c
index 1b01d3db..652e258d 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/felem.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/felem.c
@@ -23,12 +23,16 @@
#include "../../internal.h"
+const EC_FELEM *ec_felem_one(const EC_GROUP *group) {
+ // We reuse generator.Z as a cache for 1 in the field.
+ return &group->generator.raw.Z;
+}
+
int ec_bignum_to_felem(const EC_GROUP *group, EC_FELEM *out, const BIGNUM *in) {
uint8_t bytes[EC_MAX_BYTES];
- size_t len = BN_num_bytes(&group->field);
+ size_t len = BN_num_bytes(&group->field.N);
assert(sizeof(bytes) >= len);
- if (BN_is_negative(in) ||
- BN_cmp(in, &group->field) >= 0 ||
+ if (BN_is_negative(in) || BN_cmp(in, &group->field.N) >= 0 ||
!BN_bn2bin_padded(bytes, len, in)) {
OPENSSL_PUT_ERROR(EC, EC_R_COORDINATES_OUT_OF_RANGE);
return 0;
@@ -57,11 +61,11 @@ int ec_felem_from_bytes(const EC_GROUP *group, EC_FELEM *out, const uint8_t *in,
void ec_felem_neg(const EC_GROUP *group, EC_FELEM *out, const EC_FELEM *a) {
// -a is zero if a is zero and p-a otherwise.
BN_ULONG mask = ec_felem_non_zero_mask(group, a);
- BN_ULONG borrow =
- bn_sub_words(out->words, group->field.d, a->words, group->field.width);
+ BN_ULONG borrow = bn_sub_words(out->words, group->field.N.d, a->words,
+ group->field.N.width);
assert(borrow == 0);
(void)borrow;
- for (int i = 0; i < group->field.width; i++) {
+ for (int i = 0; i < group->field.N.width; i++) {
out->words[i] &= mask;
}
}
@@ -69,20 +73,20 @@ void ec_felem_neg(const EC_GROUP *group, EC_FELEM *out, const EC_FELEM *a) {
void ec_felem_add(const EC_GROUP *group, EC_FELEM *out, const EC_FELEM *a,
const EC_FELEM *b) {
EC_FELEM tmp;
- bn_mod_add_words(out->words, a->words, b->words, group->field.d, tmp.words,
- group->field.width);
+ bn_mod_add_words(out->words, a->words, b->words, group->field.N.d, tmp.words,
+ group->field.N.width);
}
void ec_felem_sub(const EC_GROUP *group, EC_FELEM *out, const EC_FELEM *a,
const EC_FELEM *b) {
EC_FELEM tmp;
- bn_mod_sub_words(out->words, a->words, b->words, group->field.d, tmp.words,
- group->field.width);
+ bn_mod_sub_words(out->words, a->words, b->words, group->field.N.d, tmp.words,
+ group->field.N.width);
}
BN_ULONG ec_felem_non_zero_mask(const EC_GROUP *group, const EC_FELEM *a) {
BN_ULONG mask = 0;
- for (int i = 0; i < group->field.width; i++) {
+ for (int i = 0; i < group->field.N.width; i++) {
mask |= a->words[i];
}
return ~constant_time_is_zero_w(mask);
@@ -90,11 +94,11 @@ BN_ULONG ec_felem_non_zero_mask(const EC_GROUP *group, const EC_FELEM *a) {
void ec_felem_select(const EC_GROUP *group, EC_FELEM *out, BN_ULONG mask,
const EC_FELEM *a, const EC_FELEM *b) {
- bn_select_words(out->words, mask, a->words, b->words, group->field.width);
+ bn_select_words(out->words, mask, a->words, b->words, group->field.N.width);
}
int ec_felem_equal(const EC_GROUP *group, const EC_FELEM *a,
const EC_FELEM *b) {
return CRYPTO_memcmp(a->words, b->words,
- group->field.width * sizeof(BN_ULONG)) == 0;
+ group->field.N.width * sizeof(BN_ULONG)) == 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/internal.h b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/internal.h
index 3bdb9cfb..3a88a753 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/internal.h
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/internal.h
@@ -197,6 +197,9 @@ typedef struct {
BN_ULONG words[EC_MAX_WORDS];
} EC_FELEM;
+// ec_felem_one returns one in |group|'s field.
+const EC_FELEM *ec_felem_one(const EC_GROUP *group);
+
// ec_bignum_to_felem converts |in| to an |EC_FELEM|. It returns one on success
// and zero if |in| is out of range.
int ec_bignum_to_felem(const EC_GROUP *group, EC_FELEM *out, const BIGNUM *in);
@@ -421,7 +424,7 @@ void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
// ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
// order, with |r|. It returns one if the values match and zero if |p| is the
-// point at infinity of the values do not match.
+// point at infinity of the values do not match. |p| is treated as public.
int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
const EC_SCALAR *r);
@@ -472,11 +475,6 @@ int ec_affine_jacobian_equal(const EC_GROUP *group, const EC_AFFINE *a,
// Implementation details.
struct ec_method_st {
- int (*group_init)(EC_GROUP *);
- void (*group_finish)(EC_GROUP *);
- int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
- const BIGNUM *b, BN_CTX *);
-
// point_get_affine_coordinates sets |*x| and |*y| to the affine coordinates
// of |p|. Either |x| or |y| may be NULL to omit it. It returns one on success
// and zero if |p| is the point at infinity. It leaks whether |p| was the
@@ -588,60 +586,54 @@ struct ec_method_st {
const EC_METHOD *EC_GFp_mont_method(void);
+struct ec_point_st {
+ // group is an owning reference to |group|, unless this is
+ // |group->generator|.
+ EC_GROUP *group;
+ // raw is the group-specific point data. Functions that take |EC_POINT|
+ // typically check consistency with |EC_GROUP| while functions that take
+ // |EC_JACOBIAN| do not. Thus accesses to this field should be externally
+ // checked for consistency.
+ EC_JACOBIAN raw;
+} /* EC_POINT */;
+
struct ec_group_st {
const EC_METHOD *meth;
// Unlike all other |EC_POINT|s, |generator| does not own |generator->group|
// to avoid a reference cycle. Additionally, Z is guaranteed to be one, so X
- // and Y are suitable for use as an |EC_AFFINE|.
- EC_POINT *generator;
- BIGNUM order;
-
- int curve_name; // optional NID for named curve
+ // and Y are suitable for use as an |EC_AFFINE|. Before |has_order| is set, Z
+ // is one, but X and Y are uninitialized.
+ EC_POINT generator;
- BN_MONT_CTX *order_mont; // data for ECDSA inverse
+ BN_MONT_CTX order;
+ BN_MONT_CTX field;
- // The following members are handled by the method functions,
- // even if they appear generic
+ EC_FELEM a, b; // Curve coefficients.
- BIGNUM field; // For curves over GF(p), this is the modulus.
+ // comment is a human-readable string describing the curve.
+ const char *comment;
- EC_FELEM a, b; // Curve coefficients.
+ int curve_name; // optional NID for named curve
+ uint8_t oid[9];
+ uint8_t oid_len;
// a_is_minus3 is one if |a| is -3 mod |field| and zero otherwise. Point
// arithmetic is optimized for -3.
int a_is_minus3;
+ // has_order is one if |generator| and |order| have been initialized.
+ int has_order;
+
// field_greater_than_order is one if |field| is greate than |order| and zero
// otherwise.
int field_greater_than_order;
- // field_minus_order, if |field_greater_than_order| is true, is |field| minus
- // |order| represented as an |EC_FELEM|. Otherwise, it is zero.
- //
- // Note: unlike |EC_FELEM|s used as intermediate values internal to the
- // |EC_METHOD|, this value is not encoded in Montgomery form.
- EC_FELEM field_minus_order;
-
CRYPTO_refcount_t references;
-
- BN_MONT_CTX *mont; // Montgomery structure.
-
- EC_FELEM one; // The value one.
} /* EC_GROUP */;
-struct ec_point_st {
- // group is an owning reference to |group|, unless this is
- // |group->generator|.
- EC_GROUP *group;
- // raw is the group-specific point data. Functions that take |EC_POINT|
- // typically check consistency with |EC_GROUP| while functions that take
- // |EC_JACOBIAN| do not. Thus accesses to this field should be externally
- // checked for consistency.
- EC_JACOBIAN raw;
-} /* EC_POINT */;
-
-EC_GROUP *ec_group_new(const EC_METHOD *meth);
+EC_GROUP *ec_group_new(const EC_METHOD *meth, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx);
void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
const EC_JACOBIAN *p, const EC_SCALAR *scalar);
@@ -680,8 +672,6 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
const EC_SCALAR *scalars, size_t num);
// method functions in simple.c
-int ec_GFp_simple_group_init(EC_GROUP *);
-void ec_GFp_simple_group_finish(EC_GROUP *);
int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
@@ -713,10 +703,6 @@ int ec_GFp_simple_felem_from_bytes(const EC_GROUP *group, EC_FELEM *out,
const uint8_t *in, size_t len);
// method functions in montgomery.c
-int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
- const BIGNUM *b, BN_CTX *);
-void ec_GFp_mont_group_finish(EC_GROUP *);
void ec_GFp_mont_felem_mul(const EC_GROUP *, EC_FELEM *r, const EC_FELEM *a,
const EC_FELEM *b);
void ec_GFp_mont_felem_sqr(const EC_GROUP *, EC_FELEM *r, const EC_FELEM *a);
@@ -762,31 +748,6 @@ struct ec_key_st {
CRYPTO_EX_DATA ex_data;
} /* EC_KEY */;
-struct built_in_curve {
- int nid;
- const uint8_t *oid;
- uint8_t oid_len;
- // comment is a human-readable string describing the curve.
- const char *comment;
- // param_len is the number of bytes needed to store a field element.
- uint8_t param_len;
- // params points to an array of 6*|param_len| bytes which hold the field
- // elements of the following (in big-endian order): prime, a, b, generator x,
- // generator y, order.
- const uint8_t *params;
- const EC_METHOD *method;
-};
-
-#define OPENSSL_NUM_BUILT_IN_CURVES 4
-
-struct built_in_curves {
- struct built_in_curve curves[OPENSSL_NUM_BUILT_IN_CURVES];
-};
-
-// OPENSSL_built_in_curves returns a pointer to static information about
-// standard curves. The array is terminated with an entry where |nid| is
-// |NID_undef|.
-const struct built_in_curves *OPENSSL_built_in_curves(void);
#if defined(__cplusplus)
} // extern C
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/oct.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/oct.c
index 5dbe910e..8b254fb8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/oct.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/oct.c
@@ -80,7 +80,7 @@ size_t ec_point_byte_len(const EC_GROUP *group, point_conversion_form_t form) {
return 0;
}
- const size_t field_len = BN_num_bytes(&group->field);
+ const size_t field_len = BN_num_bytes(&group->field.N);
size_t output_len = 1 /* type byte */ + field_len;
if (form == POINT_CONVERSION_UNCOMPRESSED) {
// Uncompressed points have a second coordinate.
@@ -100,11 +100,11 @@ size_t ec_point_to_bytes(const EC_GROUP *group, const EC_AFFINE *point,
size_t field_len;
ec_felem_to_bytes(group, buf + 1, &field_len, &point->X);
- assert(field_len == BN_num_bytes(&group->field));
+ assert(field_len == BN_num_bytes(&group->field.N));
if (form == POINT_CONVERSION_UNCOMPRESSED) {
ec_felem_to_bytes(group, buf + 1 + field_len, &field_len, &point->Y);
- assert(field_len == BN_num_bytes(&group->field));
+ assert(field_len == BN_num_bytes(&group->field.N));
buf[0] = form;
} else {
uint8_t y_buf[EC_MAX_BYTES];
@@ -117,7 +117,7 @@ size_t ec_point_to_bytes(const EC_GROUP *group, const EC_AFFINE *point,
int ec_point_from_uncompressed(const EC_GROUP *group, EC_AFFINE *out,
const uint8_t *in, size_t len) {
- const size_t field_len = BN_num_bytes(&group->field);
+ const size_t field_len = BN_num_bytes(&group->field.N);
if (len != 1 + 2 * field_len || in[0] != POINT_CONVERSION_UNCOMPRESSED) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
return 0;
@@ -155,7 +155,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
const int y_bit = form & 1;
- const size_t field_len = BN_num_bytes(&group->field);
+ const size_t field_len = BN_num_bytes(&group->field.N);
form = form & ~1u;
if (form != POINT_CONVERSION_COMPRESSED ||
len != 1 /* type byte */ + field_len) {
@@ -182,7 +182,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
if (x == NULL || !BN_bin2bn(buf + 1, field_len, x)) {
goto err;
}
- if (BN_ucmp(x, &group->field) >= 0) {
+ if (BN_ucmp(x, &group->field.N) >= 0) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
goto err;
}
@@ -260,7 +260,8 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
return 0;
}
- if (BN_is_negative(x) || BN_cmp(x, &group->field) >= 0) {
+ const BIGNUM *field = &group->field.N;
+ if (BN_is_negative(x) || BN_cmp(x, field) >= 0) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT);
return 0;
}
@@ -295,31 +296,31 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
// so y is one of the square roots of x^3 + a*x + b.
// tmp1 := x^3
- if (!BN_mod_sqr(tmp2, x, &group->field, ctx) ||
- !BN_mod_mul(tmp1, tmp2, x, &group->field, ctx)) {
+ if (!BN_mod_sqr(tmp2, x, field, ctx) ||
+ !BN_mod_mul(tmp1, tmp2, x, field, ctx)) {
goto err;
}
// tmp1 := tmp1 + a*x
if (group->a_is_minus3) {
- if (!bn_mod_lshift1_consttime(tmp2, x, &group->field, ctx) ||
- !bn_mod_add_consttime(tmp2, tmp2, x, &group->field, ctx) ||
- !bn_mod_sub_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
+ if (!bn_mod_lshift1_consttime(tmp2, x, field, ctx) ||
+ !bn_mod_add_consttime(tmp2, tmp2, x, field, ctx) ||
+ !bn_mod_sub_consttime(tmp1, tmp1, tmp2, field, ctx)) {
goto err;
}
} else {
- if (!BN_mod_mul(tmp2, a, x, &group->field, ctx) ||
- !bn_mod_add_consttime(tmp1, tmp1, tmp2, &group->field, ctx)) {
+ if (!BN_mod_mul(tmp2, a, x, field, ctx) ||
+ !bn_mod_add_consttime(tmp1, tmp1, tmp2, field, ctx)) {
goto err;
}
}
// tmp1 := tmp1 + b
- if (!bn_mod_add_consttime(tmp1, tmp1, b, &group->field, ctx)) {
+ if (!bn_mod_add_consttime(tmp1, tmp1, b, field, ctx)) {
goto err;
}
- if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
+ if (!BN_mod_sqrt(y, tmp1, field, ctx)) {
uint32_t err = ERR_peek_last_error();
if (ERR_GET_LIB(err) == ERR_LIB_BN &&
ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
@@ -336,7 +337,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSION_BIT);
goto err;
}
- if (!BN_usub(y, &group->field, y)) {
+ if (!BN_usub(y, field, y)) {
goto err;
}
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p224-64.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p224-64.c
index 416619bf..9d4aafdc 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p224-64.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p224-64.c
@@ -24,6 +24,7 @@
#include
#include
+#include
#include
#include "internal.h"
@@ -836,12 +837,12 @@ static void p224_select_point(const uint64_t idx, size_t size,
for (size_t i = 0; i < size; i++) {
const p224_limb *inlimbs = &pre_comp[i][0][0];
- uint64_t mask = i ^ idx;
- mask |= mask >> 4;
- mask |= mask >> 2;
- mask |= mask >> 1;
- mask &= 1;
- mask--;
+ static_assert(sizeof(uint64_t) <= sizeof(crypto_word_t),
+ "crypto_word_t too small");
+ static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
+ "crypto_word_t too small");
+ // Without a value barrier, Clang adds a branch here.
+ uint64_t mask = value_barrier_w(constant_time_eq_w(i, idx));
for (size_t j = 0; j < 4 * 3; j++) {
outlimbs[j] |= inlimbs[j] & mask;
}
@@ -1142,9 +1143,6 @@ static void ec_GFp_nistp224_felem_sqr(const EC_GROUP *group, EC_FELEM *r,
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
- out->group_init = ec_GFp_simple_group_init;
- out->group_finish = ec_GFp_simple_group_finish;
- out->group_set_curve = ec_GFp_simple_group_set_curve;
out->point_get_affine_coordinates =
ec_GFp_nistp224_point_get_affine_coordinates;
out->add = ec_GFp_nistp224_add;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256-nistz.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256-nistz.c
index 0dbd0f51..bd121ed5 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256-nistz.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256-nistz.c
@@ -191,7 +191,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
const EC_SCALAR *p_scalar) {
assert(p != NULL);
assert(p_scalar != NULL);
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
static const size_t kWindowSize = 5;
static const crypto_word_t kMask = (1 << (5 /* kWindowSize */ + 1)) - 1;
@@ -208,7 +208,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
// not stored. All other values are actually stored with an offset of -1 in
// table.
P256_POINT *row = table;
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
OPENSSL_memcpy(row[1 - 1].X, p->X.words, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(row[1 - 1].Y, p->Y.words, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(row[1 - 1].Z, p->Z.words, P256_LIMBS * sizeof(BN_ULONG));
@@ -305,7 +305,7 @@ static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
alignas(32) P256_POINT out;
ecp_nistz256_windowed_mul(group, &out, p, scalar);
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
OPENSSL_memcpy(r->X.words, out.X, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Y.words, out.Y, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Z.words, out.Z, P256_LIMBS * sizeof(BN_ULONG));
@@ -349,7 +349,7 @@ static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
ecp_nistz256_point_add_affine(&p, &p, &t);
}
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
OPENSSL_memcpy(r->X.words, p.X, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Y.words, p.Y, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Z.words, p.Z, P256_LIMBS * sizeof(BN_ULONG));
@@ -413,7 +413,7 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
ecp_nistz256_windowed_mul(group, &tmp, p_, p_scalar);
ecp_nistz256_point_add(&p, &p, &tmp);
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
OPENSSL_memcpy(r->X.words, p.X, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Y.words, p.Y, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Z.words, p.Z, P256_LIMBS * sizeof(BN_ULONG));
@@ -429,7 +429,7 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
}
BN_ULONG z_inv2[P256_LIMBS];
- assert(group->field.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
ecp_nistz256_mod_inverse_sqr_mont(z_inv2, point->Z.words);
if (x != NULL) {
@@ -563,8 +563,8 @@ static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
}
#endif
- assert(group->order.width == P256_LIMBS);
- if (!beeu_mod_inverse_vartime(out->words, in->words, group->order.d)) {
+ assert(group->order.N.width == P256_LIMBS);
+ if (!beeu_mod_inverse_vartime(out->words, in->words, group->order.N.d)) {
return 0;
}
@@ -580,8 +580,8 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
return 0;
}
- assert(group->order.width == P256_LIMBS);
- assert(group->field.width == P256_LIMBS);
+ assert(group->order.N.width == P256_LIMBS);
+ assert(group->field.N.width == P256_LIMBS);
// We wish to compare X/Z^2 with r. This is equivalent to comparing X with
// r*Z^2. Note that X and Z are represented in Montgomery form, while r is
@@ -599,10 +599,9 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
// Therefore there is a small possibility, less than 1/2^128, that group_order
// < p.x < P. in that case we need not only to compare against |r| but also to
// compare against r+group_order.
- if (bn_less_than_words(r->words, group->field_minus_order.words,
- P256_LIMBS)) {
- // We can ignore the carry because: r + group_order < p < 2^256.
- bn_add_words(r_Z2, r->words, group->order.d, P256_LIMBS);
+ BN_ULONG carry = bn_add_words(r_Z2, r->words, group->order.N.d, P256_LIMBS);
+ if (carry == 0 && bn_less_than_words(r_Z2, group->field.N.d, P256_LIMBS)) {
+ // r + group_order < p, so compare (r + group_order) * Z^2 against X.
ecp_nistz256_mul_mont(r_Z2, r_Z2, Z2_mont);
if (OPENSSL_memcmp(r_Z2, X, sizeof(r_Z2)) == 0) {
return 1;
@@ -613,9 +612,6 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
- out->group_init = ec_GFp_mont_group_init;
- out->group_finish = ec_GFp_mont_group_finish;
- out->group_set_curve = ec_GFp_mont_group_set_curve;
out->point_get_affine_coordinates = ecp_nistz256_get_affine;
out->add = ecp_nistz256_add;
out->dbl = ecp_nistz256_dbl;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256.c
index 6d9c6034..c929972c 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/p256.c
@@ -710,12 +710,12 @@ static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
// Therefore there is a small possibility, less than 1/2^128, that group_order
// < p.x < P. in that case we need not only to compare against |r| but also to
// compare against r+group_order.
- assert(group->field.width == group->order.width);
- if (bn_less_than_words(r->words, group->field_minus_order.words,
- group->field.width)) {
- // We can ignore the carry because: r + group_order < p < 2^256.
- EC_FELEM tmp;
- bn_add_words(tmp.words, r->words, group->order.d, group->order.width);
+ assert(group->field.N.width == group->order.N.width);
+ EC_FELEM tmp;
+ BN_ULONG carry =
+ bn_add_words(tmp.words, r->words, group->order.N.d, group->field.N.width);
+ if (carry == 0 &&
+ bn_less_than_words(tmp.words, group->field.N.d, group->field.N.width)) {
fiat_p256_from_generic(r_Z2, &tmp);
fiat_p256_mul(r_Z2, r_Z2, Z2_mont);
if (OPENSSL_memcmp(&r_Z2, &X, sizeof(r_Z2)) == 0) {
@@ -727,9 +727,6 @@ static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
- out->group_init = ec_GFp_mont_group_init;
- out->group_finish = ec_GFp_mont_group_finish;
- out->group_set_curve = ec_GFp_mont_group_set_curve;
out->point_get_affine_coordinates =
ec_GFp_nistp256_point_get_affine_coordinates;
out->add = ec_GFp_nistp256_add;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/scalar.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/scalar.c
index 71c801b8..4d0d947b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/scalar.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/scalar.c
@@ -23,8 +23,8 @@
int ec_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
const BIGNUM *in) {
- if (!bn_copy_words(out->words, group->order.width, in) ||
- !bn_less_than_words(out->words, group->order.d, group->order.width)) {
+ if (!bn_copy_words(out->words, group->order.N.width, in) ||
+ !bn_less_than_words(out->words, group->order.N.d, group->order.N.width)) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_SCALAR);
return 0;
}
@@ -34,12 +34,12 @@ int ec_bignum_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
int ec_scalar_equal_vartime(const EC_GROUP *group, const EC_SCALAR *a,
const EC_SCALAR *b) {
return OPENSSL_memcmp(a->words, b->words,
- group->order.width * sizeof(BN_ULONG)) == 0;
+ group->order.N.width * sizeof(BN_ULONG)) == 0;
}
int ec_scalar_is_zero(const EC_GROUP *group, const EC_SCALAR *a) {
BN_ULONG mask = 0;
- for (int i = 0; i < group->order.width; i++) {
+ for (int i = 0; i < group->order.N.width; i++) {
mask |= a->words[i];
}
return mask == 0;
@@ -47,27 +47,27 @@ int ec_scalar_is_zero(const EC_GROUP *group, const EC_SCALAR *a) {
int ec_random_nonzero_scalar(const EC_GROUP *group, EC_SCALAR *out,
const uint8_t additional_data[32]) {
- return bn_rand_range_words(out->words, 1, group->order.d, group->order.width,
- additional_data);
+ return bn_rand_range_words(out->words, 1, group->order.N.d,
+ group->order.N.width, additional_data);
}
void ec_scalar_to_bytes(const EC_GROUP *group, uint8_t *out, size_t *out_len,
const EC_SCALAR *in) {
- size_t len = BN_num_bytes(&group->order);
- bn_words_to_big_endian(out, len, in->words, group->order.width);
+ size_t len = BN_num_bytes(&group->order.N);
+ bn_words_to_big_endian(out, len, in->words, group->order.N.width);
*out_len = len;
}
int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
const uint8_t *in, size_t len) {
- if (len != BN_num_bytes(&group->order)) {
+ if (len != BN_num_bytes(&group->order.N)) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_SCALAR);
return 0;
}
- bn_big_endian_to_words(out->words, group->order.width, in, len);
+ bn_big_endian_to_words(out->words, group->order.N.width, in, len);
- if (!bn_less_than_words(out->words, group->order.d, group->order.width)) {
+ if (!bn_less_than_words(out->words, group->order.N.d, group->order.N.width)) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_SCALAR);
return 0;
}
@@ -78,15 +78,15 @@ int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
void ec_scalar_reduce(const EC_GROUP *group, EC_SCALAR *out,
const BN_ULONG *words, size_t num) {
// Convert "from" Montgomery form so the value is reduced modulo the order.
- bn_from_montgomery_small(out->words, group->order.width, words, num,
- group->order_mont);
+ bn_from_montgomery_small(out->words, group->order.N.width, words, num,
+ &group->order);
// Convert "to" Montgomery form to remove the R^-1 factor added.
ec_scalar_to_montgomery(group, out, out);
}
void ec_scalar_add(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
const EC_SCALAR *b) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
BN_ULONG tmp[EC_MAX_WORDS];
bn_mod_add_words(r->words, a->words, b->words, order->d, tmp, order->width);
OPENSSL_cleanse(tmp, sizeof(tmp));
@@ -94,7 +94,7 @@ void ec_scalar_add(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
void ec_scalar_sub(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a,
const EC_SCALAR *b) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
BN_ULONG tmp[EC_MAX_WORDS];
bn_mod_sub_words(r->words, a->words, b->words, order->d, tmp, order->width);
OPENSSL_cleanse(tmp, sizeof(tmp));
@@ -108,35 +108,35 @@ void ec_scalar_neg(const EC_GROUP *group, EC_SCALAR *r, const EC_SCALAR *a) {
void ec_scalar_select(const EC_GROUP *group, EC_SCALAR *out, BN_ULONG mask,
const EC_SCALAR *a, const EC_SCALAR *b) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
bn_select_words(out->words, mask, a->words, b->words, order->width);
}
void ec_scalar_to_montgomery(const EC_GROUP *group, EC_SCALAR *r,
const EC_SCALAR *a) {
- const BIGNUM *order = &group->order;
- bn_to_montgomery_small(r->words, a->words, order->width, group->order_mont);
+ const BIGNUM *order = &group->order.N;
+ bn_to_montgomery_small(r->words, a->words, order->width, &group->order);
}
void ec_scalar_from_montgomery(const EC_GROUP *group, EC_SCALAR *r,
const EC_SCALAR *a) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
bn_from_montgomery_small(r->words, order->width, a->words, order->width,
- group->order_mont);
+ &group->order);
}
void ec_scalar_mul_montgomery(const EC_GROUP *group, EC_SCALAR *r,
const EC_SCALAR *a, const EC_SCALAR *b) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
bn_mod_mul_montgomery_small(r->words, a->words, b->words, order->width,
- group->order_mont);
+ &group->order);
}
void ec_simple_scalar_inv0_montgomery(const EC_GROUP *group, EC_SCALAR *r,
const EC_SCALAR *a) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = &group->order.N;
bn_mod_inverse0_prime_mont_small(r->words, a->words, order->width,
- group->order_mont);
+ &group->order);
}
int ec_simple_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple.c
index 8d87ce80..8060c709 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple.c
@@ -88,16 +88,6 @@
// used, it is a Montgomery representation (i.e. 'encoding' means multiplying
// by some factor R).
-int ec_GFp_simple_group_init(EC_GROUP *group) {
- BN_init(&group->field);
- group->a_is_minus3 = 0;
- return 1;
-}
-
-void ec_GFp_simple_group_finish(EC_GROUP *group) {
- BN_free(&group->field);
-}
-
int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p,
const BIGNUM *a, const BIGNUM *b,
BN_CTX *ctx) {
@@ -114,17 +104,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p,
goto err;
}
- // group->field
- if (!BN_copy(&group->field, p)) {
- goto err;
- }
- BN_set_negative(&group->field, 0);
- // Store the field in minimal form, so it can be used with |BN_ULONG| arrays.
- bn_set_minimal_width(&group->field);
-
- if (!ec_bignum_to_felem(group, &group->a, a) ||
+ if (!BN_MONT_CTX_set(&group->field, p, ctx) ||
+ !ec_bignum_to_felem(group, &group->a, a) ||
!ec_bignum_to_felem(group, &group->b, b) ||
- !ec_bignum_to_felem(group, &group->one, BN_value_one())) {
+ // Reuse Z from the generator to cache the value one.
+ !ec_bignum_to_felem(group, &group->generator.raw.Z, BN_value_one())) {
goto err;
}
@@ -133,7 +117,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p,
!BN_add_word(tmp, 3)) {
goto err;
}
- group->a_is_minus3 = (0 == BN_cmp(tmp, &group->field));
+ group->a_is_minus3 = (0 == BN_cmp(tmp, &group->field.N));
ret = 1;
@@ -144,7 +128,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p,
int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
BIGNUM *b) {
- if ((p != NULL && !BN_copy(p, &group->field)) ||
+ if ((p != NULL && !BN_copy(p, &group->field.N)) ||
(a != NULL && !ec_felem_to_bignum(group, a, &group->a)) ||
(b != NULL && !ec_felem_to_bignum(group, b, &group->b))) {
return 0;
@@ -329,21 +313,21 @@ int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
void ec_GFp_simple_felem_to_bytes(const EC_GROUP *group, uint8_t *out,
size_t *out_len, const EC_FELEM *in) {
- size_t len = BN_num_bytes(&group->field);
- bn_words_to_big_endian(out, len, in->words, group->field.width);
+ size_t len = BN_num_bytes(&group->field.N);
+ bn_words_to_big_endian(out, len, in->words, group->field.N.width);
*out_len = len;
}
int ec_GFp_simple_felem_from_bytes(const EC_GROUP *group, EC_FELEM *out,
const uint8_t *in, size_t len) {
- if (len != BN_num_bytes(&group->field)) {
+ if (len != BN_num_bytes(&group->field.N)) {
OPENSSL_PUT_ERROR(EC, EC_R_DECODE_ERROR);
return 0;
}
- bn_big_endian_to_words(out->words, group->field.width, in, len);
+ bn_big_endian_to_words(out->words, group->field.N.width, in, len);
- if (!bn_less_than_words(out->words, group->field.d, group->field.width)) {
+ if (!bn_less_than_words(out->words, group->field.N.d, group->field.N.width)) {
OPENSSL_PUT_ERROR(EC, EC_R_DECODE_ERROR);
return 0;
}
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple_mul.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple_mul.c
index 34c925f6..427fb1fd 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple_mul.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/simple_mul.c
@@ -40,7 +40,7 @@ void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
}
// Divide bits in |scalar| into windows.
- unsigned bits = BN_num_bits(&group->order);
+ unsigned bits = EC_GROUP_order_bits(group);
int r_is_at_infinity = 1;
for (unsigned i = bits - 1; i < bits; i--) {
if (!r_is_at_infinity) {
@@ -48,7 +48,7 @@ void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
}
if (i % 5 == 0) {
// Compute the next window value.
- const size_t width = group->order.width;
+ const size_t width = group->order.N.width;
uint8_t window = bn_is_bit_set_words(scalar->words, width, i + 4) << 4;
window |= bn_is_bit_set_words(scalar->words, width, i + 3) << 3;
window |= bn_is_bit_set_words(scalar->words, width, i + 2) << 2;
@@ -78,7 +78,7 @@ void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
const EC_SCALAR *scalar) {
- ec_GFp_mont_mul(group, r, &group->generator->raw, scalar);
+ ec_GFp_mont_mul(group, r, &group->generator.raw, scalar);
}
static void ec_GFp_mont_batch_precomp(const EC_GROUP *group, EC_JACOBIAN *out,
@@ -99,7 +99,7 @@ static void ec_GFp_mont_batch_get_window(const EC_GROUP *group,
EC_JACOBIAN *out,
const EC_JACOBIAN precomp[17],
const EC_SCALAR *scalar, unsigned i) {
- const size_t width = group->order.width;
+ const size_t width = group->order.N.width;
uint8_t window = bn_is_bit_set_words(scalar->words, width, i + 4) << 5;
window |= bn_is_bit_set_words(scalar->words, width, i + 3) << 4;
window |= bn_is_bit_set_words(scalar->words, width, i + 2) << 3;
@@ -138,7 +138,7 @@ void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_JACOBIAN *r,
}
// Divide bits in |scalar| into windows.
- unsigned bits = BN_num_bits(&group->order);
+ unsigned bits = EC_GROUP_order_bits(group);
int r_is_at_infinity = 1;
for (unsigned i = bits; i <= bits; i--) {
if (!r_is_at_infinity) {
@@ -169,7 +169,7 @@ void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_JACOBIAN *r,
}
static unsigned ec_GFp_mont_comb_stride(const EC_GROUP *group) {
- return (BN_num_bits(&group->field) + EC_MONT_PRECOMP_COMB_SIZE - 1) /
+ return (EC_GROUP_get_degree(group) + EC_MONT_PRECOMP_COMB_SIZE - 1) /
EC_MONT_PRECOMP_COMB_SIZE;
}
@@ -212,7 +212,7 @@ static void ec_GFp_mont_get_comb_window(const EC_GROUP *group,
EC_JACOBIAN *out,
const EC_PRECOMP *precomp,
const EC_SCALAR *scalar, unsigned i) {
- const size_t width = group->order.width;
+ const size_t width = group->order.N.width;
unsigned stride = ec_GFp_mont_comb_stride(group);
// Select the bits corresponding to the comb shifted up by |i|.
unsigned window = 0;
@@ -230,7 +230,7 @@ static void ec_GFp_mont_get_comb_window(const EC_GROUP *group,
ec_felem_select(group, &out->Y, match, &precomp->comb[j].Y, &out->Y);
}
BN_ULONG is_infinity = constant_time_is_zero_w(window);
- ec_felem_select(group, &out->Z, is_infinity, &out->Z, &group->one);
+ ec_felem_select(group, &out->Z, is_infinity, &out->Z, ec_felem_one(group));
}
void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/wnaf.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/wnaf.c
index 436ffe55..65f430ec 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/wnaf.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ec/wnaf.c
@@ -138,8 +138,8 @@ void ec_compute_wNAF(const EC_GROUP *group, int8_t *out,
// we shift and add at most one copy of |bit|, this will continue to hold
// afterwards.
window_val >>= 1;
- window_val +=
- bit * bn_is_bit_set_words(scalar->words, group->order.width, j + w + 1);
+ window_val += bit * bn_is_bit_set_words(scalar->words, group->order.N.width,
+ j + w + 1);
assert(window_val <= next_bit);
}
@@ -183,7 +183,7 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
const EC_SCALAR *g_scalar,
const EC_JACOBIAN *points,
const EC_SCALAR *scalars, size_t num) {
- size_t bits = BN_num_bits(&group->order);
+ size_t bits = EC_GROUP_order_bits(group);
size_t wNAF_len = bits + 1;
int ret = 0;
@@ -197,13 +197,8 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
wNAF = wNAF_stack;
precomp = precomp_stack;
} else {
- if (num >= ((size_t)-1) / sizeof(wNAF_alloc[0]) ||
- num >= ((size_t)-1) / sizeof(precomp_alloc[0])) {
- OPENSSL_PUT_ERROR(EC, ERR_R_OVERFLOW);
- goto err;
- }
- wNAF_alloc = OPENSSL_malloc(num * sizeof(wNAF_alloc[0]));
- precomp_alloc = OPENSSL_malloc(num * sizeof(precomp_alloc[0]));
+ wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0]));
+ precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0]));
if (wNAF_alloc == NULL || precomp_alloc == NULL) {
goto err;
}
@@ -214,7 +209,7 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
int8_t g_wNAF[EC_MAX_BYTES * 8 + 1];
EC_JACOBIAN g_precomp[EC_WNAF_TABLE_SIZE];
assert(wNAF_len <= OPENSSL_ARRAY_SIZE(g_wNAF));
- const EC_JACOBIAN *g = &group->generator->raw;
+ const EC_JACOBIAN *g = &group->generator.raw;
if (g_scalar != NULL) {
ec_compute_wNAF(group, g_wNAF, g_scalar, bits, EC_WNAF_WINDOW_BITS);
compute_precomp(group, g_precomp, g, EC_WNAF_TABLE_SIZE);
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c
index 366615dd..daa87e49 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ecdsa/ecdsa.c
@@ -71,7 +71,7 @@
// ECDSA.
static void digest_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
const uint8_t *digest, size_t digest_len) {
- const BIGNUM *order = &group->order;
+ const BIGNUM *order = EC_GROUP_get0_order(group);
size_t num_bits = BN_num_bits(order);
// Need to truncate digest if it is too long: first truncate whole bytes.
size_t num_bytes = (num_bits + 7) / 8;
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-ios.ios.arm.S
index 9a967a0e..56663108 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -257,11 +249,7 @@ Lgmult_neon:
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-linux.linux.arm.S
index ce4f6381..7fb8e451 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-armv4-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
#include
@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
@@ -251,11 +243,7 @@ gcm_ghash_neon:
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S
index 1ce9d45f..ca5baa4b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
.text
@@ -342,11 +334,7 @@ Lmasks:
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,100,101,114,105,118,101,100,32,102,114,111,109,32,65,82,77,118,52,32,118,101,114,115,105,111,110,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S
index 6c62c593..a5743530 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-neon-armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
.text
@@ -342,11 +334,7 @@ gcm_ghash_neon:
.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,100,101,114,105,118,101,100,32,102,114,111,109,32,65,82,77,118,52,32,118,101,114,115,105,111,110,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
.align 2
.align 2
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86-linux.linux.x86.S
index 5ad69e49..3bf1f510 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl gcm_gmult_ssse3
.hidden gcm_gmult_ssse3
@@ -298,11 +291,7 @@ gcm_ghash_ssse3:
.align 16
.Llow4_mask:
.long 252645135,252645135,252645135,252645135
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S
index 1c5ca41e..506fb75a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
@@ -26,6 +19,7 @@
gcm_gmult_ssse3:
.cfi_startproc
+_CET_ENDBR
movdqu (%rdi),%xmm0
movdqa .Lreverse_bytes(%rip),%xmm10
movdqa .Llow4_mask(%rip),%xmm2
@@ -200,7 +194,7 @@ gcm_gmult_ssse3:
pxor %xmm4,%xmm4
pxor %xmm5,%xmm5
pxor %xmm6,%xmm6
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_gmult_ssse3,.-gcm_gmult_ssse3
@@ -216,6 +210,7 @@ gcm_gmult_ssse3:
gcm_ghash_ssse3:
.cfi_startproc
+_CET_ENDBR
movdqu (%rdi),%xmm0
movdqa .Lreverse_bytes(%rip),%xmm10
movdqa .Llow4_mask(%rip),%xmm11
@@ -412,7 +407,7 @@ gcm_ghash_ssse3:
pxor %xmm4,%xmm4
pxor %xmm5,%xmm5
pxor %xmm6,%xmm6
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_ghash_ssse3,.-gcm_ghash_ssse3
@@ -428,10 +423,6 @@ gcm_ghash_ssse3:
.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S
index da6a7726..9a0d6744 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-ssse3-x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
@@ -26,6 +19,7 @@
_gcm_gmult_ssse3:
+_CET_ENDBR
movdqu (%rdi),%xmm0
movdqa L$reverse_bytes(%rip),%xmm10
movdqa L$low4_mask(%rip),%xmm2
@@ -200,7 +194,7 @@ L$oop_row_3:
pxor %xmm4,%xmm4
pxor %xmm5,%xmm5
pxor %xmm6,%xmm6
- .byte 0xf3,0xc3
+ ret
@@ -216,6 +210,7 @@ L$oop_row_3:
_gcm_ghash_ssse3:
+_CET_ENDBR
movdqu (%rdi),%xmm0
movdqa L$reverse_bytes(%rip),%xmm10
movdqa L$low4_mask(%rip),%xmm11
@@ -412,7 +407,7 @@ L$oop_row_6:
pxor %xmm4,%xmm4
pxor %xmm5,%xmm5
pxor %xmm6,%xmm6
- .byte 0xf3,0xc3
+ ret
@@ -428,10 +423,6 @@ L$low4_mask:
.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86-linux.linux.x86.S
index d568b702..3768cb64 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl gcm_init_clmul
.hidden gcm_init_clmul
@@ -334,11 +327,7 @@ gcm_ghash_clmul:
.byte 82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112
.byte 112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62
.byte 0
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S
index 0b5d1dc8..0fe90477 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-linux.linux.x86_64.S
@@ -3,19 +3,10 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
-.extern OPENSSL_ia32cap_P
-.hidden OPENSSL_ia32cap_P
.globl gcm_init_clmul
.hidden gcm_init_clmul
.type gcm_init_clmul,@function
@@ -23,6 +14,7 @@
gcm_init_clmul:
.cfi_startproc
+_CET_ENDBR
.L_init_clmul:
movdqu (%rsi),%xmm2
pshufd $78,%xmm2,%xmm2
@@ -173,7 +165,7 @@ gcm_init_clmul:
movdqu %xmm0,64(%rdi)
.byte 102,15,58,15,227,8
movdqu %xmm4,80(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_init_clmul,.-gcm_init_clmul
@@ -183,6 +175,7 @@ gcm_init_clmul:
.align 16
gcm_gmult_clmul:
.cfi_startproc
+_CET_ENDBR
.L_gmult_clmul:
movdqu (%rdi),%xmm0
movdqa .Lbswap_mask(%rip),%xmm5
@@ -228,7 +221,7 @@ gcm_gmult_clmul:
pxor %xmm1,%xmm0
.byte 102,15,56,0,197
movdqu %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_gmult_clmul,.-gcm_gmult_clmul
.globl gcm_ghash_clmul
@@ -238,6 +231,7 @@ gcm_gmult_clmul:
gcm_ghash_clmul:
.cfi_startproc
+_CET_ENDBR
.L_ghash_clmul:
movdqa .Lbswap_mask(%rip),%xmm10
@@ -250,15 +244,9 @@ gcm_ghash_clmul:
jz .Lodd_tail
movdqu 16(%rsi),%xmm6
- leaq OPENSSL_ia32cap_P(%rip),%rax
- movl 4(%rax),%eax
cmpq $0x30,%rcx
jb .Lskip4x
- andl $71303168,%eax
- cmpl $4194304,%eax
- je .Lskip4x
-
subq $0x30,%rcx
movq $0xA040608020C0E000,%rax
movdqu 48(%rsi),%xmm14
@@ -616,7 +604,7 @@ gcm_ghash_clmul:
.Ldone:
.byte 102,65,15,56,0,194
movdqu %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_ghash_clmul,.-gcm_ghash_clmul
@@ -626,6 +614,7 @@ gcm_ghash_clmul:
.align 32
gcm_init_avx:
.cfi_startproc
+_CET_ENDBR
vzeroupper
vmovdqu (%rsi),%xmm2
@@ -727,7 +716,7 @@ gcm_init_avx:
vmovdqu %xmm5,-16(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_init_avx,.-gcm_init_avx
@@ -737,6 +726,7 @@ gcm_init_avx:
.align 32
gcm_gmult_avx:
.cfi_startproc
+_CET_ENDBR
jmp .L_gmult_clmul
.cfi_endproc
.size gcm_gmult_avx,.-gcm_gmult_avx
@@ -746,6 +736,7 @@ gcm_gmult_avx:
.align 32
gcm_ghash_avx:
.cfi_startproc
+_CET_ENDBR
vzeroupper
vmovdqu (%rdi),%xmm10
@@ -1116,7 +1107,7 @@ gcm_ghash_avx:
vpshufb %xmm13,%xmm10,%xmm10
vmovdqu %xmm10,(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size gcm_ghash_avx,.-gcm_ghash_avx
@@ -1134,10 +1125,6 @@ gcm_ghash_avx:
.align 64
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S
index 1b8db43f..1efd8f68 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghash-x86_64-mac.mac.x86_64.S
@@ -3,18 +3,10 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
-
.globl _gcm_init_clmul
.private_extern _gcm_init_clmul
@@ -22,6 +14,7 @@
_gcm_init_clmul:
+_CET_ENDBR
L$_init_clmul:
movdqu (%rsi),%xmm2
pshufd $78,%xmm2,%xmm2
@@ -172,7 +165,7 @@ L$_init_clmul:
movdqu %xmm0,64(%rdi)
.byte 102,15,58,15,227,8
movdqu %xmm4,80(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -182,6 +175,7 @@ L$_init_clmul:
.p2align 4
_gcm_gmult_clmul:
+_CET_ENDBR
L$_gmult_clmul:
movdqu (%rdi),%xmm0
movdqa L$bswap_mask(%rip),%xmm5
@@ -227,7 +221,7 @@ L$_gmult_clmul:
pxor %xmm1,%xmm0
.byte 102,15,56,0,197
movdqu %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
.globl _gcm_ghash_clmul
@@ -237,6 +231,7 @@ L$_gmult_clmul:
_gcm_ghash_clmul:
+_CET_ENDBR
L$_ghash_clmul:
movdqa L$bswap_mask(%rip),%xmm10
@@ -249,15 +244,9 @@ L$_ghash_clmul:
jz L$odd_tail
movdqu 16(%rsi),%xmm6
- leaq _OPENSSL_ia32cap_P(%rip),%rax
- movl 4(%rax),%eax
cmpq $0x30,%rcx
jb L$skip4x
- andl $71303168,%eax
- cmpl $4194304,%eax
- je L$skip4x
-
subq $0x30,%rcx
movq $0xA040608020C0E000,%rax
movdqu 48(%rsi),%xmm14
@@ -615,7 +604,7 @@ L$odd_tail:
L$done:
.byte 102,65,15,56,0,194
movdqu %xmm0,(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -625,6 +614,7 @@ L$done:
.p2align 5
_gcm_init_avx:
+_CET_ENDBR
vzeroupper
vmovdqu (%rsi),%xmm2
@@ -726,7 +716,7 @@ L$init_start_avx:
vmovdqu %xmm5,-16(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
@@ -736,6 +726,7 @@ L$init_start_avx:
.p2align 5
_gcm_gmult_avx:
+_CET_ENDBR
jmp L$_gmult_clmul
@@ -745,6 +736,7 @@ _gcm_gmult_avx:
.p2align 5
_gcm_ghash_avx:
+_CET_ENDBR
vzeroupper
vmovdqu (%rdi),%xmm10
@@ -1115,7 +1107,7 @@ L$tail_no_xor_avx:
vpshufb %xmm13,%xmm10,%xmm10
vmovdqu %xmm10,(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
@@ -1133,10 +1125,6 @@ L$7_mask:
.p2align 6
.text
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-ios.ios.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-ios.ios.arm.S
index 0bf6ac42..c8db8c8b 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-ios.ios.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-ios.ios.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__APPLE__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -259,11 +251,7 @@ Ldone_v8:
.align 2
.align 2
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__APPLE__)
#endif // defined(__arm__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-linux.linux.arm.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-linux.linux.arm.S
index 6d608686..80f91b14 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-linux.linux.arm.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv7-linux.linux.arm.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__ARMEL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_ARM) && defined(__ELF__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -253,11 +245,7 @@ gcm_ghash_v8:
.align 2
.align 2
#endif
-#endif // !OPENSSL_NO_ASM && defined(__ARMEL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_ARM) && defined(__ELF__)
#endif // defined(__arm__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S
index 50f27fd7..48d4c76f 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -572,11 +564,7 @@ Ldone4x:
.align 2
.align 2
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S
index 2d1a101b..741d46a2 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/ghashv8-armv8-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include
#if __ARM_MAX_ARCH__>=7
@@ -572,11 +564,7 @@ gcm_ghash_v8_4x:
.align 2
.align 2
#endif
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-586-linux.linux.x86.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-586-linux.linux.x86.S
index 26498a95..4e05a222 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-586-linux.linux.x86.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-586-linux.linux.x86.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
.text
.globl md5_block_asm_data_order
.hidden md5_block_asm_data_order
@@ -692,11 +685,7 @@ md5_block_asm_data_order:
popl %esi
ret
.size md5_block_asm_data_order,.-.L_md5_block_asm_data_order_begin
-#endif // !defined(OPENSSL_NO_ASM) && defined(__i386__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86) && defined(__ELF__)
#endif // defined(__i386__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S
index 0fad9dfd..28423a1a 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.align 16
@@ -21,6 +14,7 @@
.type md5_block_asm_data_order,@function
md5_block_asm_data_order:
.cfi_startproc
+_CET_ENDBR
pushq %rbp
.cfi_adjust_cfa_offset 8
.cfi_offset rbp,-16
@@ -697,14 +691,10 @@ md5_block_asm_data_order:
addq $40,%rsp
.cfi_adjust_cfa_offset -40
.Lepilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size md5_block_asm_data_order,.-md5_block_asm_data_order
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S
index ed26ace1..f46d3fb8 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/md5-x86_64-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
.p2align 4
@@ -21,6 +14,7 @@
_md5_block_asm_data_order:
+_CET_ENDBR
pushq %rbp
pushq %rbx
@@ -692,13 +686,9 @@ L$end:
addq $40,%rsp
L$epilogue:
- .byte 0xf3,0xc3
+ ret
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S
index 1fc91c9d..3a3fd34f 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include "CJWTKitBoringSSL_arm_arch.h"
.section __TEXT,__const
@@ -1733,11 +1725,7 @@ Lselect_w7_loop:
ret
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S
index 6f9f2451..4ff55b75 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-armv8-asm-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include "CJWTKitBoringSSL_arm_arch.h"
.section .rodata
@@ -1733,11 +1725,7 @@ ecp_nistz256_select_w7:
ret
.size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S
index 0d24dd85..220cef37 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.extern OPENSSL_ia32cap_P
.hidden OPENSSL_ia32cap_P
@@ -47,6 +40,7 @@
.align 32
ecp_nistz256_neg:
.cfi_startproc
+_CET_ENDBR
pushq %r12
.cfi_adjust_cfa_offset 8
.cfi_offset %r12,-16
@@ -94,7 +88,7 @@ ecp_nistz256_neg:
leaq 16(%rsp),%rsp
.cfi_adjust_cfa_offset -16
.Lneg_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_neg,.-ecp_nistz256_neg
@@ -109,6 +103,7 @@ ecp_nistz256_neg:
.align 32
ecp_nistz256_ord_mul_mont:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -427,7 +422,7 @@ ecp_nistz256_ord_mul_mont:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lord_mul_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
@@ -443,6 +438,7 @@ ecp_nistz256_ord_mul_mont:
.align 32
ecp_nistz256_ord_sqr_mont:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -731,7 +727,7 @@ ecp_nistz256_ord_sqr_mont:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lord_sqr_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
@@ -973,7 +969,7 @@ ecp_nistz256_ord_mul_montx:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lord_mulx_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx
@@ -1187,7 +1183,7 @@ ecp_nistz256_ord_sqr_montx:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lord_sqrx_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx
@@ -1202,6 +1198,7 @@ ecp_nistz256_ord_sqr_montx:
.align 32
ecp_nistz256_mul_mont:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -1264,7 +1261,7 @@ ecp_nistz256_mul_mont:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lmul_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
@@ -1482,7 +1479,7 @@ __ecp_nistz256_mul_montq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
@@ -1499,6 +1496,7 @@ __ecp_nistz256_mul_montq:
.align 32
ecp_nistz256_sqr_mont:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -1556,7 +1554,7 @@ ecp_nistz256_sqr_mont:
leaq 48(%rsp),%rsp
.cfi_adjust_cfa_offset -48
.Lsqr_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
@@ -1720,7 +1718,7 @@ __ecp_nistz256_sqr_montq:
movq %r14,16(%rdi)
movq %r15,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
.type __ecp_nistz256_mul_montx,@function
@@ -1888,7 +1886,7 @@ __ecp_nistz256_mul_montx:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
@@ -2018,7 +2016,7 @@ __ecp_nistz256_sqr_montx:
movq %r14,16(%rdi)
movq %r15,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
@@ -2029,6 +2027,7 @@ __ecp_nistz256_sqr_montx:
.align 32
ecp_nistz256_select_w5:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rax
movq 8(%rax),%rax
testl $32,%eax
@@ -2083,7 +2082,7 @@ ecp_nistz256_select_w5:
movdqu %xmm5,48(%rdi)
movdqu %xmm6,64(%rdi)
movdqu %xmm7,80(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_ecp_nistz256_select_w5:
.size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5
@@ -2096,6 +2095,7 @@ ecp_nistz256_select_w5:
.align 32
ecp_nistz256_select_w7:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rax
movq 8(%rax),%rax
testl $32,%eax
@@ -2139,7 +2139,7 @@ ecp_nistz256_select_w7:
movdqu %xmm3,16(%rdi)
movdqu %xmm4,32(%rdi)
movdqu %xmm5,48(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_ecp_nistz256_select_w7:
.size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7
@@ -2202,7 +2202,7 @@ ecp_nistz256_avx2_select_w5:
vmovdqu %ymm3,32(%rdi)
vmovdqu %ymm4,64(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_ecp_nistz256_avx2_select_w5:
.size ecp_nistz256_avx2_select_w5,.-ecp_nistz256_avx2_select_w5
@@ -2216,6 +2216,7 @@ ecp_nistz256_avx2_select_w5:
ecp_nistz256_avx2_select_w7:
.cfi_startproc
.Lavx2_select_w7:
+_CET_ENDBR
vzeroupper
vmovdqa .LThree(%rip),%ymm0
@@ -2283,7 +2284,7 @@ ecp_nistz256_avx2_select_w7:
vmovdqu %ymm2,0(%rdi)
vmovdqu %ymm3,32(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.LSEH_end_ecp_nistz256_avx2_select_w7:
.size ecp_nistz256_avx2_select_w7,.-ecp_nistz256_avx2_select_w7
@@ -2317,7 +2318,7 @@ __ecp_nistz256_add_toq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
@@ -2350,7 +2351,7 @@ __ecp_nistz256_sub_fromq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
@@ -2379,7 +2380,7 @@ __ecp_nistz256_subq:
cmovnzq %rcx,%r8
cmovnzq %r10,%r9
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_subq,.-__ecp_nistz256_subq
@@ -2413,7 +2414,7 @@ __ecp_nistz256_mul_by_2q:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
.globl ecp_nistz256_point_double
@@ -2422,6 +2423,7 @@ __ecp_nistz256_mul_by_2q:
.align 32
ecp_nistz256_point_double:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -2647,7 +2649,7 @@ ecp_nistz256_point_double:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lpoint_doubleq_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_double,.-ecp_nistz256_point_double
.globl ecp_nistz256_point_add
@@ -2656,6 +2658,7 @@ ecp_nistz256_point_double:
.align 32
ecp_nistz256_point_add:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -3084,7 +3087,7 @@ ecp_nistz256_point_add:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lpoint_addq_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_add,.-ecp_nistz256_point_add
.globl ecp_nistz256_point_add_affine
@@ -3093,6 +3096,7 @@ ecp_nistz256_point_add:
.align 32
ecp_nistz256_point_add_affine:
.cfi_startproc
+_CET_ENDBR
leaq OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -3418,7 +3422,7 @@ ecp_nistz256_point_add_affine:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Ladd_affineq_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
.type __ecp_nistz256_add_tox,@function
@@ -3452,7 +3456,7 @@ __ecp_nistz256_add_tox:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
@@ -3487,7 +3491,7 @@ __ecp_nistz256_sub_fromx:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
@@ -3518,7 +3522,7 @@ __ecp_nistz256_subx:
cmovcq %rcx,%r8
cmovcq %r10,%r9
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_subx,.-__ecp_nistz256_subx
@@ -3553,7 +3557,7 @@ __ecp_nistz256_mul_by_2x:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
.type ecp_nistz256_point_doublex,@function
@@ -3781,7 +3785,7 @@ ecp_nistz256_point_doublex:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lpoint_doublex_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_doublex,.-ecp_nistz256_point_doublex
.type ecp_nistz256_point_addx,@function
@@ -4212,7 +4216,7 @@ ecp_nistz256_point_addx:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lpoint_addx_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_addx,.-ecp_nistz256_point_addx
.type ecp_nistz256_point_add_affinex,@function
@@ -4540,14 +4544,10 @@ ecp_nistz256_point_add_affinex:
leaq (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Ladd_affinex_epilogue:
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size ecp_nistz256_point_add_affinex,.-ecp_nistz256_point_add_affinex
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S
index 5c9b3a49..3f8180f7 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256-x86_64-asm-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
@@ -46,6 +39,7 @@ L$ordK:
.p2align 5
_ecp_nistz256_neg:
+_CET_ENDBR
pushq %r12
pushq %r13
@@ -91,7 +85,7 @@ L$neg_body:
leaq 16(%rsp),%rsp
L$neg_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -106,6 +100,7 @@ L$neg_epilogue:
.p2align 5
_ecp_nistz256_ord_mul_mont:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -418,7 +413,7 @@ L$ord_mul_body:
leaq 48(%rsp),%rsp
L$ord_mul_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -434,6 +429,7 @@ L$ord_mul_epilogue:
.p2align 5
_ecp_nistz256_ord_sqr_mont:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -716,7 +712,7 @@ L$oop_ord_sqr:
leaq 48(%rsp),%rsp
L$ord_sqr_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -952,7 +948,7 @@ L$ord_mulx_body:
leaq 48(%rsp),%rsp
L$ord_mulx_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -1160,7 +1156,7 @@ L$oop_ord_sqrx:
leaq 48(%rsp),%rsp
L$ord_sqrx_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -1175,6 +1171,7 @@ L$ord_sqrx_epilogue:
.p2align 5
_ecp_nistz256_mul_mont:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -1231,7 +1228,7 @@ L$mul_mont_done:
leaq 48(%rsp),%rsp
L$mul_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -1449,7 +1446,7 @@ __ecp_nistz256_mul_montq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -1466,6 +1463,7 @@ __ecp_nistz256_mul_montq:
.p2align 5
_ecp_nistz256_sqr_mont:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -1517,7 +1515,7 @@ L$sqr_mont_done:
leaq 48(%rsp),%rsp
L$sqr_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -1681,7 +1679,7 @@ __ecp_nistz256_sqr_montq:
movq %r14,16(%rdi)
movq %r15,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -1849,7 +1847,7 @@ __ecp_nistz256_mul_montx:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -1979,7 +1977,7 @@ __ecp_nistz256_sqr_montx:
movq %r14,16(%rdi)
movq %r15,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -1990,6 +1988,7 @@ __ecp_nistz256_sqr_montx:
.p2align 5
_ecp_nistz256_select_w5:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rax
movq 8(%rax),%rax
testl $32,%eax
@@ -2044,7 +2043,7 @@ L$select_loop_sse_w5:
movdqu %xmm5,48(%rdi)
movdqu %xmm6,64(%rdi)
movdqu %xmm7,80(%rdi)
- .byte 0xf3,0xc3
+ ret
L$SEH_end_ecp_nistz256_select_w5:
@@ -2057,6 +2056,7 @@ L$SEH_end_ecp_nistz256_select_w5:
.p2align 5
_ecp_nistz256_select_w7:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rax
movq 8(%rax),%rax
testl $32,%eax
@@ -2100,7 +2100,7 @@ L$select_loop_sse_w7:
movdqu %xmm3,16(%rdi)
movdqu %xmm4,32(%rdi)
movdqu %xmm5,48(%rdi)
- .byte 0xf3,0xc3
+ ret
L$SEH_end_ecp_nistz256_select_w7:
@@ -2163,7 +2163,7 @@ L$select_loop_avx2_w5:
vmovdqu %ymm3,32(%rdi)
vmovdqu %ymm4,64(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
L$SEH_end_ecp_nistz256_avx2_select_w5:
@@ -2177,6 +2177,7 @@ L$SEH_end_ecp_nistz256_avx2_select_w5:
_ecp_nistz256_avx2_select_w7:
L$avx2_select_w7:
+_CET_ENDBR
vzeroupper
vmovdqa L$Three(%rip),%ymm0
@@ -2244,7 +2245,7 @@ L$select_loop_avx2_w7:
vmovdqu %ymm2,0(%rdi)
vmovdqu %ymm3,32(%rdi)
vzeroupper
- .byte 0xf3,0xc3
+ ret
L$SEH_end_ecp_nistz256_avx2_select_w7:
@@ -2278,7 +2279,7 @@ __ecp_nistz256_add_toq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -2311,7 +2312,7 @@ __ecp_nistz256_sub_fromq:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -2340,7 +2341,7 @@ __ecp_nistz256_subq:
cmovnzq %rcx,%r8
cmovnzq %r10,%r9
- .byte 0xf3,0xc3
+ ret
@@ -2374,7 +2375,7 @@ __ecp_nistz256_mul_by_2q:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
.globl _ecp_nistz256_point_double
@@ -2383,6 +2384,7 @@ __ecp_nistz256_mul_by_2q:
.p2align 5
_ecp_nistz256_point_double:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -2602,7 +2604,7 @@ L$point_double_shortcutq:
leaq (%rsi),%rsp
L$point_doubleq_epilogue:
- .byte 0xf3,0xc3
+ ret
.globl _ecp_nistz256_point_add
@@ -2611,6 +2613,7 @@ L$point_doubleq_epilogue:
.p2align 5
_ecp_nistz256_point_add:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -3033,7 +3036,7 @@ L$add_doneq:
leaq (%rsi),%rsp
L$point_addq_epilogue:
- .byte 0xf3,0xc3
+ ret
.globl _ecp_nistz256_point_add_affine
@@ -3042,6 +3045,7 @@ L$point_addq_epilogue:
.p2align 5
_ecp_nistz256_point_add_affine:
+_CET_ENDBR
leaq _OPENSSL_ia32cap_P(%rip),%rcx
movq 8(%rcx),%rcx
andl $0x80100,%ecx
@@ -3361,7 +3365,7 @@ L$add_affineq_body:
leaq (%rsi),%rsp
L$add_affineq_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -3395,7 +3399,7 @@ __ecp_nistz256_add_tox:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -3430,7 +3434,7 @@ __ecp_nistz256_sub_fromx:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -3461,7 +3465,7 @@ __ecp_nistz256_subx:
cmovcq %rcx,%r8
cmovcq %r10,%r9
- .byte 0xf3,0xc3
+ ret
@@ -3496,7 +3500,7 @@ __ecp_nistz256_mul_by_2x:
movq %r8,16(%rdi)
movq %r9,24(%rdi)
- .byte 0xf3,0xc3
+ ret
@@ -3718,7 +3722,7 @@ L$point_double_shortcutx:
leaq (%rsi),%rsp
L$point_doublex_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -4143,7 +4147,7 @@ L$add_donex:
leaq (%rsi),%rsp
L$point_addx_epilogue:
- .byte 0xf3,0xc3
+ ret
@@ -4465,13 +4469,9 @@ L$add_affinex_body:
leaq (%rsi),%rsp
L$add_affinex_epilogue:
- .byte 0xf3,0xc3
+ ret
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S
index 9ef3c41b..df5b6e56 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-ios.ios.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#include "CJWTKitBoringSSL_arm_arch.h"
.text
@@ -316,11 +308,7 @@ Lbeeu_finish:
AARCH64_VALIDATE_LINK_REGISTER
ret
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__APPLE__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__APPLE__)
#endif // defined(__aarch64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S
index a1620eca..f5a75ae2 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-armv8-asm-linux.linux.aarch64.S
@@ -3,17 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if !defined(__has_feature)
-#define __has_feature(x) 0
-#endif
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
+#include
-#if !defined(OPENSSL_NO_ASM) && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_AARCH64) && defined(__ELF__)
#include "CJWTKitBoringSSL_arm_arch.h"
.text
@@ -316,11 +308,7 @@ beeu_mod_inverse_vartime:
AARCH64_VALIDATE_LINK_REGISTER
ret
.size beeu_mod_inverse_vartime,.-beeu_mod_inverse_vartime
-#endif // !OPENSSL_NO_ASM && defined(__AARCH64EL__) && defined(__ELF__)
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
+#endif // !OPENSSL_NO_ASM && defined(OPENSSL_AARCH64) && defined(__ELF__)
#endif // defined(__aarch64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S
index cea69f5f..83d9831e 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-linux.linux.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__ELF__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__ELF__)
.text
.type beeu_mod_inverse_vartime,@function
@@ -22,6 +15,7 @@
.align 32
beeu_mod_inverse_vartime:
.cfi_startproc
+_CET_ENDBR
pushq %rbp
.cfi_adjust_cfa_offset 8
.cfi_offset rbp,-16
@@ -337,15 +331,11 @@ beeu_mod_inverse_vartime:
popq %rbp
.cfi_adjust_cfa_offset -8
.cfi_restore rbp
- .byte 0xf3,0xc3
+ ret
.cfi_endproc
.size beeu_mod_inverse_vartime, .-beeu_mod_inverse_vartime
#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
-#endif
#endif // defined(__x86_64__) && defined(__linux__)
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S
index f0cc713f..6081cdd9 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/p256_beeu-x86_64-asm-mac.mac.x86_64.S
@@ -3,16 +3,9 @@
// This file is generated from a similarly-named Perl script in the BoringSSL
// source tree. Do not edit by hand.
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
-#define OPENSSL_NO_ASM
-#endif
-#endif
+#include
-#if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) && defined(__APPLE__)
-#if defined(BORINGSSL_PREFIX)
-#include
-#endif
+#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && defined(__APPLE__)
.text
@@ -22,6 +15,7 @@
.p2align 5
_beeu_mod_inverse_vartime:
+_CET_ENDBR
pushq %rbp
pushq %r12
@@ -323,14 +317,10 @@ L$beeu_finish:
popq %rbp
- .byte 0xf3,0xc3
+ ret
-#endif
-#if defined(__ELF__)
-// See https://www.airs.com/blog/archives/518.
-.section .note.GNU-stack,"",%progbits
#endif
#endif // defined(__x86_64__) && defined(__APPLE__)
#if defined(__linux__) && defined(__ELF__)
diff --git a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/rand/fork_detect.c b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/rand/fork_detect.c
index 903417ec..123a5285 100644
--- a/Sources/CJWTKitBoringSSL/crypto/fipsmodule/rand/fork_detect.c
+++ b/Sources/CJWTKitBoringSSL/crypto/fipsmodule/rand/fork_detect.c
@@ -17,31 +17,34 @@
#endif
#include
-
#include "fork_detect.h"
-#if defined(OPENSSL_LINUX)
-#include
-#include
+#if defined(OPENSSL_FORK_DETECTION_MADVISE)
#include
#include
-
-#include "../delocate.h"
-#include "../../internal.h"
-
-
+#include
+#include