170345 2017-03-31 09:22:55 -0700 [GCrypt] Implement CryptoKeyEC::keySizeInBits(), ::platformGeneratePair() 2017-04-03 11:41:26 -0700 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 133122 1 zan zan buildbot jiewen_tan mcatanzaro oldest_to_newest 1293178 0 zan 2017-03-31 09:22:55 -0700 [GCrypt] Implement CryptoKeyEC::keySizeInBits(), ::platformGeneratePair() 1293183 1 305976 zan 2017-03-31 09:41:21 -0700 Created attachment 305976 Patch 1293507 2 305976 mcatanzaro 2017-04-01 18:27:49 -0700 Comment on attachment 305976 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=305976&action=review The remaining notImplemented() functions here are all TODO? > Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:54 > + case CryptoKeyEC::NamedCurve::P256: > + return "NIST P-256"; > + case CryptoKeyEC::NamedCurve::P384: > + return "NIST P-384"; You're sure GCrypt doesn't provide constants for these? Really...? Anyway, please add a comment here to check with relevant downstreams (e.g. https://src.fedoraproject.org/cgit/rpms/libgcrypt.git/tree/ecc-curves.c) before adding additional curves; we don't want this to suddenly start mysteriously failing in only a subset of distributions that have legal restrictions on which curves they have to remove from libgcrypt. (No problems with the curves you used here, fortunately.) > Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:66 > -std::optional<CryptoKeyPair> CryptoKeyEC::platformGeneratePair(CryptoAlgorithmIdentifier, NamedCurve, bool, CryptoKeyUsageBitmap) > +size_t CryptoKeyEC::keySizeInBits() const > { > - notImplemented(); > + size_t size = curveSize(m_curve); Now I know you didn't design this interface, but size_t is definitely not the right type for key size... it should be changed to unsigned (int) instead. Sane key size is way smaller than the size of an allocatable memory region, and it's not even bytes, but bits, so if we were hoping to allow absurd key sizes it'd be too small. I don't really expect you to change that in this particular patch, but it'd be nice to do it in a follow-up. > Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:74 > + gcry_error_t error = gcry_sexp_build(&genkeySexp, nullptr, "(genkey(ecc(curve %s)))", curveName(curve)); Wow, I'd never heard of S-expressions before. I'll trust this is correct.... > Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:93 > + auto publicKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Public, publicKeySexp.release(), true, usages); > + auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, privateKeySexp.release(), extractable, usages); What does that extractable parameter do? > Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:94 > + return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) }; No WTFMove 1293589 3 zan 2017-04-03 00:00:17 -0700 (In reply to Michael Catanzaro from comment #2) > Comment on attachment 305976 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=305976&action=review > > The remaining notImplemented() functions here are all TODO? > Yes, everything is implemented in the patch in bug #133122. I'm uploading these incrementally to simplify the reviews. 1293666 4 305976 jiewen_tan 2017-04-03 10:00:24 -0700 Comment on attachment 305976 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=305976&action=review >> Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:94 >> + return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) }; > > No WTFMove May I ask why there is no need for WTFMove here? 1293679 5 305976 zan 2017-04-03 10:51:54 -0700 Comment on attachment 305976 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=305976&action=review >> Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:54 >> + return "NIST P-384"; > > You're sure GCrypt doesn't provide constants for these? Really...? > > Anyway, please add a comment here to check with relevant downstreams (e.g. https://src.fedoraproject.org/cgit/rpms/libgcrypt.git/tree/ecc-curves.c) before adding additional curves; we don't want this to suddenly start mysteriously failing in only a subset of distributions that have legal restrictions on which curves they have to remove from libgcrypt. (No problems with the curves you used here, fortunately.) Yes, really. But these are well-documented names: https://www.gnupg.org/documentation/manuals/gcrypt/ECC-key-parameters.html#ECC-key-parameters Interesting re: legal restrictions. Anyway, under the Web Crypto standard the only remaining EC we'd have to support is P-521, and that's supported even in Fedora. >> Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:74 >> + gcry_error_t error = gcry_sexp_build(&genkeySexp, nullptr, "(genkey(ecc(curve %s)))", curveName(curve)); > > Wow, I'd never heard of S-expressions before. I'll trust this is correct.... For the most part these are well-documented. I also examined the libgcrypt test suite extensively. >> Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:93 >> + auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, privateKeySexp.release(), extractable, usages); > > What does that extractable parameter do? "... indicates whether or not the raw keying material may be exported by the application." https://w3c.github.io/webcrypto/Overview.html#dfn-CryptoKey-extractable In case of generateKey(), which ends up calling this method, `extractable` specifies whether the private key may be exported: https://w3c.github.io/webcrypto/Overview.html#ecdh-operations >>> Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp:94 >>> + return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) }; >> >> No WTFMove > > May I ask why there is no need for WTFMove here? There is, publicKey and privateKey are Ref<CryptoKeyEC> objects. 1293691 6 mcatanzaro 2017-04-03 11:09:34 -0700 (In reply to Jiewen Tan from comment #4) > May I ask why there is no need for WTFMove here? I'm wrong. :) 1293715 7 305976 zan 2017-04-03 11:41:04 -0700 Comment on attachment 305976 Patch Clearing flags on attachment: 305976 Committed r214825: <http://trac.webkit.org/changeset/214825> 1293716 8 zan 2017-04-03 11:41:26 -0700 All reviewed patches have been landed. Closing bug. 305976 2017-03-31 09:41:21 -0700 2017-04-03 11:41:04 -0700 Patch bug-170345-20170331184119.patch text/plain 8877 zan U3VidmVyc2lvbiBSZXZpc2lvbjogMjE0NjY2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYWE1YjhhOTJjM2U4ZWYy NDY4ZmNjOWYyNmI2OWUyNzE1OThiNmQzMi4uMmVmYzdlMWZmYTJjMDc2NGQ4MTEzMDRiYmQ4MTMz NTZiY2VkNTM1MCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDQ4IEBACisyMDE3LTAzLTMxICBaYW4g RG9iZXJzZWsgIDx6ZG9iZXJzZWtAaWdhbGlhLmNvbT4KKworICAgICAgICBbR0NyeXB0XSBJbXBs ZW1lbnQgQ3J5cHRvS2V5RUM6OmtleVNpemVJbkJpdHMoKSwgOjpwbGF0Zm9ybUdlbmVyYXRlUGFp cigpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNzAz NDUKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBTdGFy dCBpbXBsZW1lbnRpbmcgdGhlIGxpYmdjcnlwdC1iYXNlZCBwbGF0Zm9ybSBiaXRzIG9mIENyeXB0 b0tleUVDLgorCisgICAgICAgIEltcGxlbWVudCBrZXlTaXplSW5CaXRzKCkgYnkgcmV0dXJuaW5n IHRoZSBhcHByb3ByaWF0ZSBzaXplIGZvciB0aGlzCisgICAgICAgIG9iamVjdCdzIGN1cnZlIHR5 cGUuIEFuIGFzc2VydGlvbiBpcyBhZGRlZCB0byBlbnN1cmUgdGhhdCB0aGlzIHNpemUKKyAgICAg ICAgbWF0Y2hlcyB0aGUgb25lIHRoYXQncyByZXR1cm5lZCBieSBnY3J5X3BrX2dldF9uYml0cygp IGZvciB0aGlzCisgICAgICAgIG9iamVjdCdzIEVDIGtleSBhcyByZXByZXNlbnRlZCBieSB0aGUg bV9wbGF0Zm9ybUtleSBnY3J5X3NleHBfdCBvYmplY3QuCisKKyAgICAgICAgSW1wbGVtZW50IHBs YXRmb3JtR2VuZXJhdGVQYWlyKCkgYnkgY29uc3RydWN0aW5nIGEgZ2Vua2V5IHMtZXhwcmVzc2lv bgorICAgICAgICB0aGF0IHJlcXVlc3RzIGEgZ2VuZXJhdGlvbiBvZiBhbiBFQyBrZXkgZm9yIHRo ZSBzcGVjaWZpZWQgY3VydmUgdHlwZS4KKyAgICAgICAgVGhlIHMtZXhwcmVzc2lvbiBpcyB0aGVu IHBhc3NlZCB0byBnY3J5X3BrX2dlbmtleSgpLCBhbmQgdGhlIHB1YmxpYworICAgICAgICBhbmQg cHJpdmF0ZSBrZXkgZGF0YSBpcyB0aGVuIHJldHJpZXZlZCBmcm9tIHRoZSByZXR1cm5lZCBzLWV4 cHJlc3Npb24KKyAgICAgICAgdXBvbiBzdWNjZXNzIGFuZCB1c2VkIHRvIGNyZWF0ZSB0aGUgcHVi bGljIGFuZCBwcml2YXRlIENyeXB0b0tleUVDCisgICAgICAgIG9iamVjdHMuCisKKyAgICAgICAg VGhlIFBsYXRmb3JtRUNLZXkgdHlwZSBhbGlhcyBpcyBjaGFuZ2VkIHRvIG1hdGNoIGdjcnlfc2V4 cF90LiBUaGUKKyAgICAgICAgQ3J5cHRvS2V5RUMgZGVzdHJ1Y3RvciByZWxlYXNlcyB0aGUgZ2Ny eV9zZXhwX3Qgb2JqZWN0IHRocm91Z2gKKyAgICAgICAgYSBQQUw6OkdDcnlwdDo6SGFuZGxlRGVs ZXRlcjxnY3J5X3NleHBfdD4gaW5zdGFuY2UuCisKKyAgICAgICAgVGhlIG1ldGhvZCBkZWZpbml0 aW9ucyBpbiB0aGUgQ3J5cHRvS2V5RUNHQ3J5cHQuY3BwIGZpbGUgYXJlIGFsc28KKyAgICAgICAg c29ydGVkIHRvIG1hdGNoIHRoZSBkZWNsYXJhdGlvbiBvcmRlciBpbiB0aGUgaGVhZGVyLgorCisg ICAgICAgIE5vIG5ldyB0ZXN0cyAtLSBjdXJyZW50IG9uZXMgY292ZXIgdGhpcyBzdWZmaWNpZW50 bHksIGJ1dCBhcmUgbm90IHlldAorICAgICAgICBlbmFibGVkIGR1ZSB0byBvdGhlciBtaXNzaW5n IHBsYXRmb3JtLXNwZWNpZmljIFNVQlRMRV9DUllQVE8KKyAgICAgICAgaW1wbGVtZW50YXRpb25z LgorCisgICAgICAgICogY3J5cHRvL2djcnlwdC9DcnlwdG9LZXlFQ0dDcnlwdC5jcHA6CisgICAg ICAgIChXZWJDb3JlOjpjdXJ2ZVNpemUpOgorICAgICAgICAoV2ViQ29yZTo6Y3VydmVOYW1lKToK KyAgICAgICAgKFdlYkNvcmU6OkNyeXB0b0tleUVDOjp+Q3J5cHRvS2V5RUMpOgorICAgICAgICAo V2ViQ29yZTo6Q3J5cHRvS2V5RUM6OmtleVNpemVJbkJpdHMpOgorICAgICAgICAoV2ViQ29yZTo6 Q3J5cHRvS2V5RUM6OnBsYXRmb3JtR2VuZXJhdGVQYWlyKToKKyAgICAgICAgKFdlYkNvcmU6OkNy eXB0b0tleUVDOjpwbGF0Zm9ybUltcG9ydFNwa2kpOgorICAgICAgICAoV2ViQ29yZTo6Q3J5cHRv S2V5RUM6OnBsYXRmb3JtSW1wb3J0UGtjczgpOgorICAgICAgICAoV2ViQ29yZTo6Q3J5cHRvS2V5 RUM6OnBsYXRmb3JtRXhwb3J0UmF3KToKKyAgICAgICAgKFdlYkNvcmU6OkNyeXB0b0tleUVDOjpw bGF0Zm9ybUFkZEZpZWxkRWxlbWVudHMpOgorICAgICAgICAoV2ViQ29yZTo6Q3J5cHRvS2V5RUM6 OnBsYXRmb3JtRXhwb3J0U3BraSk6CisgICAgICAgICogY3J5cHRvL2tleXMvQ3J5cHRvS2V5RUMu aDoKKwogMjAxNy0wMy0zMSAgUm9tYWluIEJlbGxlc3NvcnQgIDxyb21haW4uYmVsbGVzc29ydEBj cmYuY2Fub24uZnI+CiAKICAgICAgICAgW1JlYWRhYmxlIFN0cmVhbXMgQVBJXSBJbXBsZW1lbnQg Y2xvbmVBcnJheUJ1ZmZlciBpbiBXZWJDb3JlCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9Q QUwvQ2hhbmdlTG9nIGIvU291cmNlL1dlYkNvcmUvUEFML0NoYW5nZUxvZwppbmRleCBkMDY0OGJi ZjUzYTVjNzEyNjYzMzQ1YzEwMGExMDZjNThkNTA2YTUxLi4wNWIyMzc3MDM3NzM1ZDZlNjlmOTQ3 M2UxNmFkYjI0ZWU2ZTkyYjQyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9QQUwvQ2hhbmdl TG9nCisrKyBiL1NvdXJjZS9XZWJDb3JlL1BBTC9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNCBAQAor MjAxNy0wMy0zMSAgWmFuIERvYmVyc2VrICA8emRvYmVyc2VrQGlnYWxpYS5jb20+CisKKyAgICAg ICAgW0dDcnlwdF0gSW1wbGVtZW50IENyeXB0b0tleUVDOjprZXlTaXplSW5CaXRzKCksIDo6cGxh dGZvcm1HZW5lcmF0ZVBhaXIoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTcwMzQ1CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgKiBwYWwvY3J5cHRvL2djcnlwdC9IYW5kbGUuaDoKKyAgICAgICAgKFBBTDo6 R0NyeXB0OjpIYW5kbGVEZWxldGVyPGdjcnlfc2V4cF90Pjo6b3BlcmF0b3IoKSk6IEFkZCBhIEhh bmRsZURlbGV0ZXIKKyAgICAgICAgc3BlY2lhbGl6YXRpb24gZm9yIHRoZSBnY3J5X3NleHBfdCB0 eXBlLgorCiAyMDE3LTAzLTMwICBaYW4gRG9iZXJzZWsgIDx6ZG9iZXJzZWtAaWdhbGlhLmNvbT4K IAogICAgICAgICBbR0NyeXB0XSBBZGQgdGhlIFV0aWxpdGllcy5oIGhlYWRlcgpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYkNvcmUvUEFML3BhbC9jcnlwdG8vZ2NyeXB0L0hhbmRsZS5oIGIvU291cmNl L1dlYkNvcmUvUEFML3BhbC9jcnlwdG8vZ2NyeXB0L0hhbmRsZS5oCmluZGV4IDkwNjFmMjhiNTUy MTU3ODc4MTM1NWZiOTkxZGNkMjNhZjY4Y2Q4MjYuLmY0ODY2MzYwODdjMDY3YzNlZWRkYWRiMWI2 YTRlOGI1ZmUyZTQyMTkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL1BBTC9wYWwvY3J5cHRv L2djcnlwdC9IYW5kbGUuaAorKysgYi9Tb3VyY2UvV2ViQ29yZS9QQUwvcGFsL2NyeXB0by9nY3J5 cHQvSGFuZGxlLmgKQEAgLTkwLDUgKzkwLDEzIEBAIHN0cnVjdCBIYW5kbGVEZWxldGVyPGdjcnlf bWFjX2hkX3Q+IHsKICAgICB9CiB9OwogCit0ZW1wbGF0ZTw+CitzdHJ1Y3QgSGFuZGxlRGVsZXRl cjxnY3J5X3NleHBfdD4geworICAgIHZvaWQgb3BlcmF0b3IoKShnY3J5X3NleHBfdCBoYW5kbGUp CisgICAgeworICAgICAgICBnY3J5X3NleHBfcmVsZWFzZShoYW5kbGUpOworICAgIH0KK307CisK IH0gLy8gbmFtZXNwYWNlIEdDcnlwdAogfSAvLyBuYW1lc3BhY2UgUEFMCmRpZmYgLS1naXQgYS9T b3VyY2UvV2ViQ29yZS9jcnlwdG8vZ2NyeXB0L0NyeXB0b0tleUVDR0NyeXB0LmNwcCBiL1NvdXJj ZS9XZWJDb3JlL2NyeXB0by9nY3J5cHQvQ3J5cHRvS2V5RUNHQ3J5cHQuY3BwCmluZGV4IDU1ZDZk MTQwM2FmOWZhZjY0MGFmMzQ1NWUwOGMyODRhY2UzYjBhMzcuLmMxMTEyNWQ2YWVhMjhhMTJkOWQ1 YjdhNzA4YWIzOWYxMTBjZTY2N2QgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2NyeXB0by9n Y3J5cHQvQ3J5cHRvS2V5RUNHQ3J5cHQuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2NyeXB0by9n Y3J5cHQvQ3J5cHRvS2V5RUNHQ3J5cHQuY3BwCkBAIC0zMCwzNiArMzAsNjggQEAKIAogI2luY2x1 ZGUgIkNyeXB0b0tleVBhaXIuaCIKICNpbmNsdWRlICJOb3RJbXBsZW1lbnRlZC5oIgorI2luY2x1 ZGUgPHBhbC9jcnlwdG8vZ2NyeXB0L0hhbmRsZS5oPgorI2luY2x1ZGUgPHBhbC9jcnlwdG8vZ2Ny eXB0L1V0aWxpdGllcy5oPgogCiBuYW1lc3BhY2UgV2ViQ29yZSB7CiAKLXN0cnVjdCBfUGxhdGZv cm1FQ0tleUdudVRMUyB7Ci19OwotCi1DcnlwdG9LZXlFQzo6fkNyeXB0b0tleUVDKCkKK3N0YXRp YyBzaXplX3QgY3VydmVTaXplKENyeXB0b0tleUVDOjpOYW1lZEN1cnZlIGN1cnZlKQogewotICAg IG5vdEltcGxlbWVudGVkKCk7CisgICAgc3dpdGNoIChjdXJ2ZSkgeworICAgIGNhc2UgQ3J5cHRv S2V5RUM6Ok5hbWVkQ3VydmU6OlAyNTY6CisgICAgICAgIHJldHVybiAyNTY7CisgICAgY2FzZSBD cnlwdG9LZXlFQzo6TmFtZWRDdXJ2ZTo6UDM4NDoKKyAgICAgICAgcmV0dXJuIDM4NDsKKyAgICB9 CiB9CiAKLXNpemVfdCBDcnlwdG9LZXlFQzo6a2V5U2l6ZUluQml0cygpIGNvbnN0CitzdGF0aWMg Y29uc3QgY2hhciogY3VydmVOYW1lKENyeXB0b0tleUVDOjpOYW1lZEN1cnZlIGN1cnZlKQogewot ICAgIG5vdEltcGxlbWVudGVkKCk7Ci0KLSAgICByZXR1cm4gMDsKKyAgICBzd2l0Y2ggKGN1cnZl KSB7CisgICAgY2FzZSBDcnlwdG9LZXlFQzo6TmFtZWRDdXJ2ZTo6UDI1NjoKKyAgICAgICAgcmV0 dXJuICJOSVNUIFAtMjU2IjsKKyAgICBjYXNlIENyeXB0b0tleUVDOjpOYW1lZEN1cnZlOjpQMzg0 OgorICAgICAgICByZXR1cm4gIk5JU1QgUC0zODQiOworICAgIH0KIH0KIAotVmVjdG9yPHVpbnQ4 X3Q+IENyeXB0b0tleUVDOjpwbGF0Zm9ybUV4cG9ydFJhdygpIGNvbnN0CitDcnlwdG9LZXlFQzo6 fkNyeXB0b0tleUVDKCkKIHsKLSAgICBub3RJbXBsZW1lbnRlZCgpOwotCi0gICAgcmV0dXJuIHsg fTsKKyAgICBpZiAobV9wbGF0Zm9ybUtleSkKKyAgICAgICAgUEFMOjpHQ3J5cHQ6OkhhbmRsZURl bGV0ZXI8Z2NyeV9zZXhwX3Q+KCkobV9wbGF0Zm9ybUtleSk7CiB9CiAKLXN0ZDo6b3B0aW9uYWw8 Q3J5cHRvS2V5UGFpcj4gQ3J5cHRvS2V5RUM6OnBsYXRmb3JtR2VuZXJhdGVQYWlyKENyeXB0b0Fs Z29yaXRobUlkZW50aWZpZXIsIE5hbWVkQ3VydmUsIGJvb2wsIENyeXB0b0tleVVzYWdlQml0bWFw KQorc2l6ZV90IENyeXB0b0tleUVDOjprZXlTaXplSW5CaXRzKCkgY29uc3QKIHsKLSAgICBub3RJ bXBsZW1lbnRlZCgpOworICAgIHNpemVfdCBzaXplID0gY3VydmVTaXplKG1fY3VydmUpOworICAg IEFTU0VSVChzaXplID09IGdjcnlfcGtfZ2V0X25iaXRzKG1fcGxhdGZvcm1LZXkpKTsKKyAgICBy ZXR1cm4gc2l6ZTsKK30KIAotICAgIHJldHVybiBzdGQ6Om51bGxvcHQ7CitzdGQ6Om9wdGlvbmFs PENyeXB0b0tleVBhaXI+IENyeXB0b0tleUVDOjpwbGF0Zm9ybUdlbmVyYXRlUGFpcihDcnlwdG9B bGdvcml0aG1JZGVudGlmaWVyIGlkZW50aWZpZXIsIE5hbWVkQ3VydmUgY3VydmUsIGJvb2wgZXh0 cmFjdGFibGUsIENyeXB0b0tleVVzYWdlQml0bWFwIHVzYWdlcykKK3sKKyAgICBQQUw6OkdDcnlw dDo6SGFuZGxlPGdjcnlfc2V4cF90PiBnZW5rZXlTZXhwOworICAgIGdjcnlfZXJyb3JfdCBlcnJv ciA9IGdjcnlfc2V4cF9idWlsZCgmZ2Vua2V5U2V4cCwgbnVsbHB0ciwgIihnZW5rZXkoZWNjKGN1 cnZlICVzKSkpIiwgY3VydmVOYW1lKGN1cnZlKSk7CisgICAgaWYgKGVycm9yICE9IEdQR19FUlJf Tk9fRVJST1IpIHsKKyAgICAgICAgUEFMOjpHQ3J5cHQ6OmxvZ0Vycm9yKGVycm9yKTsKKyAgICAg ICAgcmV0dXJuIHN0ZDo6bnVsbG9wdDsKKyAgICB9CisKKyAgICBQQUw6OkdDcnlwdDo6SGFuZGxl PGdjcnlfc2V4cF90PiBrZXlQYWlyU2V4cDsKKyAgICBlcnJvciA9IGdjcnlfcGtfZ2Vua2V5KCZr ZXlQYWlyU2V4cCwgZ2Vua2V5U2V4cCk7CisgICAgaWYgKGVycm9yICE9IEdQR19FUlJfTk9fRVJS T1IpIHsKKyAgICAgICAgUEFMOjpHQ3J5cHQ6OmxvZ0Vycm9yKGVycm9yKTsKKyAgICAgICAgcmV0 dXJuIHN0ZDo6bnVsbG9wdDsKKyAgICB9CisKKyAgICBQQUw6OkdDcnlwdDo6SGFuZGxlPGdjcnlf c2V4cF90PiBwdWJsaWNLZXlTZXhwKGdjcnlfc2V4cF9maW5kX3Rva2VuKGtleVBhaXJTZXhwLCAi cHVibGljLWtleSIsIDApKTsKKyAgICBQQUw6OkdDcnlwdDo6SGFuZGxlPGdjcnlfc2V4cF90PiBw cml2YXRlS2V5U2V4cChnY3J5X3NleHBfZmluZF90b2tlbihrZXlQYWlyU2V4cCwgInByaXZhdGUt a2V5IiwgMCkpOworICAgIGlmICghcHVibGljS2V5U2V4cCB8fCAhcHJpdmF0ZUtleVNleHApCisg ICAgICAgIHJldHVybiBzdGQ6Om51bGxvcHQ7CisKKyAgICBhdXRvIHB1YmxpY0tleSA9IENyeXB0 b0tleUVDOjpjcmVhdGUoaWRlbnRpZmllciwgY3VydmUsIENyeXB0b0tleVR5cGU6OlB1YmxpYywg cHVibGljS2V5U2V4cC5yZWxlYXNlKCksIHRydWUsIHVzYWdlcyk7CisgICAgYXV0byBwcml2YXRl S2V5ID0gQ3J5cHRvS2V5RUM6OmNyZWF0ZShpZGVudGlmaWVyLCBjdXJ2ZSwgQ3J5cHRvS2V5VHlw ZTo6UHJpdmF0ZSwgcHJpdmF0ZUtleVNleHAucmVsZWFzZSgpLCBleHRyYWN0YWJsZSwgdXNhZ2Vz KTsKKyAgICByZXR1cm4gQ3J5cHRvS2V5UGFpciB7IFdURk1vdmUocHVibGljS2V5KSwgV1RGTW92 ZShwcml2YXRlS2V5KSB9OwogfQogCiBSZWZQdHI8Q3J5cHRvS2V5RUM+IENyeXB0b0tleUVDOjpw bGF0Zm9ybUltcG9ydFJhdyhDcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyLCBOYW1lZEN1cnZlLCBW ZWN0b3I8dWludDhfdD4mJiwgYm9vbCwgQ3J5cHRvS2V5VXNhZ2VCaXRtYXApCkBAIC04MywzMCAr MTE1LDM3IEBAIFJlZlB0cjxDcnlwdG9LZXlFQz4gQ3J5cHRvS2V5RUM6OnBsYXRmb3JtSW1wb3J0 SldLUHJpdmF0ZShDcnlwdG9BbGdvcml0aG1JZGVudGlmCiAgICAgcmV0dXJuIG51bGxwdHI7CiB9 CiAKLXZvaWQgQ3J5cHRvS2V5RUM6OnBsYXRmb3JtQWRkRmllbGRFbGVtZW50cyhKc29uV2ViS2V5 JikgY29uc3QKK1JlZlB0cjxDcnlwdG9LZXlFQz4gQ3J5cHRvS2V5RUM6OnBsYXRmb3JtSW1wb3J0 U3BraShDcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyLCBOYW1lZEN1cnZlLCBWZWN0b3I8dWludDhf dD4mJiwgYm9vbCwgQ3J5cHRvS2V5VXNhZ2VCaXRtYXApCiB7CiAgICAgbm90SW1wbGVtZW50ZWQo KTsKKworICAgIHJldHVybiBudWxscHRyOwogfQogCi1SZWZQdHI8Q3J5cHRvS2V5RUM+IENyeXB0 b0tleUVDOjpwbGF0Zm9ybUltcG9ydFNwa2koQ3J5cHRvQWxnb3JpdGhtSWRlbnRpZmllciwgTmFt ZWRDdXJ2ZSwgVmVjdG9yPHVpbnQ4X3Q+JiYsIGJvb2wsIENyeXB0b0tleVVzYWdlQml0bWFwKQor UmVmUHRyPENyeXB0b0tleUVDPiBDcnlwdG9LZXlFQzo6cGxhdGZvcm1JbXBvcnRQa2NzOChDcnlw dG9BbGdvcml0aG1JZGVudGlmaWVyLCBOYW1lZEN1cnZlLCBWZWN0b3I8dWludDhfdD4mJiwgYm9v bCwgQ3J5cHRvS2V5VXNhZ2VCaXRtYXApCiB7CiAgICAgbm90SW1wbGVtZW50ZWQoKTsKIAogICAg IHJldHVybiBudWxscHRyOwogfQogCi1WZWN0b3I8dWludDhfdD4gQ3J5cHRvS2V5RUM6OnBsYXRm b3JtRXhwb3J0U3BraSgpIGNvbnN0CitWZWN0b3I8dWludDhfdD4gQ3J5cHRvS2V5RUM6OnBsYXRm b3JtRXhwb3J0UmF3KCkgY29uc3QKIHsKICAgICBub3RJbXBsZW1lbnRlZCgpOwogCiAgICAgcmV0 dXJuIHsgfTsKIH0KIAotUmVmUHRyPENyeXB0b0tleUVDPiBDcnlwdG9LZXlFQzo6cGxhdGZvcm1J bXBvcnRQa2NzOChDcnlwdG9BbGdvcml0aG1JZGVudGlmaWVyLCBOYW1lZEN1cnZlLCBWZWN0b3I8 dWludDhfdD4mJiwgYm9vbCwgQ3J5cHRvS2V5VXNhZ2VCaXRtYXApCit2b2lkIENyeXB0b0tleUVD OjpwbGF0Zm9ybUFkZEZpZWxkRWxlbWVudHMoSnNvbldlYktleSYpIGNvbnN0CiB7CiAgICAgbm90 SW1wbGVtZW50ZWQoKTsKK30KIAotICAgIHJldHVybiBudWxscHRyOworVmVjdG9yPHVpbnQ4X3Q+ IENyeXB0b0tleUVDOjpwbGF0Zm9ybUV4cG9ydFNwa2koKSBjb25zdAoreworICAgIG5vdEltcGxl bWVudGVkKCk7CisKKyAgICByZXR1cm4geyB9OwogfQogCiBWZWN0b3I8dWludDhfdD4gQ3J5cHRv S2V5RUM6OnBsYXRmb3JtRXhwb3J0UGtjczgoKSBjb25zdApkaWZmIC0tZ2l0IGEvU291cmNlL1dl YkNvcmUvY3J5cHRvL2tleXMvQ3J5cHRvS2V5RUMuaCBiL1NvdXJjZS9XZWJDb3JlL2NyeXB0by9r ZXlzL0NyeXB0b0tleUVDLmgKaW5kZXggZjE4ZDQxNGU3OGJiYjBmOTI4ZWZmMzk4OWViNTEyZjQ3 NDM0NTkxNy4uNDQzYTY4MjE1YWJiYTRjYzAzNTk3MTA0OTg1ZDBjYzdmNzU3Yzg5YyAxMDA2NDQK LS0tIGEvU291cmNlL1dlYkNvcmUvY3J5cHRvL2tleXMvQ3J5cHRvS2V5RUMuaAorKysgYi9Tb3Vy Y2UvV2ViQ29yZS9jcnlwdG8va2V5cy9DcnlwdG9LZXlFQy5oCkBAIC0zNyw4ICszNyw5IEBAIHR5 cGVkZWYgQ0NFQ0NyeXB0b3JSZWYgUGxhdGZvcm1FQ0tleTsKICNlbmRpZgogCiAjaWYgUExBVEZP Uk0oR1RLKQotdHlwZWRlZiBzdHJ1Y3QgX1BsYXRmb3JtRUNLZXlHbnVUTFMgUGxhdGZvcm1FQ0tl eUdudVRMUzsKLXR5cGVkZWYgUGxhdGZvcm1FQ0tleUdudVRMUyAqUGxhdGZvcm1FQ0tleTsKKy8v IGdjcnlfc2V4cCogZXF1YXRlcyBnY3J5X3NleHBfdC4KK3N0cnVjdCBnY3J5X3NleHA7Cit0eXBl ZGVmIGdjcnlfc2V4cCogUGxhdGZvcm1FQ0tleTsKICNlbmRpZgogCiAK