Received: by 10.213.65.68 with SMTP id h4csp288935imn; Wed, 21 Mar 2018 19:03:59 -0700 (PDT) X-Google-Smtp-Source: AG47ELuQtcQXJdpzEE68PoHsGMnH3y0EDxP41aM6VOXuhiAXTcduvM2rURSbrfYJsOuk2Ii/ntlS X-Received: by 10.101.76.129 with SMTP id m1mr3658013pgt.90.1521684239220; Wed, 21 Mar 2018 19:03:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521684239; cv=none; d=google.com; s=arc-20160816; b=MD6xMB1NqhL/esXuSgVEJRbBxrvCgI7MenScw0TOOVGasPTZ1qcB8SxccOgHC6LgoY 9vHazNt3XhsGBDRhWrCIJOjJJKY7nyioCB0aarW9ac2AOGCRIQ4B2fspnkx+Jn6RWHbC pIFOgzjAkKMF/WYXqb/w0q8aOGzEpTqFRBQZM7o4hq8ouEqvfX7UqiM0JB1pE4nVLGzh ATMsOtl7bult+D5mv9gn63sqGYo0sJnqeV1+u+v6FVj6W2kNGN3yptCfubVQSC0gpvcF F72nhxtG3Amg2LsSPwL+fnj6OQqcXMAFqxfTtK3NQjYrNp2s2DZ618PFPR4V4ojZBdCx 9jUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Sd25DoWet2f2QV3vbsMh6k6hyFl5NfRkLhLVTdn3lrY=; b=jU8LjKfKwA8RgarFOaCyVMLLkAh3C9PjO/CI5oBnTC0X3dz1h6T0F76jOAxJEQxL+P 0H3OaZSzN0ErHvlMPOswhQjCMKIrSKMhCvFSw/Q+LwV3hYass9gXcHFV1W3w10J0GQ2I Y8qaQ7tvl+QiPfIOhrIJTLuhGfyvJcYz3YALmkvcAjvLt3gpd28z6UG8YbNfQlHT6Xue f/736W6L44iJds9qfDGduVLXIO97/ay8jqLp5fMt9nD5sXkSp6bVrWrmf0TNFxSyfu6d NvNohRyCzBocou8By5pAHm/t2oR2ZiE5CMjG6pUA/SkybH31zARYEXojBfjD6+SkkrPq rpDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=efesvOJS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s17si3594325pgq.421.2018.03.21.19.03.44; Wed, 21 Mar 2018 19:03:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=efesvOJS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754464AbeCVCCr (ORCPT + 99 others); Wed, 21 Mar 2018 22:02:47 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:44675 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753342AbeCVCCo (ORCPT ); Wed, 21 Mar 2018 22:02:44 -0400 Received: by mail-pg0-f68.google.com with SMTP id v26so178606pge.11; Wed, 21 Mar 2018 19:02:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Sd25DoWet2f2QV3vbsMh6k6hyFl5NfRkLhLVTdn3lrY=; b=efesvOJSjtNvwRo1SgGVPXz0ddOS2kf6DShwHxrZYiEtoda4uEpk6Jrx9N1KSdchM7 dOtSvwRXiH0IAWtVw9qRAzxhfiwTFJSzKzO37ld4rOds3vbVXA4uodTASI+M81Oo80Nf RID0iEidHX8c/U6G4NBEKB1PCq0lOWc3yzBASqxyhYcympza6Qr+9xIssbMJYOwf7dso bT6f7vPxQQtbbYUIG5y9DFgF+CrXceGHTAdp8lE0Ja+ZuJ4eHJ2i2nATh+VAenezOUAv rcgORIIMmp/QqTe+mnNGhZ0L6akLpg0u83TzcAZjmkYYFQswpFQIUaaJQCnlnOWpMQwH kxDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Sd25DoWet2f2QV3vbsMh6k6hyFl5NfRkLhLVTdn3lrY=; b=ghYzDyZQRGp6EfK4OgH/6wQJihsPivPsvKztBWG4DAZoTlLB5vnmjHRv+xmc0cHov0 iXE5yBVza9cx6rInZuGC3Lvw6ZAJd50zqzp3NihEYXruqAH2tzWfnGponJd2gvIYsQVH hMdSxSDGGmm9y/gh3I52HPLGW3HGT9NOvvDn3auaBKlc8lPOnths5CQVCAnFclxK7mVB et3P3RQsFPrwmD3t2gBllFtyss6VOoaBjDMW1DMuE+xSulKvFQZUVcPfwyaiH61HHJ9b E69uJEcVviV9S1dl/pDQl8Hc4tdnDJ8cPJXp8ujwF6JiiVwFT17UrDGjWY5X4fr6T//k pM2g== X-Gm-Message-State: AElRT7GtQNsvC/RAUrNdjzpDLqgYLkPKFs8Ll1HGToB70/yVNYRF8Ote GyoG5tH7RjGph2CCWOTAhHta0uBA20pVupWUSZk= X-Received: by 10.98.147.27 with SMTP id b27mr18904711pfe.145.1521684163767; Wed, 21 Mar 2018 19:02:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.152.97 with HTTP; Wed, 21 Mar 2018 19:02:22 -0700 (PDT) In-Reply-To: <20180316133241.GC11397@kroah.com> References: <28ffc363-5140-5685-d288-6e3dc07c6369@csail.mit.edu> <20180227085428.GA16879@kroah.com> <20180227124050.GB31888@kroah.com> <6bca5a97-f581-86b8-12ad-77147619d519@csail.mit.edu> <309db6c4-7e21-bfbe-44d4-eb41f5516d5e@csail.mit.edu> <20180313092133.GA13325@kroah.com> <20180316133241.GC11397@kroah.com> From: Steve French Date: Wed, 21 Mar 2018 21:02:22 -0500 Message-ID: Subject: Re: [PATCH 4.13 28/43] SMB3: Validate negotiate request must always be signed To: Greg Kroah-Hartman Cc: "Srivatsa S. Bhat" , Thomas Backlund , =?UTF-8?Q?Aur=C3=A9lien_Aptel?= , LKML , Stable , Ronnie Sahlberg , Pavel Shilovskiy , CIFS Content-Type: multipart/mixed; boundary="94eb2c0bd53a0ae8780567f6b4e8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --94eb2c0bd53a0ae8780567f6b4e8 Content-Type: text/plain; charset="UTF-8" Found a patch which solves the dependency issue. In my testing (on 4.9, with Windows 2016, and also to Samba) as Pavel suggested this appears to fix the problem, but I will let Srivatsa confirm that it also fixes it for him. The two attached patches for 4.9 should work. As an aside which may help some in testing stable true problems (as a point of comparison or alternative), I did a complete backport of all relevant CIFS/SMB3 patches (ie all patches to cifs.ko that are not dependent on a VFS changes or global kernel API changes) for kernels 4.9 through 4.15 https://github.com/smfrench/smb3-cifs-linux-stable-backports The individual patches that were included (and in a distinct directory all cifs patches that were rejected due to global/VFS dependencies) are also checked in - https://github.com/smfrench/smb3-backported-patches. Given the focus on security, these two git trees may be useful for those who want a cifs.ko which includes all security and functional improvements and fixes that more closely matches mainline cifs.ko Srivatsa, Let us know if those two patches fix your issue as expected. On Fri, Mar 16, 2018 at 8:32 AM, Greg Kroah-Hartman wrote: > On Tue, Mar 13, 2018 at 10:21:45AM -0500, Steve French wrote: >> There will be a fix needed to correct an oops in calc_signature, >> besides the easy patch (smb3 validate negotiate patch). > > Ok, I still have no idea how to parse this for a stable tree submission. > > So can someone please just send me a simple "apply these git ids to tree > X.X.y so we can fix the problem", otherwise I'm not going to do anything > here as I'm really confused, > > greg k-h -- Thanks, Steve --94eb2c0bd53a0ae8780567f6b4e8 Content-Type: text/x-patch; charset="US-ASCII"; name="0001-SMB3-Validate-negotiate-request-must-always-be-signe.patch" Content-Disposition: attachment; filename="0001-SMB3-Validate-negotiate-request-must-always-be-signe.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jf1v6c6o0 RnJvbSA4YWM3YjFkMTVkYzk3M2UyMDkyYWIyYjFiNWI2OThlYjkyZTFkMWMzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBTdGV2ZSBGcmVuY2ggPHNtZnJlbmNoQGdtYWlsLmNvbT4KRGF0 ZTogU3VuLCAxMSBNYXIgMjAxOCAyMDowMDoyNyAtMDcwMApTdWJqZWN0OiBbUEFUQ0ggMS8yXSBT TUIzOiBWYWxpZGF0ZSBuZWdvdGlhdGUgcmVxdWVzdCBtdXN0IGFsd2F5cyBiZSBzaWduZWQKCkFj Y29yZGluZyB0byBNUy1TTUIyIDMuMi41NSB2YWxpZGF0ZV9uZWdvdGlhdGUgcmVxdWVzdCBtdXN0 CmFsd2F5cyBiZSBzaWduZWQuIFNvbWUgV2luZG93cyBjYW4gZmFpbCB0aGUgcmVxdWVzdCBpZiB5 b3Ugc2VuZCBpdCB1bnNpZ25lZAoKU2VlIGtlcm5lbCBidWd6aWxsYSBidWcgMTk3MzExCgpbUGF0 Y2ggZml4ZWQgdXAgZm9yIGtlcm5lbCB2ZXJzaW9uIDQuOV0KCkNDOiBTdGFibGUgPHN0YWJsZUB2 Z2VyLmtlcm5lbC5vcmc+CkFja2VkLWJ5OiBSb25uaWUgU2FobGJlcmcgPGxzYWhsYmVyLnJlZGhh dC5jb20+ClNpZ25lZC1vZmYtYnk6IFN0ZXZlIEZyZW5jaCA8c21mcmVuY2hAZ21haWwuY29tPgot LS0KIGZzL2NpZnMvc21iMnBkdS5jIHwgMyArKysKIDEgZmlsZSBjaGFuZ2VkLCAzIGluc2VydGlv bnMoKykKCmRpZmYgLS1naXQgYS9mcy9jaWZzL3NtYjJwZHUuYyBiL2ZzL2NpZnMvc21iMnBkdS5j CmluZGV4IDk0YzRjMTkwMTIyMi4uNGMyZWFmMDVhNmE0IDEwMDY0NAotLS0gYS9mcy9jaWZzL3Nt YjJwZHUuYworKysgYi9mcy9jaWZzL3NtYjJwZHUuYwpAQCAtMTcxMiw2ICsxNzEyLDkgQEAgU01C Ml9pb2N0bChjb25zdCB1bnNpZ25lZCBpbnQgeGlkLCBzdHJ1Y3QgY2lmc190Y29uICp0Y29uLCB1 NjQgcGVyc2lzdGVudF9maWQsCiAJfSBlbHNlCiAJCWlvdlswXS5pb3ZfbGVuID0gZ2V0X3JmYzEw MDJfbGVuZ3RoKHJlcSkgKyA0OwogCisJLyogdmFsaWRhdGUgbmVnb3RpYXRlIHJlcXVlc3QgbXVz dCBiZSBzaWduZWQgLSBzZWUgTVMtU01CMiAzLjIuNS41ICovCisJaWYgKG9wY29kZSA9PSBGU0NU TF9WQUxJREFURV9ORUdPVElBVEVfSU5GTykKKwkJcmVxLT5oZHIuRmxhZ3MgfD0gU01CMl9GTEFH U19TSUdORUQ7CiAKIAlyYyA9IFNlbmRSZWNlaXZlMih4aWQsIHNlcywgaW92LCBudW1faW92ZWNz LCAmcmVzcF9idWZ0eXBlLCAwKTsKIAlyc3AgPSAoc3RydWN0IHNtYjJfaW9jdGxfcnNwICopaW92 WzBdLmlvdl9iYXNlOwotLSAKMi4xNC4xCgo= --94eb2c0bd53a0ae8780567f6b4e8 Content-Type: text/x-patch; charset="US-ASCII"; name="0002-CIFS-Enable-encryption-during-session-setup-phase.patch" Content-Disposition: attachment; filename="0002-CIFS-Enable-encryption-during-session-setup-phase.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_jf1v6c7u1 RnJvbSBjNTM0NjIyM2NhOTUyYTI4NjhiZDY5YTg4ODgxMzMyNTFlNTE3NTcxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQYXZlbCBTaGlsb3Zza3kgPHBzaGlsb3ZAbWljcm9zb2Z0LmNv bT4KRGF0ZTogTW9uLCA3IE5vdiAyMDE2IDE4OjIwOjUwIC0wODAwClN1YmplY3Q6IFtQQVRDSCAy LzJdIENJRlM6IEVuYWJsZSBlbmNyeXB0aW9uIGR1cmluZyBzZXNzaW9uIHNldHVwIHBoYXNlCgpJ biBvcmRlciB0byBhbGxvdyBlbmNyeXB0aW9uIG9uIFNNQiBjb25uZWN0aW9uIHdlIG5lZWQgdG8g ZXhjaGFuZ2UKYSBzZXNzaW9uIGtleSBhbmQgZ2VuZXJhdGUgZW5jcnlwdGlvbiBhbmQgZGVjcnlw dGlvbiBrZXlzLgoKU2lnbmVkLW9mZi1ieTogUGF2ZWwgU2hpbG92c2t5IDxwc2hpbG92QG1pY3Jv c29mdC5jb20+Ci0tLQogZnMvY2lmcy9zZXNzLmMgICAgfCAyMiArKysrKysrKysrLS0tLS0tLS0t LS0tCiBmcy9jaWZzL3NtYjJwZHUuYyB8IDEyICsrLS0tLS0tLS0tLQogMiBmaWxlcyBjaGFuZ2Vk LCAxMiBpbnNlcnRpb25zKCspLCAyMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9mcy9jaWZz L3Nlc3MuYyBiL2ZzL2NpZnMvc2Vzcy5jCmluZGV4IDUzOGQ5YjU1Njk5YS4uYzNkYjJhODgyYWVl IDEwMDY0NAotLS0gYS9mcy9jaWZzL3Nlc3MuYworKysgYi9mcy9jaWZzL3Nlc3MuYwpAQCAtMzQ0 LDEzICszNDQsMTIgQEAgdm9pZCBidWlsZF9udGxtc3NwX25lZ290aWF0ZV9ibG9iKHVuc2lnbmVk IGNoYXIgKnBidWZmZXIsCiAJLyogQkIgaXMgTlRMTVYyIHNlc3Npb24gc2VjdXJpdHkgZm9ybWF0 IGVhc2llciB0byB1c2UgaGVyZT8gKi8KIAlmbGFncyA9IE5UTE1TU1BfTkVHT1RJQVRFXzU2IHwJ TlRMTVNTUF9SRVFVRVNUX1RBUkdFVCB8CiAJCU5UTE1TU1BfTkVHT1RJQVRFXzEyOCB8IE5UTE1T U1BfTkVHT1RJQVRFX1VOSUNPREUgfAotCQlOVExNU1NQX05FR09USUFURV9OVExNIHwgTlRMTVNT UF9ORUdPVElBVEVfRVhURU5ERURfU0VDOwotCWlmIChzZXMtPnNlcnZlci0+c2lnbikgeworCQlO VExNU1NQX05FR09USUFURV9OVExNIHwgTlRMTVNTUF9ORUdPVElBVEVfRVhURU5ERURfU0VDIHwK KwkJTlRMTVNTUF9ORUdPVElBVEVfU0VBTDsKKwlpZiAoc2VzLT5zZXJ2ZXItPnNpZ24pCiAJCWZs YWdzIHw9IE5UTE1TU1BfTkVHT1RJQVRFX1NJR047Ci0JCWlmICghc2VzLT5zZXJ2ZXItPnNlc3Np b25fZXN0YWIgfHwKLQkJCQlzZXMtPm50bG1zc3AtPnNlc3NrZXlfcGVyX3NtYnNlc3MpCi0JCQlm bGFncyB8PSBOVExNU1NQX05FR09USUFURV9LRVlfWENIOwotCX0KKwlpZiAoIXNlcy0+c2VydmVy LT5zZXNzaW9uX2VzdGFiIHx8IHNlcy0+bnRsbXNzcC0+c2Vzc2tleV9wZXJfc21ic2VzcykKKwkJ ZmxhZ3MgfD0gTlRMTVNTUF9ORUdPVElBVEVfS0VZX1hDSDsKIAogCXNlY19ibG9iLT5OZWdvdGlh dGVGbGFncyA9IGNwdV90b19sZTMyKGZsYWdzKTsKIApAQCAtNDA3LDEzICs0MDYsMTIgQEAgaW50 IGJ1aWxkX250bG1zc3BfYXV0aF9ibG9iKHVuc2lnbmVkIGNoYXIgKipwYnVmZmVyLAogCWZsYWdz ID0gTlRMTVNTUF9ORUdPVElBVEVfNTYgfAogCQlOVExNU1NQX1JFUVVFU1RfVEFSR0VUIHwgTlRM TVNTUF9ORUdPVElBVEVfVEFSR0VUX0lORk8gfAogCQlOVExNU1NQX05FR09USUFURV8xMjggfCBO VExNU1NQX05FR09USUFURV9VTklDT0RFIHwKLQkJTlRMTVNTUF9ORUdPVElBVEVfTlRMTSB8IE5U TE1TU1BfTkVHT1RJQVRFX0VYVEVOREVEX1NFQzsKLQlpZiAoc2VzLT5zZXJ2ZXItPnNpZ24pIHsK KwkJTlRMTVNTUF9ORUdPVElBVEVfTlRMTSB8IE5UTE1TU1BfTkVHT1RJQVRFX0VYVEVOREVEX1NF QyB8CisJCU5UTE1TU1BfTkVHT1RJQVRFX1NFQUw7CisJaWYgKHNlcy0+c2VydmVyLT5zaWduKQog CQlmbGFncyB8PSBOVExNU1NQX05FR09USUFURV9TSUdOOwotCQlpZiAoIXNlcy0+c2VydmVyLT5z ZXNzaW9uX2VzdGFiIHx8Ci0JCQkJc2VzLT5udGxtc3NwLT5zZXNza2V5X3Blcl9zbWJzZXNzKQot CQkJZmxhZ3MgfD0gTlRMTVNTUF9ORUdPVElBVEVfS0VZX1hDSDsKLQl9CisJaWYgKCFzZXMtPnNl cnZlci0+c2Vzc2lvbl9lc3RhYiB8fCBzZXMtPm50bG1zc3AtPnNlc3NrZXlfcGVyX3NtYnNlc3Mp CisJCWZsYWdzIHw9IE5UTE1TU1BfTkVHT1RJQVRFX0tFWV9YQ0g7CiAKIAl0bXAgPSAqcGJ1ZmZl ciArIHNpemVvZihBVVRIRU5USUNBVEVfTUVTU0FHRSk7CiAJc2VjX2Jsb2ItPk5lZ290aWF0ZUZs YWdzID0gY3B1X3RvX2xlMzIoZmxhZ3MpOwpkaWZmIC0tZ2l0IGEvZnMvY2lmcy9zbWIycGR1LmMg Yi9mcy9jaWZzL3NtYjJwZHUuYwppbmRleCA0YzJlYWYwNWE2YTQuLjdjMjYyODZhNTI1ZCAxMDA2 NDQKLS0tIGEvZnMvY2lmcy9zbWIycGR1LmMKKysrIGIvZnMvY2lmcy9zbWIycGR1LmMKQEAgLTcw NywxNSArNzA3LDEzIEBAIFNNQjJfc2Vzc19lc3RhYmxpc2hfc2Vzc2lvbihzdHJ1Y3QgU01CMl9z ZXNzX2RhdGEgKnNlc3NfZGF0YSkKIAlzdHJ1Y3QgY2lmc19zZXMgKnNlcyA9IHNlc3NfZGF0YS0+ c2VzOwogCiAJbXV0ZXhfbG9jaygmc2VzLT5zZXJ2ZXItPnNydl9tdXRleCk7Ci0JaWYgKHNlcy0+ c2VydmVyLT5zaWduICYmIHNlcy0+c2VydmVyLT5vcHMtPmdlbmVyYXRlX3NpZ25pbmdrZXkpIHsK KwlpZiAoc2VzLT5zZXJ2ZXItPm9wcy0+Z2VuZXJhdGVfc2lnbmluZ2tleSkgewogCQlyYyA9IHNl cy0+c2VydmVyLT5vcHMtPmdlbmVyYXRlX3NpZ25pbmdrZXkoc2VzKTsKLQkJa2ZyZWUoc2VzLT5h dXRoX2tleS5yZXNwb25zZSk7Ci0JCXNlcy0+YXV0aF9rZXkucmVzcG9uc2UgPSBOVUxMOwogCQlp ZiAocmMpIHsKIAkJCWNpZnNfZGJnKEZZSSwKIAkJCQkiU01CMyBzZXNzaW9uIGtleSBnZW5lcmF0 aW9uIGZhaWxlZFxuIik7CiAJCQltdXRleF91bmxvY2soJnNlcy0+c2VydmVyLT5zcnZfbXV0ZXgp OwotCQkJZ290byBrZXlnZW5fZXhpdDsKKwkJCXJldHVybiByYzsKIAkJfQogCX0KIAlpZiAoIXNl cy0+c2VydmVyLT5zZXNzaW9uX2VzdGFiKSB7CkBAIC03MjksMTIgKzcyNyw2IEBAIFNNQjJfc2Vz c19lc3RhYmxpc2hfc2Vzc2lvbihzdHJ1Y3QgU01CMl9zZXNzX2RhdGEgKnNlc3NfZGF0YSkKIAlz ZXMtPnN0YXR1cyA9IENpZnNHb29kOwogCXNlcy0+bmVlZF9yZWNvbm5lY3QgPSBmYWxzZTsKIAlz cGluX3VubG9jaygmR2xvYmFsTWlkX0xvY2spOwotCi1rZXlnZW5fZXhpdDoKLQlpZiAoIXNlcy0+ c2VydmVyLT5zaWduKSB7Ci0JCWtmcmVlKHNlcy0+YXV0aF9rZXkucmVzcG9uc2UpOwotCQlzZXMt PmF1dGhfa2V5LnJlc3BvbnNlID0gTlVMTDsKLQl9CiAJcmV0dXJuIHJjOwogfQogCi0tIAoyLjE0 LjEKCg== --94eb2c0bd53a0ae8780567f6b4e8--