Changes On Branch 265ace08fed2a802

Changes In Branch crypto Through [265ace08fe] Excluding Merge-Ins

This is equivalent to a diff from c498845865 to 265ace08fe

2023-12-29
03:09
Merged in dh branch check-in: 594dfd3195 user: bohagan tags: trunk
2023-12-28
20:01
Created DH branch check-in: 22f9df2429 user: bohagan tags: dh
2023-12-23
21:23
Added kdfs command to list supported KDFs check-in: baa6119ddf user: bohagan tags: crypto
2023-12-21
20:15
Merged in master changes check-in: 265ace08fe user: bohagan tags: crypto
19:56
Optimized Init stub load and package require. Use general pkhIndex.tcl file. check-in: c498845865 user: bohagan tags: trunk
2023-12-19
05:53
Added test vectors files for hash functions. Added test files and make script to generate TCL test cases from test vector files. These files come from NIST, IETC, etc. documents, examples, etc. check-in: 25db067636 user: bohagan tags: crypto
2023-12-11
10:37
Updated to latest tclconfig changes check-in: 98e3157245 user: bohagan tags: trunk

Modified configure from [4c56eae107] to [39b72b8793].

5392
5393
5394
5395
5396
5397
5398
5399

5400
5401
5402
5403
5404
5405
5406
5392
5393
5394
5395
5396
5397
5398

5399
5400
5401
5402
5403
5404
5405
5406







-
+







# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------


    vars="tls.c tlsBIO.c tlsIO.c tlsX509.c"
    vars="tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKey.c tlsX509.c"
    for i in $vars; do
	case $i in
	    \$*)
		# allow $-var names
		PKG_SOURCES="$PKG_SOURCES $i"
		PKG_OBJECTS="$PKG_OBJECTS $i"
		;;

Modified configure.ac from [ac9d3aa5eb] to [c43a3df459].

67
68
69
70
71
72
73
74

75
76
77
78
79
80
81
67
68
69
70
71
72
73

74
75
76
77
78
79
80
81







-
+







# public headers that need to be installed in TEA_ADD_HEADERS,
# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------

TEA_ADD_SOURCES([tls.c tlsBIO.c tlsIO.c tlsX509.c])
TEA_ADD_SOURCES([tls.c tlsBIO.c tlsDigest.c tlsEncrypt.c tlsInfo.c tlsIO.c tlsKey.c tlsX509.c])
TEA_ADD_HEADERS([generic/tls.h])
TEA_ADD_INCLUDES([])
TEA_ADD_LIBS([])
TEA_ADD_CFLAGS([])
TEA_ADD_STUB_SOURCES([])
TEA_ADD_TCL_SOURCES([library/tls.tcl])

Added doc/cryptography.html version [b22c8f2c44].


































































































































































































































































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="2023 Brian O'Hagan">
<title>The Tcl Cryptography Package</title>
<link rel="stylesheet" href="docs.css" type="text/css" media="all">
</head>

<body class="vsc-initialized">

<h2>Tcl Cryptography Documentation</h2>

<dl>
    <dd><a href="#NAME">NAME</a>
	<dl><dd><b>tls</b> - binding to <b>OpenSSL</b> toolkit.</dd></dl>
    </dd>
    <dd><a href="#DESCRIPTION">DESCRIPTION</a> </dd>
    <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd>
    <dd><dl>
	    <dd><b>package require Tcl</b> <em>?8.5-?</em></dd>
	    <dd><b>package require tls</b></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::cipher</b> <em>name</em></dd>
	    <dd><b>tls::ciphers</b> <em>?protocol? ?verbose? ?supported?</em></dd>
	    <dd><b>tls::digests</b> <em>?name?</em></dd>
	    <dd><b>tls::macs</b></dd>
	    <dd><b>tls::protocols</b></dd>
	    <dd><b>tls::version</b></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::cmac</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
	    <dd><b>tls::hmac</b> <b>-digest</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
	    <dd><b>tls::md</b> <b>-digest</b> <em>name ?options?</em></dd>
	    <dd><b>tls::md4</b> <em>data</em></dd>
	    <dd><b>tls::md5</b> <em>data</em></dd>
	    <dd><b>tls::sha1</b> <em>data</em></dd>
	    <dd><b>tls::sha256</b> <em>data</em></dd>
	    <dd><b>tls::sha512</b> <em>data</em></dd>
	    <dd><b>tls::unstack</b> <em>channelId</em></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::encrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
	    <dd><b>tls::decrypt</b> <b>-cipher</b> <em>name</em> <b>-key</b> <em>key ?options?</em></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::derive_key</b> <em>key ?options?</em></dd>
	</dl>
    </dd>
    <dd><a href="#OPTIONS">OPTIONS</a></dd>
    <dd><a href="#COMMANDS">COMMANDS</a></dd>
    <dd><a href="#GLOSSARY">GLOSSARY</a> </dd>
    <dd><a href="#EXAMPLES">EXAMPLES</a></dd>
    <dd><a href="#SPECIAL">SPECIAL CONSIDERATIONS</a></dd>
</dl>

<br>

<h3><a name="NAME">NAME</a></h3>

<p><strong>tls</strong> - binding to <strong>OpenSSL</strong> toolkit.</p>

<h3><a name="DESCRIPTION">DESCRIPTION</a></h3>

<p>This extension provides a generic interface to the
<a href="http://www.openssl.org/">OpenSSL</a> cryptography functions. The
provided commands can be used to ensure the confidentiality, authenticity,
and integrity of messages and data.</p>

<br>
<h3><a name="SYNOPSIS">SYNOPSIS</a></h3>

<p><b>package require Tcl 8.5-</b><br>
<b>package require tls</b><br>
<br>
<a href="#tls::cipher"><b>tls::cipher</b> <i>name</i></a><br>
<a href="#tls::ciphers"><b>tls::ciphers</b> <i>?protocol? ?verbose? ?supported?</i></a><br>
<a href="#tls::digests"><b>tls::digests</b> <i>?name?</i></a><br>
<a href="#tls::macs"><b>tls::macs</b></a><br>
<a href="#tls::protocols"><b>tls::protocols</b></a><br>
<a href="#tls::version"><b>tls::version</b></a><br>
<br>
<a href="#tls::cmac"><b>tls::cmac</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
<a href="#tls::hmac"><b>tls::hmac</b> <b>-digest</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
<a href="#tls::md"><b>tls::md</b> <b>-digest</b> <i>name ?options?</i></a><br>
<a href="#tls::md4"><b>tls::md4</b> <i>data</i></a><br>
<a href="#tls::md5"><b>tls::md5</b> <i>data</i></a><br>
<a href="#tls::sha1"><b>tls::sha1</b> <i>data</i></a><br>
<a href="#tls::sha256"><b>tls::sha256</b> <i>data</i></a><br>
<a href="#tls::sha512"><b>tls::sha512</b> <i>data</i></a><br>
<a href="#tls::unstack"><b>tls::unstack</b> <i>channelId</i></a><br>
<br>
<a href="#tls::encrypt"><b>tls::encrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
<a href="#tls::decrypt"><b>tls::decrypt</b> <b>-cipher</b> <i>name</i> <b>-key</b> <i>key ?options?</i></a><br>
<br>
<a href="#tls::derive_key"><b>tls::derive_key</b> <i>?options?</i></a><br>
</p>

<br>
<h3><a name="OPTIONS">OPTIONS</a></h3>

<p>The following options are used by the cryptography commands.</p>
<br>
<h4>Cryptographic Options</h4>

<dl>
    <dt><a name="-cipher"><strong>-cipher</strong> <em>name</em></a></dt>
    <dd>Name of cryptographic cipher to use. Used by encrypt/decrypt command
    and CMAC &amp; GMAC hash algorithms. For CMAC it must be one of AES-128-CBC,
    AES-192-CBC, AES-256-CBC or DES-EDE3-CBC. For GMAC it should be a GCM mode
    cipher e.g. AES-128-GCM. See <a href="#tls::ciphers"><b>tls::ciphers</b></a>
    for the valid values.</dd>
</dl>

<dl>
    <dt><a name="-digest"><strong>-digest</strong> <em>name</em></a></dt>
    <dd>Name of hash function (aka message digest) to use.
    See <a href="#tls::digests"><b>tls::digests</b></a> for the valid values.</dd>
</dl>

<dl>
    <dt><a name="-iterations"><strong>-iterations</strong> <em>count</em></a></dt>
    <dd>Number (integer &gt; 0) of iterations to use in deriving the encryption
    key. Default is 2048. Some <a href="#KDF"><b>KDF</b></a> implementations
    require an iteration count.</dd>
</dl>

<dl>
    <dt><a name="-iv"><strong>-iv</strong> <em>string</em></a></dt>
    <dd>Initialization vector (IV) to use. Required for some ciphers and GMAC.
    Cipher modes CBC, CFB, and OFB all need an IV while ECB and CTR modes do not.
    A new, random IV should be created for each use. Think of the IV as a nonce
    (number used once), it's public but random and unpredictable. See the
   <a href="#tls::cipher"><b>tls::cipher</b></a> for iv_length and
    when required (length > 0). Max is 16 bytes. If not set, it will default to \x00 fill data.</dd>
</dl>

<dl>
    <dt><a name="-key"><strong>-key</strong> <em>string</em></a></dt>
    <dd>Encryption key to use for cryptography function. Can be a binary or
    text string. Longer keys provide better protection. Used by ciphers, HMAC,
    some CMAC, and some KDF implementations. If the length of the key is &lt;
    <b>key_length</b> it will be padded. Max is 64 bytes. If &gt; key_length, it will be rejected.
    See the <a href="#tls::cipher"><b>tls::cipher</b></a> for key_length.</dd>
</dl>

<dl>
    <dt><a name="-mac"><strong>-mac</strong> <em>name</em></a></dt>
    <dd>Name of Message Authentication Code (MAC) to use.
    See <a href="#tls::mac"><b>tls::macs</b></a> for the valid values.</dd>
</dl>

<dl>
    <dt><a name="-password"><strong>-password</strong> <em>string</em></a></dt>
    <dd>Password to use for some KDF functions. If not specified, the default
    value is used. Can be a binary or text string.</dd>
</dl>

<dl>
    <dt><a name="-properties"><strong>-properties</strong> <em>list</em></a></dt>
    <dd>List of additional properties to pass to cryptographic function.</dd>
</dl>

<dl>
    <dt><a name="-salt"><strong>-salt</strong> <em>string</em></a></dt>
    <dd>Specifies salt value to use when encrypting data. Can be a binary or
    text string. Default is to use a randomly generated value. This option is
    used by BLAKE2 MAC and some KDF implementations use a non-secret unique
    cryptographic salt.</dd>
</dl>

<dl>
    <dt><a name="-size"><strong>-size</strong> <em>number</em></a></dt>
    <dd>Set the output hash size in bytes. Used by KMAC128 or KMAC256 to specify
    an output length. The default sizes are 32 or 64 bytes respectively.</dd>
</dl>

<dl>
    <dt><a name="-xof"><strong>-xof</strong> <em>boolean</em></a></dt>
    <dd>Set whether to use XOF. This option is used by KMAC.</dd>
</dl>

<br>
<h4>Input/Output Options</h4>

<dl>
    <dt><a name="-chan"><strong>-chan</strong> <em>channelId</em></a></dt>
    <dt><a name="-chan"><strong>-channel</strong> <em>channelId</em></a></dt>
    <dd>Add the cryptographic transformation on top of channel
	<em>channelId</em>. Automatically sets channel to binary mode. Works
	like <b>chan push</b> to create a stacked channel. If the command
	<b>fileevent</b> is to be used for channel event monitoring, all
	channels in the stack should be set to non-blocking mode. If not,
	the system may hang while waiting for data. When done, use either the
	close command or <a href="#tls::unstack"><strong>tls::unstack</strong></a>
	to remove the transform from the channel. Additional transforms cannot
	be added to channel. Example code:</dd></dl>
    <blockquote><code>
		set ch [open test_file.txt rb]<br>
		::tls::digest -digest sha256 -chan $ch<br>
		set dat ""<br>
		while {![eof $ch]} {append dat [read $ch 4096]}<br>
		close $ch<br>
		puts $dat
    </code></blockquote>

<dl>
    <dt><a name="-command"><strong>-command</strong> <em>cmdName</em></a></dt>
    <dd>Create and return <em>cmdName</em> which is used to incrementally add
	data to a cryptographic function. To add data to the function, call
	&quot;<em>cmdName</em> <b>update</b> <em>data</em>&quot;, where
	<em>data</em> is the data to add. When done, call
	&quot;<em>cmdName</em> <b>finalize</b>&quot; to return the resulting
	value and delete <em>cmdName</em>. Example code:</dd></dl>
    <blockquote><code>
		set cmd [::tls::digest -digest sha256 -command ::tls::temp]<br>
		set dat ""<br>
		append dat [$cmd update "Some data. "]<br>
		append dat [$cmd update "More data."]<br>
		append dat [$cmd finalize]<br>
		puts $dat
    </code></blockquote>

<dl>
    <dt><a name="-data"><strong>-data</strong> <em>string</em></a></dt>
    <dd>Perform the cryptographic function on <em>data</em> and return the
    result. Example code:</dd></dl>
    <blockquote><code>
		set md [::tls::digest sha256 "Some example data."]<br>
		puts $md
    </code></blockquote>

<dl>
    <dt><a name="-file"><strong>-file</strong> <em>filename</em></a></dt>
    <dt><a name="-file"><strong>-filename</strong> <em>filename</em></a></dt>
    <dd>Perform the cryptographic function on file <em>filename</em> and return
    the result. This operation will open file, read the file data, close the
    file, and return the result using the TCL file APIs, so VFS files are
    supported. Example code:</dd></dl>
    <blockquote><code>
		set md [::tls::digest -digest sha256 -file test_file.txt]<br>
		puts $md
    </code></blockquote>

<dl>
    <dt><a name="-infile"><strong>-infile</strong> <em>filename</em></a></dt>
    <dd>Specifies the file to use as data input source. This option uses the
    TCL file APIs, so VFS files are supported. Example code:</dd></dl>
    <blockquote><code>
		::tls::encrypt -cipher aes-128-cbc -key "Test key"
		-infile unencrypted.txt -outfile encrypted.dat
    </code></blockquote>

<dl>
    <dt><a name="-outfile"><strong>-outfile</strong> <em>filename</em></a></dt>
    <dd>Specifies the file to output the encryption results to. This option
    uses the TCL file APIs, so VFS files are supported. Example code:</dd></dl>
    <blockquote><code>
		::tls::decrypt -cipher aes-128-cbc -key "Test key"
		-infile encrypted.dat -outfile unencrypted.txt
    </code></blockquote>

<dl>
    <dt><a name="-keyfile"><strong>-keyfile</strong> <em>filename</em></a></dt>
    <dd>Specifies the file to get the encryption key from.</dd></dl>

<br>

<h4>Format Options</h4>

<dl>
    <dt><a name="-base64"><strong>-base64</strong></a></dt>
    <dd>Base64 encode data after encryption or decode before decryption.</dd>
</dl>

<dl>
    <dt><a name="-bin"><strong>-bin</strong></a></dt>
    <dt><a name="-bin"><strong>-binary</strong></a></dt>
    <dd>Output result of function as a binary string.</dd>
</dl>

<dl>
    <dt><a name="-hex"><strong>-hex</strong></a></dt>
    <dt><a name="-hex"><strong>-hexadecimal</strong></a></dt>
    <dd>Output result of function as a hexadecimal string. This is the default
	option unless otherwise specified.</dd>
</dl>

<br>
<h3><a name="COMMANDS">COMMANDS</a></h3>

<p>The following commands provide access to the OpenSSL cryptography functions.</p>

<dl>

<h4><a name="Info">Info Commands</a></h4>

    <dt><a name="tls::cipher"><strong>tls::cipher</strong> <em>name</em></a></dt>
    <dd>Return a list of property names and values describing cipher
	<i>name</i>. Properties include name, description, block_size,
	key_length, iv_length, type, and mode list. If block-size is 1,
	then it's a stream cipher, otherwise it's a block cipher.</dd>

    <dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
    <em>?protocol? ?verbose? ?supported?</em></a></dt>
    <dd>Without any args, returns a list of all symmetric ciphers for use with
	the <a href="#-cipher"><b>-cipher</b></a> option. With <em>protocol</em>,
	only the ciphers supported for that protocol are returned. See
	<b>tls::protocols</b> command for the supported protocols. If
	<em>verbose</em> is specified as true then a verbose, human readable
	list is returned with additional information on the cipher. If
	<em>supported</em> is specified as true, then only the ciphers
	supported for protocol will be listed.</dd>

    <dt><a name="tls::digests"><strong>tls::digests</strong> <em>?name?</em></a></dt>
    <dd>Without <em>name</em>, returns a list of the supported message digests
	(aka hash algorithms) for use with the <a href="#-digest"><b>-digest</b></a>
	option. With <em>name</em>, returns a list of
	property names and values describing message digest <i>name</i>. Properties
	include name, description, size, block_size, type, and flags list.</dd>

    <dt><a name="tls::kdfs"><strong>tls::kdfs</strong></a></dt>
    <dd>Returns a list of the available Key Derivation Function (KDF)
	algorithms.</dd>

    <dt><a name="tls::macs"><strong>tls::macs</strong></a></dt>
    <dd>Returns a list of the available Message Authentication Codes (MAC)
	for use with the <a href="#-key"><b>-key</b></a> option.</dd>

    <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt>
    <dd>Returns a list of supported protocols. Valid values are:
	<b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>,
	and <b>tls1.3</b>. Exact list depends on OpenSSL version and
	compile time flags.</dd>

    <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
    <dd>Returns the OpenSSL version string.</dd>

<br>

<h4><a name="MD_MAC">Message Digest (MD) and Message Authentication Code (MAC) Commands</a></h4>

    <dt><a name="tls::cmac"><strong>tls::cmac</strong>
	<em>?</em><b>-cipher</b><em>? name</em>
	<b>-key</b> <em>key ?</em><b>-bin</b>|<b>-hex</b><em>?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
    <dd>Calculate the Cipher-based Message Authentication Code (CMAC) where
	<em>key</em> is a shared key and output the result per the I/O options
	in the specified format. MACs are used to ensure authenticity and the
	integrity of data. See <a href="#OPTIONS"><b>options</b></a> for usage
	info. Option <b>-key</b> is only used for some ciphers.</dd>

    <dt><a name="tls::hmac"><strong>tls::hmac</strong>
	<em>?</em><b>-digest</b><em>? name</em>
	<b>-key</b> <em>key ?</em><b>-bin</b>|<b>-hex</b><em>?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
    <dd>Calculate the Hash-based Message Authentication Code (HMAC) where
	<em>key</em> is a shared secret key and output the result per the I/O
	options in the specified format. The cryptographic strength depends
	upon the size of the key and the security of the hash function used.
	See <a href="#OPTIONS"><b>options</b></a> for usage info.</dd>

    <dt><a name="tls::mac"><strong>tls::mac</strong>
	<em>?</em><b>-mac</b><em>? name</em> <b>-cipher</b> <em>name</em>
	<b>-digest</b> <em>name</em> <b>-key</b> <em>key ?</em>
	<b>-bin</b>|<b>-hex</b><em>?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
    <dd>(OpenSSL 3.0+) Calculate the Message Authentication Code (MAC) where
	<em>key</em> is a shared key and output the result per the I/O options
	in the specified format. MACs are used to ensure authenticity and
	the integrity of data. See <a href="#OPTIONS"><b>options</b></a>
	for usage info.</dd>

    <dt><a name="tls::md"><strong>tls::md</strong>
	<em>?</em><b>-digest</b><em>? name ?</em><b>-bin</b>|<b>-hex</b><em>?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-file</b> <em>filename | ?</em><b>-data</b><em>? data]</em></a></dt>
    <dd>Calculate the message digest (MD) using hash function <em>name</em>
	and output the result per the I/O options in the specified format.
	MDs are used to ensure the integrity of data. See
	<a href="#OPTIONS"><b>options</b></a> for usage info.</dd>

    <dt><a name="tls::md4"><strong>tls::md4</strong> <em>data</em></a></dt>
    <dd>Returns the MD4 message-digest for <em>data</em> as a hex string.</dd>

    <dt><a name="tls::md5"><strong>tls::md5</strong> <em>data</em></a></dt>
    <dd>Returns the MD5 message-digest for <em>data</em> as a hex string.</dd>

    <dt><a name="tls::sha1"><strong>tls::sha1</strong> <em>data</em></a></dt>
    <dd>Returns the SHA1 secure hash algorithm digest for <em>data</em> as a hex string.</dd>

    <dt><a name="tls::sha256"><strong>tls::sha256</strong> <em>data</em></a></dt>
    <dd>Returns the SHA-2 SHA256 secure hash algorithm digest for <em>data</em> as a hex string.</dd>

    <dt><a name="tls::sha512"><strong>tls::sha512</strong> <em>data</em></a></dt>
    <dd>Returns the SHA-2 SHA512 secure hash algorithm digest for <em>data</em> as a hex string.</dd>

    <dt><a name="tls::unstack"><strong>tls::unstack</strong> <em>channelId</em></a></dt>
    <dd>Removes the top level cryptographic transform from channel <em>channelId</em>.</dd>

<br>

<h4><a name="Cipher">Encryption and Decryption Commands</a></h4>

    <dt><a name="tls::encrypt"><strong>tls::encrypt</strong>
	<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
	<b>-data</b><em> data]</em></a></dt>
    <dd>Encrypt the data using cipher <em>cipher</em> and output the result per
	the I/O options. Ciphers are used to create the cipher text from the
	input data. See <a href="#OPTIONS"><b>options</b></a> for usage
	info. Option <b>-iv</b> is only used for some ciphers. See the
	&quot;<b>tls::cipher</b> <em>cipher</em>&quot; command for key and iv
	sizes and when the iv is used (iv_length &gt; 0).</dd>

    <dt><a name="tls::decrypt"><strong>tls::decrypt</strong>
	<em>?</em><b>-cipher</b><em>? name</em> <b>-key</b> <em>key ?</em><b>-iv</b> <em>string?
	[</em><b>-chan</b> <em>channelId |</em> <b>-command</b> <em>cmdName |</em>
	<b>-infile</b> <em>filename</em> <b>-outfile</b> <em>filename |</em>
	<b>-data</b><em> data]</em></a></dt>
    <dd>Decrypt the data using cipher <em>cipher</em> and output the result per
	the I/O options. This command is the opposite of the <b>tls::encrypt</b>
	command. See <a href="#OPTIONS"><b>options</b></a> for usage
	info. Option <b>-iv</b> is only used for some ciphers. See the
	&quot;<b>tls::cipher</b> <em>cipher</em>&quot; command for key and iv
	sizes and when the iv is used (iv_length &gt; 0).</dd>
</dl>

<br>

<h4><a name="KDF">Key Derivation Function (KDF) Commands</a></h4>

    <dt><a name="tls::derive_key"><strong>tls::derive_key</strong>
	<em>[</em><b>-cipher</b> <em>cipher |</em> <b>-size</b> <em>size]</em>
	<b>-digest</b> <em>digest ?</em><b>-iterations</b> <em>count?
	?</em><b>-password</b> <em>string? ?</em><b>-salt</b> <em>string?</em></a></dt>
    <dd>Derive a key and initialization vector (iv) from a password and salt
	value using PKCS5_PBKDF2_HMAC. This is a more secure way to generate
	keys and ivs for use by <a href="#tls::encrypt"><b>tls::encrypt</b></a>.
	See <a href="#OPTIONS"><b>options</b></a> for usage info. If <b>-cipher</b>
	is specified, then the derived key and iv sized for that cipher are
	returned as a key-value list. If not or if <b>-size</b> is specified,
	then the derived key (dk) of <em>size</em> bytes is returned.</dd>
</dl>

<br>
<h3><a name="GLOSSARY">GLOSSARY</a></h3>

<p>The following is a list of the terminology used in this package along with
brief definitions. For more details, please consult with the OpenSSL documentation.</p>


<br>
<h3><a name="EXAMPLES">EXAMPLES</a></h3>

<p>TBS</p>

<pre><code>
package require http
package require tls

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]

set tok [http::geturl https://www.tcl.tk/]
</code></pre>

<br>
<h3><a name="SPECIAL">SPECIAL CONSIDERATIONS</a></h3>

<p>The capabilities of this package can vary enormously based upon how your
OpenSSL library was configured and built. New versions may obsolete older
ciphers, digests, MACs, etc. or change default values. Use the
info commands to obtain the supported values.</p>
<br>

<pre>
Copyright &copy; 2023 Brian O'Hagan.
</pre>
</body>
</html>

Added doc/docs.css version [0ab4787813].


1
+
body,div,p,th,td,li,dd,ul,ol,dl,dt,blockquote{font-family:Verdana,sans-serif}pre,code{font-family:courier new,Courier,monospace}pre{background-color:#f6fcec;border-top:1px solid #6a6a6a;border-bottom:1px solid #6a6a6a;padding:1em;overflow:auto}body{background-color:#fff;font-size:12px;line-height:1.25;letter-spacing:.2px;padding-left:.5em}h1,h2,h3,h4{font-family:Georgia,serif;padding-left:1em;margin-top:1em}h1{font-size:18px;color:#11577b;border-bottom:1px dotted #11577b;margin-top:0}h2{font-size:14px;color:#11577b;background-color:#c5dce8;padding-left:1em;border:1px solid #6a6a6a}h3,h4{color:#1674a4;background-color:#e8f2f6;border-bottom:1px dotted #11577b;border-top:1px dotted #11577b}h3{font-size:12px}h4{font-size:11px}.keylist dt,.arguments dt{width:20em;float:left;padding:2px;border-top:1px solid #999}.keylist dt{font-weight:700}.keylist dd,.arguments dd{margin-left:20em;padding:2px;border-top:1px solid #999}.copy{background-color:#f6fcfc;white-space:pre;font-size:80%;border-top:1px solid #6a6a6a;margin-top:2em}.tablecell{font-size:12px;padding-left:.5em;padding-right:.5em}

Modified doc/tls.html from [ec5645fd47] to [12b4e9e9d7].

1
2
3
4


5
6
7
8
9


10
11

12


13
14
15
16
17


18
19
20
21
22

23
24
25
26
27

28
29
30


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51


52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69


70
71
72
73
74
75
76




1
2
3
4
5
6

7
8
9
10
11

12
13
14
15
16
17

18
19
20
21
22
23

24
25
26
27
28

29
30


31
32
33
34
35

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50


51
52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67



68
69
70
71
72
73
74
75
76
-
-
-
-
+
+




-
+
+


+
-
+
+




-
+
+




-
+




-
+

-
-
+
+



-















-
-
+
+



-
+











-
-
-
+
+







<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<meta name="Copyright" content="1999 Matt Newman / 2004 Starfish Systems">
<title>TLS (SSL) Tcl Commands</title>
<title>TLS (SSL) TCL Commands</title>
<link rel="stylesheet" href="docs.css" type="text/css" media="all">
</head>

<body class="vsc-initialized">
<body bgcolor="#FFFFFF">

<h2>Tcl Tls Extension Documentation</h2>

<dl>
    <dd><a href="#NAME">NAME</a>
    <dl>
	<dd><b>tls</b> - binding to <b>OpenSSL</b> toolkit.</dd>
	<dd><b>tls</b> - binding to <b>OpenSSL</b> library
	for socket and I/O channel communications.</dd>
    </dl>
    </dd>
    <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd>
    <dd><dl>
	    <dd><b>package require Tcl</b> <em>?8.4?</em></dd>
	    <dd><b>package require Tcl</b> <em>?8.5?</em></dd>
	    <dd><b>package require tls</b></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::init</b> <em>?options?</em> </dd>
	    <dd><b>tls::socket</b> <em>?options? host port</em></dd>
	    <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd>
	    <dd><b>tls::socket</b> <em>?-server command? ?options? port</em></dd>
	    <dd><b>tls::handshake</b> <em> channel</em></dd>
	    <dd><b>tls::status </b> <em>?-local? channel</em></dd>
	    <dd><b>tls::connection </b> <em>channel</em></dd>
	    <dd><b>tls::status</b> <em>?-local? channel</em></dd>
	    <dd><b>tls::connection</b> <em>channel</em></dd>
	    <dd><b>tls::import</b> <em>channel ?options?</em></dd>
	    <dd><b>tls::unimport</b> <em>channel</em></dd>
	    <dt>&nbsp;</dt>
	    <dd><b>tls::ciphers </b> <em>protocol ?verbose? ?supported?</em></dd>
	    <dd><b>tls::protocols</b></dd>
	    <dd><b>tls::version</b></dd>
	</dl>
    </dd>
    <dd><a href="#COMMANDS">COMMANDS</a></dd>
    <dd><a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a></dd>
    <dd><a href="#HTTPS EXAMPLE">HTTPS EXAMPLE</a></dd>
    <dd><a href="#SEE ALSO">SPECIAL CONSIDERATIONS</a></dd>
    <dd><a href="#SEE ALSO">SEE ALSO</a></dd>
</dl>

<hr>

<h3><a name="NAME">NAME</a></h3>

<p><strong>tls</strong> - binding to <strong>OpenSSL</strong>
toolkit.</p>
<p><strong>tls</strong> - binding to <strong>OpenSSL</strong> library
for socket and I/O channel communications.</p>

<h3><a name="SYNOPSIS">SYNOPSIS</a></h3>

<p><b>package require Tcl 8.4</b><br>
<p><b>package require Tcl 8.5</b><br>
<b>package require tls</b><br>
<br>
<a href="#tls::init"><b>tls::init</b> <i>?options?</i></a><br>
<a href="#tls::socket"><b>tls::socket</b> <i>?options? host port</i><br>
<a href="#tls::socket"><b>tls::socket</b> <i>?-server command? ?options? port</i></a><br>
<a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br>
<a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br>
<a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br>
<a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br>
<a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br>
<br>
<a href="#tls::ciphers"><b>tls::ciphers</b> <i>protocol ?verbose? ?supported?</i></a><br>
<a href="#tls::protocols"><b>tls::protocols</b></a>
<a href="#tls::version"><b>tls::version</b></a>
<a href="#tls::protocols"><b>tls::protocols</b></a><br>
<a href="#tls::version"><b>tls::version</b></a><br>
</p>

<h3><a name="DESCRIPTION">DESCRIPTION</a></h3>

<p>This extension provides a generic binding to <a
href="http://www.openssl.org/">OpenSSL</a>, utilizing the
<strong>Tcl_StackChannel</strong>
97
98
99
100
101
102
103
104

105
106

107
108
109
110
111


112
113
114
115
116
117
118
119



120
121
122
123
124
125
126
97
98
99
100
101
102
103

104
105

106
107
108
109


110
111
112
113
114
115
116



117
118
119
120
121
122
123
124
125
126







-
+

-
+



-
-
+
+





-
-
-
+
+
+







    <dt>&nbsp;</dt>
    <dt><a name="tls::socket"><b>tls::socket </b><em>?options?
	host port</em></a></dt>
    <dt><b>tls::socket</b><em> ?-server command? ?options? port</em></dt>
    <dd>This is a helper function that utilizes the underlying
	commands (<strong>tls::import</strong>). It behaves
	exactly the same as the native Tcl <strong>socket</strong>
	command except that the options can include any of the
	command except the options can also include any of the
	applicable <a href="#tls::import"><strong>tls:import</strong></a>
	options with one additional option:
	options with one additional option:</dd>
<blockquote>
    <dl>
	<dt><strong>-autoservername</strong> <em>bool</em></dt>
	<dd>Automatically send the -servername as the <em>host</em> argument
	    (default is <em>false</em>)</dd>
	<dd>Automatically set the -servername argument to the <em>host</em>
	    argument (default is <em>false</em>).</dd>
    </dl>
</blockquote>

    <dt><a name="tls::import"><b>tls::import </b><i>channel
	?options?</i></a></dt>
    <dd>SSL-enable a regular Tcl channel - it need not be a
	socket, but must provide bi-directional flow. Also
	setting session parameters for SSL handshake.</dd>
    <dd>Add SSL/TLS encryption to a regular Tcl channel. It need
	not be a socket, but must provide bi-directional flow. Also
	set session parameters for SSL handshake.</dd>

<blockquote>
    <dl>
	<dt><strong>-alpn</strong> <em>list</em></dt>
	<dd>List of protocols to offer during Application-Layer
	    Protocol Negotiation (ALPN). For example: <em>h2</em> and
	    <em>http/1.1</em>, but not <em>h3</em> or <em>quic</em>.</dd>
135
136
137
138
139
140
141
142

143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173


174
175
176
177
178
179
180
181
182
183
184


185

186
187
188

189
190
191
192
193

194
195


196
197

198
199
200



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

217
218
219
220
221
222
223
224
225

226
227
228


229
230
231
232
233
234
235
236
237



238
239
240



241
242
243
244
245
246
247
248

249
250
251
252
253
254
255
256
135
136
137
138
139
140
141

142
143
144
145
146
147
148
149
150
151
152
153

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171


172
173
174
175
176
177
178
179
180
181
182
183
184
185
186

187
188
189

190
191
192
193
194
195
196


197
198
199

200



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

219
220
221
222
223
224
225
226
227

228
229
230

231
232
233
234
235
236
237
238



239
240
241



242
243
244
245
246
247
248
249
250
251

252

253
254
255
256
257
258
259







-
+











-
+

















-
-
+
+











+
+
-
+


-
+





+
-
-
+
+

-
+
-
-
-
+
+
+















-
+








-
+


-
+
+






-
-
-
+
+
+
-
-
-
+
+
+







-
+
-







	<dt><strong>-certfile</strong> <em>filename</em></dt>
	<dd>Specify the filename with the certificate to use.</dd>
	<dt><strong>-cert</strong> <em>filename</em></dt>
	<dd>Specify the contents of a certificate to use, as a DER
	    encoded binary value (X.509 DER).</dd>
	<dt><strong>-cipher</strong> <em>string</em></dt>
	<dd>List of ciphers to use. String is a colon (":") separated list
	    of ciphers or cipher suites. Cipher suites can be combined
	    of ciphers. Ciphers can be combined
	    using the <b>+</b> character. Prefixes can be used to permanently
	    remove ("!"), delete ("-"), or move a cypher to the end of
	    the list ("+"). Keywords <b>@STRENGTH</b> (sort by algorithm
	    key length), <b>@SECLEVEL=</b><i>n</i> (set security level to
	    n), and <b>DEFAULT</b> (use default cipher list, at start only)
	    can also be specified. See OpenSSL documentation for the full
	    list of valid values. (TLS 1.2 and earlier only)</dd>
	<dt><strong>-ciphersuites</strong> <em>string</em></dt>
	<dd>List of cipher suites to use. String is a colon (":")
	    separated list of cipher suite names. (TLS 1.3 only)</dd>
	<dt><strong>-command</strong> <em>callback</em></dt>
	<dd>Callback to invoke at several points during the handshake.
	<dd>Callback command to invoke at several points during the handshake.
	    This is used to pass errors and tracing information, and
	    it can allow Tcl scripts to perform their own certificate
	    validation in place of the default validation provided by
	    OpenSSL. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a>
	    for further discussion.</dd>
	<dt><strong>-dhparams </strong><em>filename</em></dt>
	<dd>Specify the Diffie-Hellman parameters file.</dd>
	<dt><strong>-keyfile</strong> <em>filename</em></dt>
	<dd>Specify the private key file. (default is
	    value of -certfile)</dd>
	<dt><strong>-key</strong> <em>filename</em></dt>
	<dd>Specify the private key to use as a DER encoded value (PKCS#1 DER)</dd>
	<dt><strong>-model</strong> <em>channel</em></dt>
	<dd>Force this channel to share the same <em><strong>SSL_CTX</strong></em>
	    structure as the specified <em>channel</em>, and
	    therefore share callbacks etc.</dd>
	<dt><strong>-password</strong> <em>callback</em></dt>
	<dd>Callback to invoke when OpenSSL needs to obtain a password,
	    typically to unlock the private key of a certificate. The
	<dd>Callback command to invoke when OpenSSL needs to obtain a password.
	    Typically used to unlock the private key of a certificate. The
	    callback should return a string which represents the password
	    to be used. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a>
	    for further discussion.</dd>
	<dt><strong>-post_handshake</strong> <em>bool</em></dt>
	<dd>Allow post-handshake ticket updates.</dd>
	<dt><strong>-request </strong><em>bool</em></dt>
	<dd>Request a certificate from peer during SSL handshake.
	    (default is <em>true</em>)</dd>
	<dt><strong>-require</strong> <em>bool</em></dt>
	<dd>Require a valid certificate from peer during SSL handshake.
	    If this is set to true, then <strong>-request</strong> must
	    also be set to true and a either a -cadir, -cafile, or platform
	    default must be provided in order to validate against.
	    also be set to true. (default is <em>false</em>)</dd>
	    (default is <em>false</em>)</dd>
	<dt><strong>-security_level</strong> <em>integer</em></dt>
	<dd>Set security level. Must be 0 to 5. The security level affects
	    cipher suite encryption algorithms, supported ECC curves,
	    the cipher suite encryption algorithms, supported ECC curves,
	    supported signature algorithms, DH parameter sizes, certificate
	    key sizes and signature algorithms. The default is 1.
	    Level 3 and higher disable support for session tickets and only
	    accept cipher suites that provide forward secrecy.</dd>
	<dt><strong>-server</strong> <em>bool</em></dt>
	<dd>Set to act as a server and respond with a server handshake when
	<dd>Handshake as server if true, else handshake as
	    client. (default is <em>false</em>)</dd>
	    a client connects and provides a client handshake.
	    (default is <em>false</em>)</dd>
	<dt><strong>-servername</strong> <em>host</em></dt>
	<dd>Specify server hostname. Only available if the OpenSSL library
	<dd>Specify server's hostname. Used to set the TLS 'Server Name
	    the package is linked against supports the TLS hostname extension
	    for 'Server Name Indication' (SNI). Use to name the logical host
	    we are talking to and expecting a certificate for.</dd>
	    Indication' (SNI) extension. Set to the expected servername
	    in the server's certificate or one of the subjectAltName
	    alternates.</dd>
	<dt><strong>-session_id</strong> <em>string</em></dt>
	<dd>Session id to resume session.</dd>
	<dt><strong>-ssl2</strong> <em>bool</em></dt>
	<dd>Enable use of SSL v2. (default is <em>false</em>)</dd>
	<dt><strong>-ssl3 </strong><em>bool</em></dt>
	<dd>Enable use of SSL v3. (default is <em>false</em>)</dd>
	<dt>-<strong>tls1</strong> <em>bool</em></dt>
	<dd>Enable use of TLS v1. (default is <em>true</em>)</dd>
	<dt>-<strong>tls1.1</strong> <em>bool</em></dt>
	<dd>Enable use of TLS v1.1 (default is <em>true</em>)</dd>
	<dt>-<strong>tls1.2</strong> <em>bool</em></dt>
	<dd>Enable use of TLS v1.2 (default is <em>true</em>)</dd>
	<dt>-<strong>tls1.3</strong> <em>bool</em></dt>
	<dd>Enable use of TLS v1.3 (default is <em>true</em>)</dd>
	<dt><strong>-validatecommand</strong> <em>callback</em></dt>
	<dd>Callback to invoke to verify or validate protocol config
	<dd>Callback command to invoke to verify or validate protocol config
	    parameters during the protocol negotiation phase. See
	    <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a>
	    for further discussion.</dd>
    </dl>
</blockquote>

    <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt>
    <dd>Provided for symmetry to <strong>tls::import</strong>, this
      unstacks the SSL-enabling of a regular Tcl channel.  An error
      unstacks the encryption of a regular Tcl channel. An error
      is thrown if TLS is not the top stacked channel type.</dd>
    <dt>&nbsp;</dt>
    <dt><a name="tls::handshake"><strong>tls::handshake</strong> <em>channel</em></a></dt>
    <dt><a name="tls::handshake"><strong>tls::handshake</strong>
	<em>channel</em></a></dt>
    <dd>Forces handshake to take place, and returns 0 if
	handshake is still in progress (non-blocking), or 1 if
	the handshake was successful. If the handshake failed
	this routine will throw an error.</dd>
    <dt>&nbsp;</dt>
    <dt><a name="tls::status"><strong>tls::status</strong>
    <em>?-local? channel</em></a></dt>
    <dd>Returns the current status of the certificate for an SSL
	channel. The result is a list of key-value pairs describing
    <em>?</em><b>-local</b><em>? channel</em></a></dt>
    <dd>Returns the current status of an SSL channel. The result is a list
	of key-value pairs describing the SSL, certificate, and certificate
	the certificate. If the result is an empty list then the
	SSL handshake has not yet completed. If <em>-local</em> is
	specified, then the local certificate is used.</dd>
	verification status. If the SSL handshake has not yet completed,
	an empty list is returned. If <b>-local</b> is specified, then the
	local certificate is used.</dd>
<blockquote>
	<b>SSL Status</b>
    <dl>
	<dt><strong>alpn</strong> <em>protocol</em></dt>
	<dd>The protocol selected after Application-Layer Protocol
	    Negotiation (ALPN).</dd>
	<dt><strong>cipher</strong> <em>cipher</em></dt>
	<dd>The current cipher in use between the client and
	<dd>The current cipher in use between for the channel.</dd>
	    server channels.</dd>
	<dt><strong>peername</strong> <em>name</em></dt>
	<dd>The peername from the certificate.</dd>
	<dt><strong>protocol</strong> <em>version</em></dt>
	<dd>The protocol version used for the connection:
	    SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.</dd>
	<dt><strong>sbits</strong> <em>n</em></dt>
	<dd>The number of bits used for the session key.</dd>
274
275
276
277
278
279
280
281

282
283
284
285
286
287
288
277
278
279
280
281
282
283

284
285
286
287
288
289
290
291







-
+







    <dl>
	<dt><strong>all</strong> <em>string</em></dt>
	<dd>Dump of all certificate info.</dd>

	<dt><strong>version</strong> <em>value</em></dt>
	<dd>The certificate version.</dd>
	<dt><strong>serialNumber</strong> <em>n</em></dt>
	<dd>The serial number of the certificate as hex string.</dd>
	<dd>The serial number of the certificate as a hex string.</dd>
	<dt><strong>signature</strong> <em>algorithm</em></dt>
	<dd>Cipher algorithm used for certificate signature.</dd>
	<dt><strong>issuer</strong> <em>dn</em></dt>
	<dd>The distinguished name (DN) of the certificate issuer.</dd>
	<dt><strong>notBefore</strong> <em>date</em></dt>
	<dd>The begin date for the validity of the certificate.</dd>
	<dt><strong>notAfter</strong> <em>date</em></dt>
298
299
300
301
302
303
304
305

306
307
308

309
310
311
312
313
314
315
316
317
318
319
320
321

322
323

324
325

326
327
328
329

330
331

332
333

334
335
336

337
338

339
340
341
342
343
344
345

346
347
348
349
350
351
352
353
354
355
356
357

358
359

360
361
362
363
364
365
366
367
368


369
370
371
372
373
374
375
376
377
378

379
380
381
382
383



384

385
386
387


388
389
390
391
392
393
394
395
396
397

398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428

429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445

446
447
448
449
450
451
452
301
302
303
304
305
306
307

308
309
310

311
312
313
314
315
316
317
318
319
320
321
322
323

324
325

326
327

328
329
330
331

332
333

334
335

336
337
338

339
340

341
342
343
344
345
346
347

348

349
350
351
352
353
354
355
356
357
358

359
360

361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405

406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425










426

427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443

444
445
446
447
448
449
450
451







-
+


-
+












-
+

-
+

-
+



-
+

-
+

-
+


-
+

-
+






-
+
-










-
+

-
+









+
+









-
+





+
+
+
-
+



+
+









-
+



















-
-
-
-
-
-
-
-
-
-

-
+
















-
+








	<dt><strong>num_extensions</strong> <em>n</em></dt>
	<dd>Number of certificate extensions.</dd>
	<dt><strong>extensions</strong> <em>list</em></dt>
	<dd>List of certificate extension names.</dd>
	<dt><strong>authorityKeyIdentifier</strong> <em>string</em></dt>
	<dd>(AKI) Key identifier of the Issuing CA certificate that signed
	    the SSL certificate as hex string. This value matches the SKI
	    the SSL certificate as a hex string. This value matches the SKI
	    value of the Intermediate CA certificate.</dd>
	<dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt>
	<dd>(SKI) Hash of the public key inside the certificate as hex
	<dd>(SKI) Hash of the public key inside the certificate as a hex
	   string. Used to identify certificates that contain a particular
	   public key.</dd>
	<dt><strong>subjectAltName</strong> <em>list</em></dt>
	<dd>List of all of the alternative domain names, sub domains,
	    and IP addresses that are secured by the certificate.</dd>
	<dt><strong>ocsp</strong> <em>list</em></dt>
	<dd>List of all Online Certificate Status Protocol (OCSP) URLs.</dd>

	<dt><strong>certificate</strong> <em>cert</em></dt>
	<dd>The PEM encoded certificate.</dd>

	<dt><strong>signatureAlgorithm</strong> <em>algorithm</em></dt>
	<dd>Cipher algorithm used for certificate signature.</dd>
	<dd>Cipher algorithm used for the certificate signature.</dd>
	<dt><strong>signatureValue</strong> <em>string</em></dt>
	<dd>Certificate signature as hex string.</dd>
	<dd>Certificate signature as a hex string.</dd>
	<dt><strong>signatureDigest</strong> <em>version</em></dt>
	<dd>Certificate signing digest.</dd>
	<dd>Certificate signing digest as a hex string.</dd>
	<dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt>
	<dd>Certificate signature public key algorithm.</dd>
	<dt><strong>publicKey</strong> <em>string</em></dt>
	<dd>Certificate signature public key as hex string.</dd>
	<dd>Certificate signature public key as a hex string.</dd>
	<dt><strong>bits</strong> <em>n</em></dt>
	<dd>Number of bits used for certificate signature key</dd>
	<dd>Number of bits used for certificate signature key.</dd>
	<dt><strong>self_signed</strong> <em>boolean</em></dt>
	<dd>Is certificate signature self signed.</dd>
	<dd>Whether the certificate signature is self signed.</dd>

	<dt><strong>sha1_hash</strong> <em>hash</em></dt>
	<dd>The SHA1 hash of the certificate as hex string.</dd>
	<dd>The SHA1 hash of the certificate as a hex string.</dd>
	<dt><strong>sha256_hash</strong> <em>hash</em></dt>
	<dd>The SHA256 hash of the certificate as hex string.</dd>
	<dd>The SHA256 hash of the certificate as a hex string.</dd>
    </dl>
</blockquote>

    <dt><a name="tls::connection"><strong>tls::connection</strong>
    <em>channel</em></a></dt>
    <dd>Returns the current connection status of an SSL channel. The
	result is a list of key-value pairs describing the
	result is a list of key-value pairs describing the connection.</dd>
	connected peer.</dd>
<blockquote>
	<b>SSL Status</b>
    <dl>
	<dt><strong>state</strong> <em>state</em></dt>
	<dd>State of the connection.</dd>
	<dt><strong>servername</strong> <em>name</em></dt>
	<dd>The name of the connected to server.</dd>
	<dt><strong>protocol</strong> <em>version</em></dt>
	<dd>The protocol version used for the connection:
	    SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.</dd>
	<dt><strong>renegotiation</strong> <em>boolean</em></dt>
	<dt><strong>renegotiation_allowed</strong> <em>boolean</em></dt>
	<dd>Whether protocol renegotiation is supported or not.</dd>
	<dt><strong>securitylevel</strong> <em>level</em></dt>
	<dt><strong>security_level</strong> <em>level</em></dt>
	<dd>The security level used for selection of ciphers, key size, etc.</dd>
	<dt><strong>session_reused</strong> <em>boolean</em></dt>
	<dd>Whether the session has been reused or not.</dd>
	<dt><strong>is_server</strong> <em>boolean</em></dt>
	<dd>Whether the connection is configured as a server (1) or client (0).</dd>
	<dt><strong>compression</strong> <em>mode</em></dt>
	<dd>Compression method.</dd>
	<dt><strong>expansion</strong> <em>mode</em></dt>
	<dd>Expansion method.</dd>
	<dt><strong>caList</strong> <em>list</em></dt>
	<dd>List of Certificate Authorities (CA) for X.509 certificate.</dd>
    </dl>
</blockquote>
<blockquote>
	<b>Cipher Info</b>
    <dl>
	<dt><strong>cipher</strong> <em>cipher</em></dt>
	<dd>The current cipher in use for the connection.</dd>
	<dt><strong>standard_name</strong> <em>name</em></dt>
	<dd>The standard RFC name of cipher.</dd>
	<dt><strong>bits</strong> <em>n</em></dt>
	<dt><strong>algorithm_bits</strong> <em>n</em></dt>
	<dd>The number of processed bits used for cipher.</dd>
	<dt><strong>secret_bits</strong> <em>n</em></dt>
	<dd>The number of secret bits used for cipher.</dd>
	<dt><strong>min_version</strong> <em>version</em></dt>
	<dd>The minimum protocol version for cipher.</dd>
	<dt><strong>cipher_is_aead</strong> <em>boolean</em></dt>
	<dd>Whether the cipher is Authenticated Encryption with
	Associated Data (AEAD).</dd>
	<dt><strong>id</strong> <em>id</em></dt>
	<dt><strong>cipher_id</strong> <em>id</em></dt>
	<dd>The OpenSSL cipher id.</dd>
	<dt><strong>description</strong> <em>string</em></dt>
	<dd>A text description of the cipher.</dd>
	<dt><strong>handshake_digest</strong> <em>boolean</em></dt>
	<dd>Digest used during handshake.</dd>
    </dl>
</blockquote>
<blockquote>
	<b>Session Info</b>
    <dl>
	<dt><strong>alpn</strong> <em>protocol</em></dt>
	<dd>The protocol selected after Application-Layer Protocol
	    Negotiation (ALPN).</dd>
	<dt><strong>resumable</strong> <em>boolean</em></dt>
	<dd>Can the session be resumed or not.</dd>
	<dd>Whether the session can be resumed or not.</dd>
	<dt><strong>start_time</strong> <em>seconds</em></dt>
	<dd>Time since session started in seconds since epoch.</dd>
	<dt><strong>timeout</strong> <em>seconds</em></dt>
	<dd>Max duration of session in seconds before time-out.</dd>
	<dt><strong>lifetime</strong> <em>seconds</em></dt>
	<dd>Session ticket lifetime hint in seconds.</dd>
	<dt><strong>session_id</strong> <em>binary_string</em></dt>
	<dd>Unique session id for use in resuming the session.</dd>
	<dt><strong>session_ticket</strong> <em>binary_string</em></dt>
	<dd>Unique session ticket for use in resuming the session.</dd>
	<dt><strong>ticket_app_data</strong> <em>binary_string</em></dt>
	<dd>Unique session ticket application data.</dd>
	<dt><strong>master_key</strong> <em>binary_string</em></dt>
	<dd>Unique session master key.</dd>
	<dt><strong>session_cache_mode</strong> <em>mode</em></dt>
	<dd>Server cache mode (client, server, or both).</dd>
    </dl>
</blockquote>

    <dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
    <em>protocol ?verbose? ?supported?</em></a></dt>
    <dd>Returns a list of supported ciphers available for <em>protocol</em>,
	where protocol must be one of <b>ssl2, ssl3, tls1, tls1.1,
	tls1.2,</b> or <b>tls1.3</b>. If <em>verbose</em> is specified as
	true then a verbose, human readable list is returned with
	additional information on the cipher. If <em>supported</em>
	is specified as true, then only the ciphers supported for protocol
	will be listed.</dd>

    <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt>
    <dd>Returns a list of supported protocols. Valid values are:
    <dd>Returns a list of the supported protocols. Valid values are:
	<b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>,
	and <b>tls1.3</b>. Exact list depends on OpenSSL version and
	compile time flags.</dd>

    <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
    <dd>Returns the OpenSSL version string.</dd>
</dl>

<h3><a name="CALLBACK OPTIONS">CALLBACK OPTIONS</a></h3>

<p>
As indicated above, individual channels can be given their own callbacks
to handle intermediate processing by the OpenSSL library, using the
<strong>-command</strong>, <strong>-password</strong>, and
<strong>-validate_command</strong> options passed to either of
<strong>tls::socket</strong> or <strong>tls::import</strong>.
If the callback generates an error, the <b>bgerror</b> command with be
If the callback generates an error, the <b>bgerror</b> command will be
invoked with the error information.
</p>

<blockquote>
<dl>

    <dt><strong>-command</strong> <em>callback</em></dt>
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683















684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704





705
706
707
708
709
710
711
645
646
647
648
649
650
651








652
653
654
655
656
657
658
659







660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698





699
700
701
702
703
704
705
706
707
708
709
710







-
-
-
-
-
-
-
-








-
-
-
-
-
-
-








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
















-
-
-
-
-
+
+
+
+
+







internally. The default behavior when the <strong>-password</strong> option is not
specified is for TLS to process the associated library callbacks by attempting
to call <strong>tls::password</strong>.
The difference between these two behaviors is a consequence of maintaining
compatibility with earlier implementations.
</p>

<p>
The <strong>tls::debug</strong> variable provides some additional
control over these reference callbacks.  Its value is zero by default.
Higher values produce more diagnostic output, and will also force the
verify method in <strong>tls::callback</strong> to accept the
certificate, even when it is invalid.
</p>

<p>
<em>
The use of the reference callbacks <strong>tls::callback</strong>,
<strong>tls::password</strong>, and <strong>tls::validate_command</strong>
is not recommended.  They may be removed from future releases.
</em>
</p>

<p>
<em>
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="DEBUG">DEBUG</a></h3>

TLS key logging can be enabled by setting the environment variable
<b>SSLKEYLOGFILE</b> to the name of the file to log to. Then whenever TLS
key material is generated or received it will be logged to the file. This
is useful for logging key data for network logging tools to use to
decrypt the data.

<p>
The <strong>tls::debug</strong> variable provides some additional
control over these reference callbacks.  Its value is zero by default.
Higher values produce more diagnostic output, and will also force the
verify method in <strong>tls::callback</strong> to accept the
certificate, even when it is invalid.
</p>

<p>
<em>
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>

<p>This example uses a sample server.pem provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http
package require tls

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]

set tok [http::geturl https://www.tcl.tk/]
</code></pre>

<h3><a name="SPECIAL CONSIDERATIONS">SPECIAL CONSIDERATIONS</a></h3>

<p>The capabilities of this package can vary enormously based upon how your
OpenSSL library was configured and built. New versions may obsolete older
protocol versions, add or remove ciphers, change default values, etc. Use the
<strong>tls::ciphers</strong> and <strong>tls::protocols</strong> commands to
obtain the supported versions.</p>
<p>The capabilities of this package can vary enormously based upon how the
linked to OpenSSL library was configured and built. New versions may obsolete
older protocol versions, add or remove ciphers, change default values, etc.
Use the <strong>tls::protocols</strong> commands to obtain the supported
protocol versions.</p>

<h3><a name="SEE ALSO">SEE ALSO</a></h3>

<p><strong>socket</strong>, <strong>fileevent, </strong><a
href="http://www.openssl.org/"><strong>OpenSSL</strong></a></p>

<hr>

Modified generic/tclOpts.h from [fee5089a30] to [e342c63c26].

1
2
3
4

5
6
7
8
9
10
11
12


13
14
15
16
17
18
19


20
21
22

23
24
25
26
27

28
29
30
31
32
33
34
35

36
37

38
39
40
41
42
43




44
45
46


47
48
49

50
51

52
53
54


55
56
57
58
59
1



2

3
4
5
6
7


8
9







10
11



12





13








14


15






16
17
18
19



20
21

22

23


24



25
26



27
28

-
-
-
+
-





-
-
+
+
-
-
-
-
-
-
-
+
+
-
-
-
+
-
-
-
-
-
+
-
-
-
-
-
-
-
-
+
-
-
+
-
-
-
-
-
-
+
+
+
+
-
-
-
+
+
-

-
+
-
-
+
-
-
-
+
+
-
-
-


/*
 *  Copyright (C) 1997-2000 Matt Newman <[email protected]>
 *
 * Stylized option processing - requires consistent
 * Convenient option processing
 * external vars: opt, idx, objc, objv
 */

#ifndef _TCL_OPTS_H
#define _TCL_OPTS_H

#define OPT_PROLOG(option)			\
    if (strcmp(opt, (option)) == 0) {		\
#define GET_OPT_BOOL(objPtr, varPtr) \
    if (Tcl_GetBooleanFromObj(interp, objPtr, varPtr) != TCL_OK) {	\
	if (++idx >= objc) {			\
	    Tcl_AppendResult(interp,		\
		"no argument given for ",	\
		(option), " option",		\
		(char *) NULL);			\
	    return TCL_ERROR;			\
	}
	return TCL_ERROR;					\
    }
#define OPT_POSTLOG()				\
	continue;				\
    }

#define OPTOBJ(option, var)			\
    OPT_PROLOG(option)				\
    var = objv[idx];				\
    OPT_POSTLOG()

#define GET_OPT_INT(objPtr, varPtr) \
#define OPTSTR(option, var)			\
    OPT_PROLOG(option)				\
    var = Tcl_GetStringFromObj(objv[idx], (Tcl_Size *)NULL);\
    OPT_POSTLOG()

#define OPTINT(option, var)			\
    OPT_PROLOG(option)				\
    if (Tcl_GetIntFromObj(interp, objv[idx],	\
    if (Tcl_GetIntFromObj(interp, objPtr, varPtr) != TCL_OK) {	\
	    &(var)) != TCL_OK) {		\
	    return TCL_ERROR;			\
	return TCL_ERROR;					\
    }						\
    OPT_POSTLOG()

#define OPTBOOL(option, var)			\
    OPT_PROLOG(option)				\
    if (Tcl_GetBooleanFromObj(interp, objv[idx],\
    }

#define GET_OPT_STRING(objPtr, var, lenPtr) \
    if ((var = Tcl_GetStringFromObj(objPtr, lenPtr)) == NULL) {	\
	    &(var)) != TCL_OK) {		\
	    return TCL_ERROR;			\
    }						\
	return TCL_ERROR;					\
    }								\
    OPT_POSTLOG()

#define OPTBYTE(option, var, lvar)			\
#define GET_OPT_BYTE_ARRAY(objPtr, var, lenPtr) \
    OPT_PROLOG(option)				\
    var = Tcl_GetByteArrayFromObj(objv[idx], &(lvar));\
    if ((var = Tcl_GetByteArrayFromObj(objPtr, lenPtr)) == NULL) {	\
    OPT_POSTLOG()

#define OPTBAD(type, list)			\
	return TCL_ERROR;					\
    }								\
    Tcl_AppendResult(interp, "bad ", (type),	\
		" \"", opt, "\": must be ",	\
		(list), (char *) NULL)

#endif /* _TCL_OPTS_H */

Modified generic/tls.c from [42a5997f51] to [578f1e1218].

22
23
24
25
26
27
28




29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

52
53
54
55
56
57
58







+
+
+
+



















-







 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <stdio.h>
#include <stdlib.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
#include <openssl/safestack.h>

/* Min OpenSSL version */
#if OPENSSL_VERSION_NUMBER < 0x10101000L
#error "Only OpenSSL v1.1.1 or later is supported"
#endif

/*
 * External functions
 */

/*
 * Forward declarations
 */

#define F2N(key, dsp) \
	(((key) == NULL) ? (char *) NULL : \
		Tcl_TranslateFileName(interp, (key), (dsp)))
#define REASON()	ERR_reason_error_string(ERR_get_error())

static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key,
		char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1,
		int key_asn1_len, int cert_asn1_len, char *CAdir, char *CAfile,
		char *ciphers, char *ciphersuites, int level, char *DHparams);

static int	TlsLibInit(int uninitialize);
442
443
444
445
446
447
448
449

450
451
452
453
454
455
456
445
446
447
448
449
450
451

452
453
454
455
456
457
458
459







-
+







    cmdPtr = Tcl_DuplicateObj(statePtr->callback);
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("error", -1));
    Tcl_ListObjAppendElement(interp, cmdPtr,
	    Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
    if (msg != NULL) {
	Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(msg, -1));

    } else if ((msg = Tcl_GetStringFromObj(Tcl_GetObjResult(interp), (Tcl_Size *)NULL)) != NULL) {
    } else if ((msg = Tcl_GetStringFromObj(Tcl_GetObjResult(interp), NULL)) != NULL) {
	Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(msg, -1));

    } else {
	listPtr = Tcl_NewListObj(0, NULL);
	while ((err = ERR_get_error()) != 0) {
	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(ERR_reason_error_string(err), -1));
	}
549
550
551
552
553
554
555
556

557
558
559


560
561
562
563
564

565
566
567
568
569
570
571
552
553
554
555
556
557
558

559
560


561
562
563
564
565
566

567
568
569
570
571
572
573
574







-
+

-
-
+
+




-
+







    }
    Tcl_DecrRefCount(cmdPtr);

    Tcl_Release((ClientData) statePtr);

    /* If successful, pass back password string and truncate if too long */
    if (code == TCL_OK) {
	Tcl_Size len;
	int len;
	char *ret = (char *) Tcl_GetStringFromObj(Tcl_GetObjResult(interp), &len);
	if (len > (Tcl_Size) size-1) {
	    len = (Tcl_Size) size-1;
	if (len > size-1) {
	    len = size-1;
	}
	strncpy(buf, ret, (size_t) len);
	buf[len] = '\0';
	Tcl_Release((ClientData) interp);
	return((int) len);
	return(len);
    }
    Tcl_Release((ClientData) interp);
    return -1;
}

/*
 *-------------------------------------------------------------------
611
612
613
614
615
616
617
618

619
620
621
622

623
624
625
626
627
628
629
614
615
616
617
618
619
620

621
622
623
624

625
626
627
628
629
630
631
632







-
+



-
+







    cmdPtr = Tcl_DuplicateObj(statePtr->callback);
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("session", -1));
    Tcl_ListObjAppendElement(interp, cmdPtr,
	    Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));

    /* Session id */
    session_id = SSL_SESSION_get_id(session, &ulen);
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(session_id, (Tcl_Size) ulen));
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(session_id, (int) ulen));

    /* Session ticket */
    SSL_SESSION_get0_ticket(session, &ticket, &len2);
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(ticket, (Tcl_Size) len2));
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(ticket, (int) len2));

    /* Lifetime - number of seconds */
    Tcl_ListObjAppendElement(interp, cmdPtr,
	Tcl_NewLongObj((long) SSL_SESSION_get_ticket_lifetime_hint(session)));

    /* Eval callback command */
    Tcl_IncrRefCount(cmdPtr);
900
901
902
903
904
905
906
907

908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
903
904
905
906
907
908
909

910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
























































































































































































































931
932
933
934
935
936
937







-
+




















-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-







    servername = (const char *)p;

    /* Create command to eval */
    cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("hello", -1));
    Tcl_ListObjAppendElement(interp, cmdPtr,
	    Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername, (Tcl_Size) len));
    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername, (int) len));

    /* Eval callback command */
    Tcl_IncrRefCount(cmdPtr);
    if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) {
	res = SSL_CLIENT_HELLO_RETRY;
	*alert = SSL_R_TLSV1_ALERT_USER_CANCELLED;
    } else if (code == 1) {
	res = SSL_CLIENT_HELLO_SUCCESS;
    } else {
	res = SSL_CLIENT_HELLO_ERROR;
	*alert = SSL_R_TLSV1_ALERT_INTERNAL_ERROR;
    }
    Tcl_DecrRefCount(cmdPtr);
    return res;
}

/********************/
/* Commands         */
/********************/

/*
 *-------------------------------------------------------------------
 *
 * CiphersObjCmd -- list available ciphers
 *
 *	This procedure is invoked to process the "tls::ciphers" command
 *	to list available ciphers, based upon protocol selected.
 *
 * Results:
 *	A standard Tcl result list.
 *
 * Side effects:
 *	constructs and destroys SSL context (CTX)
 *
 *-------------------------------------------------------------------
 */
static const char *protocols[] = {
	"ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL
};
enum protocol {
    TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE
};

static int
CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *objPtr = NULL;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk;
    char *cp, buf[BUFSIZ];
    int index, verbose = 0, use_supported = 0;
    const SSL_METHOD *method;

    dprintf("Called");

    if ((objc < 2) || (objc > 4)) {
	Tcl_WrongNumArgs(interp, 1, objv, "protocol ?verbose? ?supported?");
	return TCL_ERROR;
    }
    if (Tcl_GetIndexFromObj(interp, objv[1], protocols, "protocol", 0, &index) != TCL_OK) {
	return TCL_ERROR;
    }
    if ((objc > 2) && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) {
	return TCL_ERROR;
    }
    if ((objc > 3) && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK) {
	return TCL_ERROR;
    }

    ERR_clear_error();

    switch ((enum protocol)index) {
	case TLS_SSL2:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = SSLv2_method(); break;
#endif
	case TLS_SSL3:
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = SSLv3_method(); break;
#endif
	case TLS_TLS1:
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = TLSv1_method(); break;
#endif
	case TLS_TLS1_1:
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = TLSv1_1_method(); break;
#endif
	case TLS_TLS1_2:
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = TLSv1_2_method(); break;
#endif
	case TLS_TLS1_3:
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
	    method = TLS_method();
	    SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
	    SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
	    break;
#endif
	default:
	    method = TLS_method();
	    break;
    }

    ctx = SSL_CTX_new(method);
    if (ctx == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	return TCL_ERROR;
    }

    ssl = SSL_new(ctx);
    if (ssl == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Use list and order as would be sent in a ClientHello or all available ciphers */
    if (use_supported) {
	sk = SSL_get1_supported_ciphers(ssl);
    } else {
	sk = SSL_get_ciphers(ssl);
    }

    if (sk != NULL) {
	if (!verbose) {
	    objPtr = Tcl_NewListObj(0, NULL);
	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
		if (c == NULL) continue;

		/* cipher name or (NONE) */
		cp = SSL_CIPHER_get_name(c);
		if (cp == NULL) break;
		Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(cp, -1));
	    }

	} else {
	    objPtr = Tcl_NewStringObj("",0);
	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
		if (c == NULL) continue;

		/* textual description of the cipher */
		if (SSL_CIPHER_description(c, buf, sizeof(buf)) != NULL) {
		    Tcl_AppendToObj(objPtr, buf, (Tcl_Size) strlen(buf));
		} else {
		    Tcl_AppendToObj(objPtr, "UNKNOWN\n", 8);
		}
	    }
	}
	if (use_supported) {
	    sk_SSL_CIPHER_free(sk);
	}
    }
    SSL_free(ssl);
    SSL_CTX_free(ctx);

    Tcl_SetObjResult(interp, objPtr);
    return TCL_OK;
	clientData = clientData;
}

/*
 *-------------------------------------------------------------------
 *
 * ProtocolsObjCmd -- list available protocols
 *
 *	This procedure is invoked to process the "tls::protocols" command
 *	to list available protocols.
 *
 * Results:
 *	A standard Tcl result list.
 *
 * Side effects:
 *	none
 *
 *-------------------------------------------------------------------
 */
static int
ProtocolsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *objPtr;

    dprintf("Called");

    if (objc != 1) {
	Tcl_WrongNumArgs(interp, 1, objv, "");
	return TCL_ERROR;
    }

    ERR_clear_error();

    objPtr = Tcl_NewListObj(0, NULL);

#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_SSL2], -1));
#endif
#if !defined(NO_SSL3) && !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_SSL3], -1));
#endif
#if !defined(NO_TLS1) && !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1], -1));
#endif
#if !defined(NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_1], -1));
#endif
#if !defined(NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_2], -1));
#endif
#if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3)
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_3], -1));
#endif

    Tcl_SetObjResult(interp, objPtr);
    return TCL_OK;
	clientData = clientData;
}

/*
 *-------------------------------------------------------------------
 *
 * HandshakeObjCmd --
 *
 *	This command is used to verify whether the handshake is complete
 *	or not.
1169
1170
1171
1172
1173
1174
1175
1176

1177
1178
1179
1180
1181
1182
1183
956
957
958
959
960
961
962

963
964
965
966
967
968
969
970







-
+







    if (objc != 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channel");
	return(TCL_ERROR);
    }

    ERR_clear_error();

    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *)NULL), NULL);
    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
    if (chan == (Tcl_Channel) NULL) {
	return(TCL_ERROR);
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);
    if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
1221
1222
1223
1224
1225
1226
1227














1228
1229
1230
1231
1232
1233
1234
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035







+
+
+
+
+
+
+
+
+
+
+
+
+
+








    dprintf("Returning TCL_OK with data \"%i\"", ret);
    Tcl_SetObjResult(interp, Tcl_NewIntObj(ret));
    return(TCL_OK);
	clientData = clientData;
}

static const char *command_opts [] = {
    "-alpn", "-cadir", "-cafile", "-cert", "-certfile", "-cipher", "-ciphers", "-ciphersuites",
    "-command", "-dhparams", "-key", "-keyfile", "-model", "-password", "-post_handshake",
    "-request", "-require", "-security_level", "-server", "-servername", "-session_id", "-ssl2",
    "-ssl3", "-tls1", "-tls1.1", "-tls1.2", "-tls1.3", "-validatecommand", "-vcmd", NULL};

enum _command_opts {
    _opt_alpn, _opt_cadir, _opt_cafile, _opt_cert, _opt_certfile, _opt_cipher, _opt_ciphers,
    _opt_ciphersuite, _opt_cmd, _opt_dhparams, _opt_key, _opt_keyfile, _opt_model, _opt_password,
    _opt_handshake, _opt_request, _opt_require, _opt_security_level, _opt_server, _opt_servername,
    _opt_session_id, _opt_ssl2, _opt_ssl3, _opt_tls1, _opt_tls11, _opt_tls12, _opt_tls13,
    _opt_validate, _opt_vcmd
};

/*
 *-------------------------------------------------------------------
 *
 * ImportObjCmd --
 *
 *	This procedure is invoked to process the "ssl" command
 *
1243
1244
1245
1246
1247
1248
1249
1250
1251


1252
1253
1254

1255
1256
1257
1258
1259
1260
1261

1262
1263

1264
1265
1266
1267
1268
1269
1270
1271

1272

1273
1274
1275
1276
1277
1278
1279
1044
1045
1046
1047
1048
1049
1050


1051
1052
1053
1054

1055

1056
1057
1058
1059
1060

1061
1062

1063
1064
1065
1066
1067
1068
1069
1070
1071
1072

1073
1074
1075
1076
1077
1078
1079
1080







-
-
+
+


-
+
-





-
+

-
+








+
-
+







 *-------------------------------------------------------------------
 */
static int
ImportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Channel chan;		/* The channel to set a mode on. */
    State *statePtr;		/* client state for ssl socket */
    SSL_CTX *ctx	        = NULL;
    Tcl_Obj *script	        = NULL;
    Tcl_Obj *password	        = NULL;
    Tcl_Obj *cmdObj	        = NULL;
    Tcl_Obj *passwdObj	        = NULL;
    Tcl_Obj *vcmd	        = NULL;
    Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar;
    int idx;
    int idx, len, fn;
    Tcl_Size len;
    int flags		        = TLS_TCL_INIT;
    int server		        = 0;	/* is connection incoming or outgoing? */
    char *keyfile	        = NULL;
    char *certfile	        = NULL;
    unsigned char *key  	= NULL;
    Tcl_Size key_len                 = 0;
    int key_len                 = 0;
    unsigned char *cert         = NULL;
    Tcl_Size cert_len                = 0;
    int cert_len                = 0;
    char *ciphers	        = NULL;
    char *ciphersuites	        = NULL;
    char *CAfile	        = NULL;
    char *CAdir		        = NULL;
    char *DHparams	        = NULL;
    char *model		        = NULL;
    char *servername	        = NULL;	/* hostname for Server Name Indication */
    const unsigned char *session_id = NULL;
    int sess_len                = 0;
    Tcl_Obj *alpn		= NULL;
    Tcl_Obj *alpnObj		= NULL;
    int ssl2 = 0, ssl3 = 0;
    int tls1 = 1, tls1_1 = 1, tls1_2 = 1, tls1_3 = 1;
    int proto = 0, level = -1;
    int verify = 0, require = 0, request = 1, post_handshake = 0;

    dprintf("Called");

1293
1294
1295
1296
1297
1298
1299
1300

1301
1302
1303
1304
1305
1306
1307
1308



1309
1310
1311


























































































1312
1313

1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343

1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1094
1095
1096
1097
1098
1099
1100

1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112



1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203

1204






























1205

1206


1207
1208
1209
1210
1211
1212
1213







-
+








+
+
+
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-

-
-







    if (objc < 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channel ?options?");
	return TCL_ERROR;
    }

    ERR_clear_error();

    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *)NULL), NULL);
    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    for (idx = 2; idx < objc; idx++) {
	if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
	    return TCL_ERROR;
	}
	char *opt = Tcl_GetStringFromObj(objv[idx], (Tcl_Size *)NULL);

	if (opt[0] != '-')

	/* Validate arg has value */
	if (++idx >= objc) {
	    Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
	    return TCL_ERROR;
	}

	switch(fn) {
	case _opt_alpn:
	    alpnObj = objv[idx];
	    break;
	case _opt_cadir:
	    GET_OPT_STRING(objv[idx], CAdir, NULL);
	    break;
	case _opt_cafile:
	    GET_OPT_STRING(objv[idx], CAfile, NULL);
	    break;
	case _opt_cert:
	    GET_OPT_BYTE_ARRAY(objv[idx], cert, &cert_len);
	    break;
	case _opt_certfile:
	    GET_OPT_STRING(objv[idx], certfile, NULL);
	    break;
	case _opt_cipher:
	case _opt_ciphers:
	    GET_OPT_STRING(objv[idx], ciphers, NULL);
	    break;
	case _opt_ciphersuite:
	    GET_OPT_STRING(objv[idx], ciphersuites, NULL);
	    break;
	case _opt_cmd:
	    cmdObj = objv[idx];
	    break;
	case _opt_dhparams:
	    GET_OPT_STRING(objv[idx], DHparams, NULL);
	    break;
	case _opt_key:
	    GET_OPT_BYTE_ARRAY(objv[idx], key, &key_len);
	    break;
	case _opt_keyfile:
	    GET_OPT_STRING(objv[idx], keyfile, NULL);
	    break;
	case _opt_model:
	    GET_OPT_STRING(objv[idx], model, NULL);
	    break;
	case _opt_password:
	    passwdObj = objv[idx];
	    break;
	case _opt_handshake:
	    GET_OPT_BOOL(objv[idx], &post_handshake);
	    break;
	case _opt_request:
	    GET_OPT_BOOL(objv[idx], &request);
	    break;
	case _opt_require:
	    GET_OPT_BOOL(objv[idx], &require);
	    break;
	case _opt_security_level:
	    GET_OPT_INT(objv[idx], &level);
	    break;
	case _opt_server:
	    GET_OPT_BOOL(objv[idx], &server);
	    break;
	case _opt_servername:
	    GET_OPT_STRING(objv[idx], servername, NULL);
	    break;
	case _opt_session_id:
	    GET_OPT_BYTE_ARRAY(objv[idx], session_id, &sess_len);
	    break;
	case _opt_ssl2:
	    GET_OPT_INT(objv[idx], &ssl2);
	    break;
	case _opt_ssl3:
	    GET_OPT_INT(objv[idx], &ssl3);
	    break;
	case _opt_tls1:
	    GET_OPT_INT(objv[idx], &tls1);
	    break;
	case _opt_tls11:
	    GET_OPT_INT(objv[idx], &tls1_1);
	    break;
	case _opt_tls12:
	    GET_OPT_INT(objv[idx], &tls1_2);
	    break;
	case _opt_tls13:
	    GET_OPT_INT(objv[idx], &tls1_3);
	    break;
	case _opt_validate:
	case _opt_vcmd:
	    vcmd = objv[idx];
	    break;

	}
	OPTOBJ("-alpn", alpn);
	OPTSTR("-cadir", CAdir);
	OPTSTR("-cafile", CAfile);
	OPTBYTE("-cert", cert, cert_len);
	OPTSTR("-certfile", certfile);
	OPTSTR("-cipher", ciphers);
	OPTSTR("-ciphers", ciphers);
	OPTSTR("-ciphersuites", ciphersuites);
	OPTOBJ("-command", script);
	OPTSTR("-dhparams", DHparams);
	OPTBYTE("-key", key, key_len);
	OPTSTR("-keyfile", keyfile);
	OPTSTR("-model", model);
	OPTOBJ("-password", password);
	OPTBOOL("-post_handshake", post_handshake);
	OPTBOOL("-request", request);
	OPTBOOL("-require", require);
	OPTINT("-security_level", level);
	OPTBOOL("-server", server);
	OPTSTR("-servername", servername);
	OPTSTR("-session_id", session_id);
	OPTBOOL("-ssl2", ssl2);
	OPTBOOL("-ssl3", ssl3);
	OPTBOOL("-tls1", tls1);
	OPTBOOL("-tls1.1", tls1_1);
	OPTBOOL("-tls1.2", tls1_2);
	OPTBOOL("-tls1.3", tls1_3);
	OPTOBJ("-validatecommand", vcmd);
	OPTOBJ("-vcmd", vcmd);

    }
	OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand");

	return TCL_ERROR;
    }
    if (request)		verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
    if (request && require)	verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
    if (request && post_handshake)	verify |= SSL_VERIFY_POST_HANDSHAKE;
    if (verify == 0)		verify = SSL_VERIFY_NONE;

    proto |= (ssl2 ? TLS_PROTO_SSL2 : 0);
    proto |= (ssl3 ? TLS_PROTO_SSL3 : 0);
1374
1375
1376
1377
1378
1379
1380
1381
1382


1383
1384

1385
1386
1387
1388
1389
1390
1391


1392
1393

1394
1395
1396
1397
1398
1399
1400
1233
1234
1235
1236
1237
1238
1239


1240
1241
1242

1243
1244
1245
1246
1247
1248


1249
1250
1251

1252
1253
1254
1255
1256
1257
1258
1259







-
-
+
+

-
+





-
-
+
+

-
+








    statePtr->flags	= flags;
    statePtr->interp	= interp;
    statePtr->vflags	= verify;
    statePtr->err	= "";

    /* allocate script */
    if (script) {
	(void) Tcl_GetStringFromObj(script, &len);
    if (cmdObj != NULL) {
	(void) Tcl_GetStringFromObj(cmdObj, &len);
	if (len) {
	    statePtr->callback = script;
	    statePtr->callback = cmdObj;
	    Tcl_IncrRefCount(statePtr->callback);
	}
    }

    /* allocate password */
    if (password) {
	(void) Tcl_GetStringFromObj(password, &len);
    if (passwdObj != NULL) {
	(void) Tcl_GetStringFromObj(passwdObj, &len);
	if (len) {
	    statePtr->password = password;
	    statePtr->password = passwdObj;
	    Tcl_IncrRefCount(statePtr->password);
	}
    }

    /* allocate validate command */
    if (vcmd) {
	(void) Tcl_GetStringFromObj(vcmd, &len);
1422
1423
1424
1425
1426
1427
1428
1429
1430


1431
1432
1433
1434
1435
1436
1437
1281
1282
1283
1284
1285
1286
1287


1288
1289
1290
1291
1292
1293
1294
1295
1296







-
-
+
+







		"\": not a TLS channel", NULL);
	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *) NULL);
	    Tls_Free((char *) statePtr);
	    return TCL_ERROR;
	}
	ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
    } else {
	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int) key_len,
	    (int) cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len,
	    cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
	    Tls_Free((char *) statePtr);
	    return TCL_ERROR;
	}
    }

    statePtr->ctx = ctx;

1497
1498
1499
1500
1501
1502
1503
1504

1505
1506

1507
1508
1509
1510
1511
1512
1513
1514
1515
1516

1517
1518
1519
1520
1521

1522
1523
1524

1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538

1539
1540
1541
1542
1543
1544
1545
1546
1547




1548
1549
1550
1551
1552
1553
1554
1356
1357
1358
1359
1360
1361
1362

1363
1364

1365
1366
1367
1368
1369
1370
1371
1372
1373
1374

1375
1376
1377
1378


1379
1380
1381

1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395

1396
1397
1398
1399
1400
1401




1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412







-
+

-
+









-
+



-
-
+


-
+













-
+





-
-
-
-
+
+
+
+







	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *) NULL);
	    Tls_Free((char *) statePtr);
	    return TCL_ERROR;
	}
    }

    /* Resume session id */
    if (session_id && strlen(session_id) <= SSL_MAX_SID_CTX_LENGTH) {
    if (session_id && sess_len <= SSL_MAX_SID_CTX_LENGTH) {
	/* SSL_set_session() */
	if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl), session_id, (unsigned int) strlen(session_id))) {
	if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl), session_id, (unsigned int) sess_len)) {
	    Tcl_AppendResult(interp, "Resume session id ", session_id, " failed", (char *) NULL);
	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *) NULL);
	    Tls_Free((char *) statePtr);
	    return TCL_ERROR;
	}
    }

    /* Enable Application-Layer Protocol Negotiation. Examples are: http/1.0,
	http/1.1, h2, h3, ftp, imap, pop3, xmpp-client, xmpp-server, mqtt, irc, etc. */
    if (alpn) {
    if (alpnObj != NULL) {
	/* Convert a TCL list into a protocol-list in wire-format */
	unsigned char *protos, *p;
	unsigned int protos_len = 0;
	Tcl_Size cnt, i;
	int j;
	int i, len, cnt;
	Tcl_Obj **list;

	if (Tcl_ListObjGetElements(interp, alpn, &cnt, &list) != TCL_OK) {
	if (Tcl_ListObjGetElements(interp, alpnObj, &cnt, &list) != TCL_OK) {
	    Tls_Free((char *) statePtr);
	    return TCL_ERROR;
	}

	/* Determine the memory required for the protocol-list */
	for (i = 0; i < cnt; i++) {
	    Tcl_GetStringFromObj(list[i], &len);
	    if (len > 255) {
		Tcl_AppendResult(interp, "ALPN protocol name too long", (char *) NULL);
		Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL);
		Tls_Free((char *) statePtr);
		return TCL_ERROR;
	    }
	    protos_len += 1 + (int) len;
	    protos_len += 1 + len;
	}

	/* Build the complete protocol-list */
	protos = ckalloc(protos_len);
	/* protocol-lists consist of 8-bit length-prefixed, byte strings */
	for (j = 0, p = protos; j < cnt; j++) {
	    char *str = Tcl_GetStringFromObj(list[j], &len);
	    *p++ = (unsigned char) len;
	    memcpy(p, str, (size_t) len);
	for (i = 0, p = protos; i < cnt; i++) {
	    char *str = Tcl_GetStringFromObj(list[i], &len);
	    *p++ = len;
	    memcpy(p, str, len);
	    p += len;
	}

	/* SSL_set_alpn_protos makes a copy of the protocol-list */
	/* Note: This functions reverses the return value convention */
	if (SSL_set_alpn_protos(statePtr->ssl, protos, protos_len)) {
	    Tcl_AppendResult(interp, "failed to set ALPN protocols", (char *) NULL);
1566
1567
1568
1569
1570
1571
1572

1573
1574
1575
1576
1577
1578
1579
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438







+







	statePtr->protos_len = 0;
    }

    /*
     * SSL Callbacks
     */
    SSL_set_app_data(statePtr->ssl, (void *)statePtr);	/* point back to us */

    SSL_set_verify(statePtr->ssl, verify, VerifyCallback);
    SSL_set_info_callback(statePtr->ssl, InfoCallback);

    /* Callback for observing protocol messages */
#ifndef OPENSSL_NO_SSL_TRACE
    /* void SSL_CTX_set_msg_callback_arg(statePtr->ctx, (void *)statePtr);
    void SSL_CTX_set_msg_callback(statePtr->ctx, MessageCallback); */
1718
1719
1720
1721
1722
1723
1724
1725

1726
1727
1728
1729
1730
1731
1732

1733
1734
1735
1736
1737
1738

1739
1740
1741
1742
1743
1744

1745
1746
1747
1748
1749
1750

1751
1752
1753
1754
1755
1756

1757
1758
1759
1760
1761
1762

1763
1764
1765
1766
1767
1768
1769
1577
1578
1579
1580
1581
1582
1583

1584
1585
1586
1587
1588
1589
1590

1591
1592
1593
1594
1595
1596

1597
1598
1599
1600
1601
1602

1603
1604
1605
1606
1607
1608

1609
1610
1611
1612
1613
1614

1615
1616
1617
1618
1619
1620

1621
1622
1623
1624
1625
1626
1627
1628







-
+






-
+





-
+





-
+





-
+





-
+





-
+







    int off = 0;
    int load_private_key;
    const SSL_METHOD *method;

    dprintf("Called");

    if (!proto) {
	Tcl_AppendResult(interp, "no valid protocol selected", (char *) NULL);
	Tcl_AppendResult(interp, "no valid protocol selected", NULL);
	return NULL;
    }

    /* create SSL context */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2)
    if (ENABLED(proto, TLS_PROTO_SSL2)) {
	Tcl_AppendResult(interp, "SSL2 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "SSL2 protocol not supported", NULL);
	return NULL;
    }
#endif
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3)
    if (ENABLED(proto, TLS_PROTO_SSL3)) {
	Tcl_AppendResult(interp, "SSL3 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "SSL3 protocol not supported", NULL);
	return NULL;
    }
#endif
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1)
    if (ENABLED(proto, TLS_PROTO_TLS1)) {
	Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", NULL);
	return NULL;
    }
#endif
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1)
    if (ENABLED(proto, TLS_PROTO_TLS1_1)) {
	Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", NULL);
	return NULL;
    }
#endif
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2)
    if (ENABLED(proto, TLS_PROTO_TLS1_2)) {
	Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", NULL);
	return NULL;
    }
#endif
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
    if (ENABLED(proto, TLS_PROTO_TLS1_3)) {
	Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", (char *) NULL);
	Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", NULL);
	return NULL;
    }
#endif
    if (proto == 0) {
	/* Use full range */
	SSL_CTX_set_min_proto_version(ctx, 0);
	SSL_CTX_set_max_proto_version(ctx, 0);
2064
2065
2066
2067
2068
2069
2070
2071

2072
2073
2074
2075
2076
2077
2078
1923
1924
1925
1926
1927
1928
1929

1930
1931
1932
1933
1934
1935
1936
1937







-
+








    if (objc < 2 || objc > 3 || (objc == 3 && !strcmp(Tcl_GetString(objv[1]), "-local"))) {
	Tcl_WrongNumArgs(interp, 1, objv, "?-local? channel");
	return TCL_ERROR;
    }

    /* Get channel Id */
    channelName = Tcl_GetStringFromObj(objv[(objc == 2 ? 1 : 2)], (Tcl_Size *) NULL);
    channelName = Tcl_GetStringFromObj(objv[(objc == 2 ? 1 : 2)], NULL);
    chan = Tcl_GetChannel(interp, channelName, &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);
2086
2087
2088
2089
2090
2091
2092

2093
2094
2095
2096
2097
2098
2099
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959







+








    /* Get certificate for peer or self */
    if (objc == 2) {
	peer = SSL_get_peer_certificate(statePtr->ssl);
    } else {
	peer = SSL_get_certificate(statePtr->ssl);
    }

    /* Get X509 certificate info */
    if (peer) {
	objPtr = Tls_NewX509Obj(interp, peer);
	if (objc == 2) {
	    X509_free(peer);
	    peer = NULL;
	}
2134
2135
2136
2137
2138
2139
2140
2141

2142
2143
2144
2145
2146
2147
2148
1994
1995
1996
1997
1998
1999
2000

2001
2002
2003
2004
2005
2006
2007
2008







-
+







    }

    /* Verify mode depth */
    LAPPEND_INT(interp, objPtr, "verifyDepth", SSL_get_verify_depth(statePtr->ssl));

    /* Report the selected protocol as a result of the negotiation */
    SSL_get0_alpn_selected(statePtr->ssl, &proto, &len);
    LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (Tcl_Size) len);
    LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (int) len);
    LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(statePtr->ssl), -1);

    /* Valid for non-RSA signature and TLS 1.3 */
    if (objc == 2) {
	res = SSL_get_peer_signature_nid(statePtr->ssl, &nid);
    } else {
	res = SSL_get_signature_nid(statePtr->ssl, &nid);
2184
2185
2186
2187
2188
2189
2190
2191

2192
2193
2194
2195
2196
2197
2198
2044
2045
2046
2047
2048
2049
2050

2051
2052
2053
2054
2055
2056
2057
2058







-
+







    const EVP_MD *md;

    if (objc != 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channel");
	return(TCL_ERROR);
    }

    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *)NULL), NULL);
    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
    if (chan == (Tcl_Channel) NULL) {
	return(TCL_ERROR);
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);
    if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
2254
2255
2256
2257
2258
2259
2260
2261

2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281


2282
2283
2284




2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298

2299
2300
2301
2302
2303

2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317

2318
2319
2320
2321

2322
2323
2324
2325

2326
2327
2328
2329
2330
2331
2332

2333
2334
2335
2336

2337
2338
2339
2340
2341
2342
2343
2114
2115
2116
2117
2118
2119
2120

2121
2122
2123
2124
2125
2126
2127
2128
2129
2130




2131
2132
2133
2134
2135
2136

2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158

2159
2160
2161
2162
2163

2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177

2178
2179
2180
2181

2182
2183
2184
2185

2186
2187
2188
2189
2190
2191
2192

2193
2194
2195
2196

2197
2198
2199
2200
2201
2202
2203
2204







-
+









-
-
-
-






-
+
+



+
+
+
+













-
+




-
+













-
+



-
+



-
+






-
+



-
+







	LAPPEND_INT(interp, objPtr, "algorithm_bits", alg_bits);
	/* alg_bits is actual key secret bits. If use bits and secret (algorithm) bits differ,
	   the rest of the bits are fixed, i.e. for limited export ciphers (bits < 56) */

	/* Indicates which SSL/TLS protocol version first defined the cipher */
	LAPPEND_STR(interp, objPtr, "min_version", SSL_CIPHER_get_version(cipher), -1);

	/* Cipher NID */
	/* Cipher NID, digest NID (none for AEAD cipher suites), Key Exchange NID, and authentication NID */
	LAPPEND_STR(interp, objPtr, "cipherNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_cipher_nid(cipher)), -1);
	LAPPEND_STR(interp, objPtr, "digestNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_digest_nid(cipher)), -1);
	LAPPEND_STR(interp, objPtr, "keyExchangeNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_kx_nid(cipher)), -1);
	LAPPEND_STR(interp, objPtr, "authenticationNID", (char *)OBJ_nid2ln(SSL_CIPHER_get_auth_nid(cipher)), -1);

	/* message authentication code - Cipher is AEAD (e.g. GCM or ChaCha20/Poly1305) or not */
	/* Authenticated Encryption with associated data (AEAD) check */
	LAPPEND_BOOL(interp, objPtr, "cipher_is_aead", SSL_CIPHER_is_aead(cipher));

	/* Digest used during the SSL/TLS handshake when using the cipher. */
	md = SSL_CIPHER_get_handshake_digest(cipher);
	LAPPEND_STR(interp, objPtr, "handshake_digest", (char *)EVP_MD_name(md), -1);

	/* Get OpenSSL-specific ID, not IANA ID */
	LAPPEND_INT(interp, objPtr, "cipher_id", (int) SSL_CIPHER_get_id(cipher));

	/* Two-byte ID used in the TLS protocol of the given cipher */
	LAPPEND_INT(interp, objPtr, "protocol_id", (int) SSL_CIPHER_get_protocol_id(cipher));

	/* Textual description of the cipher */
	/* Textual description of the cipher. Includes: cipher name, protocol version, key
	   exchange, authentication, symmetric encryption method, message authentication code */
	if (SSL_CIPHER_description(cipher, buf, sizeof(buf)) != NULL) {
	    LAPPEND_STR(interp, objPtr, "description", buf, -1);
	}

	/* Digest used during the SSL/TLS handshake when using the cipher. */
	md = SSL_CIPHER_get_handshake_digest(cipher);
	LAPPEND_STR(interp, objPtr, "handshake_digest", (char *)EVP_MD_name(md), -1);
    }

    /* Session info */
    session = SSL_get_session(ssl);
    if (session != NULL) {
	const unsigned char *ticket;
	size_t len2;
	unsigned int ulen;
	const unsigned char *session_id, *proto;
	char buffer[SSL_MAX_MASTER_KEY_LENGTH];

	/* Report the selected protocol as a result of the ALPN negotiation */
	SSL_SESSION_get0_alpn_selected(session, &proto, &len2);
	LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (Tcl_Size) len2);
	LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (int) len2);

	/* Report the selected protocol as a result of the NPN negotiation */
#ifdef USE_NPN
	SSL_get0_next_proto_negotiated(ssl, &proto, &ulen);
	LAPPEND_STR(interp, objPtr, "npn", (char *) proto, (Tcl_Size) ulen);
	LAPPEND_STR(interp, objPtr, "npn", (char *) proto, (int) ulen);
#endif

	/* Resumable session */
	LAPPEND_BOOL(interp, objPtr, "resumable", SSL_SESSION_is_resumable(session));

	/* Session start time (seconds since epoch) */
	LAPPEND_LONG(interp, objPtr, "start_time", SSL_SESSION_get_time(session));

	/* Timeout value - SSL_CTX_get_timeout (in seconds) */
	LAPPEND_LONG(interp, objPtr, "timeout", SSL_SESSION_get_timeout(session));

	/* Session id - TLSv1.2 and below only */
	session_id = SSL_SESSION_get_id(session, &ulen);
	LAPPEND_BARRAY(interp, objPtr, "session_id", session_id, (Tcl_Size) ulen);
	LAPPEND_BARRAY(interp, objPtr, "session_id", session_id, (int) ulen);

	/* Session context */
	session_id = SSL_SESSION_get0_id_context(session, &ulen);
	LAPPEND_BARRAY(interp, objPtr, "session_context", session_id, (Tcl_Size) ulen);
	LAPPEND_BARRAY(interp, objPtr, "session_context", session_id, (int) ulen);

	/* Session ticket - client only */
	SSL_SESSION_get0_ticket(session, &ticket, &len2);
	LAPPEND_BARRAY(interp, objPtr, "session_ticket", ticket, (Tcl_Size) len2);
	LAPPEND_BARRAY(interp, objPtr, "session_ticket", ticket, (int) len2);

	/* Session ticket lifetime hint (in seconds) */
	LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session));

	/* Ticket app data */
	SSL_SESSION_get0_ticket_appdata(session, &ticket, &len2);
	LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (Tcl_Size) len2);
	LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (int) len2);

	/* Get master key */
	len2 = SSL_SESSION_get_master_key(session, buffer, SSL_MAX_MASTER_KEY_LENGTH);
	LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (Tcl_Size) len2);
	LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (int) len2);

	/* Compression id */
	unsigned int id = SSL_SESSION_get_compress_id(session);
	LAPPEND_STR(interp, objPtr, "compression_id", id == 1 ? "zlib" : "none", -1);
    }

    /* Compression info */
2376
2377
2378
2379
2380
2381
2382

2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397

2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445

2446
2447
2448
2449
2450
2451
2452
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255




2256





















2257

2258
2259


2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278


2279
2280
2281
2282
2283
2284
2285
2286







+











-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-


-
-



















-
-
+








    /* CA List */
    /* IF not a server, same as SSL_get0_peer_CA_list. If server same as SSL_CTX_get_client_CA_list */
    listPtr = Tcl_NewListObj(0, NULL);
    STACK_OF(X509_NAME) *ca_list;
    if ((ca_list = SSL_get_client_CA_list(ssl)) != NULL) {
	char buffer[BUFSIZ];

	for (int i = 0; i < sk_X509_NAME_num(ca_list); i++) {
	    X509_NAME *name = sk_X509_NAME_value(ca_list, i);
	    if (name) {
		X509_NAME_oneline(name, buffer, BUFSIZ);
		Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buffer, -1));
	    }
	}
    }
    LAPPEND_OBJ(interp, objPtr, "caList", listPtr);
    LAPPEND_INT(interp, objPtr, "caListCount", sk_X509_NAME_num(ca_list));

    Tcl_SetObjResult(interp, objPtr);
    return TCL_OK;
	clientData = clientData;
}


/*
 *-------------------------------------------------------------------
 *
 * VersionObjCmd -- return version string from OpenSSL.
 *
 * Results:
 *	A standard Tcl result.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
static int
VersionObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *objPtr;

    dprintf("Called");

    objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1);
    Tcl_SetObjResult(interp, objPtr);

    return TCL_OK;
	clientData = clientData;
	objc = objc;
	objv = objv;
}

/*
 *-------------------------------------------------------------------
 *
 * MiscObjCmd -- misc commands
 *
 * Results:
 *	A standard Tcl result.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
static int
MiscObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    static const char *commands [] = { "req", "strreq", NULL };
    enum command { C_REQ, C_STRREQ, C_DUMMY };
    Tcl_Size cmd;
    int isStr;
    int cmd, isStr;
    char buffer[16384];

    dprintf("Called");

    if (objc < 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "subcommand ?args?");
	return TCL_ERROR;
2461
2462
2463
2464
2465
2466
2467
2468

2469
2470
2471
2472
2473
2474
2475
2476
2295
2296
2297
2298
2299
2300
2301

2302

2303
2304
2305
2306
2307
2308
2309







-
+
-







    switch ((enum command) cmd) {
	case C_REQ:
	case C_STRREQ: {
	    EVP_PKEY *pkey=NULL;
	    X509 *cert=NULL;
	    X509_NAME *name=NULL;
	    Tcl_Obj **listv;
	    Tcl_Size listc;
	    int listc,i;
	    int i;

	    BIO *out=NULL;

	    char *k_C="",*k_ST="",*k_L="",*k_O="",*k_OU="",*k_CN="",*k_Email="";
	    char *keyout,*pemout,*str;
	    int keysize,serial=0,days=365;

2493
2494
2495
2496
2497
2498
2499
2500


2501
2502
2503
2504
2505
2506
2507
2326
2327
2328
2329
2330
2331
2332

2333
2334
2335
2336
2337
2338
2339
2340
2341







-
+
+







	    pemout=Tcl_GetString(objv[4]);
	    if (isStr) {
		Tcl_SetVar(interp,keyout,"",0);
		Tcl_SetVar(interp,pemout,"",0);
	    }

	    if (objc>=6) {
		if (Tcl_ListObjGetElements(interp, objv[5], &listc, &listv) != TCL_OK) {
		if (Tcl_ListObjGetElements(interp, objv[5],
			&listc, &listv) != TCL_OK) {
		    return TCL_ERROR;
		}

		if ((listc%2) != 0) {
		    Tcl_SetResult(interp,"Information list must have even number of arguments",NULL);
		    return TCL_ERROR;
		}
2768
2769
2770
2771
2772
2773
2774
2775

2776
2777
2778
2779
2780
2781
2782

2783
2784
2785
2786
2787





2788
2789
2790
2791
2792
2793
2794
2602
2603
2604
2605
2606
2607
2608

2609
2610
2611
2612

2613
2614
2615
2616
2617
2618



2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630







-
+



-



+


-
-
-
+
+
+
+
+







    }
#endif
    if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) {
	return TCL_ERROR;
    }

    if (TlsLibInit(0) != TCL_OK) {
	Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL);
	Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
	return TCL_ERROR;
    }

    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::connection", ConnectionInfoObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::unimport", UnimportObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::status", StatusObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tls_DigestCommands(interp);
    Tls_EncryptCommands(interp);
    Tls_InfoCommands(interp);
    Tls_KeyCommands(interp);

    if (interp) {
	Tcl_Eval(interp, tlsTclInitScript);
    }

    return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION);
}

Modified generic/tlsBIO.c from [904acc3cbd] to [3977ec0a04].

1
2
3
4
5
6
7
8
9
10
11

12
13
14
15
16
17
18

19
20
21
22
23
24

25
26
27
28
29
30
31
1
2
3
4
5
6
7
8
9
10

11
12
13
14
15
16
17

18
19
20
21
22


23
24
25
26
27
28
29
30










-
+






-
+




-
-
+







/*
 * Copyright (C) 1997-2000 Matt Newman <[email protected]>
 *
 * Provides BIO layer to interface openssl to Tcl.
 */

#include "tlsInt.h"

static int BioWrite(BIO *bio, const char *buf, int bufLen) {
    Tcl_Channel chan;
    Tcl_Size ret;
    int ret;
    int tclEofChan, tclErrno;

    chan = Tls_GetParent((State *) BIO_get_data(bio), 0);

    dprintf("[chan=%p] BioWrite(%p, <buf>, %d)", (void *)chan, (void *) bio, bufLen);

    ret = Tcl_WriteRaw(chan, buf, (Tcl_Size) bufLen);
    ret = (int) Tcl_WriteRaw(chan, buf, bufLen);

    tclEofChan = Tcl_Eof(chan);
    tclErrno = Tcl_GetErrno();

    dprintf("[chan=%p] BioWrite(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; tclErrno=%d]",
	(void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());
    dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());

    BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);

    if (tclEofChan && ret <= 0) {
	dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
	Tcl_SetErrno(ECONNRESET);
	ret = 0;
51
52
53
54
55
56
57
58

59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

75
76
77
78
79
80

81
82
83
84
85
86
87
50
51
52
53
54
55
56

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

73
74
75
76
77


78
79
80
81
82
83
84
85







-
+















-
+




-
-
+







    if (ret != -1 || (ret == -1 && tclErrno == EAGAIN)) {
	if (BIO_should_read(bio)) {
	    dprintf("Setting should retry read flag");

	    BIO_set_retry_read(bio);
	}
    }
    return((int) ret);
    return(ret);
}

static int BioRead(BIO *bio, char *buf, int bufLen) {
    Tcl_Channel chan;
    Tcl_Size ret = 0;
    int tclEofChan, tclErrno;

    chan = Tls_GetParent((State *) BIO_get_data(bio), 0);

    dprintf("[chan=%p] BioRead(%p, <buf>, %d)", (void *) chan, (void *) bio, bufLen);

    if (buf == NULL) {
	return 0;
    }

    ret = Tcl_ReadRaw(chan, buf, (Tcl_Size) bufLen);
    ret = Tcl_ReadRaw(chan, buf, bufLen);

    tclEofChan = Tcl_Eof(chan);
    tclErrno = Tcl_GetErrno();

    dprintf("[chan=%p] BioRead(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; tclErrno=%d]",
	(void *) chan, bufLen, ret, tclEofChan, tclErrno);
    dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);

    BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);

    if (tclEofChan && ret <= 0) {
	dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
	Tcl_SetErrno(ECONNRESET);
	ret = 0;
108
109
110
111
112
113
114
115

116
117
118

119
120
121
122
123
124
125
106
107
108
109
110
111
112

113

114

115
116
117
118
119
120
121
122







-
+
-

-
+







	if (BIO_should_write(bio)) {
	    dprintf("Setting should retry write flag");

	    BIO_set_retry_write(bio);
	}
    }

    dprintf("BioRead(%p, <buf>, %d) [%p] returning %" TCL_SIZE_MODIFIER "d", (void *) bio,
    dprintf("BioRead(%p, <buf>, %d) [%p] returning %i", (void *) bio, bufLen, (void *) chan, ret);
	bufLen, (void *) chan, ret);

    return((int) ret);
    return(ret);
}

static int BioPuts(BIO *bio, const char *str) {
    dprintf("BioPuts(%p, <string:%p>) called", bio, str);

    return BioWrite(bio, str, (int) strlen(str));
}

Added generic/tlsDigest.c version [188fdc0d84].

















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
/*
 * Message Digest (MD) and Message Authentication Code (MAC) Module
 *
 * Provides commands to calculate a Message Digest (MD) or a Message
 * Authentication Code (MAC).
 *
 * Copyright (C) 2023 Brian O'Hagan
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <tcl.h>
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/hmac.h>

/* Constants */
const char *hex = "0123456789abcdef";

/* Macros */
#define BUFFER_SIZE	65536
#define CHAN_EOF	0x10
#define READ_DELAY	5

/* Digest format and operation */
#define BIN_FORMAT	0x01
#define HEX_FORMAT	0x02
#define IS_XOF		0x08
#define TYPE_MD		0x10
#define TYPE_HMAC	0x20
#define TYPE_CMAC	0x40
#define TYPE_MAC	0x80

/*******************************************************************/

/*
 * This structure defines the per-instance state of a digest operation.
 */
typedef struct DigestState {
	Tcl_Channel self;	/* This socket channel */
	Tcl_TimerToken timer;	/* Timer for read events */

	int flags;		/* Chan config flags */
	int watchMask;		/* Current WatchProc mask */
	int mode;		/* Current mode of parent channel */
	int format;		/* Digest format and operation */

	Tcl_Interp *interp;	/* Current interpreter */
	EVP_MD_CTX *ctx;	/* MD Context */
	HMAC_CTX *hctx;		/* HMAC context */
	CMAC_CTX *cctx;		/* CMAC context */
	Tcl_Command token;	/* Command token */
} DigestState;

/*
 *-------------------------------------------------------------------
 *
 * DigestStateNew --
 *
 *	This function creates a per-instance state data structure
 *
 * Returns:
 *	Digest structure pointer
 *
 * Side effects:
 *	Creates structure
 *
 *-------------------------------------------------------------------
 */
DigestState *DigestStateNew(Tcl_Interp *interp, int format) {
    DigestState *statePtr;

    statePtr = (DigestState *) ckalloc((unsigned) sizeof(DigestState));
    if (statePtr != NULL) {
	memset(statePtr, 0, sizeof(DigestState));
	statePtr->self	= NULL;		/* This socket channel */
	statePtr->timer = NULL;		/* Timer to flush data */
	statePtr->flags = 0;		/* Chan config flags */
	statePtr->watchMask = 0;	/* Current WatchProc mask */
	statePtr->mode	= 0;		/* Current mode of parent channel */
	statePtr->format = format;	/* Digest format and operation */
	statePtr->interp = interp;	/* Current interpreter */
	statePtr->ctx = NULL;		/* MD Context */
	statePtr->hctx = NULL;		/* HMAC Context */
	statePtr->cctx = NULL;		/* CMAC Context */
	statePtr->token = NULL;		/* Command token */
    }
    return statePtr;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestStateFree --
 *
 *	This function deletes a digest state structure
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Removes structure
 *
 *-------------------------------------------------------------------
 */
void DigestStateFree(DigestState *statePtr) {
    if (statePtr == (DigestState *) NULL) {
	return;
    }

    /* Remove pending timer */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
    }

    /* Free context structures */
    if (statePtr->ctx != (EVP_MD_CTX *) NULL) {
	EVP_MD_CTX_free(statePtr->ctx);
    }
    if (statePtr->hctx != (HMAC_CTX *) NULL) {
	HMAC_CTX_free(statePtr->hctx);
    }
    if (statePtr->cctx != (CMAC_CTX *) NULL) {
	CMAC_CTX_free(statePtr->cctx);
    }
    ckfree(statePtr);
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestInitialize --
 *
 *	Initialize a hash function
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR for failure with result set
 *	to error message.
 *
 * Side effects:
 *	No result or error message
 *
 *-------------------------------------------------------------------
 */
int DigestInitialize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    int key_len = 0, type = statePtr->format & 0xFF0;
    const char *digestName = NULL, *cipherName = NULL, *macName = NULL;
    const EVP_MD *md = NULL;
    const EVP_CIPHER *cipher = NULL;
    const unsigned char *key = NULL;

    dprintf("Called");

    /* Create contexts */
    switch(type) {
    case TYPE_MD:
	statePtr->ctx = EVP_MD_CTX_new();
	res = (statePtr->ctx != NULL);
	break;
    case TYPE_HMAC:
	statePtr->hctx = HMAC_CTX_new();
	res = (statePtr->hctx != NULL);
	break;
    case TYPE_CMAC:
	statePtr->cctx = CMAC_CTX_new();
	res = (statePtr->cctx != NULL);
	break;
    }

    if (!res) {
	Tcl_AppendResult(interp, "Create context failed", NULL);
	return TCL_ERROR;
    }

    /* Get MAC */
    if (macObj != NULL) {
	macName = Tcl_GetStringFromObj(macObj, NULL);
	if (strcmp(macName, "cmac") == 0) {
	    type = TYPE_CMAC;
	} else if (strcmp(macName, "hmac") == 0) {
	    type = TYPE_HMAC;
	} else {
	    Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
	    return TCL_ERROR;
	}
    } else if (type == TYPE_MAC) {
	Tcl_AppendResult(interp, "No MAC specified", NULL);
	return TCL_ERROR;
    }

    /* Get digest */
    if (digestObj != NULL) {
	digestName = Tcl_GetStringFromObj(digestObj, NULL);
	md = EVP_get_digestbyname(digestName);
	if (md == NULL) {
	    Tcl_AppendResult(interp, "Invalid digest \"", digestName, "\"", NULL);
	    return TCL_ERROR;
	} else if (md == EVP_shake128() || md == EVP_shake256()) {
	    statePtr->format |= IS_XOF;
	}
    } else if (type != TYPE_CMAC) {
	Tcl_AppendResult(interp, "No digest specified", NULL);
	return TCL_ERROR;
    }

    /* Get cipher */
    if (cipherObj != NULL) {
	cipherName = Tcl_GetStringFromObj(cipherObj, NULL);
	cipher = EVP_get_cipherbyname(cipherName);
	if (cipher == NULL) {
	    Tcl_AppendResult(interp, "Invalid cipher \"", cipherName, "\"", NULL);
	    return TCL_ERROR;
	}
    } else if (type == TYPE_CMAC) {
	Tcl_AppendResult(interp, "No cipher specified", NULL);
	return TCL_ERROR;
    }

    /* Get key */
    if (keyObj != NULL) {
	key = Tcl_GetByteArrayFromObj(keyObj, &key_len);
    } else if (type != TYPE_MD) {
	Tcl_AppendResult(interp, "No key specified", NULL);
	return TCL_ERROR;
    }

    /* Initialize cryptography function */
    switch(type) {
    case TYPE_MD:
	res = EVP_DigestInit_ex(statePtr->ctx, md, NULL);
	break;
    case TYPE_HMAC:
	res = HMAC_Init_ex(statePtr->hctx, (const void *) key, key_len, md, NULL);
	break;
    case TYPE_CMAC:
	res = CMAC_Init(statePtr->cctx, (const void *) key, key_len, cipher, NULL);
	break;
    }

    if (!res) {
	Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestUpdate --
 *
 *	Update a hash function with data
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR for failure with result set
 *	to error message if do_result is true.
 *
 * Side effects:
 *	Adds buf data to hash function or sets result to error message
 *
 *-------------------------------------------------------------------
 */
int DigestUpdate(DigestState *statePtr, char *buf, size_t read, int do_result) {
    int res = 0;

    dprintf("Called");

    switch(statePtr->format & 0xFF0) {
    case TYPE_MD:
        res = EVP_DigestUpdate(statePtr->ctx, buf, read);
	break;
    case TYPE_HMAC:
        res = HMAC_Update(statePtr->hctx, buf, read);
	break;
    case TYPE_CMAC:
        res = CMAC_Update(statePtr->cctx, buf, read);
	break;
    }

    if (!res && do_result) {
	Tcl_AppendResult(statePtr->interp, "Update failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestFinalize --
 *
 *	Finalize a hash function and return the message digest
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR for failure with result set
 *	to error message.
 *
 * Side effects:
 *	Sets result to message digest or an error message.
 *
 *-------------------------------------------------------------------
 */
int DigestFinalize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj **resultObj) {
    unsigned char md_buf[EVP_MAX_MD_SIZE];
    unsigned int ulen;
    int res = 0, md_len = 0, type = statePtr->format & 0xFF0;

    dprintf("Called");

    /* Finalize cryptography function and get result */
    switch(type) {
    case TYPE_MD:
	if (!(statePtr->format & IS_XOF)) {
	    res = EVP_DigestFinal_ex(statePtr->ctx, md_buf, &ulen);
	    md_len = (int) ulen;
	} else {
	    res = EVP_DigestFinalXOF(statePtr->ctx, md_buf, (size_t) EVP_MAX_MD_SIZE);
	    md_len = EVP_MAX_MD_SIZE;
	}
	break;
    case TYPE_HMAC:
	res = HMAC_Final(statePtr->hctx, md_buf, &ulen);
	md_len = (int) ulen;
	break;
    case TYPE_CMAC:
	size_t size;
	res = CMAC_Final(statePtr->cctx, md_buf, &size);
	md_len = (int) size;
	break;
    }

    if (!res) {
	if (resultObj == NULL) {
	    Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL);
	}
	return TCL_ERROR;
    }

    /* Return message digest as either a binary or hex string */
    if (statePtr->format & BIN_FORMAT) {
	if (resultObj == NULL) {
	    Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(md_buf, md_len));
	} else {
	    *resultObj = Tcl_NewByteArrayObj(md_buf, md_len);
	    Tcl_IncrRefCount(*resultObj);
	}

    } else {
	Tcl_Obj *newObj = Tcl_NewObj();
	unsigned char *ptr = Tcl_SetByteArrayLength(newObj, md_len*2);

	for (int i = 0; i < md_len; i++) {
	    *ptr++ = hex[(md_buf[i] >> 4) & 0x0F];
	    *ptr++ = hex[md_buf[i] & 0x0F];
	}

	if (resultObj == NULL) {
	    Tcl_SetObjResult(interp, newObj);
	} else {
	    *resultObj = newObj;
	    Tcl_IncrRefCount(*resultObj);
	}
    }
    return TCL_OK;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestBlockModeProc --
 *
 *	This function is invoked by the generic IO level
 *	to set blocking and nonblocking modes.
 *
 * Returns:
 *	0 if successful or POSIX error code if failed.
 *
 * Side effects:
 *	Sets the device into blocking or nonblocking mode.
 *	Can call Tcl_SetChannelError.
 *
 *-------------------------------------------------------------------
 */
static int DigestBlockModeProc(ClientData clientData, int mode) {
    DigestState *statePtr = (DigestState *) clientData;

    if (mode == TCL_MODE_NONBLOCKING) {
	statePtr->flags |= TLS_TCL_ASYNC;
    } else {
	statePtr->flags &= ~(TLS_TCL_ASYNC);
    }
    return 0;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestCloseProc --
 *
 *	This function is invoked by the generic IO level to perform
 *	channel-type specific cleanup when the channel is closed. All
 *	queued output is flushed prior to calling this function.
 *
 * Returns:
 *	0 if successful or POSIX error code if failed.
 *
 * Side effects:
 *	Deletes stored state data.
 *
 *-------------------------------------------------------------------
 */
int DigestCloseProc(ClientData clientData, Tcl_Interp *interp) {
    DigestState *statePtr = (DigestState *) clientData;

    /* Cancel active timer, if any */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }

    /* Output message digest if not already done */
    if (!(statePtr->flags & CHAN_EOF)) {
	Tcl_Channel parent = Tcl_GetStackedChannel(statePtr->self);
	Tcl_Obj *resultObj;
	int written;

	if (DigestFinalize(statePtr->interp, statePtr, &resultObj) == TCL_OK) {
	    unsigned char *data = Tcl_GetByteArrayFromObj(resultObj, &written);
	    Tcl_WriteRaw(parent, data, written);
	    Tcl_DecrRefCount(resultObj);
	}
	statePtr->flags |= CHAN_EOF;
    }

    /* Clean-up */
    DigestStateFree(statePtr);
    return 0;
}

/*
 * Same as DigestCloseProc but with individual read and write close control
 */
static int DigestClose2Proc(ClientData instanceData, Tcl_Interp *interp, int flags) {

    if ((flags & (TCL_CLOSE_READ | TCL_CLOSE_WRITE)) == 0) {
	return DigestCloseProc(instanceData, interp);
    }
    return EINVAL;
}

/*
 *----------------------------------------------------------------------
 *
 * DigestInputProc --
 *
 *	Called by the generic IO system to read data from transform and
 *	place in buf. Transform gets data from the underlying channel.
 *
 * Returns:
 *	Total bytes read or -1 for an error along with a POSIX error
 *	code in errorCodePtr. Use EAGAIN for nonblocking and no data.
 *
 * Side effects:
 *	Read data from transform and write to buf
 *
 *----------------------------------------------------------------------
 */
int DigestInputProc(ClientData clientData, char *buf, int toRead, int *errorCodePtr) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;
    int read;
    *errorCodePtr = 0;

    /* Abort if nothing to process */
    if (toRead <= 0 || statePtr->self == (Tcl_Channel) NULL) {
	return 0;
    }

    /* Get bytes from underlying channel */
    parent = Tcl_GetStackedChannel(statePtr->self);
    read = Tcl_ReadRaw(parent, buf, toRead);

    /* Update hash function */
    if (read > 0) {
	/* Have data */
	if (DigestUpdate(statePtr, buf, (size_t) read, 0) != TCL_OK) {
	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
	    *errorCodePtr = EINVAL;
	    return 0;
	}
	/* This is correct */
	read = -1;
	*errorCodePtr = EAGAIN;

    } else if (read < 0) {
	/* Error */
	*errorCodePtr = Tcl_GetErrno();

    } else if (!(statePtr->flags & CHAN_EOF)) {
	/* EOF */
	Tcl_Obj *resultObj;
	if (DigestFinalize(statePtr->interp, statePtr, &resultObj) == TCL_OK) {
	    unsigned char *data = Tcl_GetByteArrayFromObj(resultObj, &read);
	    memcpy(buf, data, read);
	    Tcl_DecrRefCount(resultObj);

	} else {
	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON()));
	    *errorCodePtr = EINVAL;
	    read = 0;
	}
	statePtr->flags |= CHAN_EOF;
    }
    return read;
}

/*
 *----------------------------------------------------------------------
 *
 * DigestOutputProc --
 *
 *	Called by the generic IO system to write data in buf to transform.
 *	The transform writes the result to the underlying channel.
 *
 * Returns:
 *	Total bytes written or -1 for an error along with a POSIX error
 *	code in errorCodePtr. Use EAGAIN for nonblocking and can't write data.
 *
 * Side effects:
 *	Get data from buf and update digest
 *
 *----------------------------------------------------------------------
 */
 int DigestOutputProc(ClientData clientData, const char *buf, int toWrite, int *errorCodePtr) {
    DigestState *statePtr = (DigestState *) clientData;
    *errorCodePtr = 0;

    /* Abort if nothing to process */
    if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
	return 0;
    }

    /* Update hash function */
    if (DigestUpdate(statePtr, buf, (size_t) toWrite, 0) != TCL_OK) {
	Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
	*errorCodePtr = EINVAL;
	return 0;
    }
    return toWrite;
}

/*
 *----------------------------------------------------------------------
 *
 * DigestSetOptionProc --
 *
 *	Called by the generic IO system to set channel option name to value.
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR if failed along with an error
 *	message in interp and Tcl_SetErrno.
 *
 * Side effects:
 *	Updates channel option to new value.
 *
 *----------------------------------------------------------------------
 */
static int DigestSetOptionProc(ClientData clientData, Tcl_Interp *interp, const char *optionName,
	const char *optionValue) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverSetOptionProc *setOptionProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Delegate options downstream */
    parent = Tcl_GetStackedChannel(statePtr->self);
    setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(parent));
    if (setOptionProc != NULL) {
	return (*setOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
    } else {
	Tcl_SetErrno(EINVAL);
	return Tcl_BadChannelOption(interp, optionName, NULL);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * DigestGetOptionProc --
 *
 *	Called by the generic IO system to get channel option name's value.
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR if failed along with an error
 *	message in interp and Tcl_SetErrno.
 *
 * Side effects:
 *	Sets result to option's value
 *
 *----------------------------------------------------------------------
 */
static int DigestGetOptionProc(ClientData clientData, Tcl_Interp *interp, const char *optionName,
	Tcl_DString *optionValue) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverGetOptionProc *getOptionProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Delegate options downstream */
    parent = Tcl_GetStackedChannel(statePtr->self);
    getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(parent));
    if (getOptionProc != NULL) {
	return (*getOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
    } else if (optionName == (char*) NULL) {
	/* Request is query for all options, this is ok. */
	return TCL_OK;
    } else {
	Tcl_SetErrno(EINVAL);
	return Tcl_BadChannelOption(interp, optionName, NULL);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * DigestTimerHandler --
 *
 *	Called by the notifier via timer to flush out pending input data.
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	May call Tcl_NotifyChannel
 *
 *----------------------------------------------------------------------
 */
static void DigestTimerHandler(ClientData clientData) {
    DigestState *statePtr = (DigestState *) clientData;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return;
    }

    /* Clear timer token */
    statePtr->timer = (Tcl_TimerToken) NULL;

    /* Fire event if there is pending data, skip otherwise */
    if ((statePtr->watchMask & TCL_READABLE) && (Tcl_InputBuffered(statePtr->self) > 0)) {
	Tcl_NotifyChannel(statePtr->self, TCL_READABLE);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * DigestWatchProc --
 *
 *	Initialize the notifier to watch for events from this channel.
 *
 * Returns:
 *	Nothing (can't return error messages)
 *
 * Side effects:
 *	Configure notifier so future events on the channel will be seen by Tcl.
 *
 *----------------------------------------------------------------------
 */
void DigestWatchProc(ClientData clientData, int mask) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverWatchProc *watchProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return;
    }

    /* Store OR-ed combination of TCL_READABLE, TCL_WRITABLE and TCL_EXCEPTION */
    statePtr->watchMask = mask;

    /* Propagate mask info to parent channel */
    parent = Tcl_GetStackedChannel(statePtr->self);
    watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent));
    watchProc(Tcl_GetChannelInstanceData(parent), mask);

    /* Remove pending timer */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }

    /* If there is data pending, set new timer to call Tcl_NotifyChannel */
    if ((mask & TCL_READABLE) && (Tcl_InputBuffered(statePtr->self) > 0)) {
	statePtr->timer = Tcl_CreateTimerHandler(READ_DELAY, DigestTimerHandler, (ClientData) statePtr);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * DigestGetHandleProc --
 *
 *	Called from Tcl_GetChannelHandle to retrieve OS specific file handle
 *	from inside this channel. Not used for transformations?
 *
 * Returns:
 *	TCL_OK for success or TCL_ERROR for error or if not supported. If
 *	direction is TCL_READABLE, sets handlePtr to the handle used for
 *	input, or if TCL_WRITABLE sets to the handle used for output.
 *
 * Side effects:
 *	None
 *
 *----------------------------------------------------------------------
 */
int DigestGetHandleProc(ClientData clientData, int direction, ClientData *handlePtr) {
    DigestState *statePtr = (DigestState *) clientData;
    Tcl_Channel parent;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    parent = Tcl_GetStackedChannel(statePtr->self);
    return Tcl_GetChannelHandle(parent, direction, handlePtr);
}

/*
 *----------------------------------------------------------------------
 *
 * DigestNotifyProc --
 *
 *	Called by Tcl to inform us of activity on the underlying channel.
 *
 * Returns:
 *	Unchanged interestMask which is an OR-ed combination of TCL_READABLE or TCL_WRITABLE
 *
 * Side effects:
 *	Cancels any pending timer.
 *
 *----------------------------------------------------------------------
 */
int DigestNotifyProc(ClientData clientData, int interestMask) {
    DigestState *statePtr = (DigestState *) clientData;

    /* Skip timer event as redundant */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }
    return interestMask;
}

/*
 *
 * Channel type structure definition for digest transformations.
 *
 */
static const Tcl_ChannelType digestChannelType = {
    "digest",			/* Type name */
    TCL_CHANNEL_VERSION_5,	/* v5 channel */
    DigestCloseProc,		/* Close proc */
    DigestInputProc,		/* Input proc */
    DigestOutputProc,		/* Output proc */
    NULL,			/* Seek proc */
    DigestSetOptionProc,	/* Set option proc */
    DigestGetOptionProc,	/* Get option proc */
    DigestWatchProc,		/* Initialize notifier */
    DigestGetHandleProc,	/* Get OS handles out of channel */
    DigestClose2Proc,		/* close2proc */
    DigestBlockModeProc,	/* Set blocking/nonblocking mode*/
    NULL,			/* Flush proc */
    DigestNotifyProc,		/* Handling of events bubbling up */
    NULL,			/* Wide seek proc */
    NULL,			/* Thread action */
    NULL			/* Truncate */
};

/*
 *----------------------------------------------------------------------
 *
 * DigestChannelHandler --
 *
 *	Create a stacked channel for a message digest transformation.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Adds transform to channel and sets result to channel id or error message.
 *
 *----------------------------------------------------------------------
 */
static int DigestChannelHandler(Tcl_Interp *interp, const char *channel, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
    Tcl_Channel chan;
    DigestState *statePtr;

    dprintf("Called");

    /* Validate args */
    if (channel == (const char *) NULL) {
	Tcl_AppendResult(interp, "No channel", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get channel Id */
    chan = Tcl_GetChannel(interp, channel, &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    /* Configure channel */
    Tcl_SetChannelOption(interp, chan, "-translation", "binary");
    if (Tcl_GetChannelBufferSize(chan) < EVP_MAX_MD_SIZE * 2) {
	Tcl_SetChannelBufferSize(chan, EVP_MAX_MD_SIZE * 2);
    }

    /* Create state data structure */
    if ((statePtr = DigestStateNew(interp, format)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }
    statePtr->self = chan;
    statePtr->mode = mode;

    /* Initialize hash function */
    if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK) {
	DigestStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Stack channel */
    statePtr->self = Tcl_StackChannel(interp, &digestChannelType, (ClientData) statePtr, mode, chan);
    if (statePtr->self == (Tcl_Channel) NULL) {
	DigestStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Set result to channel Id */
    Tcl_SetResult(interp, (char *) Tcl_GetChannelName(chan), TCL_VOLATILE);
    return TCL_OK;
}

/*
 *----------------------------------------------------------------------
 *
 * Unstack Channel --
 *
 *	This function removes the stacked channel from the top of the
 *	channel stack if it is a digest channel.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Removes transform from channel or sets result to error message.
 *
 *----------------------------------------------------------------------
 */
static int DigestUnstackObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Channel chan;
    int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE  */

    dprintf("Called");

    /* Validate arg count */
    if (objc != 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channelId");
	return TCL_ERROR;
    }

    /* Get channel */
    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    /* Check if digest channel */
    if (Tcl_GetChannelType(chan) != &digestChannelType) {
	Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan),
	    "\": not a digest channel", NULL);
	Tcl_SetErrorCode(interp, "TLS", "UNSTACK", "CHANNEL", "INVALID", (char *) NULL);
	return TCL_ERROR;
    }

    /* Pop transform from channel */
    return Tcl_UnstackChannel(interp, chan);
    	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestInstanceObjCmd --
 *
 *	Handler for digest command instances. Used to add data to hash
 *	function or retrieve message digest.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Adds data to hash or returns message digest
 *
 *-------------------------------------------------------------------
 */
int DigestInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    DigestState *statePtr = (DigestState *) clientData;
    int fn, data_len = 0;
    char *data = NULL;
    static const char *instance_fns [] = { "finalize", "update", NULL };

    dprintf("Called");

    /* Validate arg count */
    if (objc < 2 || objc > 3) {
	Tcl_WrongNumArgs(interp, 1, objv, "function ?data?");
	return TCL_ERROR;
    }

    /* Get function */
    if (Tcl_GetIndexFromObj(interp, objv[1], instance_fns, "function", 0, &fn) != TCL_OK) {
	return TCL_ERROR;
    }

    /* Do function */
    if (fn) {
	/* Get data or return error if none */
	if (objc == 3) {
	    data = Tcl_GetByteArrayFromObj(objv[2], &data_len);
	} else {
	    Tcl_WrongNumArgs(interp, 1, objv, "update data");
	    return TCL_ERROR;
	}

	/* Update hash function */
	if (DigestUpdate(statePtr, data, (size_t) data_len, 1) != TCL_OK) {
	    return TCL_ERROR;
	}

    } else {
	/* Finalize hash function and calculate message digest */
	if (DigestFinalize(interp, statePtr, NULL) != TCL_OK) {
	    return TCL_ERROR;
	}

	Tcl_DeleteCommandFromToken(interp, statePtr->token);
    }
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestCommandDeleteHandler --
 *
 *	 Callback to clean-up when digest instance command is deleted.
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Destroys state info structure
 *
 *-------------------------------------------------------------------
 */
void DigestCommandDeleteHandler(ClientData clientData) {
    DigestState *statePtr = (DigestState *) clientData;

    /* Clean-up */
    DigestStateFree(statePtr);
}

/*
 *-------------------------------------------------------------------
 *
 * DigestCommandHandler --
 *
 *	 Create command to allow user to add data to hash function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates command or error message
 *
 *-------------------------------------------------------------------
 */
int DigestCommandHandler(Tcl_Interp *interp, Tcl_Obj *cmdObj, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    DigestState *statePtr;
    char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);

    dprintf("Called");

    /* Create state data structure */
    if ((statePtr = DigestStateNew(interp, format)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Initialize hash function */
    if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK) {
	return TCL_ERROR;
    }

    /* Create instance command */
    statePtr->token = Tcl_CreateObjCommand(interp, cmdName, DigestInstanceObjCmd,
	(ClientData) statePtr, DigestCommandDeleteHandler);
    if (statePtr->token == NULL) {
	DigestStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Return command name */
    Tcl_SetObjResult(interp, cmdObj);
    return TCL_OK;
}


/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestDataHandler --
 *
 *	Return message digest for data using user specified hash function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result to message digest or error message
 *
 *-------------------------------------------------------------------
 */
int DigestDataHandler(Tcl_Interp *interp, Tcl_Obj *dataObj, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    char *data;
    int data_len;
    DigestState *statePtr;

    dprintf("Called");

    /* Get data */
    data = Tcl_GetByteArrayFromObj(dataObj, &data_len);
    if (data == NULL) {
	Tcl_SetResult(interp, "No data", NULL);
	return TCL_ERROR;
    }

    /* Create state data structure */
    if ((statePtr = DigestStateNew(interp, format)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Calc Digest */
    if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK ||
	DigestUpdate(statePtr, data, (size_t) data_len, 1) != TCL_OK ||
	DigestFinalize(interp, statePtr, NULL) != TCL_OK) {
	DigestStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Clean-up */
    DigestStateFree(statePtr);
    return TCL_OK;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestFileHandler --
 *
 *	Return message digest for file using user specified hash function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Result is message digest or error message
 *
 *-------------------------------------------------------------------
 */
int DigestFileHandler(Tcl_Interp *interp, Tcl_Obj *inFileObj, Tcl_Obj *digestObj,
	Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
    DigestState *statePtr;
    Tcl_Channel chan = NULL;
    unsigned char buf[BUFFER_SIZE];
    int res = TCL_OK, len;

    dprintf("Called");

    /* Create state data structure */
    if ((statePtr = DigestStateNew(interp, format)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Open file channel */
    chan = Tcl_FSOpenFileChannel(interp, inFileObj, "rb", 0444);
    if (chan == (Tcl_Channel) NULL) {
	DigestStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Configure channel */
    if ((res = Tcl_SetChannelOption(interp, chan, "-translation", "binary")) != TCL_OK) {
	goto done;
    }
    Tcl_SetChannelBufferSize(chan, BUFFER_SIZE);

    /* Initialize hash function */
    if ((res = DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj)) != TCL_OK) {
	goto done;
    }

    /* Read file data and update hash function */
    while (!Tcl_Eof(chan)) {
	len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
	if (len > 0) {
	    if ((res = DigestUpdate(statePtr, &buf[0], (size_t) len, 1)) != TCL_OK) {
		goto done;
	    }
	}
    }

    /* Finalize hash function and calculate message digest */
    res = DigestFinalize(interp, statePtr, NULL);

done:
    /* Close channel */
    if (Tcl_Close(interp, chan) == TCL_ERROR) {
	res = TCL_ERROR;
    }

    /* Clean-up */
    DigestStateFree(statePtr);
    return res;
}

/*******************************************************************/

static const char *command_opts [] = { "-bin", "-binary", "-hex", "-hexadecimal",
    "-chan", "-channel", "-cipher", "-command", "-data", "-digest", "-file", "-filename",
    "-hash", "-key", "-mac", NULL};

enum _command_opts {
    _opt_bin, _opt_binary, _opt_hex, _opt_hexadecimal, _opt_chan, _opt_channel, _opt_cipher,
    _opt_command, _opt_data, _opt_digest, _opt_file, _opt_filename, _opt_hash, _opt_key, _opt_mac
};

/*
 *-------------------------------------------------------------------
 *
 * DigestMain --
 *
 *	Return message digest or Message Authentication Code (MAC) of
 *	data using user specified hash function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result to message digest or error message
 *
 *-------------------------------------------------------------------
 */
static int DigestMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    int start = 1, format = HEX_FORMAT, res = TCL_OK, fn;
    Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL;
    Tcl_Obj *fileObj = NULL, *keyObj = NULL, *macObj = NULL;
    const char *channel = NULL, *opt;

    dprintf("Called");

    /* Clear interp result */
    Tcl_ResetResult(interp);

    /* Validate arg count */
    if (objc < 3 || objc > 12) {
	Tcl_WrongNumArgs(interp, 1, objv, "?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]");
	return TCL_ERROR;
    }

    /* Special case of first arg is digest, cipher, or mac */
    opt = Tcl_GetStringFromObj(objv[start], NULL);
    if (opt[0] != '-') {
	switch(type) {
	case TYPE_MD:
	case TYPE_HMAC:
	    digestObj = objv[start++];
	    break;
	case TYPE_CMAC:
	    cipherObj = objv[start++];
	    break;
	case TYPE_MAC:
	    macObj = objv[start++];
	    break;
	}
    }

    /* Get options */
    for (int idx = start; idx < objc; idx++) {
	/* Special case for when last arg is data */
	if (idx == objc - 1) {
	    opt = Tcl_GetStringFromObj(objv[idx], NULL);
	    if (opt[0] != '-' && dataObj == NULL) {
		dataObj = objv[idx];
		break;
	    }
	}

	/* Get option */
	if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
	    return TCL_ERROR;
	}

	/* Validate arg has value */
	if (fn > _opt_hexadecimal) {
	    if (++idx >= objc) {
		Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
		return TCL_ERROR;
	    }
	}

	switch(fn) {
	case _opt_bin:
	case _opt_binary:
	    format = BIN_FORMAT;
	    break;
	case _opt_hex:
	case _opt_hexadecimal:
	    format = HEX_FORMAT;
	    break;
	case _opt_chan:
	case _opt_channel:
    	    GET_OPT_STRING(objv[idx], channel, NULL);
	    break;
	case _opt_cipher:
	    cipherObj = objv[idx];
	    break;
	case _opt_command:
	    cmdObj = objv[idx];
	    break;
	case _opt_data:
	    dataObj = objv[idx];
	    break;
	case _opt_digest:
	case _opt_hash:
	    digestObj = objv[idx];
	    break;
	case _opt_file:
	case _opt_filename:
	    fileObj = objv[idx];
	    break;
	case _opt_key:
	    keyObj = objv[idx];
	    break;
	case _opt_mac:
	    macObj = objv[idx];
	    break;
	}
    }

    /* Check types */
    if (type == TYPE_MD) {
	 if (macObj != NULL) {
	    type = TYPE_MAC;
	} else if (cipherObj != NULL) {
	    type = TYPE_CMAC;
	} else if (keyObj != NULL) {
	    type = TYPE_HMAC;
	}
    }

    if (type == TYPE_MAC) {
	if (macObj != NULL) {
	    char *macName = Tcl_GetStringFromObj(macObj, NULL);
	    if (strcmp(macName,"cmac") == 0) {
		type = TYPE_CMAC;
	    } else if (strcmp(macName,"hmac") == 0) {
		type = TYPE_HMAC;
	    } else {
		Tcl_AppendResult(interp, "Invalid MAC \"", macName, "\"", NULL);
		return TCL_ERROR;
	    }
	} else {
	    Tcl_AppendResult(interp, "No MAC specified", NULL);
	    return TCL_ERROR;
	}
    }

    /* Calc digest on file, stacked channel, using instance command, or data blob */
    if (fileObj != NULL) {
	res = DigestFileHandler(interp, fileObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (channel != NULL) {
	res = DigestChannelHandler(interp, channel, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (cmdObj != NULL) {
	res = DigestCommandHandler(interp, cmdObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else if (dataObj != NULL) {
	res = DigestDataHandler(interp, dataObj, digestObj, cipherObj, format | type, keyObj, macObj);
    } else {
	Tcl_AppendResult(interp, "No operation specified: Use -channel, -command, -data, or -file option", NULL);
	res = TCL_ERROR;
    }
    return res;
}

/*
 *-------------------------------------------------------------------
 *
 * Message Digest and Message Authentication Code Commands --
 *
 *	Return Message Digest (MD) or Message Authentication Code (MAC).
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result to message digest or error message
 *
 *-------------------------------------------------------------------
 */
static int MdObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return DigestMain(TYPE_MD, interp, objc, objv);
}

static int CMACObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return DigestMain(TYPE_CMAC, interp, objc, objv);
}

static int HMACObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return DigestMain(TYPE_HMAC, interp, objc, objv);
}

static int MACObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return DigestMain(TYPE_MAC, interp, objc, objv);
}

/*
 *-------------------------------------------------------------------
 *
 * Message Digest Convenience Commands --
 *
 *	Convenience commands for select message digests.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result to message digest or error message
 *
 *-------------------------------------------------------------------
 */
 int TemplateCmd(Tcl_Interp *interp, int objc, Tcl_Obj *const objv[], char *digestName, int format) {
    Tcl_Obj *dataObj, *digestObj;
    int res;

    if (objc == 2) {
	dataObj = objv[1];
    } else {
	Tcl_WrongNumArgs(interp, 1, objv, "data");
	return TCL_ERROR;
    }

    digestObj = Tcl_NewStringObj(digestName, -1);
    Tcl_IncrRefCount(digestObj);
    res = DigestDataHandler(interp, dataObj, digestObj, NULL, format, NULL, NULL);
    Tcl_DecrRefCount(digestObj);
    return res;
}
 
int MD4ObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return TemplateCmd(interp, objc, objv, "md4", HEX_FORMAT | TYPE_MD);
}

int MD5ObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return TemplateCmd(interp, objc, objv, "md5", HEX_FORMAT | TYPE_MD);
}

int SHA1ObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return TemplateCmd(interp, objc, objv, "sha1", HEX_FORMAT | TYPE_MD);
}

int SHA256ObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return TemplateCmd(interp, objc, objv, "sha256", HEX_FORMAT | TYPE_MD);
}

int SHA512ObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return TemplateCmd(interp, objc, objv, "sha512", HEX_FORMAT | TYPE_MD);
}

/*
 *-------------------------------------------------------------------
 *
 * Tls_DigestCommands --
 *
 *	Create digest commands
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates commands
 *
 *-------------------------------------------------------------------
 */
int Tls_DigestCommands(Tcl_Interp *interp) {
    Tcl_CreateObjCommand(interp, "tls::digest", MdObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::md", MdObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::cmac", CMACObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::hmac", HMACObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::mac", MACObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::md4", MD4ObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::md5", MD5ObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::sha1", SHA1ObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::sha256", SHA256ObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::sha512", SHA512ObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::unstack", DigestUnstackObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    return TCL_OK;
}

Added generic/tlsEncrypt.c version [c0069dd5ac].



































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
/*
 * Encryption Functions Module
 *
 * This module provides commands that can be used to encrypt or decrypt data.
 *
 * Copyright (C) 2023 Brian O'Hagan
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <tcl.h>
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/params.h>
#endif

/* Macros */
#define BUFFER_SIZE	32768
#define CHAN_EOF	0x10
#define READ_DELAY	5

/* Encryption functions */
#define TYPE_MD		0x010
#define TYPE_HMAC	0x020
#define TYPE_CMAC	0x040
#define TYPE_MAC	0x080
#define TYPE_ENCRYPT	0x100
#define TYPE_DECRYPT	0x200
#define TYPE_SIGN	0x400
#define TYPE_VERIFY	0x800

/*******************************************************************/

/*
 * This structure defines the per-instance state of a encrypt operation.
 */
typedef struct EncryptState {
	Tcl_Channel self;	/* This socket channel */
	Tcl_TimerToken timer;	/* Timer for read events */

	int flags;		/* Chan config flags */
	int watchMask;		/* Current WatchProc mask */
	int mode;		/* Current mode of parent channel */
	int type;		/* Operation type */

	Tcl_Interp *interp;	/* Current interpreter */
	EVP_CIPHER_CTX *ctx;	/* Cipher Context */
	Tcl_Command token;	/* Command token */
} EncryptState;


/*
 *-------------------------------------------------------------------
 *
 * EncryptStateNew --
 *
 *	This function creates a per-instance state data structure
 *
 * Returns:
 *	State structure pointer
 *
 * Side effects:
 *	Creates structure
 *
 *-------------------------------------------------------------------
 */
EncryptState *EncryptStateNew(Tcl_Interp *interp, int type) {
    EncryptState *statePtr = (EncryptState *) ckalloc((unsigned) sizeof(EncryptState));

    if (statePtr != NULL) {
	memset(statePtr, 0, sizeof(EncryptState));
	statePtr->self	= NULL;		/* This socket channel */
	statePtr->timer = NULL;		/* Timer to flush data */
	statePtr->flags = 0;		/* Chan config flags */
	statePtr->watchMask = 0;	/* Current WatchProc mask */
	statePtr->mode	= 0;		/* Current mode of parent channel */
	statePtr->type = type;		/* Operation type */
	statePtr->interp = interp;	/* Current interpreter */
	statePtr->ctx = NULL;		/* Cipher Context */
	statePtr->token = NULL;		/* Command token */
    }
    return statePtr;
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptStateFree --
 *
 *	This function deletes a state data structure
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Removes structure
 *
 *-------------------------------------------------------------------
 */
void EncryptStateFree(EncryptState *statePtr) {
    if (statePtr == (EncryptState *) NULL) {
	return;
    }

    /* Remove pending timer */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
    }

    /* Free context structures */
    if (statePtr->ctx != (EVP_CIPHER_CTX *) NULL) {
	EVP_CIPHER_CTX_free(statePtr->ctx);
    }
    ckfree(statePtr);
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * EncryptInitialize --
 *
 *	Initialize an encryption function
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR for failure with result set
 *	to error message.
 *
 * Side effects:
 *	No result or error message
 *
 *-------------------------------------------------------------------
 */
int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx,
	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    const EVP_CIPHER *cipher;
    char *cipherName =  NULL, *keyString = NULL, *ivString = NULL;
    int cipher_len = 0, key_len = 0, iv_len = 0, res, max;
    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

    dprintf("Called");

    /* Init buffers */
    memset(key, 0, EVP_MAX_KEY_LENGTH);
    memset(iv, 0, EVP_MAX_IV_LENGTH);

    /* Get encryption parameters */
    if (cipherObj != NULL) {
	cipherName = Tcl_GetStringFromObj(cipherObj, &cipher_len);
    }
    if (keyObj != NULL) {
	keyString = Tcl_GetByteArrayFromObj(keyObj, &key_len);
    }
    if (ivObj != NULL) {
	ivString = Tcl_GetByteArrayFromObj(ivObj, &iv_len);
    }

    /* Get cipher name */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    cipher = EVP_get_cipherbyname(cipherName);
#else
    cipher = EVP_CIPHER_fetch(NULL, cipherName, NULL);
#endif
    if (cipher == NULL) {
	Tcl_AppendResult(interp, "Invalid cipher: \"", cipherName, "\"", NULL);
	return TCL_ERROR;
    }

    if (key_len > 0) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	max = EVP_CIPHER_key_length(cipher);
#else
	max = EVP_CIPHER_get_key_length(cipher);
#endif
	if (max == 0) {
	} else if (key_len <= max) {
	    memcpy((void *) key, (const void *) keyString, (size_t) key_len);
	} else {
	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("Key too long. Must be <= %d bytes", max));
	    return TCL_ERROR;
	}
    }

    if (iv_len > 0) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	max = EVP_CIPHER_iv_length(cipher);
#else
	max = EVP_CIPHER_get_iv_length(cipher);
#endif
	if (max == 0) {
	} else if (iv_len <= max) {
	    memcpy((void *) iv, (const void *) ivString, (size_t) iv_len);
	} else {
	    Tcl_SetObjResult(interp, Tcl_ObjPrintf("IV too long. Must be <= %d bytes", max));
	    return TCL_ERROR;
	}
    }

    /* Create and initialize the context */
    if((*ctx = EVP_CIPHER_CTX_new()) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Initialize the operation. Need appropriate key and iv size. */
#if OPENSSL_VERSION_NUMBER < 0x30000000L
    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptInit_ex(*ctx, cipher, NULL, key, iv);
    } else {
	res = EVP_DecryptInit_ex(*ctx, cipher, NULL, key, iv);
    }
#else
	OSSL_PARAM params[2];
	int index = 0;

	if (iv != NULL) {
	    params[index++] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, (void *) iv, (size_t) iv_len);
	}
	params[index] = OSSL_PARAM_construct_end();

    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptInit_ex2(ctx, cipher, key, iv, params);
    } else {
	res = EVP_DecryptInit_ex2(ctx, cipher, key, iv, params);
    }
#endif

    if(!res) {
	Tcl_AppendResult(interp, "Initialize failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptUpdate --
 *
 *	Update an encryption function with data
 *
 * Returns:
 *	1 if successful or 0 for failure
 *
 * Side effects:
 *	Adds encrypted data to buffer or sets result to error message
 *
 *-------------------------------------------------------------------
 */
int EncryptUpdate(Tcl_Interp *interp, int type, EVP_CIPHER_CTX *ctx, unsigned char *out_buf,
	int *out_len, unsigned char *data, int data_len) {
    int res;

    dprintf("Called");

    /* Encrypt/decrypt data */
    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptUpdate(ctx, out_buf, out_len, data, data_len);
    } else {
	res = EVP_DecryptUpdate(ctx, out_buf, out_len, data, data_len);
    }

    if (res) {
	return TCL_OK;
    } else {
	Tcl_AppendResult(interp, "Update failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptFinalize --
 *
 *	Finalize an encryption function
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR for failure with result set
 *	to error message.
 *
 * Side effects:
 *	Adds encrypted data to buffer or sets result to error message
 *
 *-------------------------------------------------------------------
 */
int EncryptFinalize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX *ctx, unsigned char *out_buf,
	int *out_len) {
    int res;

    dprintf("Called");

    /* Finalize data */
    if (type == TYPE_ENCRYPT) {
	res = EVP_EncryptFinal_ex(ctx, out_buf, out_len);
    } else {
	res = EVP_DecryptFinal_ex(ctx, out_buf, out_len);
    }

    if (res) {
	return TCL_OK;
    } else {
	Tcl_AppendResult(interp, "Finalize failed: ", REASON(), NULL);
	return TCL_ERROR;
    }
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * EncryptBlockModeProc --
 *
 *	This function is invoked by the generic IO level
 *	to set blocking and nonblocking modes.
 *
 * Returns:
 *	0 if successful or POSIX error code if failed.
 *
 * Side effects:
 *	Sets the device into blocking or nonblocking mode.
 *	Can call Tcl_SetChannelError.
 *
 *-------------------------------------------------------------------
 */
static int EncryptBlockModeProc(ClientData clientData, int mode) {
    EncryptState *statePtr = (EncryptState *) clientData;

    if (mode == TCL_MODE_NONBLOCKING) {
	statePtr->flags |= TLS_TCL_ASYNC;
    } else {
	statePtr->flags &= ~(TLS_TCL_ASYNC);
    }
    return 0;
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptCloseProc --
 *
 *	This function is invoked by the generic IO level to perform
 *	channel-type specific cleanup when the channel is closed. All
 *	queued output is flushed prior to calling this function.
 *
 * Returns:
 *	0 if successful or POSIX error code if failed.
 *
 * Side effects:
 *	Deletes stored state data.
 *
 *-------------------------------------------------------------------
 */
int EncryptCloseProc(ClientData clientData, Tcl_Interp *interp) {
    EncryptState *statePtr = (EncryptState *) clientData;

    /* Cancel active timer, if any */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }

    /* Output remaining data, if any */
    if (!(statePtr->flags & CHAN_EOF)) {
	Tcl_Channel parent = Tcl_GetStackedChannel(statePtr->self);
	int out_len;
	unsigned char out_buf[EVP_MAX_BLOCK_LENGTH];

	/* Finalize function */
	if (EncryptFinalize(interp, statePtr->type, statePtr->ctx, out_buf, &out_len) == TCL_OK) {
	    if (out_len > 0) {
		int len = Tcl_WriteRaw(parent, (const char *) out_buf, out_len);
		if (len < 0) {
		    return Tcl_GetErrno();
		}
	    }
	} else {
	    /* Error */
	}

	statePtr->flags |= CHAN_EOF;
    }

    /* Clean-up */
    EncryptStateFree(statePtr);
    return 0;
}

/*
 * Same as EncryptCloseProc but with individual read and write close control
 */
static int EncryptClose2Proc(ClientData instanceData, Tcl_Interp *interp, int flags) {
    if ((flags & (TCL_CLOSE_READ | TCL_CLOSE_WRITE)) == 0) {
	return EncryptCloseProc(instanceData, interp);
    }
    return EINVAL;
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptInputProc --
 *
 *	Called by the generic IO system to read data from transform and
 *	place in buf. Transform gets data from the underlying channel.
 *
 * Returns:
 *	Total bytes read or -1 for an error along with a POSIX error
 *	code in errorCodePtr. Use EAGAIN for nonblocking and no data.
 *
 * Side effects:
 *	Read data from transform and write to buf
 *
 *----------------------------------------------------------------------
 */
int EncryptInputProc(ClientData clientData, char *buf, int toRead, int *errorCodePtr) {
    EncryptState *statePtr = (EncryptState *) clientData;
    Tcl_Channel parent;
    int read, out_len;
    *errorCodePtr = 0;
    char *in_buf;
    
    /* Abort if nothing to process */
    if (toRead <= 0 || statePtr->self == (Tcl_Channel) NULL) {
	return 0;
    }

    /* Get bytes from underlying channel */
    in_buf = Tcl_Alloc(toRead);
    parent = Tcl_GetStackedChannel(statePtr->self);
    read = Tcl_ReadRaw(parent, in_buf, toRead);

    /* Update function */
    if (read > 0) {
	/* Have data - Update function */
	if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len, in_buf, read) == TCL_OK) {
	    /* If have data, put in buf, otherwise tell TCL to try again */
	    if (out_len > 0) {
		read = out_len;
	    } else {
		*errorCodePtr = EAGAIN;
		read = -1;
	    }
	} else {
	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
	    *errorCodePtr = EINVAL;
	    read = 0;
	}

    } else if (read < 0) {
	/* Error */
	*errorCodePtr = Tcl_GetErrno();

    } else if (!(statePtr->flags & CHAN_EOF)) {
	/* EOF - Finalize function and put any remaining data in buf */
	if (EncryptFinalize(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len) == TCL_OK) {
	    read = out_len;
	} else {
	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", REASON()));
	    *errorCodePtr = EINVAL;
	    read = 0;
	}

	statePtr->flags |= CHAN_EOF;
    }
    Tcl_Free(in_buf);
    return read;
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptOutputProc --
 *
 *	Called by the generic IO system to write data in buf to transform.
 *	The transform writes the result to the underlying channel.
 *
 * Returns:
 *	Total bytes written or -1 for an error along with a POSIX error
 *	code in errorCodePtr. Use EAGAIN for nonblocking and can't write data.
 *
 * Side effects:
 *	Get data from buf and update encryption
 *
 *----------------------------------------------------------------------
 */
 int EncryptOutputProc(ClientData clientData, const char *buf, int toWrite, int *errorCodePtr) {
    EncryptState *statePtr = (EncryptState *) clientData;
    int write = 0, out_len;
    *errorCodePtr = 0;
    char *out_buf;

    /* Abort if nothing to process */
    if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
	return 0;
    }

    out_buf = Tcl_Alloc(toWrite+EVP_MAX_BLOCK_LENGTH);

    /* Update function */
    if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, out_buf, &out_len, buf, toWrite) == TCL_OK) {
	/* If have data, output it, otherwise tell TCL to try again */
	if (out_len > 0) {
	    Tcl_Channel parent = Tcl_GetStackedChannel(statePtr->self);
	    write = Tcl_WriteRaw(parent, (const char *) out_buf, out_len);
	    write = toWrite;
	} else {
	    *errorCodePtr = EAGAIN;
	    write = -1;
	}

    } else {
	Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", REASON()));
	*errorCodePtr = EINVAL;
	write = 0;
    }
    Tcl_Free(out_buf);
    return write;
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptSetOptionProc --
 *
 *	Called by the generic IO system to set channel option name to value.
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR if failed along with an error
 *	message in interp and Tcl_SetErrno.
 *
 * Side effects:
 *	Updates channel option to new value.
 *
 *----------------------------------------------------------------------
 */
static int EncryptSetOptionProc(ClientData clientData, Tcl_Interp *interp, const char *optionName,
	const char *optionValue) {
    EncryptState *statePtr = (EncryptState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverSetOptionProc *setOptionProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Delegate options downstream */
    parent = Tcl_GetStackedChannel(statePtr->self);
    setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(parent));
    if (setOptionProc != NULL) {
	return (*setOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
    } else {
	Tcl_SetErrno(EINVAL);
	return Tcl_BadChannelOption(interp, optionName, NULL);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptGetOptionProc --
 *
 *	Called by the generic IO system to get channel option name's value.
 *
 * Returns:
 *	TCL_OK if successful or TCL_ERROR if failed along with an error
 *	message in interp and Tcl_SetErrno.
 *
 * Side effects:
 *	Sets result to option's value
 *
 *----------------------------------------------------------------------
 */
static int EncryptGetOptionProc(ClientData clientData, Tcl_Interp *interp, const char *optionName,
	Tcl_DString *optionValue) {
    EncryptState *statePtr = (EncryptState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverGetOptionProc *getOptionProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Delegate options downstream */
    parent = Tcl_GetStackedChannel(statePtr->self);
    getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(parent));
    if (getOptionProc != NULL) {
	return (*getOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
    } else if (optionName == (char*) NULL) {
	/* Request is query for all options, this is ok. */
	return TCL_OK;
    } else {
	Tcl_SetErrno(EINVAL);
	return Tcl_BadChannelOption(interp, optionName, NULL);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptTimerHandler --
 *
 *	Called by the notifier via timer to flush out pending input data.
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	May call Tcl_NotifyChannel
 *
 *----------------------------------------------------------------------
 */
static void EncryptTimerHandler(ClientData clientData) {
    EncryptState *statePtr = (EncryptState *) clientData;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return;
    }

    /* Clear timer token */
    statePtr->timer = (Tcl_TimerToken) NULL;

    /* Fire event if there is pending data, skip otherwise */
    if ((statePtr->watchMask & TCL_READABLE) && (Tcl_InputBuffered(statePtr->self) > 0)) {
	Tcl_NotifyChannel(statePtr->self, TCL_READABLE);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptWatchProc --
 *
 *	Initialize the notifier to watch for events from this channel.
 *
 * Returns:
 *	Nothing (can't return error messages)
 *
 * Side effects:
 *	Configure notifier so future events on the channel will be seen by Tcl.
 *
 *----------------------------------------------------------------------
 */
void EncryptWatchProc(ClientData clientData, int mask) {
    EncryptState *statePtr = (EncryptState *) clientData;
    Tcl_Channel parent;
    Tcl_DriverWatchProc *watchProc;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return;
    }

    /* Store OR-ed combination of TCL_READABLE, TCL_WRITABLE and TCL_EXCEPTION */
    statePtr->watchMask = mask;

    /* Propagate mask info to parent channel */
    parent = Tcl_GetStackedChannel(statePtr->self);
    watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent));
    watchProc(Tcl_GetChannelInstanceData(parent), mask);

    /* Remove pending timer */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }

    /* If there is data pending, set new timer to call Tcl_NotifyChannel */
    if ((mask & TCL_READABLE) && (Tcl_InputBuffered(statePtr->self) > 0)) {
	statePtr->timer = Tcl_CreateTimerHandler(READ_DELAY, EncryptTimerHandler, (ClientData) statePtr);
    }
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptGetHandleProc --
 *
 *	Called from Tcl_GetChannelHandle to retrieve OS specific file handle
 *	from inside this channel. Not used for transformations?
 *
 * Returns:
 *	TCL_OK for success or TCL_ERROR for error or if not supported. If
 *	direction is TCL_READABLE, sets handlePtr to the handle used for
 *	input, or if TCL_WRITABLE sets to the handle used for output.
 *
 * Side effects:
 *	None
 *
 *----------------------------------------------------------------------
 */
int EncryptGetHandleProc(ClientData clientData, int direction, ClientData *handlePtr) {
    EncryptState *statePtr = (EncryptState *) clientData;
    Tcl_Channel parent;

    /* Abort if no channel */
    if (statePtr->self == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    parent = Tcl_GetStackedChannel(statePtr->self);
    return Tcl_GetChannelHandle(parent, direction, handlePtr);
}

/*
 *----------------------------------------------------------------------
 *
 * EncryptNotifyProc --
 *
 *	Called by Tcl to inform us of activity on the underlying channel.
 *
 * Returns:
 *	Unchanged interestMask which is an OR-ed combination of TCL_READABLE or TCL_WRITABLE
 *
 * Side effects:
 *	Cancels any pending timer.
 *
 *----------------------------------------------------------------------
 */
int EncryptNotifyProc(ClientData clientData, int interestMask) {
    EncryptState *statePtr = (EncryptState *) clientData;

    /* Skip timer event as redundant */
    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = (Tcl_TimerToken) NULL;
    }
    return interestMask;
}

/*
 *
 * Channel type structure definition for encryption transformations.
 *
 */
static const Tcl_ChannelType encryptChannelType = {
    "encryption",		/* Type name */
    TCL_CHANNEL_VERSION_5,	/* v5 channel */
    EncryptCloseProc,		/* Close proc */
    EncryptInputProc,		/* Input proc */
    EncryptOutputProc,		/* Output proc */
    NULL,			/* Seek proc */
    EncryptSetOptionProc,	/* Set option proc */
    EncryptGetOptionProc,	/* Get option proc */
    EncryptWatchProc,		/* Initialize notifier */
    EncryptGetHandleProc,	/* Get OS handles out of channel */
    EncryptClose2Proc,		/* close2proc */
    EncryptBlockModeProc,	/* Set blocking/nonblocking mode*/
    NULL,			/* Flush proc */
    EncryptNotifyProc,		/* Handling of events bubbling up */
    NULL,			/* Wide seek proc */
    NULL,			/* Thread action */
    NULL			/* Truncate */
};

/*
 *----------------------------------------------------------------------
 *
 * EncryptChannelHandler --
 *
 *	Create a stacked channel for a message encryption transformation.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Adds transform to channel and sets result to channel id or error message.
 *
 *----------------------------------------------------------------------
 */
static int EncryptChannelHandler(Tcl_Interp *interp, int type, const char *channel,
	Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
    Tcl_Channel chan;
    EncryptState *statePtr;

    dprintf("Called");

    /* Validate args */
    if (channel == (const char *) NULL) {
	Tcl_AppendResult(interp, "No channel", (char *) NULL);
	return TCL_ERROR;
    }

    /* Get channel Id */
    chan = Tcl_GetChannel(interp, channel, &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    /* Configure channel */
    Tcl_SetChannelOption(interp, chan, "-translation", "binary");

    /* Create state data structure */
    if ((statePtr = EncryptStateNew(interp, type)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }
    statePtr->self = chan;
    statePtr->mode = mode;

    /* Initialize function */
    if (EncryptInitialize(interp, type, &statePtr->ctx, cipherObj, keyObj, ivObj) != TCL_OK) {
	EncryptStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Stack channel */
    statePtr->self = Tcl_StackChannel(interp, &encryptChannelType, (ClientData) statePtr, mode, chan);
    if (statePtr->self == (Tcl_Channel) NULL) {
	EncryptStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Set result to channel Id */
    Tcl_SetResult(interp, (char *) Tcl_GetChannelName(chan), TCL_VOLATILE);
    return TCL_OK;
}

/*
 *----------------------------------------------------------------------
 *
 * Unstack Channel --
 *
 *	This function removes the stacked channel from the top of the
 *	channel stack if it is a encryption channel.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Removes transform from channel or sets result to error message.
 *
 *----------------------------------------------------------------------
 */
static int EncryptUnstackObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Channel chan;
    int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE  */

    dprintf("Called");

    /* Validate arg count */
    if (objc != 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channelId");
	return TCL_ERROR;
    }

    /* Get channel */
    chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), &mode);
    if (chan == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Make sure to operate on the topmost channel */
    chan = Tcl_GetTopChannel(chan);

    /* Check if encryption channel */
    if (Tcl_GetChannelType(chan) != &encryptChannelType) {
	Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan),
	    "\": not a encryption channel", NULL);
	Tcl_SetErrorCode(interp, "TLS", "UNSTACK", "CHANNEL", "INVALID", (char *) NULL);
	return TCL_ERROR;
    }

    /* Pop transform from channel */
    return Tcl_UnstackChannel(interp, chan);
    	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * EncryptInstanceObjCmd --
 *
 *	Handler for encrypt/decrypt command instances. Used to update
 *	and finalize data for encrypt/decrypt function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Adds data to encrypt/decrypt function
 *
 *-------------------------------------------------------------------
 */
int EncryptInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    EncryptState *statePtr = (EncryptState *) clientData;
    int fn, data_len = 0, out_len;
    char *data = NULL;
    Tcl_Obj *resultObj;
    unsigned char *out_buf;
    static const char *instance_fns [] = { "finalize", "update", NULL };

    dprintf("Called");

    /* Validate arg count */
    if (objc < 2 || objc > 3) {
	Tcl_WrongNumArgs(interp, 1, objv, "function ?data?");
	return TCL_ERROR;
    }

    /* Get function */
    if (Tcl_GetIndexFromObj(interp, objv[1], instance_fns, "function", 0, &fn) != TCL_OK) {
	return TCL_ERROR;
    }

    /* Allocate storage for result. Size should be data size + block size. */
    resultObj = Tcl_NewObj();
    out_buf = Tcl_SetByteArrayLength(resultObj, data_len+EVP_MAX_BLOCK_LENGTH);
    if (resultObj == NULL || out_buf == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	Tcl_DecrRefCount(resultObj);
	return TCL_ERROR;
    }

    /* Do function */
    if (fn) {
	/* Get data or return error if none */
	if (objc == 3) {
	    data = Tcl_GetByteArrayFromObj(objv[2], &data_len);
	} else {
	    Tcl_WrongNumArgs(interp, 1, objv, "update data");
	    Tcl_DecrRefCount(resultObj);
	    return TCL_ERROR;
	}

	/* Update function */
	if (EncryptUpdate(interp, statePtr->type, statePtr->ctx, out_buf, &out_len, data, data_len) == TCL_OK) {
	    out_buf = Tcl_SetByteArrayLength(resultObj, out_len);
	    Tcl_SetObjResult(interp, resultObj);
	} else {
	    Tcl_DecrRefCount(resultObj);
	    return TCL_ERROR;
	}

    } else {
	/* Finalize function */
	if (EncryptFinalize(interp, statePtr->type, statePtr->ctx, out_buf, &out_len) == TCL_OK) {
	    out_buf = Tcl_SetByteArrayLength(resultObj, out_len);
	    Tcl_SetObjResult(interp, resultObj);
	} else {
	    Tcl_DecrRefCount(resultObj);
	    return TCL_ERROR;
	}

	/* Clean-up */
	Tcl_DeleteCommandFromToken(interp, statePtr->token);
    }
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptCommandDeleteHandler --
 *
 *	 Callback to clean-up when encrypt/decrypt command is deleted.
 *
 * Returns:
 *	Nothing
 *
 * Side effects:
 *	Destroys state info structure
 *
 *-------------------------------------------------------------------
 */
void EncryptCommandDeleteHandler(ClientData clientData) {
    EncryptState *statePtr = (EncryptState *) clientData;

    /* Clean-up */
    EncryptStateFree(statePtr);
}

/*
 *-------------------------------------------------------------------
 *
 * EncryptCommandHandler --
 *
 *	 Create command to add data to encrypt/decrypt function.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates command or error message
 *
 *-------------------------------------------------------------------
 */
int EncryptCommandHandler(Tcl_Interp *interp, int type, Tcl_Obj *cmdObj,
	Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    EncryptState *statePtr;
    char *cmdName = Tcl_GetStringFromObj(cmdObj, NULL);

    dprintf("Called");

    if ((statePtr = EncryptStateNew(interp, type)) == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Initialize function */
    if (EncryptInitialize(interp, type, &statePtr->ctx, cipherObj, keyObj, ivObj) != TCL_OK) {
	EncryptStateFree(statePtr);
	return TCL_ERROR;
    }

    /* Create instance command */
    statePtr->token = Tcl_CreateObjCommand(interp, cmdName, EncryptInstanceObjCmd,
	(ClientData) statePtr, EncryptCommandDeleteHandler);

    /* Return command name */
    Tcl_SetObjResult(interp, cmdObj);
    return TCL_OK;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * EncryptDataHandler --
 *
 *	Perform encryption function on a block of data and return result.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result or error message
 *
 *-------------------------------------------------------------------
 */
int EncryptDataHandler(Tcl_Interp *interp, int type, Tcl_Obj *dataObj, Tcl_Obj *cipherObj,
	Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    EVP_CIPHER_CTX *ctx = NULL;
    int data_len = 0, out_len = 0, len = 0, res = TCL_OK;
    unsigned char *data, *out_buf;
    Tcl_Obj *resultObj;

    dprintf("Called");

    /* Get data */
    if (dataObj != NULL) {
	data = Tcl_GetByteArrayFromObj(dataObj, &data_len);
    } else {
	Tcl_AppendResult(interp, "No data", NULL);
	return TCL_ERROR;
    }

    /* Allocate storage for result. Size should be data size + block size. */
    resultObj = Tcl_NewObj();
    out_buf = Tcl_SetByteArrayLength(resultObj, data_len+EVP_MAX_BLOCK_LENGTH);
    if (resultObj == NULL || out_buf == NULL) {
	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
	return TCL_ERROR;
    }

    /* Perform operation */
    if (EncryptInitialize(interp, type, &ctx, cipherObj, keyObj, ivObj) != TCL_OK ||
	EncryptUpdate(interp, type, ctx, out_buf, &out_len, data, data_len) != TCL_OK ||
	EncryptFinalize(interp, type, ctx, out_buf+out_len, &len) != TCL_OK) {
	res = TCL_ERROR;
	goto done;
    }
    out_len += len;

done:
    /* Set output result */
    if (res == TCL_OK) {
	out_buf = Tcl_SetByteArrayLength(resultObj, out_len);
	Tcl_SetObjResult(interp, resultObj);
    } else {
	Tcl_DecrRefCount(resultObj);
	/* Result is error message */
    }

    /* Clean up */
    if (ctx != NULL) {
	EVP_CIPHER_CTX_free(ctx);
    }
    return res;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * EncryptFileHandler --
 *
 *	Perform encryption function on a block of data and return result.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Encrypts or decrypts inFile data to outFile and sets result to
 *	size of outFile, or an error message.
 *
 *-------------------------------------------------------------------
 */
int EncryptFileHandler(Tcl_Interp *interp, int type, Tcl_Obj *inFileObj, Tcl_Obj *outFileObj,
	Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
    EVP_CIPHER_CTX *ctx = NULL;
    int total = 0, res, out_len = 0, len;
    Tcl_Channel in = NULL, out = NULL;
    unsigned char in_buf[BUFFER_SIZE];
    unsigned char out_buf[BUFFER_SIZE+EVP_MAX_BLOCK_LENGTH];

    dprintf("Called");

    /* Open input file */
    if ((in = Tcl_FSOpenFileChannel(interp, inFileObj, "rb", 0444)) == (Tcl_Channel) NULL) {
	return TCL_ERROR;
    }

    /* Open output file */
    if ((out = Tcl_FSOpenFileChannel(interp, outFileObj, "wb", 0644)) == (Tcl_Channel) NULL) {
	Tcl_Close(interp, in);
	return TCL_ERROR;
    }

    /* Initialize operation */
    if ((res = EncryptInitialize(interp, type, &ctx, cipherObj, keyObj, ivObj)) != TCL_OK) {
	goto done;
    }

    /* Read file data from inFile, encrypt/decrypt it, then output to outFile */
    while (!Tcl_Eof(in)) {
	int read = Tcl_ReadRaw(in, (char *) in_buf, BUFFER_SIZE);
	if (read > 0) {
	    if ((res = EncryptUpdate(interp, type, ctx, out_buf, &out_len, in_buf, read)) == TCL_OK) {
		if (out_len > 0) {
		    len = Tcl_WriteRaw(out, (const char *) out_buf, out_len);
		    if (len >= 0) {
			total += len;
		    } else {
			Tcl_AppendResult(interp, "Write error: ", Tcl_ErrnoMsg(Tcl_GetErrno()), (char *) NULL);
			res = TCL_ERROR;
			goto done;
		    }
		}
	    } else {
		goto done;
	    }
	} else if (read < 0) {
	    Tcl_AppendResult(interp, "Read error: ", Tcl_ErrnoMsg(Tcl_GetErrno()), (char *) NULL);
	    res = TCL_ERROR;
	    goto done;
	}
    }

    /* Finalize data and write any remaining data in block */
    if ((res = EncryptFinalize(interp, type, ctx, out_buf, &out_len)) == TCL_OK) {
	if (out_len > 0) {
	    len = Tcl_WriteRaw(out, (const char *) out_buf, out_len);
	    if (len >= 0) {
		total += len;
	    } else {
		Tcl_AppendResult(interp, "Write error: ", Tcl_ErrnoMsg(Tcl_GetErrno()), (char *) NULL);
		res = TCL_ERROR;
		goto done;
	    }
	}
	Tcl_SetObjResult(interp, Tcl_NewIntObj(total));
    } else {
	goto done;
    }

done:
    /* Clean up */
    if (in != NULL) {
	Tcl_Close(interp, in);
    }
    if (out != NULL) {
	Tcl_Close(interp, out);
    }
    if (ctx != NULL) {
	EVP_CIPHER_CTX_free(ctx);
    }
    return res;
}

/*******************************************************************/

static const char *command_opts [] = {
    "-chan", "-channel", "-cipher", "-command", "-data", "-digest", "-infile", "-filename",
    "-outfile", "-hash", "-iv", "-key", "-mac", NULL};

enum _command_opts {
    _opt_chan, _opt_channel, _opt_cipher, _opt_command, _opt_data, _opt_digest, _opt_infile,
    _opt_filename, _opt_outfile, _opt_hash, _opt_iv, _opt_key, _opt_mac
};

/*
 *-------------------------------------------------------------------
 *
 * EncryptMain --
 *
 *	Perform encryption function and return result.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result or error message
 *
 *-------------------------------------------------------------------
 */
static int EncryptMain(int type, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *cipherObj = NULL, *cmdObj = NULL, *dataObj = NULL, *digestObj = NULL;
    Tcl_Obj *inFileObj = NULL, *outFileObj = NULL, *keyObj = NULL, *ivObj = NULL, *macObj = NULL;
    const char *channel = NULL, *opt;
    int res, start = 1, fn;

    dprintf("Called");

    /* Clear interp result */
    Tcl_ResetResult(interp);

    /* Validate arg count */
    if (objc < 3 || objc > 12) {
	Tcl_WrongNumArgs(interp, 1, objv, "?-cipher? name ?-digest name? -key key ?-iv string? ?-mac name? [-channel chan | -command cmdName | -infile filename -outfile filename | ?-data? data]");
	return TCL_ERROR;
    }

    /* Special case of first arg is cipher */
    opt = Tcl_GetStringFromObj(objv[start], NULL);
    if (opt[0] != '-') {
	switch(type) {
	case TYPE_ENCRYPT:
	case TYPE_DECRYPT:
	    cipherObj = objv[start++];
	    break;
	}
    }

    /* Get options */
    for (int idx = start; idx < objc; idx++) {
	/* Special case for when last arg is data */
	if (idx == objc - 1) {
	opt = Tcl_GetStringFromObj(objv[idx], NULL);
	    if (opt[0] != '-' && dataObj == NULL) {
		dataObj = objv[idx];
		break;
	    }
	}

	/* Get option */
	if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
	    return TCL_ERROR;
	}

	/* Validate arg has value */
	if (++idx >= objc) {
	    Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
	return TCL_ERROR;
    }

	switch(fn) {
	case _opt_chan:
	case _opt_channel:
    	    GET_OPT_STRING(objv[idx], channel, NULL);
	    break;
	case _opt_cipher:
	    cipherObj = objv[idx];
	    break;
	case _opt_command:
	    cmdObj = objv[idx];
	    break;
	case _opt_data:
	    dataObj = objv[idx];
	    break;
	case _opt_digest:
	case _opt_hash:
	    digestObj = objv[idx];
	    break;
	case _opt_infile:
	case _opt_filename:
	    inFileObj = objv[idx];
	    break;
	case _opt_outfile:
	    outFileObj = objv[idx];
	    break;
	case _opt_iv:
	    ivObj = objv[idx];
	    break;
	case _opt_key:
	    keyObj = objv[idx];
	    break;
	case _opt_mac:
	    macObj = objv[idx];
	    break;
	}
    }

    /* Check for required options */
    if (cipherObj == NULL) {
	Tcl_AppendResult(interp, "No cipher", NULL);
    } else if (keyObj == NULL) {
	Tcl_AppendResult(interp, "No key", NULL);
	return TCL_ERROR;
    }

    /* Perform encryption function on file, stacked channel, using instance command, or data blob */
    if (inFileObj != NULL && outFileObj != NULL) {
	res = EncryptFileHandler(interp, type, inFileObj, outFileObj, cipherObj, digestObj, keyObj, ivObj);
    } else if (channel != NULL) {
	res = EncryptChannelHandler(interp, type, channel, cipherObj, digestObj, keyObj, ivObj);
    } else if (cmdObj != NULL) {
	res = EncryptCommandHandler(interp, type, cmdObj, cipherObj, digestObj, keyObj, ivObj);
    } else if (dataObj != NULL) {
	res = EncryptDataHandler(interp, type, dataObj, cipherObj, digestObj, keyObj, ivObj);
    } else {
	Tcl_AppendResult(interp, "No operation specified: Use -channel, -command, -data, or -infile option", NULL);
	res = TCL_ERROR;
    }
    return res;
}

/*
 *-------------------------------------------------------------------
 *
 * Encryption Commands --
 *
 *	Perform encryption function and return results
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Command dependent
 *
 *-------------------------------------------------------------------
 */
static int EncryptObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return EncryptMain(TYPE_ENCRYPT, interp, objc, objv);
}

static int DecryptObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    return EncryptMain(TYPE_DECRYPT, interp, objc, objv);
}

/*
 *-------------------------------------------------------------------
 *
 * Encrypt_Initialize --
 *
 *	Create namespace, commands, and register package version
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates commands
 *
 *-------------------------------------------------------------------
 */
int Tls_EncryptCommands(Tcl_Interp *interp) {
    Tcl_CreateObjCommand(interp, "tls::encrypt", EncryptObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::decrypt", DecryptObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::unstack2", EncryptUnstackObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    return TCL_OK;
}

Modified generic/tlsIO.c from [fb8d969c33] to [0b06e53585].

159
160
161
162
163
164
165
166

167
168
169
170
171
172
173
159
160
161
162
163
164
165

166
167
168
169
170
171
172
173







-
+







		dprintf("Flushing the lower layers failed, this will probably terminate this session");
	    }
	}

	rc = SSL_get_error(statePtr->ssl, err);

	dprintf("Got error: %i (rc = %i)", err, rc);
	dprintf("Got error: %s", ERR_reason_error_string(ERR_get_error()));
	dprintf("Got error: %s", REASON());

	bioShouldRetry = 0;
	if (err <= 0) {
	    if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT || rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) {
		bioShouldRetry = 1;
	    } else if (BIO_should_retry(statePtr->bio)) {
		bioShouldRetry = 1;
230
231
232
233
234
235
236
237

238
239
240
241
242
243
244
230
231
232
233
234
235
236

237
238
239
240
241
242
243
244







-
+







	    }

	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
	    return(-1);

	case SSL_ERROR_SSL:
	    dprintf("Got permanent fatal SSL error, aborting immediately");
	    Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error()));
	    Tls_Error(statePtr, (char *)REASON());
	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
	    *errorCodePtr = ECONNABORTED;
	    return(-1);

	case SSL_ERROR_WANT_CONNECT:
	case SSL_ERROR_WANT_ACCEPT:
	case SSL_ERROR_WANT_X509_LOOKUP:

Added generic/tlsInfo.c version [13359ae431].




























































































































































































































































































































































































































































































































































































































































































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
/*
 * Information Commands Module
 *
 * Provides commands that return info related to the OpenSSL config and data.
 *
 * Copyright (C) 2023 Brian O'Hagan
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/safestack.h>

/*
 * Valid SSL and TLS Protocol Versions
 */
static const char *protocols[] = {
	"ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL
};
enum protocol {
    TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE
};

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * NamesCallback --
 *
 *	Callback to add algorithm or method names to a TCL list object.
 *
 * Results:
 *	Append name to TCL list object.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
void NamesCallback(const OBJ_NAME *obj, void *arg) {
    Tcl_Obj *listObj = (Tcl_Obj *) arg;

    /* Fields: (int) type and alias, (const char*) name (alias from) and data (alias to) */
    if (strstr(obj->name, "rsa") == NULL && strstr(obj->name, "RSA") == NULL) {
	Tcl_ListObjAppendElement(NULL, listObj, Tcl_NewStringObj(obj->name,-1));
    }
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * CipherInfo --
 *
 *	Return a list of properties and values for cipher.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int CipherInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    const EVP_CIPHER *cipher;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags, mode;
    unsigned char *modeName = NULL;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    /* Get cipher */
    cipher = EVP_get_cipherbyname(name);

    if (cipher == NULL) {
	Tcl_AppendResult(interp, "Invalid cipher \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }
    LAPPEND_STR(interp, resultObj, "nid", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), -1);
    LAPPEND_STR(interp, resultObj, "name", EVP_CIPHER_name(cipher), -1);
    LAPPEND_STR(interp, resultObj, "description", "", -1);
    LAPPEND_INT(interp, resultObj, "block_size", EVP_CIPHER_block_size(cipher));
    LAPPEND_INT(interp, resultObj, "key_length", EVP_CIPHER_key_length(cipher));
    LAPPEND_INT(interp, resultObj, "iv_length", EVP_CIPHER_iv_length(cipher));
    LAPPEND_STR(interp, resultObj, "type", OBJ_nid2ln(EVP_CIPHER_type(cipher)), -1);
    LAPPEND_STR(interp, resultObj, "provider", "", -1);
    flags = EVP_CIPHER_flags(cipher);
    mode  = EVP_CIPHER_mode(cipher);

    /* EVP_CIPHER_get_mode */
    switch(mode) {
	case EVP_CIPH_STREAM_CIPHER:
	    modeName = "STREAM";
	    break;
	case EVP_CIPH_ECB_MODE:
	    modeName = "ECB";
	    break;
	case EVP_CIPH_CBC_MODE:
	    modeName = "CBC";
	    break;
	case EVP_CIPH_CFB_MODE:
	    modeName = "CFB";
	    break;
	case EVP_CIPH_OFB_MODE:
	    modeName = "OFB";
	    break;
	case EVP_CIPH_CTR_MODE:
	    modeName = "CTR";
	    break;
	case EVP_CIPH_GCM_MODE:
	    modeName = "GCM";
	    break;
	case EVP_CIPH_XTS_MODE:
	    modeName = "XTS";
	    break;
	case EVP_CIPH_CCM_MODE:
	    modeName = "CCM";
	    break;
	case EVP_CIPH_OCB_MODE:
	    modeName = "OCB";
	    break;
	case EVP_CIPH_WRAP_MODE :
	    modeName = "WRAP";
	    break;
	default:
	    modeName = "unknown";
	    break;
    }
    LAPPEND_STR(interp, resultObj, "mode", modeName, -1);

    /* Flags */
    listObj = Tcl_NewListObj(0, NULL);
    LAPPEND_BOOL(interp, listObj, "Variable Length", flags & EVP_CIPH_VARIABLE_LENGTH);
    LAPPEND_BOOL(interp, listObj, "Always Call Init", flags & EVP_CIPH_ALWAYS_CALL_INIT);
    LAPPEND_BOOL(interp, listObj, "Custom IV", flags & EVP_CIPH_CUSTOM_IV);
    LAPPEND_BOOL(interp, listObj, "Control Init", flags & EVP_CIPH_CTRL_INIT);
    LAPPEND_BOOL(interp, listObj, "Custom Cipher", flags & EVP_CIPH_FLAG_CUSTOM_CIPHER);
    LAPPEND_BOOL(interp, listObj, "AEAD Cipher", flags & EVP_CIPH_FLAG_AEAD_CIPHER);
    LAPPEND_BOOL(interp, listObj, "Custom Copy", flags & EVP_CIPH_CUSTOM_COPY);
    LAPPEND_BOOL(interp, listObj, "Non FIPS Allow", flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW);
    LAPPEND_OBJ(interp, resultObj, "flags", listObj);

    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * CipherList --
 *
 *	Return a list of all cipher algorithms
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int CipherList(Tcl_Interp *interp) {
    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }

    /* Same as EVP_CIPHER_do_all */
    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NamesCallback, (void *) resultObj);
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * CipherObjCmd --
 *
 *	Return a list of properties and values for cipherName.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
static int CipherObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc == 1) {
	return CipherList(interp);

    } else if (objc == 2) {
	return CipherInfo(interp, objv[1]);

    } else {
	Tcl_WrongNumArgs(interp, 1, objv, "?name?");
	return TCL_ERROR;
    }
    return TCL_OK;
	clientData = clientData;
}

/*
 *-------------------------------------------------------------------
 *
 * CiphersObjCmd --
 *
 *	This procedure is invoked to process the "tls::ciphers" command
 *	to list available ciphers, based upon protocol selected.
 *
 * Results:
 *	A standard Tcl result list.
 *
 * Side effects:
 *	constructs and destroys SSL context (CTX)
 *
 *-------------------------------------------------------------------
 */
static int CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk = NULL;
    int index, verbose = 0, use_supported = 0, res = TCL_OK;
    int min_version, max_version;

    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc > 4) {
	Tcl_WrongNumArgs(interp, 1, objv, "?protocol? ?verbose? ?supported?");
	return TCL_ERROR;
    }

    /* List all ciphers */
    if (objc == 1) {
	return CipherList(interp);
    }

    /* Get options */
    if (Tcl_GetIndexFromObj(interp, objv[1], protocols, "protocol", 0, &index) != TCL_OK ||
	(objc > 2 && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) ||
	(objc > 3 && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK)) {
	return TCL_ERROR;
    }

    switch ((enum protocol)index) {
	case TLS_SSL2:
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
	case TLS_SSL3:
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = SSL3_VERSION;
            max_version = SSL3_VERSION;
	    break;
#endif
	case TLS_TLS1:
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_VERSION;
            max_version = TLS1_VERSION;
	    break;
#endif
	case TLS_TLS1_1:
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_1_VERSION;
            max_version = TLS1_1_VERSION;
	    break;
#endif
	case TLS_TLS1_2:
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2_METHOD)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_2_VERSION;
            max_version = TLS1_2_VERSION;
	    break;
#endif
	case TLS_TLS1_3:
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
	    Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL);
	    return TCL_ERROR;
#else
            min_version = TLS1_3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
#endif
	default:
            min_version = SSL3_VERSION;
            max_version = TLS1_3_VERSION;
	    break;
    }

    /* Create context */
    if ((ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	return TCL_ERROR;
    }

    /* Set protocol versions */
    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0 ||
	SSL_CTX_set_max_proto_version(ctx, max_version) == 0) {
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Create SSL context */
    if ((ssl = SSL_new(ctx)) == NULL) {
	Tcl_AppendResult(interp, REASON(), NULL);
	SSL_CTX_free(ctx);
	return TCL_ERROR;
    }

    /* Use list and order as would be sent in a ClientHello or all available ciphers */
    if (use_supported) {
	sk = SSL_get1_supported_ciphers(ssl);
    } else {
	sk = SSL_get_ciphers(ssl);
	/*sk = SSL_CTX_get_ciphers(ctx);*/
    }

    if (sk != NULL) {
	Tcl_Obj *resultObj = NULL;

	if (!verbose) {
	    char *cp;
	    resultObj = Tcl_NewListObj(0, NULL);
	    if (resultObj == NULL) {
		res = TCL_ERROR;
		goto done;
	    }

	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
		if (c == NULL) continue;

		/* cipher name or (NONE) */
		cp = SSL_CIPHER_get_name(c);
		if (cp == NULL) break;
		Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(cp, -1));
	    }

	} else {
	    char buf[BUFSIZ];
	    resultObj = Tcl_NewStringObj("",0);
	    if (resultObj == NULL) {
		res = TCL_ERROR;
		goto done;
	    }

	    for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
		const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
		if (c == NULL) continue;

		/* textual description of the cipher */
		if (SSL_CIPHER_description(c, buf, sizeof(buf)) != NULL) {
		    Tcl_AppendToObj(resultObj, buf, (Tcl_Size) strlen(buf));
		} else {
		    Tcl_AppendToObj(resultObj, "UNKNOWN\n", 8);
		}
	    }
	}

	/* Clean up */
	if (use_supported) {
	    sk_SSL_CIPHER_free(sk);
	}
	Tcl_SetObjResult(interp, resultObj);
    }

done:
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    return res;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * DigestInfo --
 *
 *	Return a list of properties and values for digest.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int DigestInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    EVP_MD *md;
    Tcl_Obj *resultObj, *listObj;
    unsigned long flags;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    /* Get message digest */
    md = EVP_get_digestbyname(name);

    if (md == NULL) {
	Tcl_AppendResult(interp, "Invalid digest \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }
    LAPPEND_STR(interp, resultObj, "name", EVP_MD_name(md), -1);
    LAPPEND_STR(interp, resultObj, "description", "", -1);
    LAPPEND_INT(interp, resultObj, "size", EVP_MD_size(md));
    LAPPEND_INT(interp, resultObj, "block_size", EVP_MD_block_size(md));
    LAPPEND_STR(interp, resultObj, "provider", "", -1);
    LAPPEND_STR(interp, resultObj, "type", OBJ_nid2ln(EVP_MD_type(md)), -1);
    LAPPEND_STR(interp, resultObj, "pkey_type", OBJ_nid2ln(EVP_MD_pkey_type(md)), -1);
    flags = EVP_MD_flags(md);

    /* Flags */
    listObj = Tcl_NewListObj(0, NULL);
    LAPPEND_BOOL(interp, listObj, "One-shot", flags & EVP_MD_FLAG_ONESHOT);
    LAPPEND_BOOL(interp, listObj, "XOF", flags & EVP_MD_FLAG_XOF);
    LAPPEND_BOOL(interp, listObj, "DigestAlgorithmId_NULL", flags & EVP_MD_FLAG_DIGALGID_NULL);
    LAPPEND_BOOL(interp, listObj, "DigestAlgorithmId_Abscent", flags & EVP_MD_FLAG_DIGALGID_ABSENT);
    LAPPEND_BOOL(interp, listObj, "DigestAlgorithmId_Custom", flags & EVP_MD_FLAG_DIGALGID_CUSTOM);
    LAPPEND_BOOL(interp, listObj, "FIPS", flags & EVP_MD_FLAG_FIPS);
    LAPPEND_OBJ(interp, resultObj, "flags", listObj);

    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestList --
 *
 *	Return a list of all digest algorithms
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int DigestList(Tcl_Interp *interp) {
    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }

    /* Same as EVP_MD_do_all */
    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NamesCallback, (void *) resultObj);
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * DigestsObjCmd --
 *
 *	Return a list of all valid hash algorithms or message digests.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int DigestsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();


    /* Validate arg count */
    if (objc == 1) {
	return DigestList(interp);

    } else if (objc == 2) {
	return DigestInfo(interp, objv[1]);

    } else {
	Tcl_WrongNumArgs(interp, 1, objv, "?name?");
	return TCL_ERROR;
    }
    return TCL_OK;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * MacInfo --
 *
 *	Return a list of properties and values for macName.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int MacInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);

    if (strcmp(name, "cmac") != 0 && strcmp(name, "hmac") != 0) {
	Tcl_AppendResult(interp, "Invalid MAC \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }
    LAPPEND_STR(interp, resultObj, "name", name, -1);
    LAPPEND_STR(interp, resultObj, "description", "", -1);
    LAPPEND_STR(interp, resultObj, "provider", "", -1);

    Tcl_SetObjResult(interp, resultObj);
    return res;
}

/*
 *-------------------------------------------------------------------
 *
 * MacList --
 *
 *	Return a list of all MAC algorithms
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int MacList(Tcl_Interp *interp) {
    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }

    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("cmac", -1));
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("hmac", -1));
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * MacsObjCmd --
 *
 *	Return a list of all valid message authentication codes (MAC).
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int MacsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc == 1) {
	return MacList(interp);

    } else if (objc == 2) {
	return MacInfo(interp, objv[1]);

    } else {
	Tcl_WrongNumArgs(interp, 1, objv, "?name?");
	return TCL_ERROR;
    }
    return TCL_OK;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * PkeyInfo --
 *
 *	Return a list of properties and values for pkey.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int PkeyInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
    Tcl_Obj *resultObj;
    int res = TCL_OK;
    char *name = Tcl_GetStringFromObj(nameObj,NULL);
    EVP_PKEY *pkey = NULL;

    if (pkey == NULL) {
	Tcl_AppendResult(interp, "Invalid public key method \"", name, "\"", NULL);
	return TCL_ERROR;
    }

    /* Get properties */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }
    LAPPEND_STR(interp, resultObj, "name", OBJ_nid2ln(EVP_PKEY_id(pkey)), -1);
    LAPPEND_STR(interp, resultObj, "description", "", -1);
    LAPPEND_INT(interp, resultObj, "size", EVP_PKEY_size(pkey));
    LAPPEND_INT(interp, resultObj, "bits", EVP_PKEY_bits(pkey));
    LAPPEND_INT(interp, resultObj, "security_bits", EVP_PKEY_security_bits(pkey));
    LAPPEND_STR(interp, resultObj, "baseId", OBJ_nid2ln(EVP_PKEY_base_id(pkey)), -1);
    LAPPEND_STR(interp, resultObj, "provider", "", -1);
    LAPPEND_STR(interp, resultObj, "type", OBJ_nid2ln(EVP_PKEY_type(EVP_PKEY_id(pkey))), -1);

    {
	int pnid;
	if (EVP_PKEY_get_default_digest_nid(pkey, &pnid) > 0) {
	    LAPPEND_STR(interp, resultObj, "default_digest", OBJ_nid2ln(pnid), -2);
	}
    }

    Tcl_SetObjResult(interp, resultObj);
    return res;
}

/*
 *-------------------------------------------------------------------
 *
 * PkeyList --
 *
 *	Return a list of all public key methods
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int PkeyList(Tcl_Interp *interp) {
    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }

    for (size_t i = 0; i < EVP_PKEY_meth_get_count(); i++) {
        const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
        int pkey_id, pkey_flags;

        EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
	/*LAPPEND_STR(interp, resultObj, "name", OBJ_nid2ln(pkey_id), -1);
	LAPPEND_STR(interp, resultObj, "type", pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Built-in", -1);*/

	Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(OBJ_nid2ln(pkey_id), -1));
    }
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
}

/*
 *-------------------------------------------------------------------
 *
 * PkeysObjCmd --
 *
 *	Return a list of all valid hash algorithms or message digests.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
int PkeysObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc == 1) {
	return PkeyList(interp);

    } else if (objc == 2) {
	return PkeyInfo(interp, objv[1]);

    } else {
	Tcl_WrongNumArgs(interp, 1, objv, "?name?");
	return TCL_ERROR;
    }
    return TCL_OK;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * ProtocolsObjCmd --
 *
 *	Return a list of the available or supported SSL/TLS protocols.
 *
 * Results:
 *	A standard Tcl list.
 *
 * Side effects:
 *	none
 *
 *-------------------------------------------------------------------
 */
static int
ProtocolsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *resultObj;

    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc != 1) {
	Tcl_WrongNumArgs(interp, 1, objv, NULL);
	return TCL_ERROR;
    }

    /* List all protocols */
    resultObj = Tcl_NewListObj(0, NULL);
    if (resultObj == NULL) {
	return TCL_ERROR;
    }
#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_SSL2], -1));
#endif
#if !defined(NO_SSL3) && !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_SSL3], -1));
#endif
#if !defined(NO_TLS1) && !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_TLS1], -1));
#endif
#if !defined(NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_TLS1_1], -1));
#endif
#if !defined(NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_TLS1_2], -1));
#endif
#if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3)
    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(protocols[TLS_TLS1_3], -1));
#endif
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * VersionObjCmd --
 *
 *	Return a string with the OpenSSL version info.
 *
 * Results:
 *	A standard Tcl result.
 *
 * Side effects:
 *	None.
 *
 *-------------------------------------------------------------------
 */
static int
VersionObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *resultObj;

    dprintf("Called");

    /* Validate arg count */
    if (objc != 1) {
	Tcl_WrongNumArgs(interp, 1, objv, NULL);
	return TCL_ERROR;
    }

    resultObj = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1);
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
	clientData = clientData;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * Tls_InfoCommands --
 *
 *	Create info commands
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates commands
 *
 *-------------------------------------------------------------------
 */
int Tls_InfoCommands(Tcl_Interp *interp) {

#if OPENSSL_VERSION_NUMBER < 0x10100000L
    OpenSSL_add_all_ciphers();
    OpenSSL_add_all_digests();
    OpenSSL_add_all_algorithms();
#endif

    Tcl_CreateObjCommand(interp, "tls::cipher", CipherObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::ciphers", CiphersObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::digests", DigestsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::macs", MacsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::pkeys", PkeysObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::protocols", ProtocolsObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    return TCL_OK;
}

Modified generic/tlsInt.h from [0103fefac9] to [0f4281d913].

33
34
35
36
37
38
39
40
41
42
43
44
45

46
47
48
49
50
51
52
53
54
55
56
33
34
35
36
37
38
39

40
41
42
43

44




45
46
47
48
49
50
51







-




-
+
-
-
-
-







#ifndef CONST86
#   if TCL_MAJOR_VERSION > 8
#	define CONST86 const
#   else
#	define CONST86
#   endif
#endif

/*
 * Backwards compatibility for size type change
 */
#if TCL_MAJOR_VERSION < 9 && TCL_MINOR_VERSION < 7
    #ifndef Tcl_Size
#   define Tcl_Size int
        typedef int Tcl_Size;
    #endif

    #define TCL_SIZE_MODIFIER ""
#endif

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/opensslv.h>

100
101
102
103
104
105
106

107
108
109
110
111
112
113
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109







+







#else
#define dprintf(...) if (0) { fprintf(stderr, __VA_ARGS__); }
#define dprintBuffer(bufferName, bufferLength) /**/
#define dprintFlags(statePtr) /**/
#endif

#define TCLTLS_SSL_ERROR(ssl,err) ((char*)ERR_reason_error_string((unsigned long)SSL_get_error((ssl),(err))))
#define REASON()	ERR_reason_error_string(ERR_get_error())

/* Common list append macros */
#define LAPPEND_BARRAY(interp, obj, text, value, size) {\
    if (text != NULL) Tcl_ListObjAppendElement(interp, obj, Tcl_NewStringObj(text, -1)); \
    Tcl_ListObjAppendElement(interp, obj, Tcl_NewByteArrayObj(value, size)); \
}
#define LAPPEND_STR(interp, obj, text, value, size) {\
194
195
196
197
198
199
200




201
202
203
204
205
206
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206







+
+
+
+







Tcl_Obj         *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert);
Tcl_Obj		*Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer);
void            Tls_Error(State *statePtr, char *msg);
void            Tls_Free(char *blockPtr);
void            Tls_Clean(State *statePtr);
int             Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent);
int             Tls_DigestCommands(Tcl_Interp *interp);
int             Tls_EncryptCommands(Tcl_Interp *interp);
int             Tls_InfoCommands(Tcl_Interp *interp);
int             Tls_KeyCommands(Tcl_Interp *interp);

BIO             *BIO_new_tcl(State* statePtr, int flags);

#define PTR2INT(x) ((int) ((intptr_t) (x)))

#endif /* _TLSINT_H */

Added generic/tlsKey.c version [8cdbc99261].






















































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
/*
 * Key Derivation Function (KDF) Module
 *
 * Provides commands to derive keys.
 *
 * Copyright (C) 2023 Brian O'Hagan
 *
 */

#include "tlsInt.h"
#include "tclOpts.h"
#include <openssl/crypto.h>

/*******************************************************************/

static const char *command_opts [] = { 
    "-cipher", "-digest", "-hash", "-iterations", "-password", "-salt", "-size", NULL};

enum _command_opts {
    _opt_cipher, _opt_digest, _opt_hash, _opt_iter, _opt_password, _opt_salt, _opt_size
};

/*
 *-------------------------------------------------------------------
 *
 * DeriveKey --
 *
 *	PKCS5_PBKDF2_HMAC key derivation function (KDF) specified by PKCS #5.
 *	See RFC 6070.
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Sets result to a list of key and iv values, or an error message
 *
 *-------------------------------------------------------------------
 */
static int DeriveKey(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    int key_len = 0, md_len = 0, pass_len = 0, salt_len = 0, fn;
    int iklen, ivlen, iter = PKCS5_DEFAULT_ITER;
    unsigned char *passwd = NULL, *salt = NULL;
    Tcl_Obj *resultObj;
    const EVP_MD *md = NULL;
    const EVP_CIPHER *cipher = NULL;
    int max = EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH, size = max;
    unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
    char *cipherName = NULL, *digestName = NULL;

    dprintf("Called");

    /* Clear errors */
    Tcl_ResetResult(interp);
    ERR_clear_error();

    /* Validate arg count */
    if (objc < 3 || objc > 11) {
	Tcl_WrongNumArgs(interp, 1, objv, "[-cipher cipher | -size length] -digest digest ?-iterations count? ?-password string? ?-salt string?");
	return TCL_ERROR;
    }

    /* Init buffers */
    memset(tmpkeyiv, 0, EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH);

    /* Get options */
    for (int idx = 1; idx < objc; idx++) {
	/* Get option */
	if (Tcl_GetIndexFromObj(interp, objv[idx], command_opts, "option", 0, &fn) != TCL_OK) {
	    return TCL_ERROR;
	}

	/* Validate arg has value */
	if (++idx >= objc) {
	    Tcl_AppendResult(interp, "No value for option \"", command_opts[fn], "\"", (char *) NULL);
	return TCL_ERROR;
    }

	switch(fn) {
	case _opt_cipher:
	    GET_OPT_STRING(objv[idx], cipherName, NULL);
	    break;
	case _opt_digest:
	case _opt_hash:
	    GET_OPT_STRING(objv[idx], digestName, NULL);
	    break;
	case _opt_iter:
	    GET_OPT_INT(objv[idx], &iter);
	    break;
	case _opt_password:
	    GET_OPT_BYTE_ARRAY(objv[idx], passwd, &pass_len);
	    break;
	case _opt_salt:
	    GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len);
	    break;
	case _opt_size:
	    GET_OPT_INT(objv[idx], &size);
	    break;
	}
    }

    /* Validate options */
    if (cipherName != NULL) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	cipher = EVP_get_cipherbyname(cipherName);
#else
	cipher = EVP_CIPHER_fetch(NULL, cipherName, NULL);
#endif
	if (cipher == NULL) {
	    Tcl_AppendResult(interp, "Invalid cipher: \"", cipherName, "\"", NULL);
	    return TCL_ERROR;
	}
    }
    if (digestName != NULL) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	md = EVP_get_digestbyname(digestName);
#else
	md = EVP_MD_fetch(NULL, digestName, NULL);
#endif
	if (md == NULL) {
	    Tcl_AppendResult(interp, "Invalid digest: \"", digestName, "\"", NULL);
	    return TCL_ERROR;
	}
    }
    if (iter < 1) {
	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Invalid iterations count %d: must be > 0", iter));
	return TCL_ERROR;
    }
    if (size < 1 || size > max) {
	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Invalid derived key length %d: must be 0 < size <= %d", size, max));
	return TCL_ERROR;
    }

    if (cipher == NULL) {
	if (size > max) size = max;
	iklen = size;
	ivlen = 0;
    } else {
	iklen = EVP_CIPHER_key_length(cipher);
	ivlen = EVP_CIPHER_iv_length(cipher);
	size = iklen+ivlen;
    }

    /* Perform password derivation */
    if (!PKCS5_PBKDF2_HMAC(passwd, pass_len, salt, salt_len, iter, md, size, tmpkeyiv)) {
	Tcl_AppendResult(interp, "Key derivation failed: ", REASON(), NULL);
	return TCL_ERROR;
    }

   /* Return key and iv */
    if (cipher == NULL) {
	resultObj = Tcl_NewByteArrayObj(tmpkeyiv, size);
    } else {
	resultObj = Tcl_NewListObj(0, NULL);
	LAPPEND_BARRAY(interp, resultObj, "key", tmpkeyiv, iklen);
	LAPPEND_BARRAY(interp, resultObj, "iv", tmpkeyiv+iklen, ivlen);
    }
    Tcl_SetObjResult(interp, resultObj);
    return TCL_OK;
    	clientData = clientData;
}

/*
 *-------------------------------------------------------------------
 *
 * Tls_KeyCommands --
 *
 *	Create key commands
 *
 * Returns:
 *	TCL_OK or TCL_ERROR
 *
 * Side effects:
 *	Creates commands
 *
 *-------------------------------------------------------------------
 */
int Tls_KeyCommands(Tcl_Interp *interp) {
    Tcl_CreateObjCommand(interp, "tls::derive_key", DeriveKey, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
    return TCL_OK;
}

Modified generic/tlsX509.c from [37e1c520a1] to [ead2e837f3].

79
80
81
82
83
84
85
86

87
88
89

90
91
92
93
94
95
96
79
80
81
82
83
84
85

86
87
88

89
90
91
92
93
94
95
96







-
+


-
+







 */
Tcl_Obj *Tls_x509Identifier(ASN1_OCTET_STRING *astring) {
    Tcl_Obj *resultPtr = NULL;
    int len = 0;
    char buffer[1024];

    if (astring != NULL) {
	len = String_to_Hex((char *)ASN1_STRING_get0_data(astring),
	len = String_to_Hex(ASN1_STRING_get0_data(astring),
	    ASN1_STRING_length(astring), buffer, 1024);
    }
    resultPtr = Tcl_NewStringObj(buffer, (Tcl_Size) len);
    resultPtr = Tcl_NewStringObj(buffer, len);
    return resultPtr;
}

/*
 * Get Key Usage
 */
Tcl_Obj *Tls_x509KeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) {
204
205
206
207
208
209
210
211

212
213
214
215
216
217
218
204
205
206
207
208
209
210

211
212
213
214
215
216
217
218







-
+







    }

    if (names = X509_get_ext_d2i(cert, nid, NULL, NULL)) {
	for (int i=0; i < sk_GENERAL_NAME_num(names); i++) {
	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);

	    len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, name), bio, buffer, 1024);
	    LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len);
	    LAPPEND_STR(interp, listPtr, NULL, buffer, len);
	}
	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
    }
    return listPtr;
}

/*
281
282
283
284
285
286
287
288

289
290
291
292
293
294
295
296
297

298
299
300
301
302
303
304
281
282
283
284
285
286
287

288
289
290
291
292
293
294
295
296

297
298
299
300
301
302
303
304







-
+








-
+







	    if (distpoint->type == 0) {
		/* full-name GENERALIZEDNAME */
		for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
		    GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
		    int type;
		    ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
		    if (type == GEN_URI) {
			LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
			LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri));
		    }
		}
	    } else if (distpoint->type == 1) {
		/* relative-name X509NAME */
		STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
		for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
		    X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
		    ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
		    LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
		    LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), ASN1_STRING_length(d));
		}
	    }
	}
	CRL_DIST_POINTS_free(crl);
    }
    return listPtr;
}
335
336
337
338
339
340
341
342

343
344
345
346
347
348
349
335
336
337
338
339
340
341

342
343
344
345
346
347
348
349







-
+








    if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) {
	for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
	    ad = sk_ACCESS_DESCRIPTION_value(ads, i);
	    if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
		if (ad->location->type == GEN_URI) {
		    len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
		    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, (Tcl_Size) len));
		    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, len));
		    OPENSSL_free(buf);
		    break;
		}
	    }
	}
	/* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */
	AUTHORITY_INFO_ACCESS_free(ads);
395
396
397
398
399
400
401
402

403
404
405
406
407
408
409
410

411
412
413
414
415
416
417
418

419
420
421
422
423
424

425
426
427
428

429
430
431
432
433

434
435
436
437
438


439
440
441
442
443
444


445
446
447
448
449
450
451
452
453
454
455
456
457
458
459

460
461
462
463
464
465

466
467
468
469
470
471
472

473
474
475
476
477
478
479
480
481
482
483

484
485
486
487
488
489
490
491
492
493
494

495
496
497
498

499
500
501
502
503
504
505

506
507
508
509
510
511
512
513
514
515
516
517
518
519

520
521
522
523
524
525
526
395
396
397
398
399
400
401

402
403
404
405
406
407
408
409

410
411
412
413
414
415
416
417

418
419
420
421
422
423

424
425
426
427

428
429
430
431
432

433
434
435
436


437
438
439
440
441
442


443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458

459
460
461
462
463
464

465
466
467
468
469
470
471

472
473
474
475
476
477
478
479
480
481
482

483
484
485
486
487
488
489
490
491
492
493

494
495
496
497

498
499
500
501
502
503
504

505
506
507
508
509
510
511
512
513
514
515
516
517
518

519
520
521
522
523
524
525
526







-
+







-
+







-
+





-
+



-
+




-
+



-
-
+
+




-
-
+
+














-
+





-
+






-
+










-
+










-
+



-
+






-
+













-
+







	int sig_nid;

	X509_get0_signature(&sig, &sig_alg, cert);
	/* sig_nid = X509_get_signature_nid(cert) */
	sig_nid = OBJ_obj2nid(sig_alg->algorithm);
	LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
	len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, buffer, BUFSIZ) : 0;
	LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "signatureValue", buffer, len);
    }

    /* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */
    LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1);

    /* Unique number assigned by CA to certificate - RFC 5280 section 4.1.2.2 */
    len = BIO_to_Buffer(i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)), bio, buffer, BUFSIZ);
    LAPPEND_STR(interp, certPtr, "serialNumber", buffer, (Tcl_Size) len);
    LAPPEND_STR(interp, certPtr, "serialNumber", buffer, len);

    /* Signature algorithm used by the CA to sign the certificate. Must match
	signatureAlgorithm. RFC 5280 section 4.1.2.3 */
    LAPPEND_STR(interp, certPtr, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1);

    /* Issuer identifies the entity that signed and issued the cert. RFC 5280 section 4.1.2.4 */
    len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags), bio, buffer, BUFSIZ);
    LAPPEND_STR(interp, certPtr, "issuer", buffer, (Tcl_Size) len);
    LAPPEND_STR(interp, certPtr, "issuer", buffer, len);

    /* Certificate validity period is the interval the CA warrants that it will
	maintain info on the status of the certificate. RFC 5280 section 4.1.2.5 */
    /* Get Validity - Not Before */
    len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notBefore(cert)), bio, buffer, BUFSIZ);
    LAPPEND_STR(interp, certPtr, "notBefore", buffer, (Tcl_Size) len);
    LAPPEND_STR(interp, certPtr, "notBefore", buffer, len);

    /* Get Validity - Not After */
    len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notAfter(cert)), bio, buffer, BUFSIZ);
    LAPPEND_STR(interp, certPtr, "notAfter", buffer, (Tcl_Size) len);
    LAPPEND_STR(interp, certPtr, "notAfter", buffer, len);

    /* Subject identifies the entity associated with the public key stored in
	the subject public key field. RFC 5280 section 4.1.2.6 */
    len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
    LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
    LAPPEND_STR(interp, certPtr, "subject", buffer, len);

    /* SHA1 Digest (Fingerprint) of cert - DER representation */
    if (X509_digest(cert, EVP_sha1(), md, &len)) {
    len = String_to_Hex(md, len, buffer, BUFSIZ);
	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) len);
	len = String_to_Hex(md, len, buffer, BUFSIZ);
	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len);
    }

    /* SHA256 Digest (Fingerprint) of cert - DER representation */
    if (X509_digest(cert, EVP_sha256(), md, &len)) {
    len = String_to_Hex(md, len, buffer, BUFSIZ);
	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) len);
	len = String_to_Hex(md, len, buffer, BUFSIZ);
	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len);
    }

    /* Subject Public Key Info specifies the public key and identifies the
	algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
    if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
	ASN1_BIT_STRING *key;
	unsigned int n;

	LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1);
	LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
	LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */

	key = X509_get0_pubkey_bitstr(cert);
	len = String_to_Hex(key->data, key->length, buffer, BUFSIZ);
	LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "publicKey", buffer, len);

	len = 0;
	if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) {
	    len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
	}
	LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, len);

	/* digest of the DER representation of the certificate */
	len = 0;
	if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) {
	    len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
	}
	LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "signatureHash", buffer, len);
    }

    /* Certificate Purpose. Call before checking for extensions. */
    LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
    LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));

    /* Get extensions flags */
    xflags = X509_get_extension_flags(cert);
    LAPPEND_INT(interp, certPtr, "extFlags", xflags);

	/* Check if cert was issued by CA cert issuer or self signed */
    /* Check if cert was issued by CA cert issuer or self signed */
    LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
    LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
    LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
    LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
    LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));

    /* The Unique Ids are used to handle the possibility of reuse of subject
	and/or issuer names over time. RFC 5280 section 4.1.2.8 */
    {
	const ASN1_BIT_STRING *iuid, *suid;
        X509_get0_uids(cert, &iuid, &suid);
	X509_get0_uids(cert, &iuid, &suid);

	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
	if (iuid != NULL) {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, (Tcl_Size) iuid->length));
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
	} else {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
	}

	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
	if (suid != NULL) {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, (Tcl_Size) suid->length));
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length));
	} else {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
	}
    }

    /* X509 v3 Extensions - RFC 5280 section 4.1.2.9 */
    LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
    LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));

    /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
	its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
    LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
	Tls_x509Identifier(X509_get0_authority_key_id(cert)));

 
    /* Subject Key Identifier (SKI) is used to identify certificates that contain
	a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
    LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
	Tls_x509Identifier(X509_get0_subject_key_id(cert)));

    /* Key usage extension defines the purpose (e.g., encipherment, signature, certificate
	signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */
585
586
587
588
589
590
591
592

593
594
595
596
597
598
599
600
601

602
603
604
605

606
607
608
609
610
585
586
587
588
589
590
591

592
593
594
595
596
597
598
599
600

601
602
603
604

605
606
607
608
609
610







-
+








-
+



-
+





    /* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */

    /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
	friendlyName attribute (RFC 2985). */
    {
	len = 0;
        char *string = X509_alias_get0(cert, &len);
	LAPPEND_STR(interp, certPtr, "alias", string, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "alias", string, len);
    }

    /* Certificate and dump all data */
    {
	char certStr[CERT_STR_SIZE];

	/* Get certificate */
	len = BIO_to_Buffer(PEM_write_bio_X509(bio, cert), bio, certStr, CERT_STR_SIZE);
	LAPPEND_STR(interp, certPtr, "certificate", certStr, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "certificate", certStr, len);

	/* Get all cert info */
	len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, certStr, CERT_STR_SIZE);
	LAPPEND_STR(interp, certPtr, "all", certStr, (Tcl_Size) len);
	LAPPEND_STR(interp, certPtr, "all", certStr, len);
    }

    BIO_free(bio);
    return certPtr;
}

Modified tests/badssl.csv from [8df90efe9b] to [3b4cb80289].

1
2
3

4
5
6

7
8

9
10
11

12
13
14

15
16
17
18
19
20
21
1
2

3
4
5

6
7

8



9
10
11

12
13
14
15
16
17
18
19


-
+


-
+

-
+
-
-
-
+


-
+







# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
command,,,,,,,,,,
,,,,,,,,,,
command,# Find default CA certificates directory,,,,,,,,,
command,if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]},,,,,,,,,
command,,,,,,,,,,
,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3],,,,,,,,,
command,source common.tcl,,,,,,,,,
command,foreach protocol $protocols {::tcltest::testConstraint $protocol 0},,,,,,,,,
command,foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1},,,,,,,,,
command,,,,,,,,,,
,,,,,,,,,,
command,# Helper functions,,,,,,,,,
command,"proc badssl {url} {set port 443;lassign [split $url "":""] url port;if {$port eq """"} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}",,,,,,,,,
command,,,,,,,,,,
,,,,,,,,,,
command,# BadSSL.com Tests,,,,,,,,,
BadSSL,1000-sans,,,badssl 1000-sans.badssl.com,,,handshake failed: certificate verify failed due to: certificate has expired,,,1
BadSSL,10000-sans,,,badssl 10000-sans.badssl.com,,,handshake failed: excessive message size,,,1
BadSSL,3des,,,badssl 3des.badssl.com,,,handshake failed: sslv3 alert handshake failure,,,1
BadSSL,captive-portal,,,badssl captive-portal.badssl.com,,,handshake failed: certificate verify failed due to: Hostname mismatch,,,1
BadSSL,cbc,,,badssl cbc.badssl.com,,,,,,
BadSSL,client-cert-missing,,,badssl client-cert-missing.badssl.com,,,,,,

Modified tests/badssl.test from [66893a8fa7] to [ef286e344c].

10
11
12
13
14
15
16
17

18
19
20
21



22



23
24
25
26
27
28
29
10
11
12
13
14
15
16

17


18
19
20
21
22

23
24
25
26
27
28
29
30
31
32







-
+
-
-


+
+
+
-
+
+
+








package require tls

# Find default CA certificates directory
if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}

# Constraints
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
source common.tcl
foreach protocol $protocols {::tcltest::testConstraint $protocol 0}
foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1}

# Helper functions
proc badssl {url} {set port 443
	lassign [split $url ":"] url port
	if {$port eq ""} {set port 443}
proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}
	set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port]
	if {[catch {tls::handshake $ch} err]} {close $ch
	return -code error $err} else {close $ch}}

# BadSSL.com Tests


test BadSSL-1.1 {1000-sans} -body {
	badssl 1000-sans.badssl.com
    } -result {handshake failed: certificate verify failed due to: certificate has expired} -returnCodes {1}

Deleted tests/ciphers.csv version [f4aff3652a].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46














































-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
command,,,,,,,,,,
command,# Make sure path includes location of OpenSSL executable,,,,,,,,,
command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)}",,,,,,,,,
command,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3],,,,,,,,,
command,foreach protocol $protocols {::tcltest::testConstraint $protocol 0},,,,,,,,,
command,foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1},,,,,,,,,
command,"::tcltest::testConstraint OpenSSL [string match ""OpenSSL*"" [::tls::version]]",,,,,,,,,
,,,,,,,,,,
command,# Helper functions,,,,,,,,,
command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,,
command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,,
,,,,,,,,,,
command,# Test protocols,,,,,,,,,
Protocols,All,,,lcompare $protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,,
,,,,,,,,,,
command,# Test ciphers,,,,,,,,,
CiphersAll,SSL2,ssl2,,"lcompare [exec_get "":"" ciphers -ssl2] [::tls::ciphers ssl2]",,,missing {} unexpected {},,,
CiphersAll,SSL3,ssl3,,"lcompare [exec_get "":"" ciphers -ssl3] [::tls::ciphers ssl3]",,,missing {} unexpected {},,,
CiphersAll,TLS1,tls1,,"lcompare [exec_get "":"" ciphers -tls1] [::tls::ciphers tls1]",,,missing {} unexpected {},,,
CiphersAll,TLS1.1,tls1.1,,"lcompare [exec_get "":"" ciphers -tls1_1] [::tls::ciphers tls1.1]",,,missing {} unexpected {},,,
CiphersAll,TLS1.2,tls1.2,,"lcompare [exec_get "":"" ciphers -tls1_2] [::tls::ciphers tls1.2]",,,missing {} unexpected {},,,
CiphersAll,TLS1.3,tls1.3,,"lcompare [exec_get "":"" ciphers -tls1_3] [::tls::ciphers tls1.3]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test cipher descriptions,,,,,,,,,
CiphersDesc,SSL2,ssl2,,"lcompare [exec_get ""\r\n"" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]",,,missing {} unexpected {},,,
CiphersDesc,SSL3,ssl3,,"lcompare [exec_get ""\r\n"" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]",,,missing {} unexpected {},,,
CiphersDesc,TLS1,tls1,,"lcompare [exec_get ""\r\n"" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]",,,missing {} unexpected {},,,
CiphersDesc,TLS1.1,tls1.1,,"lcompare [exec_get ""\r\n"" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]",,,missing {} unexpected {},,,
CiphersDesc,TLS1.2,tls1.2,,"lcompare [exec_get ""\r\n"" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]",,,missing {} unexpected {},,,
CiphersDesc,TLS1.3,tls1.3,,"lcompare [exec_get ""\r\n"" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test protocol specific ciphers,,,,,,,,,
CiphersSpecific,SSL2,ssl2,,"lcompare [exec_get "":"" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]",,,missing {} unexpected {},,,
CiphersSpecific,SSL3,ssl3,,"lcompare [exec_get "":"" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]",,,missing {} unexpected {},,,
CiphersSpecific,TLS1,tls1,,"lcompare [exec_get "":"" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]",,,missing {} unexpected {},,,
CiphersSpecific,TLS1.1,tls1.1,,"lcompare [exec_get "":"" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]",,,missing {} unexpected {},,,
CiphersSpecific,TLS1.2,tls1.2,,"lcompare [exec_get "":"" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]",,,missing {} unexpected {},,,
CiphersSpecific,TLS1.3,tls1.3,,"lcompare [exec_get "":"" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test version,,,,,,,,,
Version,All,,,::tls::version,,glob,*,,,
Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,,

Deleted tests/ciphers.test version [212c1bf055].

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

























































































































-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
# Auto generated test cases for ciphers_and_protocols.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# Make sure path includes location of OpenSSL executable
if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)}

# Constraints
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
foreach protocol $protocols {::tcltest::testConstraint $protocol 0}
foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1}
::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]]
# Helper functions
proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]}
proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]}
# Test protocols


test Protocols-1.1 {All} -body {
	lcompare $protocols [::tls::protocols]
    } -result {missing {ssl2 ssl3} unexpected {}}
# Test ciphers


test CiphersAll-2.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get ":" ciphers -ssl2] [::tls::ciphers ssl2]
    } -result {missing {} unexpected {}}

test CiphersAll-2.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get ":" ciphers -ssl3] [::tls::ciphers ssl3]
    } -result {missing {} unexpected {}}

test CiphersAll-2.3 {TLS1} -constraints {tls1} -body {
	lcompare [exec_get ":" ciphers -tls1] [::tls::ciphers tls1]
    } -result {missing {} unexpected {}}

test CiphersAll-2.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get ":" ciphers -tls1_1] [::tls::ciphers tls1.1]
    } -result {missing {} unexpected {}}

test CiphersAll-2.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get ":" ciphers -tls1_2] [::tls::ciphers tls1.2]
    } -result {missing {} unexpected {}}

test CiphersAll-2.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get ":" ciphers -tls1_3] [::tls::ciphers tls1.3]
    } -result {missing {} unexpected {}}
# Test cipher descriptions


test CiphersDesc-3.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get "\r\n" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]
    } -result {missing {} unexpected {}}

test CiphersDesc-3.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get "\r\n" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]
    } -result {missing {} unexpected {}}

test CiphersDesc-3.3 {TLS1} -constraints {tls1} -body {
	lcompare [exec_get "\r\n" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]
    } -result {missing {} unexpected {}}

test CiphersDesc-3.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]
    } -result {missing {} unexpected {}}

test CiphersDesc-3.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]
    } -result {missing {} unexpected {}}

test CiphersDesc-3.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]
    } -result {missing {} unexpected {}}
# Test protocol specific ciphers


test CiphersSpecific-4.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get ":" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]
    } -result {missing {} unexpected {}}

test CiphersSpecific-4.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get ":" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]
    } -result {missing {} unexpected {}}

test CiphersSpecific-4.3 {TLS1} -constraints {tls1} -body {
	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
    } -result {missing {} unexpected {}}

test CiphersSpecific-4.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
    } -result {missing {} unexpected {}}

test CiphersSpecific-4.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get ":" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]
    } -result {missing {} unexpected {}}

test CiphersSpecific-4.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
    } -result {missing {} unexpected {}}
# Test version


test Version-5.1 {All} -body {
	::tls::version
    } -match {glob} -result {*}

test Version-5.2 {OpenSSL} -constraints {OpenSSL} -body {
	::tls::version
    } -match {glob} -result {OpenSSL*}

# Cleanup
::tcltest::cleanupTests
return

Added tests/common.tcl version [019f917847].























1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

# Common Constraints
package require tls

# Supported protocols
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
foreach protocol $protocols {
    ::tcltest::testConstraint $protocol 0
    ::tcltest::testConstraint !$protocol 1
}

foreach protocol [::tls::protocols] {
    ::tcltest::testConstraint $protocol 1
    ::tcltest::testConstraint !$protocol 0
}

# OpenSSL version
::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]]

# Legacy OpenSSL v1.1.1 vs new v3.x
scan [lindex [split [::tls::version]] 1] %f version
::tcltest::testConstraint new_api [expr {$version >= 3.0}]

Added tests/digest.csv version [2969f7b1ad].






















































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,source common.tcl,,,,,,,,,
,,,,,,,,,,
command,# Helper functions - See common.tcl,,,,,,,,,
command,proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md},,,,,,,,,
command,proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md},,,,,,,,,
command,proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,,
,,,,,,,,,,
command,"set test_data ""Example string for message digest tests.\n""",,,,,,,,,
command,"set test_file ""md_data.dat""",,,,,,,,,
command,"set test_alt_file ""md_alt_data.dat""",,,,,,,,,
command,"set test_key ""Example key""",,,,,,,,,
command,::tcltest::makeFile $test_data $test_file,,,,,,,,,
,,,,,,,,,,
command,# Test short-cut commands,,,,,,,,,
Shortcut Cmds,md4 cmd,,,::tls::md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
Shortcut Cmds,md5 cmd,,,::tls::md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
Shortcut Cmds,sha1 cmd,,,::tls::sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
Shortcut Cmds,sha256 cmd,,,::tls::sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
Shortcut Cmds,sha512 cmd,,,::tls::sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
,,,,,,,,,,
,,,,,,,,,,
command,# Test MD command for read channel,,,,,,,,,
MD Chan Read,md4,,,digest_read_chan ::tls::md $test_file -digest md4,,,793399f792eca2752c6af3234ba70858,,,
MD Chan Read,md5,,,digest_read_chan ::tls::md $test_file -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Chan Read,sha1,,,digest_read_chan ::tls::md $test_file -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD Chan Read,sha256,,,digest_read_chan ::tls::md $test_file -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD Chan Read,sha512,,,digest_read_chan ::tls::md $test_file -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD Chan Read,md5 bin,,,binary encode hex [digest_read_chan ::tls::md $test_file -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Chan Read,md5 hex,,,digest_read_chan ::tls::md $test_file -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# Test MD command for write channel,,,,,,,,,
MD Chan Write,md4,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md4,,,793399f792eca2752c6af3234ba70858,,,
MD Chan Write,md5,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Chan Write,sha1,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD Chan Write,sha256,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD Chan Write,sha512,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD Chan Write,md5 bin,,,binary encode hex [digest_write_chan ::tls::md $test_alt_file $test_data -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Chan Write,md5 hex,,,digest_write_chan ::tls::md $test_alt_file $test_data -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# Test MD command for object command,,,,,,,,,
MD Command,md4,,,digest_accumulate $test_data ::tls::md -digest md4,,,793399f792eca2752c6af3234ba70858,,,
MD Command,md5,,,digest_accumulate $test_data ::tls::md -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Command,sha1,,,digest_accumulate $test_data ::tls::md -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD Command,sha256,,,digest_accumulate $test_data ::tls::md -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD Command,sha512,,,digest_accumulate $test_data ::tls::md -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD Command,md5 bin,,,binary encode hex [digest_accumulate $test_data ::tls::md -digest md5 -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Command,md5 hex,,,digest_accumulate $test_data ::tls::md -digest md5 -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# Test MD command for data shortcut,,,,,,,,,
MD Shortcut,md4,,,::tls::md md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
MD Shortcut,md5,,,::tls::md md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Shortcut,sha1,,,::tls::md sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD Shortcut,sha256,,,::tls::md sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD Shortcut,sha512,,,::tls::md sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
,,,,,,,,,,
command,# Test MD command for data,,,,,,,,,
MD Data,md4,,,::tls::md -digest md4 -data $test_data,,,793399f792eca2752c6af3234ba70858,,,
MD Data,md5,,,::tls::md -digest md5 -data $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Data,sha1,,,::tls::md -digest sha1 -data $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD Data,sha256,,,::tls::md -digest sha256 -data $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD Data,sha512,,,::tls::md -digest sha512 -data $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD Data,md5 bin,,,binary encode hex [::tls::md -digest md5 -data $test_data -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD Data,md5 hex,,,::tls::md -digest md5 -data $test_data -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# Test MD command for file,,,,,,,,,
MD File,md4,,,::tls::md -digest md4 -file $test_file,,,793399f792eca2752c6af3234ba70858,,,
MD File,md5,,,::tls::md -digest md5 -file $test_file,,,962bf0803b4232ec23bd8427bb94ea09,,,
MD File,sha1,,,::tls::md -digest sha1 -file $test_file,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
MD File,sha256,,,::tls::md -digest sha256 -file $test_file,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
MD File,sha512,,,::tls::md -digest sha512 -file $test_file,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD File,md5 bin,,,binary encode hex [::tls::md -digest md5 -file $test_file -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD File,md5 hex,,,::tls::md -digest md5 -file $test_file -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# MD Error Cases,,,,,,,,,
MD Errors,Too few args,,,::tls::md,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Too many args,,,::tls::md too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Invalid digest,,,::tls::md bogus data,,,"Invalid digest ""bogus""",,,1
MD Errors,Invalid digest Arg,,,::tls::md -digest bogus -data data,,,"Invalid digest ""bogus""",,,1
MD Errors,No digest,,,::tls::md -hex -data value,,,No digest specified,,,1
MD Errors,Invalid option,,,::tls::md -digest sha256 -bogus value,,,"bad option ""-bogus"": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac",,,1
MD Errors,Invalid file,,,::tls::md -digest sha256 -file bogus,,,"couldn't open ""bogus"": no such file or directory",,,1
MD Errors,Invalid channel,,,::tls::md -digest sha256 -channel bogus,,,"can not find channel named ""bogus""",,,1
MD Errors,No operation,,,::tls::md -digest sha256 -bin,,,"No operation specified: Use -channel, -command, -data, or -file option",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test CMAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
CMAC,data,,,::tls::cmac -cipher $test_cipher -key $test_key -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,file,,,::tls::cmac -cipher $test_cipher -key $test_key -file $test_file,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,channel,,,digest_read_chan ::tls::cmac $test_file -cipher $test_cipher -key $test_key,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,command,,,digest_accumulate $test_data ::tls::cmac -cipher $test_cipher -key $test_key,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,data bin,,,binary encode hex [::tls::cmac -bin -cipher $test_cipher -key $test_key -data $test_data],,,baf5c20f9973e2d606b14c7efdfe52fa,,,
,,,,,,,,,,
command,# Test MD CMAC,,,,,,,,,
MD CMAC,data,,,::tls::md -cipher $test_cipher -key $test_key -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MD CMAC,file,,,::tls::md -cipher $test_cipher -key $test_key -file $test_file,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MD CMAC,channel,,,digest_read_chan ::tls::md $test_file -cipher $test_cipher -key $test_key,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MD CMAC,command,,,digest_accumulate $test_data ::tls::md -cipher $test_cipher -key $test_key,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MD CMAC,data bin,,,binary encode hex [::tls::md -bin -cipher $test_cipher -key $test_key -data $test_data],,,baf5c20f9973e2d606b14c7efdfe52fa,,,
,,,,,,,,,,
command,# Test CMAC Shortcut,,,,,,,,,
CMAC Shortcut,data,,,::tls::cmac $test_cipher -key $test_key $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
,,,,,,,,,,
command,# CMAC Error Cases,,,,,,,,,
CMAC Errors,Too few args,,,::tls::cmac,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,Too many args,,,::tls::cmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,No cipher,,,::tls::cmac -hex -data $test_data,,,No cipher specified,,,1
CMAC Errors,No key,,,::tls::cmac -cipher $test_cipher -data $test_data,,,No key specified,,,1
CMAC Errors,Invalid cipher,,,::tls::cmac -cipher bogus -data $test_data,,,"Invalid cipher ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test HMAC command,,,,,,,,,
command,set test_digest md5,,,,,,,,,
command,"set test_key ""Example key""",,,,,,,,,
HMAC,data,,,::tls::hmac -digest $test_digest -key $test_key -data $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,file,,,::tls::hmac -digest $test_digest -key $test_key -file $test_file,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,channel,,,digest_read_chan ::tls::hmac $test_file -digest $test_digest -key $test_key,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,command,,,digest_accumulate $test_data ::tls::hmac -digest $test_digest -key $test_key,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,data bin,,,binary encode hex [::tls::hmac -digest $test_digest -bin -key $test_key -data $test_data],,,f98327ef3e20ab6d388f676c6a79d93d,,,
,,,,,,,,,,
command,# Test MD HMAC,,,,,,,,,
MD HMAC,data,,,::tls::md -digest $test_digest -key $test_key -data $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
MD HMAC,file,,,::tls::md -digest $test_digest -key $test_key -file $test_file,,,f98327ef3e20ab6d388f676c6a79d93d,,,
MD HMAC,channel,,,digest_read_chan ::tls::md $test_file -digest $test_digest -key $test_key,,,f98327ef3e20ab6d388f676c6a79d93d,,,
MD HMAC,command,,,digest_accumulate $test_data ::tls::md -digest $test_digest -key $test_key,,,f98327ef3e20ab6d388f676c6a79d93d,,,
MD HMAC,data bin,,,binary encode hex [::tls::md -digest $test_digest -bin -key $test_key -data $test_data],,,f98327ef3e20ab6d388f676c6a79d93d,,,
,,,,,,,,,,
command,# Test HMAC Shortcut,,,,,,,,,
HMAC Shortcut,data,,,::tls::hmac $test_digest -key $test_key $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
,,,,,,,,,,
command,# HMAC Error Cases,,,,,,,,,
HMAC Errors,Too few args,,,::tls::hmac,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,Too many args,,,::tls::hmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,No digest,,,::tls::hmac -hex -data $test_data,,,No digest specified,,,1
HMAC Errors,No key,,,::tls::hmac -digest sha256 -data $test_data,,,No key specified,,,1
HMAC Errors,Invalid digest,,,::tls::md -digest bogus -key $test_key -data $test_data,,,"Invalid digest ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test MAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,set test_digest sha256,,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
MAC,CMAC,,,::tls::mac -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,HMAC,,,::tls::mac -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
MAC,MD-CMAC,,,::tls::md -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,MD-HMAC,,,::tls::md -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
,,,,,,,,,,
command,# MAC Error Cases,,,,,,,,,
MAC Errors,Too few args,,,::tls::mac,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MAC Errors,No mac,,,::tls::mac -key $test_key -data $test_data,,,No MAC specified,,,1
MAC Errors,No key,,,::tls::mac -mac hmac -data $test_data,,,No key specified,,,1
MAC Errors,Invalid MAC,,,::tls::mac -mac scrypt -key $test_key -data $test_data,,,"Invalid MAC ""scrypt""",,,1
MAC Errors,Too many args,,,::tls::mac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# RFC 1321 Message Digest 5,,,,,,,,,
RFC1321-MD5,TC1,,,"::tls::md -digest md5 -data """"",,,d41d8cd98f00b204e9800998ecf8427e,,,
RFC1321-MD5,TC2,,,"::tls::md -digest md5 -data ""a""",,,0cc175b9c0f1b6a831c399e269772661,,,
RFC1321-MD5,TC3,,,"::tls::md -digest md5 -data ""abc""",,,900150983cd24fb0d6963f7d28e17f72,,,
RFC1321-MD5,TC4,,,"::tls::md -digest md5 -data ""message digest""",,,f96b697d7cb7938d525a2f31aaf161d0,,,
RFC1321-MD5,TC5,,,"::tls::md -digest md5 -data ""abcdefghijklmnopqrstuvwxyz""",,,c3fcd3d76192e4007dfb496cca67e13b,,,
RFC1321-MD5,TC6,,,"::tls::md -digest md5 -data ""ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789""",,,d174ab98d277d9f5a5611c2c9f419d9f,,,
RFC1321-MD5,TC7,,,"::tls::md -digest md5 -data [string repeat ""1234567890"" 8]",,,57edf4a22be3c955ac49da2e2107b67a,,,
,,,,,,,,,,
command,# RFC 6234 SHA1,,,,,,,,,
RFC6234-MD-SHA1,TC1,,,"::tls::md -digest sha1 -data ""abc""",,,a9993e364706816aba3e25717850c26c9cd0d89d,,,
RFC6234-MD-SHA1,TC2_1,,,"::tls::md -digest sha1 -data ""abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq""",,,84983e441c3bd26ebaae4aa1f95129e5e54670f1,,,
RFC6234-MD-SHA1,TC3,,,"::tls::md -digest sha1 -data [string repeat ""a"" 1000000]",,,34aa973cd4c4daa4f61eeb2bdbad27316534016f,,,
RFC6234-MD-SHA1,TC4,,,"::tls::md -digest sha1 -data [string repeat ""01234567"" 80]",,,dea356a2cddd90c7a7ecedc5ebb563934f460452,,,
RFC6234-MD-SHA1,TC6,,,"::tls::md -digest sha1 -data ""\x5e""",,,5e6f80a34a9798cafc6a5db96cc57ba4c4db59c2,,,
RFC6234-MD-SHA1,TC8_1,,,"::tls::md -digest sha1 -data ""\x9a\x7d\xfd\xf1\xec\xea\xd0\x6e\xd6\x46\xaa\x55\xfe\x75\x71\x46""",,,82abff6605dbe1c17def12a394fa22a82b544a35,,,
RFC6234-MD-SHA1,TC10_1,,,"::tls::md -digest sha1 -data ""\xf7\x8f\x92\x14\x1b\xcd\x17\x0a\xe8\x9b\x4f\xba\x15\xa1\xd5\x9f\x3f\xd8\x4d\x22\x3c\x92\x51\xbd\xac\xbb\xae\x61\xd0\x5e\xd1\x15\xa0\x6a\x7c\xe1\x17\xb7\xbe\xea\xd2\x44\x21\xde\xd9\xc3\x25\x92\xbd\x57\xed\xea\xe3\x9c\x39\xfa\x1f\xe8\x94\x6a\x84\xd0\xcf\x1f\x7b\xee\xad\x17\x13\xe2\xe0\x95\x98\x97\x34\x7f\x67\xc8\x0b\x04\x00\xc2\x09\x81\x5d\x6b\x10\xa6\x83\x83\x6f\xd5\x56\x2a\x56\xca\xb1\xa2\x8e\x81\xb6\x57\x66\x54\x63\x1c\xf1\x65\x66\xb8\x6e\x3b\x33\xa1\x08\xb0\x53\x07\xc0\x0a\xff\x14\xa7\x68\xed\x73\x50\x60\x6a\x0f\x85\xe6\xa9\x1d\x39\x6f\x5b\x5c\xbe\x57\x7f\x9b\x38\x80\x7c\x7d\x52\x3d\x6d\x79\x2f\x6e\xbc\x24\xa4\xec\xf2\xb3\xa4\x27\xcd\xbb\xfb""",,,cb0082c8f197d260991ba6a460e76e202bad27b3,,,
,,,,,,,,,,
command,# RFC 6234 SHA256,,,,,,,,,
RFC6234-MD-SHA256,TC1,,,"::tls::md -digest sha256 -data ""abc""",,,ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad,,,
RFC6234-MD-SHA256,TC2_1,,,"::tls::md -digest sha256 -data ""abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq""",,,248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1,,,
RFC6234-MD-SHA256,TC3,,,"::tls::md -digest sha256 -data [string repeat ""a"" 1000000]",,,cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0,,,
RFC6234-MD-SHA256,TC4,,,"::tls::md -digest sha256 -data [string repeat ""01234567"" 80]",,,594847328451bdfa85056225462cc1d867d877fb388df0ce35f25ab5562bfbb5,,,
RFC6234-MD-SHA256,TC6,,,"::tls::md -digest sha256 -data ""\x19""",,,68aa2e2ee5dff96e3355e6c7ee373e3d6a4e17f75f9518d843709c0c9bc3e3d4,,,
RFC6234-MD-SHA256,TC8_256,,,"::tls::md -digest sha256 -data ""\xe3\xd7\x25\x70\xdc\xdd\x78\x7c\xe3\x88\x7a\xb2\xcd\x68\x46\x52""",,,175ee69b02ba9b58e2b0a5fd13819cea573f3940a94f825128cf4209beabb4e8,,,
RFC6234-MD-SHA256,TC10_256,,,"::tls::md -digest sha256 -data ""\x83\x26\x75\x4e\x22\x77\x37\x2f\x4f\xc1\x2b\x20\x52\x7a\xfe\xf0\x4d\x8a\x05\x69\x71\xb1\x1a\xd5\x71\x23\xa7\xc1\x37\x76\x00\x00\xd7\xbe\xf6\xf3\xc1\xf7\xa9\x08\x3a\xa3\x9d\x81\x0d\xb3\x10\x77\x7d\xab\x8b\x1e\x7f\x02\xb8\x4a\x26\xc7\x73\x32\x5f\x8b\x23\x74\xde\x7a\x4b\x5a\x58\xcb\x5c\x5c\xf3\x5b\xce\xe6\xfb\x94\x6e\x5b\xd6\x94\xfa\x59\x3a\x8b\xeb\x3f\x9d\x65\x92\xec\xed\xaa\x66\xca\x82\xa2\x9d\x0c\x51\xbc\xf9\x33\x62\x30\xe5\xd7\x84\xe4\xc0\xa4\x3f\x8d\x79\xa3\x0a\x16\x5c\xba\xbe\x45\x2b\x77\x4b\x9c\x71\x09\xa9\x7d\x13\x8f\x12\x92\x28\x96\x6f\x6c\x0a\xdc\x10\x6a\xad\x5a\x9f\xdd\x30\x82\x57\x69\xb2\xc6\x71\xaf\x67\x59\xdf\x28\xeb\x39\x3d\x54\xd6""",,,97dbca7df46d62c8a422c941dd7e835b8ad3361763f7e9b2d95f4f0da6e1ccbc,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #1,,,,,,,,,
command,"set key [binary decode hex [string repeat ""0b"" 20]]",,,,,,,,,
command,"set data ""Hi There""",,,,,,,,,
RFC4231 HMAC TC1,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22,,,
RFC4231 HMAC TC1,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7,,,
RFC4231 HMAC TC1,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6,,,
RFC4231 HMAC TC1,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #2 - Test with a key shorter than the length of the HMAC output.,,,,,,,,,
command,"set key ""Jefe""",,,,,,,,,
command,"set data ""what do ya want for nothing?""",,,,,,,,,
RFC4231 HMAC TC2,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44,,,
RFC4231 HMAC TC2,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843,,,
RFC4231 HMAC TC2,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649,,,
RFC4231 HMAC TC2,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #3 - Test with a combined length of key and data that is larger than 64 bytes (= block-size of SHA-224 and SHA-256).,,,,,,,,,
command,"set key [binary decode hex [string repeat ""aa"" 20]]",,,,,,,,,
command,"set data [binary decode hex [string repeat ""dd"" 50]]",,,,,,,,,
RFC4231 HMAC TC3,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea,,,
RFC4231 HMAC TC3,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe,,,
RFC4231 HMAC TC3,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27,,,
RFC4231 HMAC TC3,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #4 - Test with a combined length of key and data that is larger than 64 bytes (= block-size of SHA-224 and SHA-256).,,,,,,,,,
command,"set key [binary decode hex ""0102030405060708090a0b0c0d0e0f10111213141516171819""]",,,,,,,,,
command,"set data [binary decode hex [string repeat ""cd"" 50]]",,,,,,,,,
RFC4231 HMAC TC4,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a,,,
RFC4231 HMAC TC4,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b,,,
RFC4231 HMAC TC4,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb,,,
RFC4231 HMAC TC4,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #5 - Test with a truncation of output to 128 bits.,,,,,,,,,
command,"set key [binary decode hex [string repeat ""0c"" 20]]",,,,,,,,,
command,"set data ""Test With Truncation""",,,,,,,,,
RFC4231 HMAC TC5,sha224,,,string range [::tls::hmac -digest sha224 -key $key -data $data] 0 31,,,0e2aea68a90c8d37c988bcdb9fca6fa8,,,
RFC4231 HMAC TC5,sha256,,,string range [::tls::hmac -digest sha256 -key $key -data $data] 0 31,,,a3b6167473100ee06e0c796c2955552b,,,
RFC4231 HMAC TC5,sha384,,,string range [::tls::hmac -digest sha384 -key $key -data $data] 0 31,,,3abf34c3503b2a23a46efc619baef897,,,
RFC4231 HMAC TC5,sha512,,,string range [::tls::hmac -digest sha512 -key $key -data $data] 0 31,,,415fad6271580a531d4179bc891d87a6,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #6 - Test with a key larger than 128 bytes (= block-size of SHA-384 and SHA-512).,,,,,,,,,
command,"set key [binary decode hex [string repeat ""aa"" 131]]",,,,,,,,,
command,"set data ""Test Using Larger Than Block-Size Key - Hash Key First""",,,,,,,,,
RFC4231 HMAC TC6,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e,,,
RFC4231 HMAC TC6,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54,,,
RFC4231 HMAC TC6,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952,,,
RFC4231 HMAC TC6,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598,,,
,,,,,,,,,,
command,# RFC 4231 HMAC Examples Test Case #7 - Test with a key and data that is larger than 128 bytes (= block-size of SHA-384 and SHA-512).,,,,,,,,,
command,"set key [binary decode hex [string repeat ""aa"" 131]]",,,,,,,,,
command,"set data ""This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.""",,,,,,,,,
RFC4231 HMAC TC7,sha224,,,::tls::hmac -digest sha224 -key $key -data $data,,,3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1,,,
RFC4231 HMAC TC7,sha256,,,::tls::hmac -digest sha256 -key $key -data $data,,,9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2,,,
RFC4231 HMAC TC7,sha384,,,::tls::hmac -digest sha384 -key $key -data $data,,,6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e,,,
RFC4231 HMAC TC7,sha512,,,::tls::hmac -digest sha512 -key $key -data $data,,,e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58,,,
,,,,,,,,,,
command,# NIST 800-38b Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication,,,,,,,,,
command,# AES-128,,,,,,,,,
command,"set key [binary decode hex ""2b7e151628aed2a6abf7158809cf4f3c""]",,,,,,,,,
NIST800-38b-AES128,len=0,,,"::tls::cmac -cipher aes-128-cbc -key $key -data """"",,,bb1d6929e95937287fa37d129b756746,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172a""]",,,,,,,,,
NIST800-38b-AES128,len=128,,,::tls::cmac -cipher aes-128-cbc -key $key -data $data,,,070a16b46b4d4144f79bdd9dd04a287c,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411""]",,,,,,,,,
NIST800-38b-AES128,len=320,,,::tls::cmac -cipher aes-128-cbc -key $key -data $data,,,dfa66747de9ae63030ca32611497c827,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710""]",,,,,,,,,
NIST800-38b-AES128,len=512,,,::tls::cmac -cipher aes-128-cbc -key $key -data $data,,,51f0bebf7e3b9d92fc49741779363cfe,,,
,,,,,,,,,,
command,# AES-192,,,,,,,,,
command,"set key [binary decode hex ""8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b""]",,,,,,,,,
NIST800-38b-AES-192,len=0,,,"::tls::cmac -cipher aes-192-cbc -key $key -data """"",,,d17ddf46adaacde531cac483de7a9367,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172a""]",,,,,,,,,
NIST800-38b-AES-192,len=128,,,::tls::cmac -cipher aes-192-cbc -key $key -data $data,,,9e99a7bf31e710900662f65e617c5184,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411""]",,,,,,,,,
NIST800-38b-AES-192,len=320,,,::tls::cmac -cipher aes-192-cbc -key $key -data $data,,,8a1de5be2eb31aad089a82e6ee908b0e,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710""]",,,,,,,,,
NIST800-38b-AES-192,len=512,,,::tls::cmac -cipher aes-192-cbc -key $key -data $data,,,a1d5df0eed790f794d77589659f39a11,,,
,,,,,,,,,,
command,# AES-256,,,,,,,,,
command,"set key [binary decode hex ""603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4""]",,,,,,,,,
NIST800-38b-AES-256,len=0,,,"::tls::cmac -cipher aes-256-cbc -key $key -data """"",,,028962f61b7bf89efc6b551f4667d983,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172a""]",,,,,,,,,
NIST800-38b-AES-256,len=128,,,::tls::cmac -cipher aes-256-cbc -key $key -data $data,,,28a7023f452e8f82bd4bf28d8c37c35c,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411""]",,,,,,,,,
NIST800-38b-AES-256,len=320,,,::tls::cmac -cipher aes-256-cbc -key $key -data $data,,,aaf3d8f1de5640c232f5b169b9c911e6,,,
command,"set data [binary decode hex ""6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710""]",,,,,,,,,
NIST800-38b-AES-256,len=512,,,::tls::cmac -cipher aes-256-cbc -key $key -data $data,,,e1992190549f6ed5696a2c056c315410,,,
,,,,,,,,,,
command,# Cleanup,,,,,,,,,
command,::tcltest::removeFile $test_file,,,,,,,,,
command,::tcltest::removeFile $test_alt_file,,,,,,,,,

Added tests/digest.test version [c72f5245d1].






















































































































































































































































































































































































































































































































































































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated test cases for digest.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# Constraints
source common.tcl

# Helper functions - See common.tcl
proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md}
proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md}
proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]}

set test_data "Example string for message digest tests.\n"
set test_file "md_data.dat"
set test_alt_file "md_alt_data.dat"
set test_key "Example key"
::tcltest::makeFile $test_data $test_file

# Test short-cut commands


test Shortcut_Cmds-1.1 {md4 cmd} -body {
	::tls::md4 $test_data
    } -result {793399f792eca2752c6af3234ba70858}

test Shortcut_Cmds-1.2 {md5 cmd} -body {
	::tls::md5 $test_data
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test Shortcut_Cmds-1.3 {sha1 cmd} -body {
	::tls::sha1 $test_data
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test Shortcut_Cmds-1.4 {sha256 cmd} -body {
	::tls::sha256 $test_data
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test Shortcut_Cmds-1.5 {sha512 cmd} -body {
	::tls::sha512 $test_data
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}


# Test MD command for read channel


test MD_Chan_Read-2.1 {md4} -body {
	digest_read_chan ::tls::md $test_file -digest md4
    } -result {793399f792eca2752c6af3234ba70858}

test MD_Chan_Read-2.2 {md5} -body {
	digest_read_chan ::tls::md $test_file -digest md5
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Chan_Read-2.3 {sha1} -body {
	digest_read_chan ::tls::md $test_file -digest sha1
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_Chan_Read-2.4 {sha256} -body {
	digest_read_chan ::tls::md $test_file -digest sha256
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_Chan_Read-2.5 {sha512} -body {
	digest_read_chan ::tls::md $test_file -digest sha512
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

test MD_Chan_Read-2.6 {md5 bin} -body {
	binary encode hex [digest_read_chan ::tls::md $test_file -bin -digest md5]
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Chan_Read-2.7 {md5 hex} -body {
	digest_read_chan ::tls::md $test_file -hex -digest md5
    } -result {962bf0803b4232ec23bd8427bb94ea09}

# Test MD command for write channel


test MD_Chan_Write-3.1 {md4} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -digest md4
    } -result {793399f792eca2752c6af3234ba70858}

test MD_Chan_Write-3.2 {md5} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -digest md5
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Chan_Write-3.3 {sha1} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -digest sha1
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_Chan_Write-3.4 {sha256} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -digest sha256
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_Chan_Write-3.5 {sha512} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -digest sha512
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

test MD_Chan_Write-3.6 {md5 bin} -body {
	binary encode hex [digest_write_chan ::tls::md $test_alt_file $test_data -bin -digest md5]
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Chan_Write-3.7 {md5 hex} -body {
	digest_write_chan ::tls::md $test_alt_file $test_data -hex -digest md5
    } -result {962bf0803b4232ec23bd8427bb94ea09}

# Test MD command for object command


test MD_Command-4.1 {md4} -body {
	digest_accumulate $test_data ::tls::md -digest md4
    } -result {793399f792eca2752c6af3234ba70858}

test MD_Command-4.2 {md5} -body {
	digest_accumulate $test_data ::tls::md -digest md5
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Command-4.3 {sha1} -body {
	digest_accumulate $test_data ::tls::md -digest sha1
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_Command-4.4 {sha256} -body {
	digest_accumulate $test_data ::tls::md -digest sha256
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_Command-4.5 {sha512} -body {
	digest_accumulate $test_data ::tls::md -digest sha512
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

test MD_Command-4.6 {md5 bin} -body {
	binary encode hex [digest_accumulate $test_data ::tls::md -digest md5 -bin]
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Command-4.7 {md5 hex} -body {
	digest_accumulate $test_data ::tls::md -digest md5 -hex
    } -result {962bf0803b4232ec23bd8427bb94ea09}

# Test MD command for data shortcut


test MD_Shortcut-5.1 {md4} -body {
	::tls::md md4 $test_data
    } -result {793399f792eca2752c6af3234ba70858}

test MD_Shortcut-5.2 {md5} -body {
	::tls::md md5 $test_data
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Shortcut-5.3 {sha1} -body {
	::tls::md sha1 $test_data
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_Shortcut-5.4 {sha256} -body {
	::tls::md sha256 $test_data
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_Shortcut-5.5 {sha512} -body {
	::tls::md sha512 $test_data
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

# Test MD command for data


test MD_Data-6.1 {md4} -body {
	::tls::md -digest md4 -data $test_data
    } -result {793399f792eca2752c6af3234ba70858}

test MD_Data-6.2 {md5} -body {
	::tls::md -digest md5 -data $test_data
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Data-6.3 {sha1} -body {
	::tls::md -digest sha1 -data $test_data
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_Data-6.4 {sha256} -body {
	::tls::md -digest sha256 -data $test_data
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_Data-6.5 {sha512} -body {
	::tls::md -digest sha512 -data $test_data
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

test MD_Data-6.6 {md5 bin} -body {
	binary encode hex [::tls::md -digest md5 -data $test_data -bin]
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_Data-6.7 {md5 hex} -body {
	::tls::md -digest md5 -data $test_data -hex
    } -result {962bf0803b4232ec23bd8427bb94ea09}

# Test MD command for file


test MD_File-7.1 {md4} -body {
	::tls::md -digest md4 -file $test_file
    } -result {793399f792eca2752c6af3234ba70858}

test MD_File-7.2 {md5} -body {
	::tls::md -digest md5 -file $test_file
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_File-7.3 {sha1} -body {
	::tls::md -digest sha1 -file $test_file
    } -result {4fe03b7f2568551dfafb98ca6004e65c4b71aa7d}

test MD_File-7.4 {sha256} -body {
	::tls::md -digest sha256 -file $test_file
    } -result {9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19}

test MD_File-7.5 {sha512} -body {
	::tls::md -digest sha512 -file $test_file
    } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}

test MD_File-7.6 {md5 bin} -body {
	binary encode hex [::tls::md -digest md5 -file $test_file -bin]
    } -result {962bf0803b4232ec23bd8427bb94ea09}

test MD_File-7.7 {md5 hex} -body {
	::tls::md -digest md5 -file $test_file -hex
    } -result {962bf0803b4232ec23bd8427bb94ea09}

# MD Error Cases


test MD_Errors-8.1 {Too few args} -body {
	::tls::md
    } -result {wrong # args: should be "::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MD_Errors-8.2 {Too many args} -body {
	::tls::md too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MD_Errors-8.3 {Invalid digest} -body {
	::tls::md bogus data
    } -result {Invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.4 {Invalid digest Arg} -body {
	::tls::md -digest bogus -data data
    } -result {Invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.5 {No digest} -body {
	::tls::md -hex -data value
    } -result {No digest specified} -returnCodes {1}

test MD_Errors-8.6 {Invalid option} -body {
	::tls::md -digest sha256 -bogus value
    } -result {bad option "-bogus": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac} -returnCodes {1}

test MD_Errors-8.7 {Invalid file} -body {
	::tls::md -digest sha256 -file bogus
    } -result {couldn't open "bogus": no such file or directory} -returnCodes {1}

test MD_Errors-8.8 {Invalid channel} -body {
	::tls::md -digest sha256 -channel bogus
    } -result {can not find channel named "bogus"} -returnCodes {1}

test MD_Errors-8.9 {No operation} -body {
	::tls::md -digest sha256 -bin
    } -result {No operation specified: Use -channel, -command, -data, or -file option} -returnCodes {1}


# Test CMAC command
set test_cipher "aes-128-cbc"
set test_key "Example key 1234"


test CMAC-9.1 {data} -body {
	::tls::cmac -cipher $test_cipher -key $test_key -data $test_data
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test CMAC-9.2 {file} -body {
	::tls::cmac -cipher $test_cipher -key $test_key -file $test_file
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test CMAC-9.3 {channel} -body {
	digest_read_chan ::tls::cmac $test_file -cipher $test_cipher -key $test_key
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test CMAC-9.4 {command} -body {
	digest_accumulate $test_data ::tls::cmac -cipher $test_cipher -key $test_key
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test CMAC-9.5 {data bin} -body {
	binary encode hex [::tls::cmac -bin -cipher $test_cipher -key $test_key -data $test_data]
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

# Test MD CMAC


test MD_CMAC-10.1 {data} -body {
	::tls::md -cipher $test_cipher -key $test_key -data $test_data
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MD_CMAC-10.2 {file} -body {
	::tls::md -cipher $test_cipher -key $test_key -file $test_file
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MD_CMAC-10.3 {channel} -body {
	digest_read_chan ::tls::md $test_file -cipher $test_cipher -key $test_key
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MD_CMAC-10.4 {command} -body {
	digest_accumulate $test_data ::tls::md -cipher $test_cipher -key $test_key
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MD_CMAC-10.5 {data bin} -body {
	binary encode hex [::tls::md -bin -cipher $test_cipher -key $test_key -data $test_data]
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

# Test CMAC Shortcut


test CMAC_Shortcut-11.1 {data} -body {
	::tls::cmac $test_cipher -key $test_key $test_data
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

# CMAC Error Cases


test CMAC_Errors-12.1 {Too few args} -body {
	::tls::cmac
    } -result {wrong # args: should be "::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test CMAC_Errors-12.2 {Too many args} -body {
	::tls::cmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test CMAC_Errors-12.3 {No cipher} -body {
	::tls::cmac -hex -data $test_data
    } -result {No cipher specified} -returnCodes {1}

test CMAC_Errors-12.4 {No key} -body {
	::tls::cmac -cipher $test_cipher -data $test_data
    } -result {No key specified} -returnCodes {1}

test CMAC_Errors-12.5 {Invalid cipher} -body {
	::tls::cmac -cipher bogus -data $test_data
    } -result {Invalid cipher "bogus"} -returnCodes {1}


# Test HMAC command
set test_digest md5
set test_key "Example key"


test HMAC-13.1 {data} -body {
	::tls::hmac -digest $test_digest -key $test_key -data $test_data
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test HMAC-13.2 {file} -body {
	::tls::hmac -digest $test_digest -key $test_key -file $test_file
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test HMAC-13.3 {channel} -body {
	digest_read_chan ::tls::hmac $test_file -digest $test_digest -key $test_key
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test HMAC-13.4 {command} -body {
	digest_accumulate $test_data ::tls::hmac -digest $test_digest -key $test_key
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test HMAC-13.5 {data bin} -body {
	binary encode hex [::tls::hmac -digest $test_digest -bin -key $test_key -data $test_data]
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

# Test MD HMAC


test MD_HMAC-14.1 {data} -body {
	::tls::md -digest $test_digest -key $test_key -data $test_data
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test MD_HMAC-14.2 {file} -body {
	::tls::md -digest $test_digest -key $test_key -file $test_file
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test MD_HMAC-14.3 {channel} -body {
	digest_read_chan ::tls::md $test_file -digest $test_digest -key $test_key
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test MD_HMAC-14.4 {command} -body {
	digest_accumulate $test_data ::tls::md -digest $test_digest -key $test_key
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

test MD_HMAC-14.5 {data bin} -body {
	binary encode hex [::tls::md -digest $test_digest -bin -key $test_key -data $test_data]
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

# Test HMAC Shortcut


test HMAC_Shortcut-15.1 {data} -body {
	::tls::hmac $test_digest -key $test_key $test_data
    } -result {f98327ef3e20ab6d388f676c6a79d93d}

# HMAC Error Cases


test HMAC_Errors-16.1 {Too few args} -body {
	::tls::hmac
    } -result {wrong # args: should be "::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test HMAC_Errors-16.2 {Too many args} -body {
	::tls::hmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test HMAC_Errors-16.3 {No digest} -body {
	::tls::hmac -hex -data $test_data
    } -result {No digest specified} -returnCodes {1}

test HMAC_Errors-16.4 {No key} -body {
	::tls::hmac -digest sha256 -data $test_data
    } -result {No key specified} -returnCodes {1}

test HMAC_Errors-16.5 {Invalid digest} -body {
	::tls::md -digest bogus -key $test_key -data $test_data
    } -result {Invalid digest "bogus"} -returnCodes {1}


# Test MAC command
set test_cipher "aes-128-cbc"
set test_digest sha256
set test_key "Example key 1234"


test MAC-17.1 {CMAC} -body {
	::tls::mac -cipher $test_cipher -key $test_key -mac cmac -data $test_data
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MAC-17.2 {HMAC} -body {
	::tls::mac -digest $test_digest -key $test_key -mac hmac -data $test_data
    } -result {676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96}

test MAC-17.3 {MD-CMAC} -body {
	::tls::md -cipher $test_cipher -key $test_key -mac cmac -data $test_data
    } -result {baf5c20f9973e2d606b14c7efdfe52fa}

test MAC-17.4 {MD-HMAC} -body {
	::tls::md -digest $test_digest -key $test_key -mac hmac -data $test_data
    } -result {676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96}

# MAC Error Cases


test MAC_Errors-18.1 {Too few args} -body {
	::tls::mac
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MAC_Errors-18.2 {No mac} -body {
	::tls::mac -key $test_key -data $test_data
    } -result {No MAC specified} -returnCodes {1}

test MAC_Errors-18.3 {No key} -body {
	::tls::mac -mac hmac -data $test_data
    } -result {No key specified} -returnCodes {1}

test MAC_Errors-18.4 {Invalid MAC} -body {
	::tls::mac -mac scrypt -key $test_key -data $test_data
    } -result {Invalid MAC "scrypt"} -returnCodes {1}

test MAC_Errors-18.5 {Too many args} -body {
	::tls::mac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}


# RFC 1321 Message Digest 5


test RFC1321-MD5-19.1 {TC1} -body {
	::tls::md -digest md5 -data ""
    } -result {d41d8cd98f00b204e9800998ecf8427e}

test RFC1321-MD5-19.2 {TC2} -body {
	::tls::md -digest md5 -data "a"
    } -result {0cc175b9c0f1b6a831c399e269772661}

test RFC1321-MD5-19.3 {TC3} -body {
	::tls::md -digest md5 -data "abc"
    } -result {900150983cd24fb0d6963f7d28e17f72}

test RFC1321-MD5-19.4 {TC4} -body {
	::tls::md -digest md5 -data "message digest"
    } -result {f96b697d7cb7938d525a2f31aaf161d0}

test RFC1321-MD5-19.5 {TC5} -body {
	::tls::md -digest md5 -data "abcdefghijklmnopqrstuvwxyz"
    } -result {c3fcd3d76192e4007dfb496cca67e13b}

test RFC1321-MD5-19.6 {TC6} -body {
	::tls::md -digest md5 -data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
    } -result {d174ab98d277d9f5a5611c2c9f419d9f}

test RFC1321-MD5-19.7 {TC7} -body {
	::tls::md -digest md5 -data [string repeat "1234567890" 8]
    } -result {57edf4a22be3c955ac49da2e2107b67a}

# RFC 6234 SHA1


test RFC6234-MD-SHA1-20.1 {TC1} -body {
	::tls::md -digest sha1 -data "abc"
    } -result {a9993e364706816aba3e25717850c26c9cd0d89d}

test RFC6234-MD-SHA1-20.2 {TC2_1} -body {
	::tls::md -digest sha1 -data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
    } -result {84983e441c3bd26ebaae4aa1f95129e5e54670f1}

test RFC6234-MD-SHA1-20.3 {TC3} -body {
	::tls::md -digest sha1 -data [string repeat "a" 1000000]
    } -result {34aa973cd4c4daa4f61eeb2bdbad27316534016f}

test RFC6234-MD-SHA1-20.4 {TC4} -body {
	::tls::md -digest sha1 -data [string repeat "01234567" 80]
    } -result {dea356a2cddd90c7a7ecedc5ebb563934f460452}

test RFC6234-MD-SHA1-20.5 {TC6} -body {
	::tls::md -digest sha1 -data "\x5e"
    } -result {5e6f80a34a9798cafc6a5db96cc57ba4c4db59c2}

test RFC6234-MD-SHA1-20.6 {TC8_1} -body {
	::tls::md -digest sha1 -data "\x9a\x7d\xfd\xf1\xec\xea\xd0\x6e\xd6\x46\xaa\x55\xfe\x75\x71\x46"
    } -result {82abff6605dbe1c17def12a394fa22a82b544a35}

test RFC6234-MD-SHA1-20.7 {TC10_1} -body {
	::tls::md -digest sha1 -data "\xf7\x8f\x92\x14\x1b\xcd\x17\x0a\xe8\x9b\x4f\xba\x15\xa1\xd5\x9f\x3f\xd8\x4d\x22\x3c\x92\x51\xbd\xac\xbb\xae\x61\xd0\x5e\xd1\x15\xa0\x6a\x7c\xe1\x17\xb7\xbe\xea\xd2\x44\x21\xde\xd9\xc3\x25\x92\xbd\x57\xed\xea\xe3\x9c\x39\xfa\x1f\xe8\x94\x6a\x84\xd0\xcf\x1f\x7b\xee\xad\x17\x13\xe2\xe0\x95\x98\x97\x34\x7f\x67\xc8\x0b\x04\x00\xc2\x09\x81\x5d\x6b\x10\xa6\x83\x83\x6f\xd5\x56\x2a\x56\xca\xb1\xa2\x8e\x81\xb6\x57\x66\x54\x63\x1c\xf1\x65\x66\xb8\x6e\x3b\x33\xa1\x08\xb0\x53\x07\xc0\x0a\xff\x14\xa7\x68\xed\x73\x50\x60\x6a\x0f\x85\xe6\xa9\x1d\x39\x6f\x5b\x5c\xbe\x57\x7f\x9b\x38\x80\x7c\x7d\x52\x3d\x6d\x79\x2f\x6e\xbc\x24\xa4\xec\xf2\xb3\xa4\x27\xcd\xbb\xfb"
    } -result {cb0082c8f197d260991ba6a460e76e202bad27b3}

# RFC 6234 SHA256


test RFC6234-MD-SHA256-21.1 {TC1} -body {
	::tls::md -digest sha256 -data "abc"
    } -result {ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad}

test RFC6234-MD-SHA256-21.2 {TC2_1} -body {
	::tls::md -digest sha256 -data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
    } -result {248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1}

test RFC6234-MD-SHA256-21.3 {TC3} -body {
	::tls::md -digest sha256 -data [string repeat "a" 1000000]
    } -result {cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0}

test RFC6234-MD-SHA256-21.4 {TC4} -body {
	::tls::md -digest sha256 -data [string repeat "01234567" 80]
    } -result {594847328451bdfa85056225462cc1d867d877fb388df0ce35f25ab5562bfbb5}

test RFC6234-MD-SHA256-21.5 {TC6} -body {
	::tls::md -digest sha256 -data "\x19"
    } -result {68aa2e2ee5dff96e3355e6c7ee373e3d6a4e17f75f9518d843709c0c9bc3e3d4}

test RFC6234-MD-SHA256-21.6 {TC8_256} -body {
	::tls::md -digest sha256 -data "\xe3\xd7\x25\x70\xdc\xdd\x78\x7c\xe3\x88\x7a\xb2\xcd\x68\x46\x52"
    } -result {175ee69b02ba9b58e2b0a5fd13819cea573f3940a94f825128cf4209beabb4e8}

test RFC6234-MD-SHA256-21.7 {TC10_256} -body {
	::tls::md -digest sha256 -data "\x83\x26\x75\x4e\x22\x77\x37\x2f\x4f\xc1\x2b\x20\x52\x7a\xfe\xf0\x4d\x8a\x05\x69\x71\xb1\x1a\xd5\x71\x23\xa7\xc1\x37\x76\x00\x00\xd7\xbe\xf6\xf3\xc1\xf7\xa9\x08\x3a\xa3\x9d\x81\x0d\xb3\x10\x77\x7d\xab\x8b\x1e\x7f\x02\xb8\x4a\x26\xc7\x73\x32\x5f\x8b\x23\x74\xde\x7a\x4b\x5a\x58\xcb\x5c\x5c\xf3\x5b\xce\xe6\xfb\x94\x6e\x5b\xd6\x94\xfa\x59\x3a\x8b\xeb\x3f\x9d\x65\x92\xec\xed\xaa\x66\xca\x82\xa2\x9d\x0c\x51\xbc\xf9\x33\x62\x30\xe5\xd7\x84\xe4\xc0\xa4\x3f\x8d\x79\xa3\x0a\x16\x5c\xba\xbe\x45\x2b\x77\x4b\x9c\x71\x09\xa9\x7d\x13\x8f\x12\x92\x28\x96\x6f\x6c\x0a\xdc\x10\x6a\xad\x5a\x9f\xdd\x30\x82\x57\x69\xb2\xc6\x71\xaf\x67\x59\xdf\x28\xeb\x39\x3d\x54\xd6"
    } -result {97dbca7df46d62c8a422c941dd7e835b8ad3361763f7e9b2d95f4f0da6e1ccbc}

# RFC 4231 HMAC Examples Test Case #1
set key [binary decode hex [string repeat "0b" 20]]
set data "Hi There"


test RFC4231_HMAC_TC1-22.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22}

test RFC4231_HMAC_TC1-22.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7}

test RFC4231_HMAC_TC1-22.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6}

test RFC4231_HMAC_TC1-22.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854}

# RFC 4231 HMAC Examples Test Case #2 - Test with a key shorter than the length of the HMAC output.
set key "Jefe"
set data "what do ya want for nothing?"


test RFC4231_HMAC_TC2-23.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44}

test RFC4231_HMAC_TC2-23.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843}

test RFC4231_HMAC_TC2-23.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649}

test RFC4231_HMAC_TC2-23.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737}

# RFC 4231 HMAC Examples Test Case #3 - Test with a combined length of key and data that is larger than 64 bytes (= block-size of SHA-224 and SHA-256).
set key [binary decode hex [string repeat "aa" 20]]
set data [binary decode hex [string repeat "dd" 50]]


test RFC4231_HMAC_TC3-24.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {7fb3cb3588c6c1f6ffa9694d7d6ad2649365b0c1f65d69d1ec8333ea}

test RFC4231_HMAC_TC3-24.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe}

test RFC4231_HMAC_TC3-24.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {88062608d3e6ad8a0aa2ace014c8a86f0aa635d947ac9febe83ef4e55966144b2a5ab39dc13814b94e3ab6e101a34f27}

test RFC4231_HMAC_TC3-24.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb}

# RFC 4231 HMAC Examples Test Case #4 - Test with a combined length of key and data that is larger than 64 bytes (= block-size of SHA-224 and SHA-256).
set key [binary decode hex "0102030405060708090a0b0c0d0e0f10111213141516171819"]
set data [binary decode hex [string repeat "cd" 50]]


test RFC4231_HMAC_TC4-25.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {6c11506874013cac6a2abc1bb382627cec6a90d86efc012de7afec5a}

test RFC4231_HMAC_TC4-25.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b}

test RFC4231_HMAC_TC4-25.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {3e8a69b7783c25851933ab6290af6ca77a9981480850009cc5577c6e1f573b4e6801dd23c4a7d679ccf8a386c674cffb}

test RFC4231_HMAC_TC4-25.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd}

# RFC 4231 HMAC Examples Test Case #5 - Test with a truncation of output to 128 bits.
set key [binary decode hex [string repeat "0c" 20]]
set data "Test With Truncation"


test RFC4231_HMAC_TC5-26.1 {sha224} -body {
	string range [::tls::hmac -digest sha224 -key $key -data $data] 0 31
    } -result {0e2aea68a90c8d37c988bcdb9fca6fa8}

test RFC4231_HMAC_TC5-26.2 {sha256} -body {
	string range [::tls::hmac -digest sha256 -key $key -data $data] 0 31
    } -result {a3b6167473100ee06e0c796c2955552b}

test RFC4231_HMAC_TC5-26.3 {sha384} -body {
	string range [::tls::hmac -digest sha384 -key $key -data $data] 0 31
    } -result {3abf34c3503b2a23a46efc619baef897}

test RFC4231_HMAC_TC5-26.4 {sha512} -body {
	string range [::tls::hmac -digest sha512 -key $key -data $data] 0 31
    } -result {415fad6271580a531d4179bc891d87a6}

# RFC 4231 HMAC Examples Test Case #6 - Test with a key larger than 128 bytes (= block-size of SHA-384 and SHA-512).
set key [binary decode hex [string repeat "aa" 131]]
set data "Test Using Larger Than Block-Size Key - Hash Key First"


test RFC4231_HMAC_TC6-27.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {95e9a0db962095adaebe9b2d6f0dbce2d499f112f2d2b7273fa6870e}

test RFC4231_HMAC_TC6-27.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54}

test RFC4231_HMAC_TC6-27.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {4ece084485813e9088d2c63a041bc5b44f9ef1012a2b588f3cd11f05033ac4c60c2ef6ab4030fe8296248df163f44952}

test RFC4231_HMAC_TC6-27.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598}

# RFC 4231 HMAC Examples Test Case #7 - Test with a key and data that is larger than 128 bytes (= block-size of SHA-384 and SHA-512).
set key [binary decode hex [string repeat "aa" 131]]
set data "This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm."


test RFC4231_HMAC_TC7-28.1 {sha224} -body {
	::tls::hmac -digest sha224 -key $key -data $data
    } -result {3a854166ac5d9f023f54d517d0b39dbd946770db9c2b95c9f6f565d1}

test RFC4231_HMAC_TC7-28.2 {sha256} -body {
	::tls::hmac -digest sha256 -key $key -data $data
    } -result {9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2}

test RFC4231_HMAC_TC7-28.3 {sha384} -body {
	::tls::hmac -digest sha384 -key $key -data $data
    } -result {6617178e941f020d351e2f254e8fd32c602420feb0b8fb9adccebb82461e99c5a678cc31e799176d3860e6110c46523e}

test RFC4231_HMAC_TC7-28.4 {sha512} -body {
	::tls::hmac -digest sha512 -key $key -data $data
    } -result {e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58}

# NIST 800-38b Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication
# AES-128
set key [binary decode hex "2b7e151628aed2a6abf7158809cf4f3c"]


test NIST800-38b-AES128-29.1 {len=0} -body {
	::tls::cmac -cipher aes-128-cbc -key $key -data ""
    } -result {bb1d6929e95937287fa37d129b756746}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172a"]

test NIST800-38b-AES128-29.2 {len=128} -body {
	::tls::cmac -cipher aes-128-cbc -key $key -data $data
    } -result {070a16b46b4d4144f79bdd9dd04a287c}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411"]

test NIST800-38b-AES128-29.3 {len=320} -body {
	::tls::cmac -cipher aes-128-cbc -key $key -data $data
    } -result {dfa66747de9ae63030ca32611497c827}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710"]

test NIST800-38b-AES128-29.4 {len=512} -body {
	::tls::cmac -cipher aes-128-cbc -key $key -data $data
    } -result {51f0bebf7e3b9d92fc49741779363cfe}

# AES-192
set key [binary decode hex "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"]


test NIST800-38b-AES-192-30.1 {len=0} -body {
	::tls::cmac -cipher aes-192-cbc -key $key -data ""
    } -result {d17ddf46adaacde531cac483de7a9367}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172a"]

test NIST800-38b-AES-192-30.2 {len=128} -body {
	::tls::cmac -cipher aes-192-cbc -key $key -data $data
    } -result {9e99a7bf31e710900662f65e617c5184}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411"]

test NIST800-38b-AES-192-30.3 {len=320} -body {
	::tls::cmac -cipher aes-192-cbc -key $key -data $data
    } -result {8a1de5be2eb31aad089a82e6ee908b0e}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710"]

test NIST800-38b-AES-192-30.4 {len=512} -body {
	::tls::cmac -cipher aes-192-cbc -key $key -data $data
    } -result {a1d5df0eed790f794d77589659f39a11}

# AES-256
set key [binary decode hex "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"]


test NIST800-38b-AES-256-31.1 {len=0} -body {
	::tls::cmac -cipher aes-256-cbc -key $key -data ""
    } -result {028962f61b7bf89efc6b551f4667d983}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172a"]

test NIST800-38b-AES-256-31.2 {len=128} -body {
	::tls::cmac -cipher aes-256-cbc -key $key -data $data
    } -result {28a7023f452e8f82bd4bf28d8c37c35c}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411"]

test NIST800-38b-AES-256-31.3 {len=320} -body {
	::tls::cmac -cipher aes-256-cbc -key $key -data $data
    } -result {aaf3d8f1de5640c232f5b169b9c911e6}
set data [binary decode hex "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710"]

test NIST800-38b-AES-256-31.4 {len=512} -body {
	::tls::cmac -cipher aes-256-cbc -key $key -data $data
    } -result {e1992190549f6ed5696a2c056c315410}

# Cleanup
::tcltest::removeFile $test_file
::tcltest::removeFile $test_alt_file

# Cleanup
::tcltest::cleanupTests
return

Added tests/encrypt.csv version [4af8c409bf].
















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,source common.tcl,,,,,,,,,
,,,,,,,,,,
command,# Helper functions - See common.tcl,,,,,,,,,
command,"proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat """";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat}",,,,,,,,,
command,proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat},,,,,,,,,
command,"proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat """";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]}",$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,,
command,proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]},,,,,,,,,
command,proc get_file_text {filename} {set ch [open $filename r];set data [read $ch];close $ch;return $data},,,,,,,,,
,,,,,,,,,,
command,"set test_data ""Example string for message digest tests.\n""",,,,,,,,,
command,"set unencrypted_file ""unencrypted_data.dat""",,,,,,,,,
command,"set encrypted_file ""encrypted_data.dat""",,,,,,,,,
command,"set alt_file ""result_data.dat""",,,,,,,,,
command,"set test_key ""Example key""",,,,,,,,,
command,"set test_iv ""Example iv""",,,,,,,,,
command,::tcltest::makeFile $test_data $unencrypted_file,,,,,,,,,
 ,,,,,,,,,,
command,# Test encrypt data,,,,,,,,,
command,set cipher aes-128-cbc,,,,,,,,,
command,"set hex_string ""3cea034398de64507abbc7bcf6acba55c7011100c9015c22b3c9c331d18479fed5e542ce02a3b89a0f750daf8e2a494e""",,,,,,,,,
Encrypt Decrypt Data,Encrypt aes-138-cbc,,,binary encode hex [set data [tls::encrypt -cipher $cipher -key $test_key -iv $test_iv -data $test_data]],,,$hex_string,,,
Encrypt Decrypt Data,Decrypt aes-128-cbc,,,tls::decrypt -cipher $cipher -key $test_key -iv $test_iv -data $data,,,$test_data,,,
 ,,,,,,,,,,
command,# Test encrypt file,,,,,,,,,
Encrypt Decrypt File,Encrypt aes-138-cbc,,,tls::encrypt -cipher $cipher -key $test_key -iv $test_iv -infile $unencrypted_file -outfile $encrypted_file;get_file_hex $encrypted_file,,,$hex_string,,,
Encrypt Decrypt File,Decrypt aes-128-cbc,,,tls::decrypt -cipher $cipher -key $test_key -iv $test_iv -infile $encrypted_file -outfile $alt_file;get_file_text $alt_file,,,$test_data,,,
 ,,,,,,,,,,
command,# Test encrypt using object command,,,,,,,,,
Encrypt Decrypt Command,Encrypt aes-138-cbc,,,accumulate $test_data tls::encrypt -cipher $cipher -key $test_key -iv $test_iv;binary encode hex $::dat,,,$hex_string,,,
Encrypt Decrypt Command,Decrypt aes-128-cbc,,,accumulate $::dat tls::decrypt -cipher $cipher -key $test_key -iv $test_iv;set ::dat,,,$test_data,,,
 ,,,,,,,,,,
command,# Test encrypt using read channel,,,,,,,,,
Encrypt Decrypt Channel Read,Encrypt aes-138-cbc,,,binary encode hex [read_chan $unencrypted_file tls::encrypt -cipher $cipher -key $test_key -iv $test_iv],,,$hex_string,,,
Encrypt Decrypt Channel Read,Decrypt aes-138-cbc,,,read_chan $encrypted_file tls::decrypt -cipher $cipher -key $test_key -iv $test_iv,,,$test_data,,,
 ,,,,,,,,,,
command,# Test encrypt using write channel,,,,,,,,,
Encrypt Decrypt Channel Write,Encrypt aes-138-cbc,,,binary encode hex [set data [write_chan $encrypted_file $test_data tls::encrypt -cipher $cipher -key $test_key -iv $test_iv]],,,$hex_string,,,
Encrypt Decrypt Channel Write,Decrypt aes-138-cbc,,,write_chan $alt_file $data tls::decrypt -cipher $cipher -key $test_key -iv $test_iv,,,$test_data,,,
,,,,,,,,,,
command,# Cleanup,,,,,,,,,
command,::tcltest::removeFile $unencrypted_file,,,,,,,,,
command,::tcltest::removeFile $encrypted_file,,,,,,,,,
command,::tcltest::removeFile $alt_file,,,,,,,,,

Added tests/encrypt.test version [ce8002626b].




































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated test cases for encrypt.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# Constraints
source common.tcl

# Helper functions - See common.tcl
proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat "";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat}
proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat}
proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat "";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]}
proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]}
proc get_file_text {filename} {set ch [open $filename r];set data [read $ch];close $ch;return $data}

set test_data "Example string for message digest tests.\n"
set unencrypted_file "unencrypted_data.dat"
set encrypted_file "encrypted_data.dat"
set alt_file "result_data.dat"
set test_key "Example key"
set test_iv "Example iv"
::tcltest::makeFile $test_data $unencrypted_file

# Test encrypt data
set cipher aes-128-cbc
set hex_string "3cea034398de64507abbc7bcf6acba55c7011100c9015c22b3c9c331d18479fed5e542ce02a3b89a0f750daf8e2a494e"


test Encrypt_Decrypt_Data-1.1 {Encrypt aes-138-cbc} -body {
	binary encode hex [set data [tls::encrypt -cipher $cipher -key $test_key -iv $test_iv -data $test_data]]
    } -result $hex_string

test Encrypt_Decrypt_Data-1.2 {Decrypt aes-128-cbc} -body {
	tls::decrypt -cipher $cipher -key $test_key -iv $test_iv -data $data
    } -result $test_data

# Test encrypt file


test Encrypt_Decrypt_File-2.1 {Encrypt aes-138-cbc} -body {
	tls::encrypt -cipher $cipher -key $test_key -iv $test_iv -infile $unencrypted_file -outfile $encrypted_file
	get_file_hex $encrypted_file
    } -result $hex_string

test Encrypt_Decrypt_File-2.2 {Decrypt aes-128-cbc} -body {
	tls::decrypt -cipher $cipher -key $test_key -iv $test_iv -infile $encrypted_file -outfile $alt_file
	get_file_text $alt_file
    } -result $test_data

# Test encrypt using object command


test Encrypt_Decrypt_Command-3.1 {Encrypt aes-138-cbc} -body {
	accumulate $test_data tls::encrypt -cipher $cipher -key $test_key -iv $test_iv
	binary encode hex $::dat
    } -result $hex_string

test Encrypt_Decrypt_Command-3.2 {Decrypt aes-128-cbc} -body {
	accumulate $::dat tls::decrypt -cipher $cipher -key $test_key -iv $test_iv
	set ::dat
    } -result $test_data

# Test encrypt using read channel


test Encrypt_Decrypt_Channel_Read-4.1 {Encrypt aes-138-cbc} -body {
	binary encode hex [read_chan $unencrypted_file tls::encrypt -cipher $cipher -key $test_key -iv $test_iv]
    } -result $hex_string

test Encrypt_Decrypt_Channel_Read-4.2 {Decrypt aes-138-cbc} -body {
	read_chan $encrypted_file tls::decrypt -cipher $cipher -key $test_key -iv $test_iv
    } -result $test_data

# Test encrypt using write channel


test Encrypt_Decrypt_Channel_Write-5.1 {Encrypt aes-138-cbc} -body {
	binary encode hex [set data [write_chan $encrypted_file $test_data tls::encrypt -cipher $cipher -key $test_key -iv $test_iv]]
    } -result $hex_string

test Encrypt_Decrypt_Channel_Write-5.2 {Decrypt aes-138-cbc} -body {
	write_chan $alt_file $data tls::decrypt -cipher $cipher -key $test_key -iv $test_iv
    } -result $test_data

# Cleanup
::tcltest::removeFile $unencrypted_file
::tcltest::removeFile $encrypted_file
::tcltest::removeFile $alt_file

# Cleanup
::tcltest::cleanupTests
return

Added tests/info.csv version [a605570f7c].
























































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
,,,,,,,,,,
command,# Make sure path includes location of OpenSSL executable,,,,,,,,,
command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)]}",,,,,,,,,
,,,,,,,,,,
command,# Constraints,,,,,,,,,
command,source common.tcl,,,,,,,,,
,,,,,,,,,,
command,# Helper functions,,,,,,,,,
command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,,
command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,,
command,"proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data ""\n""] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}",,,,,,,,,
command,"proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data ""\n""] {foreach digest $line {if {[string match ""-*"" $digest]} {lappend list [string trimleft $digest ""-""]}}};return [lsort $list]}",,,,,,,,,
command,"proc exec_get_pkeys {} {set list [list];set data [exec openssl list -public-key-methods];foreach line [split $data ""\n""] {if {![string match ""*Type:*"" $line]} {lappend list [string trim $line]}};return $list}",,,,,,,,,
command,proc exec_get_macs {} {return [list cmac hmac]},,,,,,,,,
command,proc list_tolower {list} {set result [list];foreach element $list {lappend result [string tolower $element]};return $result},,,,,,,,,
,,,,,,,,,,
command,# Test list ciphers,,,,,,,,,
Ciphers List,All,,,lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]],,,missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm},,,
,,,,,,,,,,
command,# Test list ciphers for protocols,,,,,,,,,
Ciphers By Protocol,SSL2,ssl2,,"lcompare [exec_get "":"" ciphers -ssl2] [::tls::ciphers ssl2]",,,missing {} unexpected {},,,
Ciphers By Protocol,SSL3,ssl3,,"lcompare [exec_get "":"" ciphers -ssl3] [::tls::ciphers ssl3]",,,missing {} unexpected {},,,
Ciphers By Protocol,TLS1.0,tls1,,"lcompare [exec_get "":"" ciphers -tls1] [::tls::ciphers tls1]",,,missing {} unexpected {},,,
Ciphers By Protocol,TLS1.1,tls1.1,,"lcompare [exec_get "":"" ciphers -tls1_1] [::tls::ciphers tls1.1]",,,missing {} unexpected {},,,
Ciphers By Protocol,TLS1.2,tls1.2,,"lcompare [exec_get "":"" ciphers -tls1_2] [::tls::ciphers tls1.2]",,,missing {} unexpected {},,,
Ciphers By Protocol,TLS1.3,tls1.3,,"lcompare [exec_get "":"" ciphers -tls1_3] [::tls::ciphers tls1.3]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test cipher descriptions,,,,,,,,,
Ciphers With Descriptions,SSL2,ssl2,,"lcompare [exec_get ""\r\n"" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]",,,missing {} unexpected {},,,
Ciphers With Descriptions,SSL3,ssl3,,"lcompare [exec_get ""\r\n"" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]",,,missing {} unexpected {},,,
Ciphers With Descriptions,TLS1.0,tls1,,"lcompare [exec_get ""\r\n"" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]",,,missing {} unexpected {},,,
Ciphers With Descriptions,TLS1.1,tls1.1,,"lcompare [exec_get ""\r\n"" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]",,,missing {} unexpected {},,,
Ciphers With Descriptions,TLS1.2,tls1.2,,"lcompare [exec_get ""\r\n"" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]",,,missing {} unexpected {},,,
Ciphers With Descriptions,TLS1.3,tls1.3,,"lcompare [exec_get ""\r\n"" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test protocol specific ciphers,,,,,,,,,
Ciphers Protocol Specific,SSL2,ssl2,,"lcompare [exec_get "":"" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]",,,missing {} unexpected {},,,
Ciphers Protocol Specific,SSL3,ssl3,,"lcompare [exec_get "":"" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]",,,missing {} unexpected {},,,
Ciphers Protocol Specific,TLS1.0,tls1,,"lcompare [exec_get "":"" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]",,,missing {} unexpected {},,,
Ciphers Protocol Specific,TLS1.1,tls1.1,,"lcompare [exec_get "":"" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]",,,missing {} unexpected {},,,
Ciphers Protocol Specific,TLS1.2,tls1.2,,"lcompare [exec_get "":"" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]",,,missing {} unexpected {},,,
Ciphers Protocol Specific,TLS1.3,tls1.3,,"lcompare [exec_get "":"" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]",,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Ciphers Error Cases,,,,,,,,,
Ciphers Errors,Too many args,,,::tls::ciphers too many args to pass,,,"wrong # args: should be ""::tls::ciphers ?protocol? ?verbose? ?supported?""",,,1
Ciphers Errors,Invalid protocol,,,::tls::ciphers bogus,,,"bad protocol ""bogus"": must be ssl2, ssl3, tls1, tls1.1, tls1.2, or tls1.3",,,1
Ciphers Errors,Invalid verbose,,,::tls::ciphers tls1.3 bogus,,,"expected boolean value but got ""bogus""",,,1
Ciphers Errors,Invalid supported,,,::tls::ciphers tls1.3 1 bogus,,,"expected boolean value but got ""bogus""",,,1
Ciphers Errors,SSL2,!ssl2,,::tls::ciphers ssl2,,,ssl2: protocol not supported,,,1
Ciphers Errors,SSL3,!ssl3,,::tls::ciphers ssl3,,,ssl3: protocol not supported,,,1
Ciphers Errors,TLS1.0,!tls1,,::tls::ciphers tls1,,,tls1: protocol not supported,,,1
Ciphers Errors,TLS1.1,!tls1.1,,::tls::ciphers tls1.1,,,tls1.0: protocol not supported,,,1
Ciphers Errors,TLS1.2,!tls1.2,,::tls::ciphers tls1.2,,,tls1.1: protocol not supported,,,1
Ciphers Errors,TLS1.3,!tls1.3,,::tls::ciphers tls1.3,,,tls1.3: protocol not supported,,,1
,,,,,,,,,,
command,# Test Cipher Info,,,,,,,,,
Cipher Info,AES-256-CCM,,,tls::cipher aes-256-ccm,,,nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0},,,
,,,,,,,,,,
command,# Test list digests,,,,,,,,,
Digests List,All,,,lcompare [lsort [exec_get_digests]] [lsort [tls::digests]],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test Digest Info,,,,,,,,,
Digest Info,md5,,,tls::digests md5,,,name MD5 description {} size 16 block_size 64 provider {} type md5 pkey_type md5WithRSAEncryption flags {One-shot 0 XOF 0 DigestAlgorithmId_NULL 0 DigestAlgorithmId_Abscent 0 DigestAlgorithmId_Custom 0 FIPS 0},,,
,,,,,,,,,,
command,# Test list MACs,,,,,,,,,
MAC List,All,,,lcompare [exec_get_macs] [tls::macs],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test list Pkeys,,,,,,,,,
Pkey List,All,,,lcompare [exec_get_pkeys] [tls::pkeys],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test list protocols,,,,,,,,,
Protocols,All,,,lcompare $::protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,,
,,,,,,,,,,
command,# Test show version,,,,,,,,,
Version,All,,,::tls::version,,glob,*,,,
Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,,
,,,,,,,,,,
command,# Error Cases,,,,,,,,,
Error Cases,Cipher Too few args,,,::tls::cipher,,,"wrong # args: should be ""::tls::cipher ?name?""",,,1
Error Cases,Cipher Too many args,,,::tls::cipher too many args,,,"wrong # args: should be ""::tls::cipher ?name?""",,,1
Error Cases,Digests Too many args,,,::tls::digests too many args,,,"wrong # args: should be ""::tls::digests ?name?""",,,1
Error Cases,MACs Too many args,,,::tls::macs too many args,,,"wrong # args: should be ""::tls::macs ?name?""",,,1
Error Cases,Pkeys Too many args,,,::tls::pkeys too many args,,,"wrong # args: should be ""::tls::pkeys ?name?""",,,1
Error Cases,Protocols Too many args,,,::tls::protocols too many args,,,"wrong # args: should be ""::tls::protocols""",,,1
Error Cases,Version Too many args,,,::tls::version too many args,,,"wrong # args: should be ""::tls::version""",,,1

Added tests/info.test version [421d0bdeb4].






















































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated test cases for info.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# Make sure path includes location of OpenSSL executable
if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)]}

# Constraints
source common.tcl

# Helper functions
proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]}
proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]}
proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data "\n"] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}
proc exec_get_digests {} {set list [list];set data [exec openssl dgst -list];foreach line [split $data "\n"] {foreach digest $line {if {[string match "-*" $digest]} {lappend list [string trimleft $digest "-"]}}};return [lsort $list]}
proc exec_get_pkeys {} {set list [list];set data [exec openssl list -public-key-methods];foreach line [split $data "\n"] {if {![string match "*Type:*" $line]} {lappend list [string trim $line]}};return $list}
proc exec_get_macs {} {return [list cmac hmac]}
proc list_tolower {list} {set result [list];foreach element $list {lappend result [string tolower $element]};return $result}

# Test list ciphers


test Ciphers_List-1.1 {All} -body {
	lcompare [lsort [exec_get_ciphers]] [list_tolower [lsort [::tls::ciphers]]]
    } -result {missing {rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb} unexpected {aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcm}}

# Test list ciphers for protocols


test Ciphers_By_Protocol-2.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get ":" ciphers -ssl2] [::tls::ciphers ssl2]
    } -result {missing {} unexpected {}}

test Ciphers_By_Protocol-2.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get ":" ciphers -ssl3] [::tls::ciphers ssl3]
    } -result {missing {} unexpected {}}

test Ciphers_By_Protocol-2.3 {TLS1.0} -constraints {tls1} -body {
	lcompare [exec_get ":" ciphers -tls1] [::tls::ciphers tls1]
    } -result {missing {} unexpected {}}

test Ciphers_By_Protocol-2.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get ":" ciphers -tls1_1] [::tls::ciphers tls1.1]
    } -result {missing {} unexpected {}}

test Ciphers_By_Protocol-2.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get ":" ciphers -tls1_2] [::tls::ciphers tls1.2]
    } -result {missing {} unexpected {}}

test Ciphers_By_Protocol-2.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get ":" ciphers -tls1_3] [::tls::ciphers tls1.3]
    } -result {missing {} unexpected {}}

# Test cipher descriptions


test Ciphers_With_Descriptions-3.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get "\r\n" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]
    } -result {missing {} unexpected {}}

test Ciphers_With_Descriptions-3.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get "\r\n" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]
    } -result {missing {} unexpected {}}

test Ciphers_With_Descriptions-3.3 {TLS1.0} -constraints {tls1} -body {
	lcompare [exec_get "\r\n" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]
    } -result {missing {} unexpected {}}

test Ciphers_With_Descriptions-3.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]
    } -result {missing {} unexpected {}}

test Ciphers_With_Descriptions-3.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]
    } -result {missing {} unexpected {}}

test Ciphers_With_Descriptions-3.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get "\r\n" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]
    } -result {missing {} unexpected {}}

# Test protocol specific ciphers


test Ciphers_Protocol_Specific-4.1 {SSL2} -constraints {ssl2} -body {
	lcompare [exec_get ":" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]
    } -result {missing {} unexpected {}}

test Ciphers_Protocol_Specific-4.2 {SSL3} -constraints {ssl3} -body {
	lcompare [exec_get ":" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]
    } -result {missing {} unexpected {}}

test Ciphers_Protocol_Specific-4.3 {TLS1.0} -constraints {tls1} -body {
	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
    } -result {missing {} unexpected {}}

test Ciphers_Protocol_Specific-4.4 {TLS1.1} -constraints {tls1.1} -body {
	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
    } -result {missing {} unexpected {}}

test Ciphers_Protocol_Specific-4.5 {TLS1.2} -constraints {tls1.2} -body {
	lcompare [exec_get ":" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]
    } -result {missing {} unexpected {}}

test Ciphers_Protocol_Specific-4.6 {TLS1.3} -constraints {tls1.3} -body {
	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
    } -result {missing {} unexpected {}}

# Ciphers Error Cases


test Ciphers_Errors-5.1 {Too many args} -body {
	::tls::ciphers too many args to pass
    } -result {wrong # args: should be "::tls::ciphers ?protocol? ?verbose? ?supported?"} -returnCodes {1}

test Ciphers_Errors-5.2 {Invalid protocol} -body {
	::tls::ciphers bogus
    } -result {bad protocol "bogus": must be ssl2, ssl3, tls1, tls1.1, tls1.2, or tls1.3} -returnCodes {1}

test Ciphers_Errors-5.3 {Invalid verbose} -body {
	::tls::ciphers tls1.3 bogus
    } -result {expected boolean value but got "bogus"} -returnCodes {1}

test Ciphers_Errors-5.4 {Invalid supported} -body {
	::tls::ciphers tls1.3 1 bogus
    } -result {expected boolean value but got "bogus"} -returnCodes {1}

test Ciphers_Errors-5.5 {SSL2} -constraints {!ssl2} -body {
	::tls::ciphers ssl2
    } -result {ssl2: protocol not supported} -returnCodes {1}

test Ciphers_Errors-5.6 {SSL3} -constraints {!ssl3} -body {
	::tls::ciphers ssl3
    } -result {ssl3: protocol not supported} -returnCodes {1}

test Ciphers_Errors-5.7 {TLS1.0} -constraints {!tls1} -body {
	::tls::ciphers tls1
    } -result {tls1: protocol not supported} -returnCodes {1}

test Ciphers_Errors-5.8 {TLS1.1} -constraints {!tls1.1} -body {
	::tls::ciphers tls1.1
    } -result {tls1.0: protocol not supported} -returnCodes {1}

test Ciphers_Errors-5.9 {TLS1.2} -constraints {!tls1.2} -body {
	::tls::ciphers tls1.2
    } -result {tls1.1: protocol not supported} -returnCodes {1}

test Ciphers_Errors-5.10 {TLS1.3} -constraints {!tls1.3} -body {
	::tls::ciphers tls1.3
    } -result {tls1.3: protocol not supported} -returnCodes {1}

# Test Cipher Info


test Cipher_Info-6.1 {AES-256-CCM} -body {
	tls::cipher aes-256-ccm
    } -result {nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0}}

# Test list digests


test Digests_List-7.1 {All} -body {
	lcompare [lsort [exec_get_digests]] [lsort [tls::digests]]
    } -result {missing {} unexpected {}}

# Test Digest Info


test Digest_Info-8.1 {md5} -body {
	tls::digests md5
    } -result {name MD5 description {} size 16 block_size 64 provider {} type md5 pkey_type md5WithRSAEncryption flags {One-shot 0 XOF 0 DigestAlgorithmId_NULL 0 DigestAlgorithmId_Abscent 0 DigestAlgorithmId_Custom 0 FIPS 0}}

# Test list MACs


test MAC_List-9.1 {All} -body {
	lcompare [exec_get_macs] [tls::macs]
    } -result {missing {} unexpected {}}

# Test list Pkeys


test Pkey_List-10.1 {All} -body {
	lcompare [exec_get_pkeys] [tls::pkeys]
    } -result {missing {} unexpected {}}

# Test list protocols


test Protocols-11.1 {All} -body {
	lcompare $::protocols [::tls::protocols]
    } -result {missing {ssl2 ssl3} unexpected {}}

# Test show version


test Version-12.1 {All} -body {
	::tls::version
    } -match {glob} -result {*}

test Version-12.2 {OpenSSL} -constraints {OpenSSL} -body {
	::tls::version
    } -match {glob} -result {OpenSSL*}

# Error Cases


test Error_Cases-13.1 {Cipher Too few args} -body {
	::tls::cipher
    } -result {wrong # args: should be "::tls::cipher ?name?"} -returnCodes {1}

test Error_Cases-13.2 {Cipher Too many args} -body {
	::tls::cipher too many args
    } -result {wrong # args: should be "::tls::cipher ?name?"} -returnCodes {1}

test Error_Cases-13.3 {Digests Too many args} -body {
	::tls::digests too many args
    } -result {wrong # args: should be "::tls::digests ?name?"} -returnCodes {1}

test Error_Cases-13.4 {MACs Too many args} -body {
	::tls::macs too many args
    } -result {wrong # args: should be "::tls::macs ?name?"} -returnCodes {1}

test Error_Cases-13.5 {Pkeys Too many args} -body {
	::tls::pkeys too many args
    } -result {wrong # args: should be "::tls::pkeys ?name?"} -returnCodes {1}

test Error_Cases-13.6 {Protocols Too many args} -body {
	::tls::protocols too many args
    } -result {wrong # args: should be "::tls::protocols"} -returnCodes {1}

test Error_Cases-13.7 {Version Too many args} -body {
	::tls::version too many args
    } -result {wrong # args: should be "::tls::version"} -returnCodes {1}

# Cleanup
::tcltest::cleanupTests
return

Modified tests/make_test_files.tcl from [c31b96320d] to [e265399d3c].

70
71
72
73
74
75
76

77




78
79
80
81
82
83
84
85
86
87
88
89
90

91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

106
107
108
109
110
111
112
70
71
72
73
74
75
76
77

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117







+
-
+
+
+
+












-
+















+







		if {$group ne $prev} {
		    incr test
		    set prev $group
		    puts $out ""
		}

		# Test case
		if {[string index $name 0] ne {$}} {
		set buffer [format "\ntest %s-%d.%d {%s}" $group $test [incr cases($group)] $name]
		    set buffer [format "\ntest %s-%d.%d {%s}" $group $test [incr cases($group)] $name]
		} else {
		    set buffer [format "\ntest %s-%d.%d %s" $group $test [incr cases($group)] $name]
		}
		foreach opt [list -constraints -setup -body -cleanup -match -result -output -errorOutput -returnCodes] {
		    set cmd [string trim [set [string trimleft $opt "-"]]]
		    if {$cmd ne ""} {
			if {$opt in [list -setup -body -cleanup]} {
			    append buffer " " $opt " \{\n"
			    foreach line [split $cmd ";"] {
				append buffer \t [string trim $line] \n
			    }
			    append buffer "    \}"
			} elseif {$opt in [list -output -errorOutput]} {
			    append buffer " " $opt " {" $cmd \n "}"
			} elseif {$opt in [list -result]} {
			    if {[string index $cmd 0] in [list \[ \" \{]} {
			    if {[string index $cmd 0] in [list \[ \" \{ \$]} {
				append buffer " " $opt " " $cmd
			    } elseif {[string match {*[\\$]*} $cmd]} {
				append buffer " " $opt " \"" [string map [list \\\\\" \\\"] [string map [list \" \\\" ] $cmd]] "\""
			    } else {
				append buffer " " $opt " {" $cmd "}"
			    }
			} else {
			    append buffer " " $opt " {" $cmd "}"
			}
		    }
		}
		puts $out $buffer

	    } else {
		# Empty line
		puts $out ""
	    }
	    break
	}
    }

    # Output clean-up commands
    puts $out "\n# Cleanup\n::tcltest::cleanupTests\nreturn"

Added tests/test_vectors/Hash/BLAKE2b512.test version [e51ad010d4].























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "BLAKE2b512.txt"
package require tls
package require tcltest

tcltest::testConstraint BLAKE2b512 [expr {[lsearch -nocase [tls::digests] BLAKE2b512] > -1}]

tcltest::test Hash_BLAKE2b512-1.1 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data ""} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce

tcltest::test Hash_BLAKE2b512-1.2 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "a"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c

tcltest::test Hash_BLAKE2b512-1.3 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "abc"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923

tcltest::test Hash_BLAKE2b512-1.4 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a

tcltest::test Hash_BLAKE2b512-1.5 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c

tcltest::test Hash_BLAKE2b512-1.6 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50

tcltest::test Hash_BLAKE2b512-1.7 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282

tcltest::test Hash_BLAKE2b512-1.8 {BLAKE2b512} \
	-constraints BLAKE2b512 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest BLAKE2b512 -data $data} \
	-match exact -result a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918

Added tests/test_vectors/Hash/BLAKE2b512.txt version [d3c92f5aad].











































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# blake2b512
# From https://github.com/BLAKE2/BLAKE2/tree/master/testvectors

[L = 64]

Len = 0
Msg = ""
MD = 786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce

Len = 1
Msg = "a"
#Msg = 61
MD = 333fcb4ee1aa7c115355ec66ceac917c8bfd815bf7587d325aec1864edd24e34d5abe2c6b1b5ee3face62fed78dbef802f2a85cb91d455a8f5249d330853cb3c

Len = 3
Msg = "abc"
#Msg = 616263
MD = ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923

Len = 14
Msg = "message digest"
#Msg = 6d65737361676520646967657374
MD = 3c26ce487b1c0f062363afa3c675ebdbf5f4ef9bdc022cfbef91e3111cdc283840d8331fc30a8a0906cff4bcdbcd230c61aaec60fdfad457ed96b709a382359a

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
#Msg = 6162636465666768696a6b6c6d6e6f707172737475767778797a
MD = c68ede143e416eb7b4aaae0d8e48e55dd529eafed10b1df1a61416953a2b0a5666c761e7d412e6709e31ffe221b7a7a73908cb95a4d120b8b090a87d1fbedb4c

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
#Msg = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
MD = 99964802e5c25e703722905d3fb80046b6bca698ca9e2cc7e49b4fe1fa087c2edf0312dfbb275cf250a1e542fd5dc2edd313f9c491127c2e8c0c9b24168e2d50

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
#Msg = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
MD = 686f41ec5afff6e87e1f076f542aa466466ff5fbde162c48481ba48a748d842799f5b30f5b67fc684771b33b994206d05cc310f31914edd7b97e41860d77d282

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918

Added tests/test_vectors/Hash/BLAKE2s256.test version [b2908e18aa].























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "BLAKE2s256.txt"
package require tls
package require tcltest

tcltest::testConstraint BLAKE2s256 [expr {[lsearch -nocase [tls::digests] BLAKE2s256] > -1}]

tcltest::test Hash_BLAKE2s256-1.1 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data ""} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9

tcltest::test Hash_BLAKE2s256-1.2 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "a"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90

tcltest::test Hash_BLAKE2s256-1.3 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "abc"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982

tcltest::test Hash_BLAKE2s256-1.4 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c

tcltest::test Hash_BLAKE2s256-1.5 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12

tcltest::test Hash_BLAKE2s256-1.6 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b

tcltest::test Hash_BLAKE2s256-1.7 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66

tcltest::test Hash_BLAKE2s256-1.8 {BLAKE2s256} \
	-constraints BLAKE2s256 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest BLAKE2s256 -data $data} \
	-match exact -result 606beeec743ccbeff6cbcdf5d5302aa855c256c29b88c8ed331ea1a6bf3c8812

Added tests/test_vectors/Hash/BLAKE2s256.txt version [e3f8f87e87].











































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# blake2s256
# From https://github.com/BLAKE2/BLAKE2/tree/master/testvectors

[L = 32]

Len = 0
Msg = ""
MD = 69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9

Len = 1
Msg = "a"
#Msg = 61
MD = 4a0d129873403037c2cd9b9048203687f6233fb6738956e0349bd4320fec3e90

Len = 3
Msg = "abc"
#Msg = 616263
MD = 508c5e8c327c14e2e1a72ba34eeb452f37458b209ed63a294d999b4c86675982

Len = 14
Msg = "message digest"
#Msg = 6d65737361676520646967657374
MD = fa10ab775acf89b7d3c8a6e823d586f6b67bdbac4ce207fe145b7d3ac25cd28c

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
#Msg = 6162636465666768696a6b6c6d6e6f707172737475767778797a
MD = bdf88eb1f86a0cdf0e840ba88fa118508369df186c7355b4b16cf79fa2710a12

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
#Msg = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
MD = c75439ea17e1de6fa4510c335dc3d3f343e6f9e1ce2773e25b4174f1df8b119b

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
#Msg = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
MD = fdaedb290a0d5af9870864fec2e090200989dc9cd53a3c092129e8535e8b4f66

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 606beeec743ccbeff6cbcdf5d5302aa855c256c29b88c8ed331ea1a6bf3c8812

Added tests/test_vectors/Hash/MD2.test version [69a254de42].

















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "MD2.txt"
package require tls
package require tcltest

tcltest::testConstraint MD2 [expr {[lsearch -nocase [tls::digests] MD2] > -1}]

tcltest::test Hash_MD2-1.1 {MD2} \
	-constraints MD2 \
	-setup {set data ""} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result 8350e5a3e24c153df2275c9f80692773

tcltest::test Hash_MD2-1.2 {MD2} \
	-constraints MD2 \
	-setup {set data "a"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result 32ec01ec4a6dac72c0ab96fb34c0b5d1

tcltest::test Hash_MD2-1.3 {MD2} \
	-constraints MD2 \
	-setup {set data "abc"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result da853b0d3f88d99b30283a69e6ded6bb

tcltest::test Hash_MD2-1.4 {MD2} \
	-constraints MD2 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result ab4f496bfb2a530b219ff33031fe06b0

tcltest::test Hash_MD2-1.5 {MD2} \
	-constraints MD2 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result 4e8ddff3650292ab5a4108c3aa47940b

tcltest::test Hash_MD2-1.6 {MD2} \
	-constraints MD2 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result da33def2a42df13975352846c30338cd

tcltest::test Hash_MD2-1.7 {MD2} \
	-constraints MD2 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest MD2 -data $data} \
	-match exact -result d5976f79d83d3a0dc9806c3c66f3efd8

Added tests/test_vectors/Hash/MD2.txt version [72dbd4087b].































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# MD2
# From RFC 1319

Len = 0
Msg = ""
MD = 8350e5a3e24c153df2275c9f80692773

Len = 1
Msg = "a"
MD = 32ec01ec4a6dac72c0ab96fb34c0b5d1

Len = 3
Msg = "abc"
MD = da853b0d3f88d99b30283a69e6ded6bb

Len = 14
Msg = "message digest"
MD = ab4f496bfb2a530b219ff33031fe06b0

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
MD = 4e8ddff3650292ab5a4108c3aa47940b

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
MD = da33def2a42df13975352846c30338cd

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
MD = d5976f79d83d3a0dc9806c3c66f3efd8

Added tests/test_vectors/Hash/MD4.test version [bbe3b07974].























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "MD4.txt"
package require tls
package require tcltest

tcltest::testConstraint MD4 [expr {[lsearch -nocase [tls::digests] MD4] > -1}]

tcltest::test Hash_MD4-1.1 {MD4} \
	-constraints MD4 \
	-setup {set data ""} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result 31d6cfe0d16ae931b73c59d7e0c089c0

tcltest::test Hash_MD4-1.2 {MD4} \
	-constraints MD4 \
	-setup {set data "a"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result bde52cb31de33e46245e05fbdbd6fb24

tcltest::test Hash_MD4-1.3 {MD4} \
	-constraints MD4 \
	-setup {set data "abc"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result a448017aaf21d8525fc10ae87aa6729d

tcltest::test Hash_MD4-1.4 {MD4} \
	-constraints MD4 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result d9130a8164549fe818874806e1c7014b

tcltest::test Hash_MD4-1.5 {MD4} \
	-constraints MD4 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result d79e1c308aa5bbcdeea8ed63df412da9

tcltest::test Hash_MD4-1.6 {MD4} \
	-constraints MD4 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result 043f8582f241db351ce627e153e7f0e4

tcltest::test Hash_MD4-1.7 {MD4} \
	-constraints MD4 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result e33b4ddc9c38f2199c3e7b164fcc0536

tcltest::test Hash_MD4-1.8 {MD4} \
	-constraints MD4 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest MD4 -data $data} \
	-match exact -result 1bee69a46ba811185c194762abaeae90

Added tests/test_vectors/Hash/MD4.txt version [e0a9e8ce64].



































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# MD4
# From RFC 1320

Len = 0
Msg = ""
MD = 31d6cfe0d16ae931b73c59d7e0c089c0

Len = 1
Msg = "a"
MD = bde52cb31de33e46245e05fbdbd6fb24

Len = 3
Msg = "abc"
MD = a448017aaf21d8525fc10ae87aa6729d

Len = 14
Msg = "message digest"
MD = d9130a8164549fe818874806e1c7014b

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
MD = d79e1c308aa5bbcdeea8ed63df412da9

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
MD = 043f8582f241db351ce627e153e7f0e4

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
MD = e33b4ddc9c38f2199c3e7b164fcc0536

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 1bee69a46ba811185c194762abaeae90

Added tests/test_vectors/Hash/MD5.test version [7e03aeea77].























































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "MD5.txt"
package require tls
package require tcltest

tcltest::testConstraint MD5 [expr {[lsearch -nocase [tls::digests] MD5] > -1}]

tcltest::test Hash_MD5-1.1 {MD5} \
	-constraints MD5 \
	-setup {set data ""} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result d41d8cd98f00b204e9800998ecf8427e

tcltest::test Hash_MD5-1.2 {MD5} \
	-constraints MD5 \
	-setup {set data "a"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result 0cc175b9c0f1b6a831c399e269772661

tcltest::test Hash_MD5-1.3 {MD5} \
	-constraints MD5 \
	-setup {set data "abc"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result 900150983cd24fb0d6963f7d28e17f72

tcltest::test Hash_MD5-1.4 {MD5} \
	-constraints MD5 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result f96b697d7cb7938d525a2f31aaf161d0

tcltest::test Hash_MD5-1.5 {MD5} \
	-constraints MD5 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result c3fcd3d76192e4007dfb496cca67e13b

tcltest::test Hash_MD5-1.6 {MD5} \
	-constraints MD5 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result d174ab98d277d9f5a5611c2c9f419d9f

tcltest::test Hash_MD5-1.7 {MD5} \
	-constraints MD5 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result 57edf4a22be3c955ac49da2e2107b67a

tcltest::test Hash_MD5-1.8 {MD5} \
	-constraints MD5 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest MD5 -data $data} \
	-match exact -result 9e107d9d372bb6826bd81d3542a419d6

Added tests/test_vectors/Hash/MD5.txt version [1f89db3968].









































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# MD5
# From RFC 1321

Len = 0
Msg = ""
MD = d41d8cd98f00b204e9800998ecf8427e

Len = 1
Msg = "a"
#Msg = 61
MD = 0cc175b9c0f1b6a831c399e269772661

Len = 3
Msg = "abc"
#Msg = 616263
MD = 900150983cd24fb0d6963f7d28e17f72

Len = 14
Msg = "message digest"
#Msg = 6d65737361676520646967657374
MD = f96b697d7cb7938d525a2f31aaf161d0

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
#Msg = 6162636465666768696a6b6c6d6e6f707172737475767778797a
MD = c3fcd3d76192e4007dfb496cca67e13b

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
#Msg = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
MD = d174ab98d277d9f5a5611c2c9f419d9f

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
#3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
MD = 57edf4a22be3c955ac49da2e2107b67a

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 9e107d9d372bb6826bd81d3542a419d6

Added tests/test_vectors/Hash/MDC2.test version [2b09e83d60].



















1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "MDC2.txt"
package require tls
package require tcltest

tcltest::testConstraint MDC2 [expr {[lsearch -nocase [tls::digests] MDC2] > -1}]

tcltest::test Hash_MDC2-1.1 {MDC2} \
	-constraints MDC2 \
	-setup {set data ""} \
	-body {tls::digest -digest MDC2 -data $data} \
	-match exact -result 52525252525252522525252525252525

tcltest::test Hash_MDC2-1.2 {MDC2} \
	-constraints MDC2 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest MDC2 -data $data} \
	-match exact -result 000ed54e093d61679aefbeae05bfe33a

Added tests/test_vectors/Hash/MDC2.txt version [c90b9728d3].











1
2
3
4
5
6
7
8
9
10
+
+
+
+
+
+
+
+
+
+
# MDC2
# From https://en.wikipedia.org/wiki/MDC-2

Len = 0
Msg = ""
MD = 52525252525252522525252525252525

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 000ed54e093d61679aefbeae05bfe33a

Added tests/test_vectors/Hash/RIPEMD128.test version [b7f236100f].



































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "RIPEMD128.txt"
package require tls
package require tcltest

tcltest::testConstraint RIPEMD128 [expr {[lsearch -nocase [tls::digests] RIPEMD128] > -1}]

tcltest::test Hash_RIPEMD128-1.1 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data ""} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result cdf26213a150dc3ecb610f18f6b38b46

tcltest::test Hash_RIPEMD128-1.2 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "a"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result 86be7afa339d0fc7cfc785e72f578d33

tcltest::test Hash_RIPEMD128-1.3 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "abc"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result c14a12199c66e4ba84636b0f69144c77

tcltest::test Hash_RIPEMD128-1.4 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result 9e327b3d6e523062afc1132d7df9d1b8

tcltest::test Hash_RIPEMD128-1.5 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result fd2aa607f71dc8f510714922b371834e

tcltest::test Hash_RIPEMD128-1.6 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result a1aa0689d0fafa2ddc22e88b49133a06

tcltest::test Hash_RIPEMD128-1.7 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result d1e959eb179c911faea4624c60c5c702

tcltest::test Hash_RIPEMD128-1.8 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data [string repeat "1234567890" 8]} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result 3f45ef194732c2dbb2c4a2c769795fa3

tcltest::test Hash_RIPEMD128-1.9 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result 4a7f5723f954eba1216c9d8f6320431f

tcltest::test Hash_RIPEMD128-1.10 {RIPEMD128} \
	-constraints RIPEMD128 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest RIPEMD128 -data $data} \
	-match exact -result 3fa9b57f053c053fbe2735b2380db596

Added tests/test_vectors/Hash/RIPEMD128.txt version [8200be1de0].














































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# RIPEMD128
# From https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
# and https://en.wikipedia.org/wiki/RIPEMD

Len = 0
Msg = ""
MD = cdf26213a150dc3ecb610f18f6b38b46

Len = 1
Msg = "a"
MD = 86be7afa339d0fc7cfc785e72f578d33

Len = 3
Msg = "abc"
MD = c14a12199c66e4ba84636b0f69144c77

Len = 14
Msg = "message digest"
MD = 9e327b3d6e523062afc1132d7df9d1b8

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
MD = fd2aa607f71dc8f510714922b371834e

Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
MD = a1aa0689d0fafa2ddc22e88b49133a06

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
MD = d1e959eb179c911faea4624c60c5c702

Len = 80
Repeat = 8
Msg = "1234567890"
MD = 3f45ef194732c2dbb2c4a2c769795fa3

Len = 1000000
Repeat = 1000000
Msg = "a"
MD = 4a7f5723f954eba1216c9d8f6320431f

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 3fa9b57f053c053fbe2735b2380db596

Added tests/test_vectors/Hash/RIPEMD160.test version [9f30df5486].



































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "RIPEMD160.txt"
package require tls
package require tcltest

tcltest::testConstraint RIPEMD160 [expr {[lsearch -nocase [tls::digests] RIPEMD160] > -1}]

tcltest::test Hash_RIPEMD160-1.1 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data ""} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 9c1185a5c5e9fc54612808977ee8f548b2258d31

tcltest::test Hash_RIPEMD160-1.2 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "a"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe

tcltest::test Hash_RIPEMD160-1.3 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "abc"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc

tcltest::test Hash_RIPEMD160-1.4 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 5d0689ef49d2fae572b881b123a85ffa21595f36

tcltest::test Hash_RIPEMD160-1.5 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result f71c27109c692c1b56bbdceb5b9d2865b3708dbc

tcltest::test Hash_RIPEMD160-1.6 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 12a053384a9c0c88e405a06c27dcf49ada62eb2b

tcltest::test Hash_RIPEMD160-1.7 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result b0e20b6e3116640286ed3a87a5713079b21f5189

tcltest::test Hash_RIPEMD160-1.8 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "12345678901234567890123456789012345678901234567890123456789012345678901234567890"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 9b752e45573d4b39f4dbd3323cab82bf63326bfb

tcltest::test Hash_RIPEMD160-1.9 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 52783243c1697bdbe16d37f97f68f08325dc1528

tcltest::test Hash_RIPEMD160-1.10 {RIPEMD160} \
	-constraints RIPEMD160 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest RIPEMD160 -data $data} \
	-match exact -result 37f332f68db77bd9d7edd4969571ad671cf9dd3b

Added tests/test_vectors/Hash/RIPEMD160.txt version [822adc817c].




















































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# RIPEMD160
# From https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
# and https://en.wikipedia.org/wiki/RIPEMD

Len = 0
Msg = ""
MD = 9c1185a5c5e9fc54612808977ee8f548b2258d31

Len = 1
Msg = "a"
#Msg = 61
MD = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe

Len = 3
Msg = "abc"
#Msg = 616263
MD = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc

Len = 14
Msg = "message digest"
#Msg = 6d65737361676520646967657374
MD = 5d0689ef49d2fae572b881b123a85ffa21595f36

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
#Msg = 6162636465666768696a6b6c6d6e6f707172737475767778797a
MD = f71c27109c692c1b56bbdceb5b9d2865b3708dbc

Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
#Msg = 6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071
MD = 12a053384a9c0c88e405a06c27dcf49ada62eb2b

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
#Msg = 4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839
MD = b0e20b6e3116640286ed3a87a5713079b21f5189

Len = 80
Msg = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930
MD = 9b752e45573d4b39f4dbd3323cab82bf63326bfb

Len = 1000000
Repeat = 1000000
Msg = "a"
MD = 52783243c1697bdbe16d37f97f68f08325dc1528

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 37f332f68db77bd9d7edd4969571ad671cf9dd3b

Added tests/test_vectors/Hash/RIPEMD256.test version [6b86e3a23b].



































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "RIPEMD256.txt"
package require tls
package require tcltest

tcltest::testConstraint RIPEMD256 [expr {[lsearch -nocase [tls::digests] RIPEMD256] > -1}]

tcltest::test Hash_RIPEMD256-1.1 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data ""} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 02ba4c4e5f8ecd1877fc52d64d30e37a2d9774fb1e5d026380ae0168e3c5522d

tcltest::test Hash_RIPEMD256-1.2 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "a"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result f9333e45d857f5d90a91bab70a1eba0cfb1be4b0783c9acfcd883a9134692925

tcltest::test Hash_RIPEMD256-1.3 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "abc"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result afbd6e228b9d8cbbcef5ca2d03e6dba10ac0bc7dcbe4680e1e42d2e975459b65

tcltest::test Hash_RIPEMD256-1.4 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 87e971759a1ce47a514d5c914c392c9018c7c46bc14465554afcdf54a5070c0e

tcltest::test Hash_RIPEMD256-1.5 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 649d3034751ea216776bf9a18acc81bc7896118a5197968782dd1fd97d8d5133

tcltest::test Hash_RIPEMD256-1.6 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 3843045583aac6c8c8d9128573e7a9809afb2a0f34ccc36ea9e72f16f6368e3f

tcltest::test Hash_RIPEMD256-1.7 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 5740a408ac16b720b84424ae931cbb1fe363d1d0bf4017f1a89f7ea6de77a0b8

tcltest::test Hash_RIPEMD256-1.8 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data [string repeat "1234567890" 8]} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result 06fdcc7a409548aaf91368c06a6275b553e3f099bf0ea4edfd6778df89a890dd

tcltest::test Hash_RIPEMD256-1.9 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result ac953744e10e31514c150d4d8d7b677342e33399788296e43ae4850ce4f97978

tcltest::test Hash_RIPEMD256-1.10 {RIPEMD256} \
	-constraints RIPEMD256 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest RIPEMD256 -data $data} \
	-match exact -result c3b0c2f764ac6d576a6c430fb61a6f2255b4fa833e094b1ba8c1e29b6353036f

Added tests/test_vectors/Hash/RIPEMD256.txt version [df8dae9590].














































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# RIPEMD256
# From https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
# and https://en.wikipedia.org/wiki/RIPEMD

Len = 0
Msg = ""
MD = 02ba4c4e5f8ecd1877fc52d64d30e37a2d9774fb1e5d026380ae0168e3c5522d

Len = 1
Msg = "a"
MD = f9333e45d857f5d90a91bab70a1eba0cfb1be4b0783c9acfcd883a9134692925

Len = 3
Msg = "abc"
MD = afbd6e228b9d8cbbcef5ca2d03e6dba10ac0bc7dcbe4680e1e42d2e975459b65

Len = 14
Msg = "message digest"
MD = 87e971759a1ce47a514d5c914c392c9018c7c46bc14465554afcdf54a5070c0e

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
MD = 649d3034751ea216776bf9a18acc81bc7896118a5197968782dd1fd97d8d5133

Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
MD = 3843045583aac6c8c8d9128573e7a9809afb2a0f34ccc36ea9e72f16f6368e3f

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
MD = 5740a408ac16b720b84424ae931cbb1fe363d1d0bf4017f1a89f7ea6de77a0b8

Len = 80
Repeat = 8
Msg = "1234567890"
MD = 06fdcc7a409548aaf91368c06a6275b553e3f099bf0ea4edfd6778df89a890dd

Len = 1000000
Repeat = 1000000
Msg = "a"
MD = ac953744e10e31514c150d4d8d7b677342e33399788296e43ae4850ce4f97978

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = c3b0c2f764ac6d576a6c430fb61a6f2255b4fa833e094b1ba8c1e29b6353036f

Added tests/test_vectors/Hash/RIPEMD320.test version [eb35578938].



































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "RIPEMD320.txt"
package require tls
package require tcltest

tcltest::testConstraint RIPEMD320 [expr {[lsearch -nocase [tls::digests] RIPEMD320] > -1}]

tcltest::test Hash_RIPEMD320-1.1 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data ""} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result 22d65d5661536cdc75c1fdf5c6de7b41b9f27325ebc61e8557177d705a0ec880151c3a32a00899b8

tcltest::test Hash_RIPEMD320-1.2 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "a"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result ce78850638f92658a5a585097579926dda667a5716562cfcf6fbe77f63542f99b04705d6970dff5d

tcltest::test Hash_RIPEMD320-1.3 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "abc"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result de4c01b3054f8930a79d09ae738e92301e5a17085beffdc1b8d116713e74f82fa942d64cdbc4682d

tcltest::test Hash_RIPEMD320-1.4 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "message digest"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result 3a8e28502ed45d422f68844f9dd316e7b98533fa3f2a91d29f84d425c88d6b4eff727df66a7c0197

tcltest::test Hash_RIPEMD320-1.5 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "abcdefghijklmnopqrstuvwxyz"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result cabdb1810b92470a2093aa6bce05952c28348cf43ff60841975166bb40ed234004b8824463e6b009

tcltest::test Hash_RIPEMD320-1.6 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result d034a7950cf722021ba4b84df769a5de2060e259df4c9bb4a4268c0e935bbc7470a969c9d072a1ac

tcltest::test Hash_RIPEMD320-1.7 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result ed544940c86d67f250d232c30b7b3e5770e0c60c8cb9a4cafe3b11388af9920e1b99230b843c86a4

tcltest::test Hash_RIPEMD320-1.8 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data [string repeat "1234567890" 8]} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result 557888af5f6d8ed62ab66945c6d2a0a47ecd5341e915eb8fea1d0524955f825dc717e4a008ab2d42

tcltest::test Hash_RIPEMD320-1.9 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result bdee37f4371e20646b8b0d862dda16292ae36f40965e8c8509e63d1dbddecc503e2b63eb9245bb66

tcltest::test Hash_RIPEMD320-1.10 {RIPEMD320} \
	-constraints RIPEMD320 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest RIPEMD320 -data $data} \
	-match exact -result e7660e67549435c62141e51c9ab1dcc3b1ee9f65c0b3e561ae8f58c5dba3d21997781cd1cc6fbc34

Added tests/test_vectors/Hash/RIPEMD320.txt version [c4941d7c67].














































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# RIPEMD320
# From https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
# and https://en.wikipedia.org/wiki/RIPEMD

Len = 0
Msg = ""
MD = 22d65d5661536cdc75c1fdf5c6de7b41b9f27325ebc61e8557177d705a0ec880151c3a32a00899b8

Len = 1
Msg = "a"
MD = ce78850638f92658a5a585097579926dda667a5716562cfcf6fbe77f63542f99b04705d6970dff5d

Len = 3
Msg = "abc"
MD = de4c01b3054f8930a79d09ae738e92301e5a17085beffdc1b8d116713e74f82fa942d64cdbc4682d

Len = 14
Msg = "message digest"
MD = 3a8e28502ed45d422f68844f9dd316e7b98533fa3f2a91d29f84d425c88d6b4eff727df66a7c0197

Len = 26
Msg = "abcdefghijklmnopqrstuvwxyz"
MD = cabdb1810b92470a2093aa6bce05952c28348cf43ff60841975166bb40ed234004b8824463e6b009

Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
MD = d034a7950cf722021ba4b84df769a5de2060e259df4c9bb4a4268c0e935bbc7470a969c9d072a1ac

Len = 62
Msg = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
MD = ed544940c86d67f250d232c30b7b3e5770e0c60c8cb9a4cafe3b11388af9920e1b99230b843c86a4

Len = 80
Repeat = 8
Msg = "1234567890"
MD = 557888af5f6d8ed62ab66945c6d2a0a47ecd5341e915eb8fea1d0524955f825dc717e4a008ab2d42

Len = 1000000
Repeat = 1000000
Msg = "a"
MD = bdee37f4371e20646b8b0d862dda16292ae36f40965e8c8509e63d1dbddecc503e2b63eb9245bb66

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = e7660e67549435c62141e51c9ab1dcc3b1ee9f65c0b3e561ae8f58c5dba3d21997781cd1cc6fbc34

Added tests/test_vectors/Hash/Readme.txt version [6c4218a069].


















1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
There are two sets of SHA example files:

1. The response (.rsp) files contain properly formatted CAVS response files.

2. The intermediate value (*Monte.txt) files for the Monte Carlo tests contain
   values for the inner loop as shown in the pseudocode in Figure 1 on page 9
   of the SHA Validation System.  The inner loop variable 'i' ranges in value
   from 3 to 1002.  The intermediate values for the first five iterations of
   the inner loop therefore correspond to 'i' values of 3 to 7. The message (M)
   and the message digest (MDi) for each of these i are printed out, indented
   by one tab space.  The final message digest (MD), not indented, is the last
   value printed for each count.

   
The SHA Validation System document can be found at:

http://csrc.nist.gov/groups/STM/cavp/documents/shs/SHAVS.pdf.

Added tests/test_vectors/Hash/SHA1.test version [c46752a378].



























































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# Auto generated from "SHA1.txt"
package require tls
package require tcltest

tcltest::testConstraint SHA1 [expr {[lsearch -nocase [tls::digests] SHA1] > -1}]

tcltest::test Hash_SHA1-1.1 {SHA1} \
	-constraints SHA1 \
	-setup {set data ""} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result da39a3ee5e6b4b0d3255bfef95601890afd80709

tcltest::test Hash_SHA1-1.2 {SHA1} \
	-constraints SHA1 \
	-setup {set data "abc"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result a9993e364706816aba3e25717850c26c9cd0d89d

tcltest::test Hash_SHA1-1.3 {SHA1} \
	-constraints SHA1 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 84983e441c3bd26ebaae4aa1f95129e5e54670f1

tcltest::test Hash_SHA1-1.4 {SHA1} \
	-constraints SHA1 \
	-setup {set data "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result a49b2446a02c645bf419f995b67091253a04a259

tcltest::test Hash_SHA1-1.5 {SHA1} \
	-constraints SHA1 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 34aa973cd4c4daa4f61eeb2bdbad27316534016f

tcltest::test Hash_SHA1-1.6 {SHA1} \
	-constraints SHA1 \
	-setup {set data [string repeat "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno" 16777216]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 7789f0c9ef7bfc40d93311143dfbe69e2017f592

tcltest::test Hash_SHA1-1.7 {SHA1} \
	-constraints SHA1 \
	-setup {set data "The quick brown fox jumps over the lazy dog"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

tcltest::test Hash_SHA1-1.8 {SHA1} \
	-constraints SHA1 \
	-setup {set data "abc"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result a9993e364706816aba3e25717850c26c9cd0d89d

tcltest::test Hash_SHA1-1.9 {SHA1} \
	-constraints SHA1 \
	-setup {set data "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 84983e441c3bd26ebaae4aa1f95129e5e54670f1

tcltest::test Hash_SHA1-1.10 {SHA1} \
	-constraints SHA1 \
	-setup {set data [string repeat "a" 1000000]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 34aa973cd4c4daa4f61eeb2bdbad27316534016f

tcltest::test Hash_SHA1-1.11 {SHA1} \
	-constraints SHA1 \
	-setup {set data [string repeat "0123456701234567012345670123456701234567012345670123456701234567" 10]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result dea356a2cddd90c7a7ecedc5ebb563934f460452

tcltest::test Hash_SHA1-1.12 {SHA1} \
	-constraints SHA1 \
	-setup {set data [binary decode hex 5e]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 5e6f80a34a9798cafc6a5db96cc57ba4c4db59c2

tcltest::test Hash_SHA1-1.13 {SHA1} \
	-constraints SHA1 \
	-setup {set data [binary decode hex 9a7dfdf1ecead06ed646aa55fe757146]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result 82abff6605dbe1c17def12a394fa22a82b544a35

tcltest::test Hash_SHA1-1.14 {SHA1} \
	-constraints SHA1 \
	-setup {set data [binary decode hex f78f92141bcd170ae89b4fba15a1d59f3fd84d223c9251bdacbbae61d05ed115a06a7ce117b7beead24421ded9c32592bd57edeae39c39fa1fe8946a84d0cf1f7beead1713e2e0959897347f67c80b0400c209815d6b10a683836fd5562a56cab1a28e81b6576654631cf16566b86e3b33a108b05307c00aff14a768ed7350606a0f85e6a91d396f5b5cbe577f9b38807c7d523d6d792f6ebc24a4ecf2b3a427cdbbfb]} \
	-body {tls::digest -digest SHA1 -data $data} \
	-match exact -result cb0082c8f197d260991ba6a460e76e202bad27b3

Added tests/test_vectors/Hash/SHA1.txt version [f781b82247].









































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# SHA1
# From https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
# and RFC 6234 SHA and SHA-based HMAC and HKDF

[L = 20]

Len = 0
Msg = ""
MD = da39a3ee5e6b4b0d3255bfef95601890afd80709

Len = 3
Msg = "abc"
MD = a9993e364706816aba3e25717850c26c9cd0d89d

Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
MD = 84983e441c3bd26ebaae4aa1f95129e5e54670f1

Len = 112
Msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
MD = a49b2446a02c645bf419f995b67091253a04a259

Len = 1000000
Repeat = 1000000
Msg = "a"
MD = 34aa973cd4c4daa4f61eeb2bdbad27316534016f

Len = 1073741824
Repeat = 16777216
Msg = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"
MD = 7789f0c9ef7bfc40d93311143dfbe69e2017f592

Len = 43
Msg = "The quick brown fox jumps over the lazy dog"
MD = 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

# RFC 6234 Test Case 1
Len = 3
Msg = "abc"
MD = a9993e364706816aba3e25717850c26c9cd0d89d

# RFC 6234 Test Case 2
Len = 56
Msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
MD = 84983e441c3bd26ebaae4aa1f95129e5e54670f1

# RFC 6234 Test Case 3
Len = 1000000
Repeat = 1000000
Msg = "a"
MD = 34aa973cd4c4daa4f61eeb2bdbad27316534016f

# RFC 6234 Test Case 4
Len = 640
Repeat = 10
Msg = "0123456701234567012345670123456701234567012345670123456701234567"
MD = dea356a2cddd90c7a7ecedc5ebb563934f460452

# RFC 6234 Test Case 6
Len = 1
Msg = 5e
MD = 5e6f80a34a9798cafc6a5db96cc57ba4c4db59c2

# RFC 6234 Test Case 8
Len = 16
Msg = 9a7dfdf1ecead06ed646aa55fe757146
MD = 82abff6605dbe1c17def12a394fa22a82b544a35

# RFC 6234 Test Case 10
Len = 163
Msg = f78f92141bcd170ae89b4fba15a1d59f3fd84d223c9251bdacbbae61d05ed115a06a7ce117b7beead24421ded9c32592bd57edeae39c39fa1fe8946a84d0cf1f7beead1713e2e0959897347f67c80b0400c209815d6b10a683836fd5562a56cab1a28e81b6576654631cf16566b86e3b33a108b05307c00aff14a768ed7350606a0f85e6a91d396f5b5cbe577f9b38807c7d523d6d792f6ebc24a4ecf2b3a427cdbbfb
MD = cb0082c8f197d260991ba6a460e76e202bad27b3

Added tests/test_vectors/Hash/SHA1LongMsg.rsp version [dbdb8addfb].








































































































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#  CAVS 11.0
#  "SHA-1 LongMsg" information 
#  SHA tests are configured for BYTE oriented implementations
#  Generated on Tue Mar 15 08:23:35 2011

[L = 20]

Len = 1304
Msg = 7c9c67323a1df1adbfe5ceb415eaef0155ece2820f4d50c1ec22cba4928ac656c83fe585db6a78ce40bc42757aba7e5a3f582428d6ca68d0c3978336a6efb729613e8d9979016204bfd921322fdd5222183554447de5e6e9bbe6edf76d7b71e18dc2e8d6dc89b7398364f652fafc734329aafa3dcd45d4f31e388e4fafd7fc6495f37ca5cbab7f54d586463da4bfeaa3bae09f7b8e9239d832b4f0a733aa609cc1f8d4
MD = d8fd6a91ef3b6ced05b98358a99107c1fac8c807

Len = 2096
Msg = 6cb70d19c096200f9249d2dbc04299b0085eb068257560be3a307dbd741a3378ebfa03fcca610883b07f7fea563a866571822472dade8a0bec4b98202d47a344312976a7bcb3964427eacb5b0525db22066599b81be41e5adaf157d925fac04b06eb6e01deb753babf33be16162b214e8db017212fafa512cdc8c0d0a15c10f632e8f4f47792c64d3f026004d173df50cf0aa7976066a79a8d78deeeec951dab7cc90f68d16f786671feba0b7d269d92941c4f02f432aa5ce2aab6194dcc6fd3ae36c8433274ef6b1bd0d314636be47ba38d1948343a38bf9406523a0b2a8cd78ed6266ee3c9b5c60620b308cc6b3a73c6060d5268a7d82b6a33b93a6fd6fe1de55231d12c97
MD = 4a75a406f4de5f9e1132069d66717fc424376388

Len = 2888
Msg = 6487972d88d0dd390d8d09d134860f263f88df7a3412457adf510dcf164e6cf041679b3a19fcc542af6a236ab03d66b2e8a155d1061ab7859f75732775fff682f8f4d5e50d3ab3770f4f66cb138155b4715d245b8069948ea016a45b7ef0fdde93188c57eef4717f3425181de5b9a5d4e0a2963f2a67a340eb1ae994b98a48ab19b90ab74391c50426d28287ac4f1eb93f5af1a68c7dae40876b8afaaf35a19293c1952e957978abee40ec32f2aa880c956c7eb72f117b397cefcfb4e75ace3b081776e46b13521e93559d453e32ab74ebc0859b9a8dd4d1d39000ebe95f984d80a3f5004dc91a051dfbdfe9194f4f9a483e4e7955577fb0933464c63eaec771044d59abc3029a079519f8460a693b25b4ce207ae9d9447fc4c5446e6dad234e9afdec0c562798cd0297318399e838be385845c6dd79ede66e2ae80afec6738d4d9bf44c8d9eddff6c5cd2c94e340e0ddac40384b9a1408c9a4b98c37a6081d5220fba92f1d03144db
MD = a135e32581bb06289b8c83f040e9421ec79bbe01

Len = 3680
Msg = bd74e7f607cd7d905e90175d67650a6dc2f8a4e2d4ab1249ca88812bda7984deccbbb6a1ba90a0e91434ddf5e6137ba85e39a598890a7f635d335242fce0e9e037303b6c51e54aec06614ad5ccce06d9599c80016530d7fbb1da6eb548084b2b05babd7d553642443efda726a1fd71a8bc087c44f285e2bccf661ead475a72673e4386fc4eea5197c4f13c0feb0a85bc8e67e28ab872684bbebdaa527f3c253debb2dc12c2693f8e9e2651b9345c0abed7a0fafa3e5d305386c95acb7a172e5413ef08e73b1bd4d0d6832e4c035bc8559f9b0cbd0caf037a30707641c0545356bee151a24068d70674ef1befe16f872aef4060faaad1a968c39c45dbd7595de8f472016b5ab812d77e545fca55000ee5ce773edaa129eac6473410c2499013b4be895f6c0f734becfe994306e776262d4528ed8577218e3cc5201f1d9e5f3f62230eb2caea014becfba60fcb1f3997aa5b3bb622b7205c714348ba155c30a79a2cea43b070cada807e630b4086b129051898e1d9e68d1d0ecc9429d20d6a1403e0035a442b37bf508eb87e8ea347a3e68427b6d48ed299ba65ecb37b38754f4547423eaea2aec403338db2dcfe61cff4a8d17c383656981e1838a23866b91d09698f39175d98af4175caed53
MD = b22b87ea30f4050913f8f0241fc2ae2c319f52e7

Len = 4472
Msg = a52638f0efb19bff5ec95fcde4ac9aabd95e14d2e5f84c551f43bc5376855e71519b6f877248739a20cd790b85baa00d5503da5cb056f02d4aacc760c91fe1fd6efb26def817e5a9c56616023bc9e2fe662765dae2c0b2edfcbe17db140da30c466de65c49c6f81496bbbd1acd81666455f23bb243dd987d7ea1362a20faac841f1a36692cfcb4c3dbf5f6bb058c36296b8be64e9b56adc5187cacb7b58c054f422a9e6d6a61229fdc3b494da98f5a33ed1bee14b2d2f6ad1177ffe99a6bb553f7c4a6d0cb9e498ee0b63f388235d86c26c9d96e50fa7d1eb3bcb9279940c47a8510d7fb175b3279318d5fe45823baba5dbe31c33c7649fe447061db78b33baa3637b854163fe34915e931b9f3040807d9217d7b3fed62370dbe806c006b21cd5061d24490f366e4d5f23e201a7ec83ae31b46fe2108d1af56cc9d42f9117eca1cb5ab344c1fc334b9cf0d7f9739043bc3d413b3aa6e9d5067c240c52b4c5b89e25ccd8a136a002008a9273f30dec3f2c1736c04a1c7ce0087c9f25d5ec5bff2ea7ec0b0ad7c278f0ca712c9ae150e472521d958d0bd6da9ff0939725924b2ed7b410a0ce2fe3f6b0bf25884d885ec223605e318fdf6803218a9a06ce5103c62ded035087a98519b4eb180d778d7656b3d4811aaf11a128317d1acb3ca3166395c51c90a3cf164071d0d132c54b3810a8211ec7774d2288447abe7afd030375a3bed4c7cf1b28097c02e98ea36bf49e74d89fbe74ec6cc1def5cd8c8beb5b8adc3cb48c56182ad337e3b9778e4a6c4
MD = d742931bc51d4d44ff938783be73dc7beccc980b

Len = 5264
Msg = 892af4c05368aa9242acedd87d0fc68de483ab59520aea621f264b65ea90f005952c8163903d86ee5bd6147d4691ac9b7c8260213f6e370b7539d384649e5143ba23711ad04bf7cc2f0d512054857933b0ea1d12f3c0fe888a4e96356653fde000f50d0f9afac5d4c73aebe92d54f5ff8aa12a54f5660584674edaa17917bb856f8b9d6776b2b7ad2a462b015b67e8a71190cf0ecdca15a5121fe8ef245255da10cd694decdb96006017599066251ad34d9f54690452f59395ab0848f06c9186eaa3b8e785dd2a747297bdbdd4f5532a47b7008c21686ff7f8d881d464cd383205f6d45dc8203bb267ac9eb12f415a5406be1c9fac73497941909dba08dd12856aac03d83e0d916147404694fe70f8fa929ef0cc2edb4cc07abaa2236405e62820af8e806d0af32a1b3afb8dcaeaf5c4f43dc4392e074075aa3ed93601ab7ec22fe5bd7cdf802bb5ea8206c41a1619593385e00e3461ed3fda048a1c6639a0fca038d7f51cd8ffa9bc00af62765e2b62575c8b74c8501ac711f3fdfc1b15157e7a8f2612aa7838af999c3d8f6629f58669ac0f93733c91b557f579ffa9a9a4efc5d1f0fc13ca9e6e8a3efa7273e03d6e705cb292bc8d18b0b4f1484d975b17f88ae87edadf34f88f96ce2c3424e9ccc17454bd992cac786031d0b00d6d953540d0bb18d5942010b9c6341cfc02ad6a287e7c78d249ff796ed578fa68b4bec5709f320515bcf5ac95215812f39494de4b94bc2a639eefe282a9d26d85f33d902fff358fc1de1b95caaf2255416207f2d1c1fc1c74b0e57d43b3c6538db27c5e26f9acfc0183fa9301787b2f0df46c6c630a24972e0947105afd3df2a779e2f6fc947f95ff32fa6de28549e67fd32c15a8791ce1b8307e646e8f1d94fcd1d7225ad997a2e07383ed14dd76c3c186b0b54915cc
MD = 20a3a677c117c61ed3bb19e2ac77f69987896d0b

Len = 6056
Msg = a5045d24d07578ca31987db3d2e25e12ea38bb1da7a8bd642a574261d4ba3a50c009504190f1ce6b6d8abac3498845cd67b567b21e9fc394da8dd01e63b83a5f62b886d8213df6d392ffacf793f8111a70d07856a999ff5ff6bcb6138933045393f9461209bfb8aba8e1997837988aa00c713830d1fe3a6e88cb3d6acd935ed55bb4d716d2e1de9bb817ca6dbdd278084380ed691d363c6897a2aa48b741118dc3d1820d030a2e4ac88987ffae0da2f91de5e02816a9cdf62c2948d7d0a3e522d2398f1f25a17261e31f185690b0d11ca388599642bfb5c04e485e3f9f22a13d91d24673bf1070870ec1c499ee25cd19dc529fdb2be1bb6d05e733a8ad270f850685ee3259bef1655357d4f14dd35e97d129fc1e5975a9a559ee10398018f5a33b3bd1837c13bca3b9c9908537224c3e88f7b68753e5451253453d1aa25e1c3e38da358fae779be848ff407e337a5eb70ba21640a197585afad402749b624cff034b637e7a5254dc09e12c03ca435daa6213646ecbf5a9255784a76ff18b4c8da677a377650cb02803589c3d82e512be9333e83c5965021c703b73322e40e69229453da2f90d77743f4ad753e6c8429ca8e9ead0d45129e64fe2afe6d9ebe0b3929c7828bdbe7167c3a1266e7b55b8eca81cb152c420e72cfc62a4b27bf3039aeb669d31398565aa9943d1b6cbf23b559cb686ebaf3a04967da197bf9bc017ef3c8af4e4f6cb1de5c91a20525d08927f8b9eb1c21f0748cbdc89d334c1bae4598bf0c56a7bf95fbf590c5a6bb90086137dbc7a019bef7b7421019f3a76493181e28058eb5075f4e05303c9286840dfb97bf828cdac5a643852f042f940d5c80f4822f48efea9a4f1bee6b3b2f13265188b3a0551d8b0ccc079400598aac66faac6bee37b0cfb369aa39d6130dc3ddfd9b86a57b2aa597bb49dd830403984effa623c6bdb02d57482090f1bcbb2c817a30770671ba7bd39bbc7a00b18777710a82684d5d6699e2452f82629abf93dd31f82347db25944ce7dfe80dd49eb07995c1a7e6993c8be0fb179c9d2f73c03dcf5309fe19f47
MD = dd4374e29b17e2ec533813feddc5253765cd37ac

Len = 6848
Msg = 912e0dc25b52540f4d33d26fdcbaddb420f5570141bccb8c2c94b8a38ad32dedf20596f35d8fd6dedb9296828512dc9cb358df586f941a1729c79f6eace0ae725025863371d57b86210c49081ae6a85ff6e720c3a39b1fbe1179492f2d0d0f951357838a7f6e6a8e85689306837e6884536cc349c51703094c725eeef7a279dfa361350170a0cc7e71701e86a822459431ad6ff3bd51ed80427a87b1f1e713d6690b469f2ab4c9df4cea8f8f711a6716f874cdc8739106ac5b596c8203240604cb1f5b6d96f288387e9f912ac6adf5920f8785d0cf1f751400d6b46815a079f132631f719ca132116f57ca5e8f251791e0ae3e13ba42634097bb076c0fa4952307a137b5250aeef287dae233b4c8f79ad2b3a09a1a43f8b98ace0f94d9788124b09f4e411776e5642eef82b11ddfba354d5d556cd96a5b063fd871ea5c64667c97260a1b5c2b3feecc6052e1b2b18beab9730291ddffb5af20a0d8767eb06cb122fd134dda722319c9f3f9ca5c8890427fbe5212104a2d3d93f0ea3f28a3ba4dbbee12df7b92b96c8d71207401aaf1c40506eaf65893ec37028e4f4d438679d8c9bfafd725d52a6f80a16ee88a60d7f9b41275459f211a25d443b0a8b5a1d0d8b439913fc2819eaa0a4d8c2de0f26a67f4ac9907cc3dde8f71d7b559683ce8d7e324611e39df3ca6943b214be9a8d1982e9afe45c72f60fe41120567429fe95cc048c67d72372dea8434d64b8fca3514c8a54d07783fc9faacbc49da2d12faf0b26c696355d199fe44005334b99fbd612c952e53c7b541091a9c28ba10dc431a215af1d8caf4a76b3a673f0e4f709209c03248339cd8efb5f37b4b10d246ed6275d807e5b9e97fb8d03142e23885db94ee4444aedff1fc859f2159e35d98205017af53900af94a6d6d2505b75e26c1881d92c9cc78488f018656fb3c981a036d6da77ce3a5693013780d3095a89b6c6fb4e580964f25d1b210e2d9226b13bf40e0872be6728458315baf6b84fe2b03d01d0511134cd0ea1fa68c9a9dbecd7b51d91907a05a91eb4f7dd35c8d4820ae34bfba234c589001d1ae1de7b5798e6029be23b91943d710f54643aeb76ec0972202cc5e4759af3e4e925e6773859f964ff86ee859179ff0ac1ec6070b5954e3224e026c0e3973ca20b814c3dec848444bf0c23d69bc31b2fb6d23108fef23bdbc0b25f2a9de25cdce
MD = fdccb6e47645928fbbd51ccddc6cef48d6afc011

Len = 7640
Msg = 2298096d8a02225d4a5a91e95b43bee70f5a23f95269b1602fde6f11967b650b5c4eb8e783e416b1bcba54f62af4561e695130fccf5f8aa4f1eb497d69bc6c97d781333e260787cf11af96cae520be298839acf0ba49c5069b83c4436daca5ca9c17c399fbd33d5e51239d8c142ebcaf74f8e0fd9c91282d348d2a8c2ab3da4db2faae208bb1ff0784fdb3654088195836781449fb9e7cc2c4f0c17f273ad1c721103cfd5d079672b3251e7df0959cced59f90ff62d8886c5496d245eca753e1f243b755fa3ecb46e68226fbacbd0fb659579b4556a716d4ea66a405016428432c796553e8bf642b23fe1508fc6838bbcb877e436173eca1914881e8efd71894d79c901cb1f129cb748031cb69fee183321782230aa4d37c4e24af163d6aeb7cfc937edbdc3be4cbe0f1c46d7ae7d0b696eeec0ad9a2930d2be277b6738468a5a14677b6f2075bd66f371415b88ccefdfff6072257d6f4fb2f6b21f0198c59b4d19dc5d57abc57922a3b6aeca953a20076161a930ba6beef62a5f5eeb8ec84549180af61fcc1a0a718e50d1ad7a5166602366c857e7bb890cd793bd5d70bb12bebd77c820180febe421e47c6caebf0d7ac3e461f36beac8777cf3ad0ff51aae1e68a755f1060397faecc5e18088bf9fd7b17f089bdd5607b69903b04b726361f8a81e221b1c9189166d89b391beff97d77a7b2ec9b2a9c15a9a2869c87f21c8de0a50bef6c23659d722b46518b7db802a8d7d47056232afd41ef63bef71d25d2efdc37f2cad7e64ad8aca787de9ffd3217909d3c782ad1da385e1a93900f1996c00faf52524b6441a24205049ebc91b5cbb8577989a6585497d6f242d931c0835927bc368de8a629d8d7aaf0523b3d34cc38484e0fff8814654134f35be9e13fc40aa4c6011676ab8052dc728386c75723f9b8e4949c29c2aa8629d09ca0467209a2af2c383e9a6fa49ae4b2b804f7c5d7e2f1629fe703066f8d16fe26bfb5c52ed5278dbac6db1c4b990ad9791d9727f0da3af1b947dd86bb3e46a881acf7df3d8d52140d18015a7e36950f4f396d2477cbdab9682480ed968100f433d1d46a3db17ae6bb9ad4d34459cf7bc0c04365739c1ae137e7b5e1083e8b0ac695130b3729e52e4cb61c2ca5eafe46561adf91ec354292abf6420a1a5d3013c25f7e6c32dddb1246d3a010a9d26b9799b00951ea7e9af34ebaef12d3c63737ad99db3536b5a6ba3358292559f75e9710e88b4d765f692da79b869e3c61e89d11aaf30e4c998d4f9aaf7f13bc421e6e432b2c2c97c0f9673e02cd595b178a6e75fa8e9d7a71d7f9043f6a83da9bf543bae2b397568990ca9c558ee83ace67
MD = e50a54470f59fb9b654bffcb4c353e58b683ada5

Len = 8432
Msg = fa15cc7f0de294d7341b1fd79326c8be78e67822343c19922ace4e7925076145ef5f7dc91fdc1de032d8c454dd06effea2b0472ea2421c4db20c0fc0b0440e10184a8648d230d39f4e7afc57d3229de514e0245205a840e1ec7397f2bb42b8269d6050c4cfe8a05cb1882eaa1d84bbbcf7fe765705746f98018a4ed7ed0a45d0a7294305bd0c6b5e828ac413623432cb7292a5064bb090b819d99d36efa39f565e2cc7d245a21ceeea09255b4a38e85aae2519257f638b8a5be9ead96815ac00e9f145f50fb49a54118cb94a7f9ac7b1d33e397c49964856f0419e860169561670002334c249cfd81e9be8a7a662b61808666fd54f50ae64006a220662a683df1de2cb58066aa2c23abe1a3c6a969cd6752423f63c99a7fbb2eadd2132d41da4161ea329851efb598c7eb7cf704063344300bba8b6791b642e4b369e1afc0bad833c156ee46dc2e63d6227296367f27a9a82a0b365f9f0e89d149747c12435428dc488f1ce5fdfb174f3d212e91431f0a1333adff3200fcd27ce67e2d05783ab5c3f6478e9fd3b025ab72151aa4e08dd819af1f405f7605bf3000d38ee9add2f173510ccdd4ebc2117387ab0501d5f8b61402eb94684cbdc2a32f311c4f72b18e62cf6b5535a4b55d2fe46f580891e406aab57f75bd13996f3ed8035f97555acf2ae7dfaf32ad1e8b38feee9e49b2d45c465d676efe690d277b71c6b361c433463420d6564c53420e375d854245a74e296f611fea8c9bad8dd1b2f7c23f5def761710ebc4f335e468a386efee8cfdc5e08e472572e849df04e9e213167070c3f13c1e8c85b7d35a1cf5e17aed7004b0344b95f482a1f2362f2ca5b50ab5bb652a1bc045131aaa37bdb713a2e99f7aa176ffc429b44a03375f02643a196f7c57934eac81f78c28f1ad6f94144d7bce2e3b43682162311b473713a42eed1e51ffcf4d29df9d9cee0c7e77c93b93955d9af39ee8782707990a29c8fc1fd032dae2308fceca8fcd580ca3684985466cc79c326acb9a6d2e1ae4b9aac2697d5d5583698f01bf588df566bec98b8df0729a966a4f9804cf250f6b59219da84efe7077cce3794a526f54af231415b20c37250e1db5b443a77ce502aad5f468cf86aa23ed058bd837d1d44a62c05e9e143b1587cf25c6d390a64a4f01305d177996711c4c6db005636612cd1066fcae82eeda87f118463115318da50eb93e20c79e53c56d949c4e5f8c9eab9e60466fd2d2f2832625a8e8af9f4da925d92e31441ec0b3c302870f96c5c67a6f54e26eae87ec0dd0a66576ca5008cfe93893b58988566bdf5036e5a392289e25bd4707606e258c73430247efe43d9dcb200529d27b635234d5f25d0082339b43f1ead683063d83906415e89adc5a773e57f90ae958960b462c6fd2381686063c9b546890d0a287ba8206e55598ee00c528f5d528b06cfb95cbf5e1a4bf8e4382320a1a146de31d54355baaaaba76aef21b72150b134
MD = 9b3ed390fbb328a1641fca93691763000523569d

Len = 9224
Msg = b718c968e8ffe4ea282fc33f96da233b8a8ab6ddd55781244a5d82237d6d9758ca039b3a9978d211e179870aebb8f38b59e161c466d090876f015959b34891c957c23100ad0bb49ab5b1c1b4e4e90a46258174b41e16789fb487c901d1a93779643dd3e3aa1f542cadc0b9640ad53015f65137d48391011520d71b445ffa4f11fc5cc90b1a1b7870cf8cb743e3e52da0d539f14d1faaf291bbda9749e6a2a23824075a9f8469e90d25fe0379f97fc88ec921ec467ac715ba8e768439ee09f897e626cfc771706facb7fee42dd40dca88dbf16ee81a523039a0942c3bfd9719d549a170ad6898d1f58b75a488faf5fc351291c05a89b10cb5fa1dd5789db4cc9b55608576f149d98fab4989b1f5a1233e76ea2ac54f4e71d7a2f7c81755c8da91134b564d94eb4d231f64dcd04d770a4a0fe2f351f28f2747a20c4d41ad3b0c5e8a4b2b58dae6f658edace40f88e17802e6626525fcdef5ac0242ab1e2e7528abc3464bbf4aa39cd71f0beb943045340d0253c66af5a2a4afc8832cd55fdff61fc425ffab6d880748bd683787cc0d07156b9b5f476342fcf7feb6168fc9df406397d18f44c9fefe51cdaa1111e5a0b9bf2a2478e5d028c52dabc3b273f2decc1e443143b1e86e4b9d59bbc15a026612b546d4596cc3bbc7f8d89148aa644563f9d12c621b523eb4d268828f89abc7da9fc7954903c563ca018c0a205ba77acd9c48ac36a98dd8029903e7c3c6692bd824b64e92d25d8895efcf1581af41e7d2aeb098058423a2fd9931d2a43bc2fad5ed1ae77a021392f16ba99ab5cebcf23ad812d718d39c066c7bfa2b7b0d409c99a2fb474abb6feaa61d238202dfa005ccc17553b7bf7e6a18e666da90676b7aecea61584924faf67cac44b3b10a73875111e1f32a705338ca837ec82b6fcafa966d5501c1663b1f3bc115160979bfe092725f9fb80da2d748fa49db944de5855ed4de2af8a8bacdaa039c9354510b77548af53faabef4af5af2cffc122a44840dc705bb37130069921be313d8bde0b66201aebc48add028ca131914ef2e705d6bedd19dc6cf9459bbb0f27cdfe3c50483808ffcdaffbeaa5f062e097180f07a40ef4ab6ed03fe07ed6bcfb8afeb42c97eafa2e8a8df469de07317c5e1494c41547478eff4d8c7d9f0f484ad90fedf6e1c35ee68fa73f1691601da2e87b00d1c6f256431227576398bf21945cc44255925bb7b6517e34676c959812eaadeba7258aa1562c102938e880d9466aae49bf361e852c54858ce2dc02313ac93fadbaad8aa936b17a9a740adeefffa7106caa497657a72d5fa0ff4c506998f8b2df82eb7cee7356d9039b7c33d61e86ad438d591d9fb5206f093349eaa1ac1d89f9a65bdbd18a70adfd15a91a1c318dd736fec15edde4f2263e25614b89e29c27748b7b11f2ea838bff793e1c32c72110ef753ec492a50737a82c0efd82eaf93de8b8c5d9e32223d5834ca794ba4de50cb5670de94e73c3f5efddcf7b1d03b91fbea4c87e02bfc62d10f6522e03444e0d216adb2761dfdcf36db11f4ec8eb506f7ed5ff88d211eef5211cda42ae28c0a4cbe713299d57a6b2ba2c6ad30700538f91c2e784e1c702c05c06ac7d3b89e1661d72324a217
MD = 09bf403d8a9d2334f28fab704d9cab87da43731a

Len = 10016
Msg = 32245df514f6c273d252271a980929e50a7cb0e77b05c7d46092abc3049321327d170d4bde314166aea193ce99b032c8665c3ad129b58528ba87c58c6539cf47e3f53a6b890a295cc08e658eb547af9052cc544a6ce701833e3ed9a61632c5c54e080bde7e46235df060c6e354944746b51326d9ac61e3edd4fe10977d46aab4a596a92b24b0d6722661dd54de61a3f1797ad90651ecd26e641191e9043d271dd0e83cdae20feba24ad7d369bb746a9985499559c350760fd6bd852312dee307b646eb74222a09f6440bcfaa54954546c1c8815b6b5578d7124b14ce0ef2877a41f7de804bcad974fc45faa00f8edc01153ec693afc380cf000365716241ba7e58453e86c5b702265bcd7bd25526d6d169f58b89f86135fd892ca1947593251ce376330ef7b92d1447ea7bc88f24dcbfa533f9c6aff8406b930fefc0afb06f5bcbd3e4a14b980245a9e5220b235195d2b14138d13a50482107f5787b78604144f6a47ac6281b28c16a0697227b75aa1275676f320331f625ce246450386a43dd4d311c06f60c489070950395fd58c287daecc7727063f281cee5dac457971c30b8c1f3e81e3109bba5da8ded13c1863ac61a6718ebade33df17f02613daf7545209e27f406521448f01d5eb124799d32223777acdbd9725f1e3c05ae537af5226b0edfb21739104238a59d699749b177d78c21b7a8ad46f13d620b33ffbf45d1835a43abb9ada6ae67bb739ed6f76712cc618bc0b9f208fa353a3b79aa480c5a4eca7c6655757e9664a708d6484b690ae8fedd4f786f5f83f00cbe07bddbf3c3b6a5b26b515a3f0117b1839c550f5f6715aa40ec4ceef4935520bc659e41a216a2350c43172492f868210d756509f0323aaedc209d356e324cbd5c1cb742c05bf9c0b3750d9b1e823f3ecdebe002c5723e52d872d40e7668bd2cc6b36fa5f598a58fcf899d868ca78451ec852fc3862f0bde5c6b573fb43e90b623b22d34ebd78dea87082eaf836f1fa291ccb811da71889a92918f90cfbbada19ba25bb5471f9918037927dcace3f879e546e4b769419dcea06fe4cb70e8fd35550a60f1b479b1636c64f2d6af0af81e107d1b7bdca632c1ae8abfb63ecb66bc7a72a4b0d8ebbd11ea51f66533ed05d839f9c627dba92fbce56c861be26fd17c31628fb95b80a56ba4c99b50e09208f188404b810d517c076c9ca3c003d927bea36389d6e63d51b9c35349615f03eaaf26dc14521ba602ea6ca27c6d4a134ecaf7fcfacd212caa436e78685e5848915b3b558761acb0a7ad0d077bec5e2430e856b64a67b3549650cebf60107267e73cee310e786978549776520604e914b460e818e16c45bdfe2a0bb09a3f566ad39c68fa105dfa05f2f1d00b877c90ebc179d4aa27a47e70cb174cd37cb3ac583cc1d137f5d9065f670342ba651dfdb2417d43f485d70774e360b9b16f331b3a0cf4507124b4358f9d15f5e808afd8711bb25c7f61cc87d1304d7bd1dc894b172a7d0d2f07b6319c7a6f111cd8fac82e376148d2244ca7909925babb297be5f77ea431f905a79f8ee859bddf3dc576f37dd12e75371f0fb805329df8c0d291e3f0b1e457864e2a6ece1a21b89fda8ac7d54c37f1000d66515eba4d0f0755f6e168eb4dd2f274784313fb662f66ffabb327188bcde9de54648b06f28868cebdfcce9c95f1b2e13115a144b4ccfafd81bd5b7e5191595983f7745eb3ec49038d390a0ae33d2c5dfeec5f3d3218c39bb5f059c6b2c6b84798150109b8c2
MD = 7f32d7486bde22ed00eeeaae073858144dc3ee37

Len = 10808
Msg = 9f07e6b7ea8b6d2bb301d6ce7019e0f27ad55abbb799e6d47681fe609af63434fb84be4309e63159b3638d0d875e7af11a28d10baa185e8902dee5b09e14621610169511a214be6f3d65a667891eded056e44b913bfee3597caeb19031c21f8da5667409fd3c9cd31aaf28c6c08495f9f7b1d135b173fbacae9b6ae79d28f201841b6213618751ef12e81b1172b526d2c5396adf569e30ea5e4b199f287063da73de6817181d672aecb88730e8dc19c587211e7770a8097b5566c69f1bbffa803b578dfd682566eb72c9750a6a1ff7380714f5e548b80ec75b9577cfbe40405ba42dd9ad9ac7d49c6ac0ec893fa647950bb8f81126f7c837388036175818bcd37509540ff52d3ba49d48f594b19a91435cb52ee4518dbe31b3ce0a5f3372f7517892070cc37c226bd307971306235eaac2b4a04413a1781e9527fc8f9574773b7371f98a4adf1259d3a5daef87683432045d541ab25b7f67a635128fc746c6fb2f4d3272d47c92d667cbc60e7c929e43ec57544f77e45a72ae9d564711116cf774cfbbada77b2a4a552164592dc82145404ba8c9aa6491a9750ad0a0bafdef99099f9b220b05621d664ebbb8e13347a0c9e056729302ad73c22287800c31d948b864dab84a42c3b762fbd314e2fb97bc4fbf68317ae735375f8d83d14dd6b16b47c68159ab59d48011cfb553764799029a8fe5eda63bb15f12f4cc79c613006c7f6f97ec75721de13b73685fe63fd6d871f9d6906025aa52a4ff6b62bf114db228042458f1b72740a78ef41e7a0dd5a79da54201f0cda778dd5567727ff720a50a303187674e79061ec9627a79d61ed8e73a31289e5c3039849fc89350ee01adec99c4601e5f9c9c68ccb95a2dc53ad11461acedb2facdfd638496ac781e793298e7e8cb601316684d3e01a5dcffb0fcefc1b93873ce072c40addaa440ae0f9cd4c3a2b0739171d495c74345cfaf08c03f0363f12a01652ee4c19c65f0c74c5369d5fcf7a0023447071086214efbcb84cbceaf001fba706b1769e2d6d090b7bf1fc4fd892f8ee8296cc1d221a00b80b25ccba74d9a22ae4ca04db6df2832d849bd38ad4c685c14e18c822f2d0f08afb1baa152c1e361a93749141f683fd437570ddb1529939540d92ff9a62de11ae1e9adf9b842419ee995d86726595e9f5d53d5523c08f760f5781dd13e095f689cc2fd7be2b9fe02f4cf16edd19acdbbd1a3de482bd2dde6b9261db000a9d11b6ba471ced70f60b4544bcb4f2a14d44f1bb1f063e86d8d4f174bf93ff2f67f5ad3f7d39b9f2ab0dc9173bf3439adbb83c4e3d34b7dc34fc2944f77251ed6b04e5e23e98943f435a431aeb945054ec98053a34ea9f1bb6b67ba9b600a8c32ae1f93907c41ca543932be63832a96e0476e50582a254d3c286710957b9843f3bff4faa6536a3c3102aec0fce38af4497d7543692f669830d0ea1ea692754bff2cf51cce38ada275d941bde0a20d2873b3bbb5402515da7ea9176d366b49ac403d4c806ef1b2030706133f77885c3944316b2e44d4d91c0efc1784aed0bd6e9d391eaff0472067cfd14bcd295c1f2fa63eab34dd045b65c81012eb7487789afd6a962fba02a0d6b58211f05ee8fd128024a351737c43bd942f2f2bf25823384a16d98a36ead959a1608f2e7ef29febb9297d0c6e05382c5a9f96cb8f0d664e6b861247cac674f77bb4ea12f143adc13b965eed3767e2bb02a97053b26ce8e6480267efe06018b92bc64d211fa3ce9dedb3707d346aea717495e54cc53f5207c9d10009df7e6ea599dedee571d9aa86b7c7db43ced5f85798ab1c3d2f4c4bbad63d061d2fe91dc6ae44c5e54dafea84811cc7c86d72b37356333eae585c7c06578ca1b43869ce21503f2ba91ceb369f33f85b927a07c4cf97747227
MD = 37b7277fc606556160f9bc28b06fd55f4424d9cc

Len = 11600
Msg = 25a43fd8bf241d67dab9e3c106cd27b71fd45a87b9254a53c108ead16210564526ab12ac5ef7923ac3d700075d473906a4ec1936e6eff81ce80c7470d0e67117429e5f51caa3bc347accd959d4a4e0d5ea05166ac3e85eff017bff4ec174a6ddc3a5af2fcbd1a03b46bff61d318c250c3745da8c19b683e4537c11d3fd62fc7fefea88ae2829483871d8e0bd3da90e93d4d7ec02b0016fb4273834674b577ce50f927536ab52bb1441411e9fc0a0a65209e1d43650722b55c5d7ef7274fb2df76ac8fb2f1af501b5ff1f382d821cf2311d8c1b8ec1b0beb17580ca5c41f7179e4ab2a4013eb92305f29db7cd4ac3fc195aff4874ca6430af7f5b4e8d77f342c0f578f714df4728eb64e022e9e13dcbf00663e34f35368a362a91026ee196b746b4437cd1c546184e9b1301e8103367a06adf7487c8cdd330c04a6f6546897d19cf3bbc9eb75ffb18e05cdd329d4dd90fce9c84844cd2138487ad1bdb6d749c1f8e873ee47e3ada307be33c2f5032282779c19aad88ec521ac8e390391ffd1d4239508a0ce27ebc7eb4d1a947f38b5cceb5773f6c46c499daca1356e524cf076917bd297cabd4aaead34ea9e24cff7eeec8e6fa284c02efacd766f3494490627c71f7a29ea1e3ab5c1f81c6682537946efb35534a634d5d783504f1cb47e936628f257dd98c54c7bce193874144daa936968dd238534dea262d14d8d5f4818c05b970439433ce06f262ac74d57191c22ee115005be4ab9e9e07bf2ece14016b4c37007b395ffa71e6e7f2168c7604e93e24f6641bde0f81c80b2c7d1e6f10dc1f50fcad2fd87f0f81bb90f4cf1ada254ea65787e108209c8c81844c2ccd57e6664e8c62de6607e9a925ac970424bc7f46b061ef132b87f6d3b0ee2462f67d910977da20aed13705476c6f85955d51fd0e8a3b261b0fec9783e1938c27b12be5f1140b7207e0b96d44d90048e88d42aa8e7c0fb45f7cf588865c9a0ce3c809eb046c4add515d352986b48768677c368bafce021f493a4dd0c2692c2cff01beaa2bc9bdebf40e523ff7452e6b78f1d6aa57c73ef13f109a7721507175e125f32a4f718c2358bbb9b97ed31bdb85b5ca0e6fb0ebb1abc885868a58906ef2fc4f7456ade00de52e129e02a8763ff591b9bfe0d130e8f428b504e4cab2a09a4d7b8f2ac5e132042e04f76d0a6820304a4bc69072361d82f9d3f919eefe9142e21e83b101b6191b8237cba64219059eab292a69db25d8bd02866e100c9dcb5081e159d5a9884b94f354229597b076a77bfbf3525424a20d0d7769b16cb6d62ef36c187c047e4ed5490305225355fbb381682932245b01dae04df5e456723842ff66c8905bc1ac484ceb7a35bc321d2a8619d5f394f37f8c45b1179111f97bf66f7872f8f678ec53c3b58cb61c6c637452b6ff7cec14a48b014bd9a0e67226b10a491d9c1dcc97607808408db92e56f9ade6adb574e5f73fdfc242f91d05c2da9782d16418e534d6318da0a2dc9e7c215f51e986738f0011a6bf5a85fedcd6dbdfca96382eea4b1db7ecb3ddcce460552fa0bad7333947671de92a2ad01cea1baaca7500a903659dd2cc8127d32987fbe77b2990fa0c55aa0ee9b9d1ddf08702bf2975a4cf5a09bd49d5136637957b7d4d893c991130b1433f6610636b7e34f8e8909f0ce914bfe8e6b07084414fc3412a73fddac0cce398780935c6c3ee7965eba7f9213e5c0f836f05a0673980e7b145e0743c4e097413837a32e42d69deb191158ec9185882f7ad7bacf9674f6f336879a8a5050eeb1b27600fa3f017ec44a28363edbd309fac68bb9b2012e5e43159e6a1fe2b04d0172b63d2ed561f2a87e6988276760dee0a686d75c68469ce12e1ce67300912ac71582c85a9a5a920e025fdf24a8b17f87a743843d20304b33ec8da0322e761059076632fbf26df57b82659bb534475446256c40c2cd8de1d1dd6b17cbb0d1866dc4db0d91621e75678b255e677e9505b2bd4bad8bc4b1e9317d3fbdae5c26054bda4b98a98dee9a586919979a0c1cfc33eb7c2af6aa3ed
MD = dbc7ace190c9dc985d2c3fbed5fe90328352b3b0

Len = 12392
Msg = c29a1ab020e6434a50a271e5525a47a29b447a76162eeec569b51c3379b8b7b7300c8ff17e71b5bd9dc5e0089a780fe2114070d5380e81751e4075393518d9890f6d771865a07b745dd2d4dc0c54dd513a5f3def66060c7e0a683745212a251ee5259ad0dd5bdc9817301509b3d7f917a10aa86eaafed608b59629fe43d7e29e3d9cc0bfef8a215154476b3894e7aa5bcba77bf70cde283aa630140da5055a319c39b18da21693c69b7f9e11b96d3a4542a07c35938e4a3c65a0c0194f9dd3fd8c6634e3ffe577207440753b2952effe8d5b74cd47f684377a4cf5cb4788962d948b13690ce0188667f2b95fec7c12ae34422a6a30ff1e536e9e7bcb97acebe73d0e14c6d3efbd21fdfd32240bd5ea7cbfbb68b2578f5fb7c7fc19c047f319530d5800a25cfbad19bdc9a8338d44c191b730f44dc38f908c10d099525d446a9b8ed19ea7adea319530bee3337ab0dd15a40897e47ce8f9f9ce81c12ae38624e448e1b87bd0a691bddc45aacdda03872f0cab191f8b80e2278b775af0e0a39059c2f114c6cd1515ba4bc4c7a9b6240707798142a5f741933dce1a2b4c5d82f61f84677c31aa2105b405a5006e15fba5c672f2da1fc812536420d2fee4610b9e6116adb56371b1a8d2904e1ec40070a9948066a83407da6cc408079963f426cf4501298a052aac473d7629e9557e6b5a982945758dbb8324840e21c56f1ebbd3f3cc45c2bfdbfc2a1d3f9c28c697d402fbf8f709d1ecf4c4cdba884ab0e8b2f094ff6824388e8899997111a5c25393e7e472e42ca9a21593c695a4f0d059f36f5022f97a194a38dcd996ef26efbb90517c2174a6bde6cedb9826de7f747a67984ebe628a0918f43a06359e74f5d6b48aeb8c103eb4bf07e26af59cbe4651f4b2b75a0a1db1ffa4fd48d786577dade5d9583b1ebe3736a8f2658b4776eee98307b27f59fab907306bc6030f962f460c85ebb708eced529951b06f486f1447fddd68b4b7ebc83880cda941a1fbb2ab12d7ce8734907f1bc247752905715f75487d01818cb6869b7d6a1819a44cafe4dd1726330c7494990c1ed942e844777a4e2fa46e40249d370d8c3c148052cdf7578d1e44f65fd5d55d1c064158af055ef53a79043bfdb21419793db99dd5b5ee6780db415c18e9d69f8b24aebd7cb12927e8a9cae609703b8a7a4291639d0ed0f43a88b2a5687aa4b8b15a127e7122e4cb7f5c49a70f7cb346d773233b7181a6e8014b1f39172d4892d7d1f405570197c948b907e7d9818437d8f9f78b1ab6772a1e4c1180edacc91344b1dcb9f5f548098be98e0f2d25b744c5fc95bc61544ba2d9b410e2b29f2f254221520215a7017290146685d4105354e5a386370c042b3879aba2c72dad83af1749df487dbec9ee9e6015b396eb605181175163e36d1dd448585197277fcc980c520af3f6e3a965fef825ff3a5ee722e1807ea7b0382c5e8ce4a4ba68bd12ca69645c6b48bea7bdf9021ed38a10eeaf4d05956d390c5dbe8e772398b80e5d2c76a65c193bf6cedfd5a786964caa80e00dce1f1c4792badc96375799df1ab6a67b419263973423b3da0ee7b049d3a29d6804a41ba2714aa0eb4fc726a48a2420bf5d86b2231fb0215260c88949345ecea8cfaad4125215f3d7e5fca5d006b0828b20c16fa8607c1283c4b2891475bb5b1356bbae5fdd24bba0227c802b3561b427b5ca00ee9e8f6cb6632c18713dc22cf2c25e1150b97ee28f2dd11d7dc03f9fdb4229cfbd82f2193464be9e293479298c3a1c65af8f2b4eec2f82e68e4e5229eff06742ddb4acff42f0f0830403ea3b2be77b13420634e9ff4f18412688a33baae60bc315dbc5082b2f4b2fca521d4815f10581d2c7a0990fb61a980c1639be554d9db92f9f461b3548560a43c81839937f421826797748668b1052099f1c98384ca58cf1aa361faa64997d370ee5f7edb9b94008c5c2dd4af783d7e5cb55b39b0caca324a19dfed0aa9dee6dcc8c696bc8f2623e5388400422fa8f6844ebf5c6b43968902f839ff043e9c6aea9137655d475e491cad159dc33fde259afe648006dd542fcfaf1ea5156066ec24d8408f204cb30c9d3a5101952143882b74f93935f079931aaeec73d0c7a4c7161e6068b817bacae150d4d05a9c8f9a9022dbec5b157d6f8e8831efa8dcfca838d425768730dc2073910
MD = 796135c20bfd2dfc7a1ff2087aba7f93b2814ef4

Len = 13184
Msg = c3ec01c755385f27020d88ed2c578e73185c6d514c9192d13cb29ea4261167d33b2f3ff8ff897aadf2b42a4570ac2dbad66a6ae7e6b457f76d39bf1e22ddc287d2521d8dbae8ab2d35a62cbb979946d5586cc9967539370b139f84eb65151a82d17d20ef4efdfc8f110a16b968c5dface68b13c5c0c73bf6770b7573b76077ae80dad286836f74bbcf0871a6acd90327c7eecfde9007699ee1a61b1ee066e2f2268ebaba21e61b9ab6cac4ea2b7cb72e45bf8548ada1cbec9898fd55a7d062360cc460f4ef0cfa12107597edad5705a9a623bd6bdf3c69c8e608a37ed64600627ba24d9ab686180c23347316fa12f480334400afee80491b111e9603336fc35fb95008163eff7e71392ddecfd9548c9b344ad57ca11775cb62045d4a87f4b3130ef719ce4f1d32279888628014c5d6e2f15dc53ac1a6f5c221df80bd997cd867c4bf092cb1883e18886e878f710ed93eb1a3575116d8cfe696da88c233b03b4322cf5f962be9a92a5307d465b9d79e95be47132968520d21091afcc31b38e3906f50a37687e87c47407ad16ab3c72bd15e6f812a7fbfb75ac1ca64271abbd834f4695e338b2cbe5696f0060629878ad8da442abd23c5d37907104956f8e22319f9431735005e773f9e90fca2e1bfc3947aed95481b0c6b65231431b87d54cb25c50556e4ad25b0eaa0833aa4a516dceb85924a35303d86085dffa7b571b9d842a2d8a3a85c2a703fe3f048763b34dfc7455dd2ea2a002d49fcf930b59bbb5357d6e487e9d315bf26b100af7e6bc2d30f0074b4d1d1fc67104a295620c400434caa50890fdb8da58750daf626ff68c1abffff7850ecda3c458db8a05eb430b009664532823c3a2b4a09a8a5d5bdcdb0828a27a7d14541b4d10ece96d733f4a27552ea08aabec55857248f45f26f9aa87ee813c8bba2dad89a1591c1f309f4227ab66895f029d63596e9b95de7db76b28663ed6376cc4daf89ea2ca81bfdd737ffd9e661ba4414c8efa04e751bca0ad48341da006a8b414186d4c5d4b5d945eaed048df271d8281b4b907515f603fe185bcb0428ffa65f977a1c85cb2b63e8422a7f85d27eadb936900257c6e050f986f74993629de74eb84b0b9317e36465479f92f589478b701fa83e1c0f4177a3253f03af37ac14b6ace3e7183f47a367013485059d363af5e0798ceb798141a5fd1b407e2e94f6417c28f83bccbdea9479d29fdf98b281ef81ed34ec8b0876a716744a2bcfbd55952f04882545afff94b65f29a802222a0708eb7d49cd3fde50793067dca28ff95acd5eddfd3284ab10c0c46b8b61f0fbe47f5ab127c78c40492d39e0ba3073a9395f1d40ec1ca4b6b0a0eaadae3f83bd2fed2416b1025866393a75fdec00cf2fd9ec2bf91a8a77e81b5db837392343378f5b30f40c050c16c9a9ce059a9a0c51e47c6f50ae046509faff155055969833add0669563580e19a1812b42ee8793d8ff18d18dd012d6e0f48feb422a1fea773054ae40dc84c83768ca73fa0e4ecb8bd4c639f7aa3d3236b2132153df46a1cdc1eff03c9f10a037c78c907622771b340b908fd7610ce1d3db969fcc9c9325fb08aa14d2d58400e365d069fe538bed994c7ebb7520084b7f181d4df58b8fdfc9ac8c024aa6694f01eb9de6d9c811a8843e97a6190db7d80211b21315d1c13501569ea3ec3945f55a00fcef51ab91b3bb89e3360b50a3f1236d5cd97599b19069ade7ddffb7a35ab64df46cac21937806d66a54921254fcabd524875e09e859cb5a6f99cd4708e6dd798d453354a05e2fcd35e9f87b516363f010051649edf6ed043ec09c12fe01962dcf632e6c3fcdfc154bdb83b2228c10672b3be58248d197545d38b5400c13aa11c3ace590f92d3757b4147ce04fe17de17a1115dc825093f1d3eb60f8bb84e2cc70099fe955e7a63a797a2b2c60c871070770ed7e22dda885a8bfe56291bc0407df62a69fdb611267a1f7d7bfdeabb381d93eb491b0df9db5e49e8ba71823d86916a040d9130442853472c9c051f10cf6f865b33cb5be3b2b906f9befd821289b1fa9b6bf8638003d3bd24a583f02440e6dcb32a8b8e14a8fb41a5d61581fba440267507bbb661237bc01a0af324623723f5a78fc41b29288568619262083570dc5c155323af4411ac2e613ecb12571ca76f8cf61d898dabf809d1765b8b7c79e729e0f0f8c4c558e5269ed384507f5bd1b8f7dff06fbecdc39469e47a921d29e10e8c43738d4163d767274ba745478f43406cbfd52438e868a69f8f4792b40b6a886bdd5c6f64ccc35e9f29bc974c217cc45018445d9896579ef6b93b33cd88d4160
MD = baa2e9bef9dd836d3d37013c296ec31919fe7840

Len = 13976
Msg = 7810aed4d42c0606d0c1f76943d0c63f38d261cdaa6244b58c36997f0d53a37919815cc123fd5da0226fff19d91bc0c25c5be8d3d04d6c7d72c9127ddb96d6f082dd8c6982ddc8419de1fb2e816fde174bc314274a7c0b21059423f37f95128db90a87f379340d914aff32d0c434e9e60df02ef2a055e8484d7f130981ba1ef8c8f29288906bf53a30b2ee2529d3aad6abcc7d5b5b42cd9b53732ce96a6cc4d8b67bf85050e848e157e0755838b2e6902c3e4b8b02a980c11e56b4b8c212cad58c8fff724014ce31c872118f793a68bc982ddeaa1df4ca63b612f4a10f16f9985115f117e9574ecf8a5107f275d3f701f88380df348a7329248d34cadbdf19c90df51466d11a9266a563a2abb3e65a0753277652d0d343ba6fb1bc5badd5f210c917b18882c3609c229229dfbbd95a77b1010b2c783702bf9f64d37d0e604b138c630fa484bc811908c5e3b91616bff91af98695b51e77dfbd90c25785e8ee7d5ec178e35d6bbd865fe4195e4b03513497f72eb40ef06bc3d01cd2139ad5a1f44719326d973adb8b30d614f9e20ad7d12fe34db20b15a613e0f048d6d58f2d2050538669b990a5cf828519b064921b77eba529b634f6f076f6f46fcbbf7e5aab8057bcff4cd4e1fb5dd873ab5802e3cfd1250ae912f9119418108e17df0bef3ae00d1c59d77058b6c9b7681346c4f881ec4c3a732c87d016512cece5bd9cb678765dee9ce2cbd2a9cf0a4210b63f22344100007b0a09f6a4a630d25be29b750a4c3079f3f64d177c76b947c931db2890da2aa32935e54be5210488a1d56ef59b6a6c06849a5eeed6c7adc0673e00d43fbeb36ca634859782c99056e01e7ffed1d6fbdd775666205fc8ccf4116616ece6f581a31a8f4fa222a6bd8440463458549ac346f5b2cd76c083ff2df030853930887e90adcfad346ec17159e8d4f7cacdbeae892637fbb5a1002fb12c24b683c27e907a857b06140e21951e01502f1de448a3ed316c59a8a94642caecca0f9247dfa1abcd1bc10ba9ce121cb2434319404289bb3ed94d16815d22bd58abf92d65b39869ab3848e1e7d1ce9824349d868ab34a3c770740c6d14db5d59a4edd1ec4035dfd4759025e7231b3dd7eaba42c69a4cdb5027d9b81401ee559d73b212b0dd6d8afca065749eff6a832e930c0d3861cfa7107c3c40f76d998903afb2f1de835f1c65cc7af6c092994de8d4c59428823b9b7af6225381c86b8c3e8156dbbfc27908c2425728d66d1612a9186d74218c1f2ce21e124c4da2b2c3b0c1145cff2b49d474ba70875aef6f65e1e67a39bdeff8dff86c82b7a57d2dc3dcc781e1f71e40040f8d6daec8aa03bc25b76231581e4729206a0a1233c82b01450d15f7522c0a1bf54384ebaa2d8189d713bc077aa798acfc8f0ee8730449007c1a47297ad4f680b8757cda69da57539873ee28b00c5bbfdf540796edc1f645d477abe4db99a3e6eb8bbc07923103adcc608f2172cd0ee66b419aca0e71b145f09d9ab61eea7092e10ea8dfbde204fcf562056e4d5a20c502e01eee4fa408855304ca199f680b394b66e9ef473dd9c5a5e0e78baa444fb048b82a804bd97a987e35808bf762d22e8d2cf592c8d4f0ac4065bbf6141bda5caf22440c6d7275d3c4b87489919b440728e93286bd27f7f57788e92a05315f0e98b6e1ff3f1f88dbd9060c9f0841ff37910447278ea74e459d92f5b408254c6ab7fe8ad53b2132253d96bf48b6276254780699e1c7e36221354c6810a78830e56f61a52adc37f02444e312f3459bfbd22078b161f36ce1fcd0edc6cc3daaab033178d77cacb4417d81939e3b11104a353cd314149b943c5cf32f8833653cf938a0bc88273736b47595f0b79cb344cbf22f9e38761b09dfb60e6a3302a89fca1a3fa53dd6e63fb7c0d4b30574a67a0f9d6b32a5031c2e5a8c95264db662438c1c50bb7ee8342fc9d3e022fe7f6540739b9258c047f9822b653a0c3eab3cd8cdb3a667b1f7cb9779232af909097a389671174930b14d95c0c43f548c6d92cfed8483427d7206f72433178dcb9f4fc2e6b27cbc7ceb82e9b92e47c7cd7a0e8999e389d447d360df89885859accd605ff2d4350afb3323fe8307d5ae685d0a9621652c8597b873a0e7975ff523005690395ad2bd3234cb34ace55ba0f3930196328dddeee38db9fbece480e8d4d49ce428cac85bb87cc33ca54b5c27d5989dea3bd23068b1cf9e30f7f47d9d18b6addc5f88986f0457b666faae59aba4fa3a02abb6a69b98fabaf0a74ba89a9522f3d93c38d55f9c721f541b92d6b4e814608010cfb2efff9b7abb595e9459a0a6196b4d3fd1b5e7386874867d55dbf593abd2f961e7ee6c2e67e1acb1b362e1bc892311224ffa8b371c58d9d2497973d4668bc431a81f55200d141fc9984eced2cd71166492a5eeeac56174463425d9734b1b1f9395eb412cd4b3011ac565ce8550d5cb9b3
MD = 3d40608ab9bce3f372bb29a62ff3fcc68e48385d

Len = 14768
Msg = 6b50d70eb3d958730f650f7f99f9fb046d942f985a112997dd4e60674f8e1c005d1c8aabb93210090f18de583b90c6f2b9724d165c9402eb43ec0ec20af90d9c3d5e1cec12d1339e5733b657a90046ffe7eadd7de6c11ac16696d9084520075bf35fb559267e6a37cffebe054c112433df4408535f611a202d94e9c06accb34667647b7b5d035dde5fc11fe98c8b089689c8f5222f3ca911802d6572e0c5b86482b899d92027b39aefc3008cd2359931cdbecd71bd1a709b47ab75a70fd3c0be2aa235fcd5b11574674d8a7484d8800b946db7c973c316c66a5443e55fbe705a4869786ae66a2a72afa7e42b0c3c652cc41edcb1b8fe449ad271f4b7384d7242c55689adb91a9b9faf193839d029ee9d471963b1f495a2206549b3a2024a6e7e87b1904db8890f0050ebab243a67c66503a67551904ed75f0c26a630257b0b1478c2b7d0497e2f9f78646776b0bd938ce20d3a1af2f28c5fb04ef5e809a8f20e7fd024c0d6c2a38310cd94b69cf5fe1bcb95d99383496829370ac952169bcb738325ffa4c61e12b4016e596d65d5ae19a5877b45ab1a14c48ba24af7b51b3d4c6e0771058157243b318fdf2273264c8e5a2b47b6d32f3738925e9f5e4ceff0a027bfa26a6f38821f8a784e5d2eaf7f83d1c96670614e7a8e3686f11045e08d779694b95bf888d468f371cda7fe3af0fef2a9fffbbf4085cd5d61679306b6bcdaa3d0de60840ec11e53c184864b8d460aa5133bdd53ccfffdf1382a71f93924cf36b93b027b93f24a94b19c847d722aacd24e42a087bc9127d953613184306e613799f5c845df0ff49d893d29fcae44ee61a33bcbc2d7e252fdfa355c116541958eb6373b4ababf2256918efc300c3bd73a5a4ee76be49b864575ce79079e4675235927e1f2ecaadea710b8858253b86f46bba57becac63cb990b5310cea42508dec9ed45a63c792f7850e24c584a62bf6b0d650facf7e32ae106ecaace3f8556a850b2eccc74d41eb19735da1bbbe2ce929ab92c138cc2aa05acc3ce6e360e6867349e60ce5a62b13a2ed9b6346cdfa5a4a8c7598935a954ed46fd041953694505bed82812b7ccf2fb5df5680925024a8780b71e76b8402e821bc5d4345c3ef5683689cc0252b9e9dd6bb27904b0f3c7256ab20342de2e43aa7541c7281a34817ae4d8d404f5d29dc6a237708cd4592464ade091556f1c984e9a99645d55f4f0210feec98266bf169f48add50858dc672e93684f1833b13757d3f6333bd5264a4701f233e36e275c51a63b31e205259a6a6272c5f1f29627ab6880bd2b617198d3000d988fd5b378c3040a0a81a3dcc40063287c4973727034a15e8993c37de1ad556782ee630a71dcaa41eb4dfaa9eed7deb0fb897fee1bd8c6b920dcc1f32dbd48277868e0d44f86df0959aed1321fd91b32ca17deb22e811eb8086f247b84eb2076036513bb1aa8ec8ade0cf1225fed61d7725d5865b416f284cbb2b3bcef1f277baa4dc565db2919eb01cf231fb6fbfac67ac1b4afb27f8a44f00f385f7541a35ff588be7a9af3ae554b5f2dd12dec2c286aadbc3a32a42e2100ed790b1f39dd496c7ec6a35dedf3ef4225d7e2cba64025cb8836ab3b6d264382b44069f4ef1d629897a5882eff30e27087ebf799127ee424baebadd6c2b9d1fecb5321fc4babd1003c22d01411ac555dee2fbb9d182d8efdaba3e60a8b31f3fd9c7ada3f36cebf2cd30723180bb0718fc36dd3e1a1964adec326fedfb0d4d3068e7f3cc696cf54a5c61a2b40d5845d906c6bea6d930241506a3b9e5d19eb96a10929f19855f6b7f27b248d96587042e853f2a647d8b79bda08ac6e8daebd6756753f9ebd598b119b5cecf4227abc481ddec9af7956fe7f05053f157658946cae3b8aee3e8cd68929cf3c06eb24af96b977baae0bf71e1558c9bd3c20fdb6cd30c1d28622d41f48233eda6bf93f925544858b4b03a161865bbced8a94866cb36570de11711bad7611108fcc54b1adac4470052d6b3e0dfa964699a8d9dcfe46d3b078353348c93a7bad23d1056448c4439ff0fd4ab56b9892d0873df7e5b4ad04ea669a7143bbbcea7d5e21133eabc5c87c1462a9eec389d6c080f2f78bd611808471e933f4cb25e6e8086586291ed65c6e38058fd15df5ea804c6fe0b5ab99cde861ca7f43419df556e844660ce81f86dd268d044680035776b35bba4b7c6e757cfee45f18644ba12fc767bcce52c9ce31a4a3113575dba40c7d5e8e3491b700aa10e0da5b7d5871db6d758f59a4fcbcd37befbc8685a659a97121635a329df4d95e65f8f4d4ebedc2a217e89426dfd92973180f21f58cffb4594c41a4a748db70b11cc2cbb12d9e4c2ef5ce671f9bac9c53c712ee10b41d97fb8730fa37df3cd9d1ad3fc85c460be2d8b649bad957bd95e5a3ccd61d473bb91f7839442c8aa07b86bf78d41c5dbdea690361759a3c957aef5545bf636ce1828fca636acc738ebe98fa73d53b9a3aceaa831f81ab72bbb43a8485932b4c985a1223b75560bf8e0ace083ab5ff260cf460df8ac45420b7ac8ed99538bd0ee7a96f2c3beb2f9928c7f18ed55ab129bac656beab27dc6f12c9b2fc7c9861dc57d76f
MD = 8bce8c69fd802389c805d2945c7499c9dd279ea2

Len = 15560
Msg = 43b1ac9c15fcc2b0168aa9862db0304441ce0c5659db1fa80244fa18f2f7a02beaba8cfee1c2f6805e8153df26bf1b4017ecceb354b53966a2d5f619122e32d1e118b2d19cf918c68716634240a8b66ba0335af5e213054d07575d1778d3b8dbee7126fb8fc8b1e95af0e396c494892ea348b7024c1d0cc6f87337fc6d0fbab0da6eee66025848519cb8dac5faaa1defead6edc4dafdd5373fd18daf370ac1b86cb614f83cd06566181551b62a13f9173b830521d3d8e909a21866181eeb545b6ef2a09b8759918f95b04f519cf6a50f5ff7060381d9cea5eaf1cb1f6cdbfc01a6c99836291b5237da30dc7e987caa3e1edbf8512a250e71df03c3ac67014012dee406b16b3d33c3b03e002565cd8f0b3fd7e4f317e731d748f756a75986a8f6dceaf1f495e8b99cdf82c42e4c10dce08c92d1d09045bd3eee748cf88891bc15698462e6ef436e2a2fa32f81956e1a24cbb5c7d2dc673c0e9a236e873d4b05d84c5a6071c177d9d5684a4a07880ed03ec5e7cee0457635ae12ab033cbfdb0aa54f13f37c52ab8206511e1ca66c19869842d1efe2119a31881eb65400586a53e5385723f0eb08f223b3c8ad478bb6c4990a1b31c189fab70388e967b94e206901d0d0f9b3d4b6b09656ef05d32b0e13a9e46c9d63f5bf4f8717ee4651ea24d35fdf247cae55dc44c5023c2d309548fa30996c39b19d10817c926df9ae749f19692dfbb5c9b6a2371a7f562c48118d0296f2c40f93c816d64bc20d86ba34b8c48681feaaed3e3110fb94e70a01e605b144b41c27f2c0f9d55a6f77f75b71985b1da4d4650036b157d20b94cf455ed792a0aa1b87b4cbe007126053547b756666985f26eeebe64a9506aa0784fbbf2c2a139b6a39c332f3f2db5f48a301864b6e5e789c4b97962250ff3ae8310b522b03064eb145053d5c201e32feeed5ed6ffad7b7dd86eb8e64132582dedc5c5ffda4df8c97b16433401941a21e3cdff2f9926be692a7ce153663e04c928fd82ec995081dc487c75eca63ae77509607dc12be82cb62b42a75c0ca985eac516606b85fe7c9e1cf15041f88cb793b0335f5e1078430f6b7e6f42bcfb581d32bee31f289e658968f386e6a100270888b51838ff4d9dbf5b7eadb9ffb9f7daf2359f59e9b6b918ad117e4d181ba23de3643cf430ee99408bd1e7243d4be1ae9448d9be41de03d669c9aad7c655a5be60df32126db1d25d7d06a0040e47b202993736aed98ac24d1f9a91394434ce0481749c160e5db5509f8b6cfbeb33c56161af3ace194370e74ee2c5c41a4f77aab5c2ef618b48ceb473dea25e4c76a8559e0f6a7e897e9c3f6860bd1aa0fc3f1b7e5880976ce99b038a8ee4bdaaa6e759aed62a5282b2a0a01c62ebaf80c180c15b94142a3bd686c8540aa89c9e4aeee804a21ecccd762ad3ab87e5f52235e946de03fe9c70963e6d50e0626d9fb94b8b3fe19c4fa24f9724b63e107e1ddfd5266636c460938f1e8d118eb6c3179879adc113477da985722dccf40fccdc15d0ba949aea192d4793821683fa1fae6ee5ea38c584c96bde485940584843d58e78ade9aef418a65659f6c06ec0e5bc833caaf766f8a531b09621c0c93e859280196ac5f166f18711ce55af8d8fb7da9bda7a9d7607a3c382c821bec57704bbb14f6bb9f0b73648206d29448edaf8710f4bc38b71364769eb7ae3aaeb76338998973b462b695971f8b2ec2fe1174a28640d3051f70902cd510ac21599a0b4b48c6d53fb0ff1dd9d113c08c202e90f69209b2b7165f458463a14477f5eaaea95235e40392ce52511e065198b82b4caabcb722f7a5c8cca6d2d040e58b8e957d3f3d67a90f0b7d2891cca991cdf0f0e78cb2eb6dd3936dbbaa076712216e08ed954528d8309ee685afcd901d6865c4d48b63d5c0a8a870eb71ad80a7c2724e21deb7ed39fc6fd5910272cee49072109a4030a8992cef1d5db129544b7382b142a1fa7f747b66927411212a8f4dff1b6033822b9f6851bc3af1e5aba73e8677786776a630b56c645564436ec6a7f42e4fedc2277b63b494a9ba484c622a66e9eab7932915b367955c84416030a739918ff55665d42502eed393ba01253f0a4fc119b9d2cc7c416bb3f881c97654b68c47d3a8aa53b72112e004a39098865af124155067fd18e02f7f486d7040b754679f101ec1a020fb48f7956cc262063f163c34c0b150902e28ebfd6c1f35d6f969c0332271626876d840cf7b5f2cc89f0831fd71786beb11a01c9ee59cfdbb8edbd2c41b8141987c09e439392f9dd2640d2af9cc84f93173dd3db342b0416efc05fc4c71bae7b7f4250b5c0ef95e2e746e4fae379ca06a3b2874c4ea23a9f5292f67528be4f9cdc572dcbe638716e4b973c9a61b8a089f51c9e95a45bddc5affa13b5ed3c722e3d93980e99e9f6efa1963c069e114dad89d08c6fcbb4683a565a29ff8b02a08ff17c11f65290a0e7a7e885b7def03be1b062d3033b48545dc427cbba98ad6532c6754dfb86a909d6bcf28c36caf1e5b72777f51869843cb098075b8f8ca94ac6fb138eb6ccbf8c4d6f48c20be872f5ae4d547517dcf48bc3306d6be6ed62abbd2ddb66909b20c2ac2d4fc99f9e1fc627909ce58a0c15cc163bce7f4911760275cd41682158992783759bf56a7244f1c3afb598d78d74782a08aef83ecf50098157ca05d1ab753553e6a1f804fb8ee302e9333188c77d0a6f258389304d9d0b806be9c239fa4176addef623f7a05a1
MD = 064c6fccb707f0f3929084eeb0298e800d542370

Len = 16352
Msg = 0a72ca03c9977dcd0169da7af1fa3f3f02e374175886de21a796f54348daf8148c2ddff950ca918ed1c65747c2de90579c73a7d036d3430c95babd4d0519d7a06815ab07cf53e1d64773255ef6dad8c966b50645203a99657d31ccc3b9b4e2eb493317746ebbd7700b772e07b477805e07b07abe3f4448f2060408f08b337fbcd58d0b8a5788d923c4da5889243beede286ce982ba78b87cd93a5b1ba41f18dcb42e708faf4551b61aa58d2e6fb08b1170f23ddaba5f51ca9ddbac8b2b0014148f1b2ccca177a6f2b7dfb43cbd5ebfbe88495c0e677f7ca6fbf0e289495cdb2a0e5d298952a8409f4090b5fc35ccf3af17793066e8639fd69b80e75d26bdd5e6d8fd4d0eed5f878560c078b600828daac68b9f29669024232493a24fe9aa6a12960382a29825e36bbd78e4b24508f7783d8693a1089071553f31fba7bbac0274ef75af8e7b81bc1affbfe3372de797e12372f314f7e9f0349363daacc34a05d68c5dbc1bc0fb7a5bcf9e5d8ee0a6d7ac2058a7cb5a260787c93027a72a0cdbfe14c2908e8c1b85f4d51c380085cd1ea3de3f960e5acc201888a1cae0177aecb430ad15320a6a45adb8415dd345e4d38c022faa251f65a2ad79bdac9fb31da0c28825324e5f6f23502015b44f477460303730ca57d079f50f438cb32c257c60efc332cf29b6b285a3b7a125beb4042c57234bdeed968e81068f16c8ce961f92028adcd50c35bcd47022ec9966b31d9fc86e87cf2f982ead5a0564d4cf2e8fa0c4842c2a3f0414797d0cfef6916d46214dc1ed8365ffe0e3d24c7dbd751453f0fd5a29b70a4c42da921be0268509071aacc483e3d7f22d8b370d696d0971f3ec74b3dc64b535cf6179f7990f8ab0e8f2ae1e53d7cd9a9b0b51ef31cad26cf8faf3384b1a87e64275f949319bea8a72111b7765488e1eb4cce89bdcbe1a2ee984409180bfc988237dd9b9b1b1ebbe2ce0bb79bf1c63a70036c4b8723027df4ef12465833cc442fbe3e2ee2038d7759fc556ca6b3d945d06b2aceffc0743a5b0a9675c5a7abd3d510edc91861af4d65129b312719169674ea66ae8802db4ab9514d11f0f60ffa0ad668f49ec3e8b0acc759bfad70229ee607bc44a0989c217889a2a56aad5d1949753c2bf598ce338980fd629a7771e19c59a83be9c03b7120ea339a931c37a41983d3f9bd5ec46893b612c49e9d78e1104696feb4383d9c3b197c7beae1143ce378ccc846846fa253fd165ffa30cc2fda5524f7a05f17253f8de9c4028a77464fda832221b8248332cc948f5dffd020630bcec12eb35c8e96be080d5a86d552a71fa381ef58878db88b09ed3a49296542e0f0f5cfb3823ae93053b25354b2d491be8a820fe40d247ddee2f40fbb3c50e27b27eff3fe0cdcaf7b694d9d72946e883db49cf3f939e9cb2ebc3e5ea48d85da10f02a4bf160d642059559996efe630323ce2d4bf672305900e226a7c391768268d62f382c32aa49458440c7b855649af713cd687a6aaa8fec11376b66eca583d94689390cd6db3dd192adb8dd3de5a82e41f7e9d367bad846c60b1a2d039546f8cda2df11e1eb98306ceaed5c1c58b34fb52740b01de3daa75cfc54745ac8542dd8168ae9c85dd0c85fa2b593855064c209f5fd9ed1b80f9452957adb66a1240f025edcd31e948020074fd231ed4f052bacce80de4799df8443512dd0cbc24f12b8e6359c49422ecde05ca3b5d8b74ce31a2b6b1cd41bc30dabd9bde2deae3dcf78373573ccc925387753ba7dbc2b749ece972cc8fbc072770879db8033c7689bdcdc5d183dac0be638cf77182c1e44b5569c367142fa4676c5dbe7475f90680e33400ce8006d5b5da12a7a138cf215ad3e9528943e5bb783805a6196a6bba4ad380cd571b97f9c054cef23de7359600ce33c63a042575e03a47feafccd8bb6ef379d3733cd753683989814f763c6dc4ae0dc8823f36f929dced6e3f82893074ade7bb2acb0c0c34f10bfbdecd29cb2edc40006adc6170da85bd9dcf74c642e568912c84b07f4bade41c09f3d447dac7be9415f9c4ee027c9c81346a8ad719478b40cf8ad37839597a84539573ddc216bdd0b038dd25d6968bffda15ac03dc2580bc4c431d3efec21c0a80cc9232aba442be782d104d15b0b90038dac293b404aecd4ab8741bc170307838a0198fbcf7b32416e246b0e6538e4bf6c0b4cfc86e7d3b71efc255aaea2094251af03c1d9979cb315f6594720572aabbcf6aff41ea55cd6af2ed35e3b85227ed41ff81f712fd7b72aa5642e151cde32f10cc6b46019e4cddc9de03916230f8381e2fa672e8a6fb80cd02025abc07bffb8ac35b0039c081717a7e07df7020d1afb766f2b5a5db1505d0501c05d08806c7463516961d2331cf0fb489f36b8c78f9168daee9d0068fa6b927d70b14b9803a4a0ce5313230279f8f67d0f5dbdbb6bf438d2335f28e320d92717c941000f4fda02e10f9024d2a880381250e467553a9444c96c292dbc6e2631553c74dc62cb85085df1514e3013272e9d06536c2175e23b452b7385513cc32fba4cd5274ee1260f799aef05b7546e4871924322aca87e8ac9e3d6d64e074090bb7cea77003b3da6e88eb1f1b4e6c62434770c31533cb991bc17cb770f782ef2dd3f1d5243344c5d1f2f5288d544bf205a4746feb1bd340eb049ba1e11e9ded49425e63f6456d2a0820f393184e8c9fb57655c1144a47e403afc3b01f1e6d09474a3ed95003d510fa5a0ee92306d66e3b063e3ef888ce8e4b0a1b6e92bf9b4d0f34b9c09933257f91e86eb01842d2697f9c5570ff9d1045ab5ccc62a2c8cfc18948f69f399e0480b4113a735ecb28976a80c2de9250b6110beffd14b803b06c9ecd1efe980c1b194b1e9bb75d697f00e2f9
MD = bf2d47d4435ace28d3c336acdd6313aa8f9c41fd

Len = 17144
Msg = 09ebb3463b01b2c492ca2b1f6ac7e6145eb40646537230d5b945ef330d3f5733a2fce963a290b79c4fbec9d78f6bbe42a851b69448f8709dc8e2b021b106e4e68081060ca687c49dd39fdf657410d1047b96b2415e5a5ca16221ce3919c4cec029e0d3e850ce21eea5d63670219f65805deac1f69d803c0a0e6910224c5f5ee8278315a0a74e16b94ec996a19c01c3ded9b5aa5b0e5358ff55233f8452c1dc8702d097dbb3edeb2354e2c6a0ef1c334774603617b8b9f7a9bdb5230934d090c4403120427d94e7564188901422dafce3b8512dd3a49b6330d0888457f976c1c86b0d777d0c2c537a9c22baa63b2268d92cf15736d8e2e2bb16042a16a99ab9ba0acb6533699b77b6ee1a0dfd44dbbd5258a87be95e74bd721691ddef4d24bec3a6d5b20c9acb9b33bed751c244ef4475c5df63933e3b3c7e58986489ecfb190bc69226b2a9a2071994c14e9c4445456bfafcd5dd7e1ea607647f888e8e0912b9f26a88ca9d0a028ff840cb344bc5085b7f699a6e28044534c3b011a33b35f0f6b3c5a2ff7fead6bd73bc92316157d46edd8c7af043d75f2efc91c772fc67fde98f0b3af65629c9cc8c9d693c8ee3f3cb9bcf3c08d87e3d1d978c71a3d8877fbb10a4195a2ab124e4cc4b19fddb51ab9c4199aa60eee127281c08d9ded87ebf93bef907d104692f2cba2f6a1b4f89450658518aa08de86477146dc5ca0332059a2070cc03eb3931cddeaf233ff37408336761a570bd7b3e330722fe0f618c99f7be722f9ae70974efc0340e10cdf83e4bf630c3768782fb847b914c56fa74c2d32068f93b00c13eb8e927f137e8fe2d758d26ac5df2e5e491fa217647d7d3c956cfb8f2903f4ad853e0ee955b496f1fdab5ab27cb078c41830b3a4689ff8ff6a752cce241ab8a8ae62df3c225fa315aa2f527fd69cd5f5a81374482c57a9291ef310a91f64c6a9b9a599c3f3c022e27f4d602f6de4c4776b404a7f3a251c2e255f5dcc7562bd25596eb53d64a694ccdf8dfa4dad28c2adf44fccc61c98b09310225a94b094fabfe036b7f4df4377596d8987671ef96f2db58a71994e1304ec51e49d8e6b8c1dbdf0861876de47590c8b989de83da7185b3188cf753934979e7d0e9d3600b874c40ce56d5fec22b85acc63b45d73e25cdafad33cf6787dc71df408e0181a9abe4697cd2d0c8355f3c8a24351436c1bbb0163f24079964f420f597bfca103b348da13b5be092e61b9caafeffb1680b3a1832f5e809afd2966d71fd0596d7682b2e31337b6d267d668f537a228635c5aaec49f8063b717bcc409a99e7cd9cd997af618bb9df4aa149fdcec025f965971314a4700607a9049d81b994edd7283580f7796c9d9fc7facacc64f99074bf287e778b8471d41d18121816159f1d4325eff0c1fdb0136531f4e55a4dec5e0c21f2ff455ccd09965d31eef9458605b451ea81816779a4ebeecc30fbe3bf1f142978931c21a510dc7b04e9aa4c29f845607c9200d181ba23d85c958ee4941f9fe9171b56fb7e50b71b93f27051105fbcfbaa0c87644ebed398abfd5a77f0c57509d7803c11e231efe5e4f2957cc4a0e2c97ed55e476a16c4d6c14ea8c55d7b5d30c0a8168c581b4b8002cf5ff6cc257f73ffd6cda35d2cbe39a772c0f662a92106db7c2c9369769595f27317e7b0545ba035f71ca0ad678969644fea3188b587352fe4c54f9baa93cbbdc40477f9973df929219265e42eec0f00cf6e9e55085862c4c92be8791f0ecb6cac70cc2e55ef25e23a781b89ebb0d384d99366530a5b37a311a485883ecd3c0712a111d7f537cd682b16e925059d5cf754a3b10a235a5cd3a6794e526d9ac794dde06c7de1de99c4ddb4f83fe47b53612ae4a601bc1b795c6ef26c5e153b141df77505a780ac30fd379a705ff0125fca429f6ec03b683547535607349f79caa947a805dd3a683b1b2010780e912a293b841b30cf0a07389b3cef465d711c9141b5c194a777dc6127825d38d22f8a58bbd8a215b78fc02b6010035260f5ec13ec2907d98e9fce4b2844cad93632fb9553267a45ff345db69fb9db53c592b1f5b28bc3fd191a07a1264e9f83bf0245880a56ece72f60a4805f1ebf7015af32e29bc33e27d1514f0a2a88245df70730d8e8504024cf7a5f32a827f6d1d7b63880b0babd803caa6d2e3adaa09065a9842ef5fcbe2368ec547382bcca9f930e8b77f8568b30e48e2bb6612c5d43915108313a43ae0d811d4cecf6c58102d11ff3707b80ef5e51664f4aa466a19f0465858abe0b5709a3750e450b2a64211a513813422130330998a2910d70b5cc454fc3e0893e0240555c6425cad3bb25f50c2107541f97d6968eec34a332e1f1dc758adca4c2f7d91f3a143439a9ce35ebb877f5ba646c6f80aef5da6e946c375241a22616817efd8977e71b6392e47a83bd02847ad6f7284d62842c777fa0c52e19d265e761dfd41c7ba5824d77471c45838a5d9e5f7f27871163d2c5d9c3c4f867e341204c61855faf161001413d42b973d7272de64e94b5225873608c1e5b39929e64c8294d39db79016e86d60f1468f3b08b3052aa9860ff2cb7517ef9b37702c873e7e0eb1716423044e42005bbd96cdf31ae8ddc5b0f0fa7489f999cf33d1f2c19865883489a7369392306665f94472ac0af7e2b044aba90cb52c34e44105191fcab7b5df3ef7275f54c6f7c2722ea5ae13c0de1bb9a68b1eb73e658ce7a00bec46130c1419ba91c2167458d3c0abf373b5b2245aa8581d04e09e902b802947c1aad5ff65a287e25657a6fe2c6d42c887717a59ef6956db69c1cb4942b317593a699f045651e5b5a688fd5c3ec099b173c757e35ca52952b7eb52f564e8d0bcb0f2cccf68a03a781d3ad5f77d63073aa337f96524c435ff69bda42904aa0bfecfd6ed951f361ca634dddf548add11c0a033cd33ca4f034e19d96d58946f2f7bd1a68009dc5bf2cc87f267f7c9974feff55b41e3dfbe17db229eed08a6b091c070b212a242ba635781090e55cc1a28150d1f0609b
MD = efe28211673e7bb68657243df023d4b70c0e5325

Len = 17936
Msg = 46cb5d391e751146ba9700b4fd5f36ae7dda1758d8fe50fb47ed0d6275786d8491e23263a1e7be331afd3bbfaeda19096636bd30f0d277973ab9b54440c67786226603db799fda10eb52eaaafdbd0585294392bb317083c7b23887ebfc7f80cf21df376a4ca54e25541c773e910fe46bef89ffc140df5ad3d7f0e91e52ac6fa5b7d336d8c3ff03ba7ee5494313d89d03df8f6a09c827e603d06b44a7e9542c510ccc68ed85b7e0179134c8812a20189522dd3c5c6f510d9fc631014c6b7f9e1a475135703bd5cc84b4925cc07ff03d69dffbde82dd64b9eee0c886d67d35af4a90eb052b8c5fb1480f866dc7ba4ff4c73f72b643bb68d13947ba3d0cc97f4628112040e4215f76accb98635f824625f66ac82e67b1663dc8228f8cb8f7644bfbef7b4e64a1dc03f81050a6507fdcb83f8788adb56664e5e39acddda0afeda70c55819773b5df407405379e625a1995eabe379af6836db1d2d7fe978d982140a369bc84d8056f1567d3d4b45cbb05a43f395f5ff2af8689dc00a922485a08ff0753b37b5d38946a1ba1af4e0849a9ce851d87637193b9554b3d57e6969eaacc823ceee5c8f65627d69851d62cad0cf90695380e3bd70dfd65b88f4b420c10905a4cf62be2e9be34e1e041b2918f360e08c6f9c817228b697396d9b9124b4131d8aa52b373b7d37984a0074cff9530f6d4db52f9cf1c3981bc02bd98d0044599447f8ae743089ede06012c0a3e6a0197b2facb09296e212e8a22c45042de25aee6f2272e1985254cb12a375615b4b1dbe94ced61eec04b56231e75493182e85a052cb0efbfd572a9cb43b0974d1c49a9c3f83f67e6b9bde2d01f59eb64979684eb54ad94fba18ddf9d762034ae49d0e886264a84d80281bbd94df69fa5c63814de93a68496917cd46fe90e9700e44e827b0094208d439fc786cfd7cbbab7d4f127112427584c497289c402270b94cc5eeaaba7a4ce231df01fce81d96c1175050ef5aee5087bfc9f3230844c970250641b520b76614a051deb717e2f837c2037da68cd2670c59b45b3551d6e6bd5e57c551b46000e615f3633e15437c7a2df6fd591085256d3304b545a54f550b6908ee22ee2a99f1031223f458e570028b9954599e7d1834cc2995d67b24a0e4d5b8208b467d8dafe85cb57c6b1f9f5b9b79273a7f20bbfd95a1716a6bed36d414d4010d55bf789d46218c38c47846ffbdf4ca7e4b269d122ffadc73d00f9353b6eb142b8486d7239d1f1cabed86036963bac2977ae5183ceb943b75400242de2c7bbe586b5a25ed6d83eb684eaf41233d39a40896e2c9b8690c12f1447bd1edf5f4743662bfe145382e7cd0707aacb7aadff35427b63e2f18d0f77a45c2ad0d93f3ea28131e95e57d4d5586fb6e92812d3c150c95c5c20b8b715d72dc7d50b796d864bff4fcb028ad8ee9ee4801af2a44dcad94799811d8217bc97d711249767f30986070d0cc995951be98deba3f1d7210018e3bb39a0f8b3eafec9c1813b4ad9ad9ac1f4147b2013457f9281eded54594d55c649eb73c29588552c5f53c0ca255cd1568b4be0d25b52a91cca60aec2fd98d717cb015c87c57fe4277302ef90e1fd71ee5a1abf54742caf534d64fbca13c9e7ffcae224ef49b5f3e386f68e441478c3b0eae7e24d66b9d95e92629e14a5c7cda6cdf693a42b14ca881f96658ec7b50fc5c21b0f663ae36f6521c05d47ba7cd1335ca5704b7383b13dc74c3e14019b9d556b1f0f47f790b89283e8010b5bcf3bcfff57858f27e9ef2a0580df81ca14b4876b5aaa97a5aafd0b3f40520a8fa852a13f7498155130cd786198117b2a089d834c33a7ff4d1886f8dd3217e95eef5fd2a3647288f83f934f63fd9caa2a5da1729514d026f5c29b82e5251a53d08caa89b48fdb8e25fe89d6941748b8d1fc067ccf64ebb5a89084d1e08121eeee687beff85e9acfdf55f6367b4edd4a28cd14c8818ac1536b6a880c56adf562bf691a2cf93779f52e2c2496a10b220b35b8157f33f01aa94838f15bcd135e584b78ce673f833ea51a6b591f8cb4e0a002a64fc86efdbe5e46e205e7cf1a23789b7ee1c850abb289acfadef9c6b3dfb4977d0bccb819741b6d500dd8e32a0e69b6619978b6159d49ebc1fb4bd76ee7edfa2791b29cac0588c66b505692abe5d4a40b3f9ff92bc78de0a9f73d454fc0f3358a29a39f1e3a4c58191888620571606e621a649f54f7fc91981cf99abc316f50901bc74bd8d9102c43ab96dda17ab61b5074f032f7f73e0877b0a45d1f04095120ae452740aa7b48d252a98be5c87db3bc936b3a7e8dfc4d2ffc6917dfff6842212c46bbbf7736b6ac55e9f33a225e3f8dc0fc3d5082de66a6486e4f64eb352a7ddbf190be06e87ebbfc7d9d095101c6ad43cbc5d59d8b5dc6dcdb8d168f17121b046f2da3203aa6e58f8d11b81e0d500364015975a8ac3a76ffd95a5db5b701e3eee71ad78dd438145543d8b14e2be6776bc6829869e8039dfa903ca123bcffbde382e0c3155d3b2f97c5795aac028ef19f41c6a6aae8c2251527bd4aa2cf1591296806ce807eb81e9d3b7c1dff3b52594a9bb00731537ef598c665c0fa98494709c0145f95deb6c9afce6a610e7d3a97b2fbc523c6d240f5cb97bb6bf3bea5c7cbb293e01d263d1815a5c98da2714d941f8a8f63330d0f0df6bf47b455ea31f9b7680ab8e1fd56f316ea240b83be9336db70952d3fabf32560699101e7c3f4c61507014fa60c0742fcc20042790d14662dd45feab155f42552bb22bb72f2f6142cba000d37fa5aed0d57e79a4c06d90d5cde760352b21bf514dd814bbe1e3fcd45a7905a5b7057dc92d1607bc350e911b1b861deea6b6f7eeef8361793f0d8d7a8f6389ed91605f7d258f44da8944c5c7487a8e54127f8a62834ca89b910c81c9dd081417a936c2717122978c1790bd4ed76d47f1e8fbf5609b8c408f72517826c5df2ab06909452a72a8a64d7a82d6363aa6c134a4acb77daadacfb17d7cdf35cc4134445b48661cbc69c7ab1c8baf0204ef80b8e0125efe43a0bccdfd0f356b62e6c75fea8493dcb0fe9201982bb626a8800ceb05cd3a86c8867e218b59192c3c286a4fb13e5ccef2cf8bfd57e37a38a800dc47802df88bdbf4ba58a31ad91c8a9e83b029e63f87f4551c0ae63369ac860a6
MD = afc01657b55fffd0c739cf017294a8379f60c2f9

Len = 18728
Msg = ec2f7852d0a6e6d13fd4220233a00d9c9c063d24f65e3b5620e1efc66c6958c7f378818c2b7cb08dbb51e02c8d08719925e71ff332b031b06327f23e7cce65eaa9f3350212eceb36afa263445e4c81d5337d20a10f614bda7443b0c8975351b1b7a77dfbae7fff94c6cd9592cdf5a4176cd12978b4f8f39efa4010ace58185e1c59c42c126bc546fa6dc5d5e038a412878ea23be4afd90c29e23f9318ddf67457adb6a9aa32c528ff7d6a2ef2893c2d100d0f4bcf8f9890f07f655a0b8f660a47f6bdecf4d5562bc62c44e8e63988ed8ac8c86bae773484dddc10b418d4cd9c57b5487a74bc1eabd8ead4883dc220d052325bf003ef33444ca8a035c356b3871179f4c6cc6f8545b25997816bcb8a7220ea389d52601b5bb745b2539d7dbe670fb531464e580065ecc91c68f2be3c4f5140fcb83c726337c833b59209c224c8ace78c9d9d1e36a8e2d9b1a35502acc48de706d5048e9164da0338758accad18739175211b1a9e6b2f0c25c51541527e113ce5685d2d3c7f77349972a2e5bdc2ee3369755ae58e494bd0b742b5e2c3d885c3170698c6bac42a38771de4a5bd74875e080ecf07acbfa3a804a0b97f8770761a2a2469f392ef5d9f5fdbc2a54299d961af5209e9603ad1228c73927003b25c928d46232c5b5dabc9a240bf3cd3af5efeede37e135f475eb0bd1fc35ccf2a93dccee076e98aab7f57ecc15d04f72182763237ae0de06196e32519ee9e5055c6495d97b7b3973552ba9de20e76139cee781ac31c419a16342a430656cd2da06e78b7b0680307a7c07244375608bf7ded75161a4b46e2d190f69549ae61bdb6f6db6bdf2a50626f330f6e15c645514119eda2b1ad96612047f8aa7847e496f5e9f1f87851442de844f27a21c1b48f82fe525f0dd5a88b8ec380e106d5de3fd9c25cdc209f26c0cf50cc06dffaceb0b0053389a33605d8799e2fd769bab71eff2a6c854c46a0c170f0ec7294b3fc6b64b911d0f65136ce8d22660c3578f7cac25ca1927ffa1ab679afe47c049fe625fda46dc39ba9a3d4160ac3edee9318b9c003ac72201c2d0645e834519410f4670731b7bfe7c1e58fb0c1b9faf99ba26274a9eda2c14f304762346cb1c7b9afa4fdfb80448f1c6467f9c1b8b1eaf52d5b5ca9d5b2f7e5cce05b0efe0b13ec80766e6c47efe63bb8e34d8560b13722021ae49e051128827b679ce258dc0d4c0f41b4fe8f2081824b8818a7126762b4d917a8f0fc4bd7a79443a4590d93183ab49d8e4cb674e592a4cd07817e52f2300ae8164d1bc179c7d01b0ddd9ccec94b18f046b16e5b76df5d3886bee4e269f62fe2c90ce420a355874435da86eda4ff94d06ad70752d9eacd5102b9e6c44ea9b0be1daaf5d7e8f35265c8fa4c8e1fbac0b4872821d983278d8d280d0446f4bd25d090c1c1659f03a9d613976e1eae1f1523181f3e7de72806635322ce09009307a0decbc7484a18f63bc24c6c1de4af1a829a46cdbe8a6ed06a1085947906ddcec5343387fe7ea5d00d3183b71a37cd49898a195009e16e6417ecc008155bffe3b45d8373f6a12ccfa10dd7df823c0c1a7e641155ee809949d3544c897c947c0ed4a7562bdf66303dbda3a355e445de05f7c4c95fdafc91ea42c395a90d34c488cc9e0610071232b2a98f80bacf09d5a47c08abce6d99caddecc725d745a18bea02ce2db10c59b6b70b4dfa6e90ec657e71bc3332050cb69d27db97a4b48f14bafda4379f6d813ec3495b7af1d8621fec8f6bea1b3fa9d7908a8d4591e842017433bcbe2b994d3d5fea348cd5040f67871b744afa8c15c0608b38ca1f4f6ec49e3b742be61df224f57465aa98b238ded6ac81d05068c4e375b08a9fad6869f0918b66fb7f7a34a82c5e6b4ead5192d843c8f114ad542bd35880df30ecb1c808168a01b7381c79195d2eb1f39370a1f656e76e8261dcdef27172c3282dba0d6d65edd0e9a0a3340b106bd633eb8dcacb988e36943e7142d3690cc2d010efaea337fd510d597cf9efde8c448a060781aa813405d463affbe8a7c54ad316d1204be55f1e9cc3283f5a20069960837c6b15996f48cda1f76ec4a632e7abaffd06b9f67976026e2378bc7d612141d46aebbf59967bea59d61fd9fcbc15c45cd1d69ff3d303f8bb0d3aa95f3298b8894197ea3a401bb4fbca83ab03e751b7adddf440660254ca5a23f9834de14c3f029ed438c402a4a818434eba643b27e00390045db57dc5019c3639dcb1f3d84fe0e1452d7f44a35e3feeb58a863e04e80e966b4a7aabf1292182703823f0a965a4a74f3ad49c9421c31b6c8df246753a1f3fbd991e2355cb6ab741082c5e5c0abe5f76e36c60f3ad5267e857211b0550c61a5fbc286a5f42d83300ef33935cb99e8840a99f384e4b5e329d58aaf211c683b4e64611e79a3a0a84543fd246180ce5a0211ff58910a6572a0014f88236f5e87dd5a97321831b72399f8c60cd3a4ef435bc98f7e9c728cdbcc50e8231f18964f3a268c4bea6619fb1674797cf202a7ac767b72ec0fe5d324940c7e087bddb79a4d1067f0570a6f38a3013cf926619b9c3b6ecf2a502be257df7b38c0a1876a71fe5f51aac7e460e327e5370dd788761b92eccfc1c90c607b97e73fd2f7de56db355d7100a2bd95028c69943f6d40de31633b9a38e050f599a396bac6e7a924e0da50f07a505db5a0b9d5781750517be796a45717ffbe4ab8ebd1d225d7b27b88d581f5a0398c69c296710d1ee983f744136f2fe78d2007e057dfaf7531bf04dc0e38a9fbc61259720b847bdb9e9ef750c2e4492ef23cd419cf0a78415c9966e36dbd33125db62cb70058ead7d86926148c4bce7795da576c3b98560ec0084aa5db57bc6d68418b9a5d33819800ad299757ebe547e0c43be083d27066c5d3582b3e4f6c954d7c1d210a5e68a87c32abe20d0db7283ac1267e8f00efd0d3c4377c80ed6a11762c8b56ef21c88fb6c052fb94f96ba10b98c14d476afad552a190a08779df69491c7c41f5c3c9d3141fc6ecd6f72a3bbc12b3559457bafbaa330aa03d3bf226301399e9028e92fe0016b0bdb94f1c7cb3f7a49e5c1156cd43424e83887bcccf92d88a56ffc84c98e16fb874274868ee590f3e3189def7d086960351528094ecd634f690d5ba1e271ff0851b072b3719162126150107c58ed9f6d2138293730666ef85a06aac31352262c0b94040b08453f70752aed3e78ea52b63d000fc91a4a9d1e08da8e6ac49518c1057bccffcb7765787f1768c865853fe5d90b403154e07a2af5f76afb8ec16381efc6220423ae90a4ef94378c9
MD = 8a148c03dfc846b484ec15809d9cbfaa4b74a060

Len = 19520
Msg = 0b6edeb5f06b22773d0af727dd59bdf552a130004ca497bd7a233d9da0a325eaea71faf280e445685ae2e30756a5b57887bf9976d05c9930b2c863ef6331f9f820adaab4c37f410e98967c1d6d56c003e89b0a151efb293c604c2b9a58661571562ad741e4c47e31a02cacb04bf3455c1d3c6c235b09aea82cb87ce8a9cddf1d33f167e3093b659919af590a1704ae4ccdaba5e9b20c903dbd13401f7bebc0c4600944df5b6d5c0dac246d71fa12629ba0ee9faf498e36c3bc655e88f94a212d847a548001e1cc570195cf2e1ca4c911400f40bd48160a02d0b6be6b48716821484d810d231f1e3dbf096789a4424b765215725ad82d73c1a20f481093e8ff685489b1cdebb0b8888f891dc9ba74509181091ccf2159d9cada77e4be00384cca4f36ce097f1b0400181cd93888c3402b72f226654a25a4e31ff77abfb7e8b90fe15dbf0a07e8686c03ca831c33b6830cd0d877617b163dd51996f259e180acfeb3056c15aca04e95f79b03bee6d681fc41c4f90edeb60a67715c34d5a6888f606d36bd7595ca1d449d984166c7a9a3c36