Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp1241311rdb;
        Mon, 2 Oct 2023 03:54:10 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGOPneWpPaCg4ajOUn4TtybdmN4UmPuZnbKxEn8hb5YOstnxGhXM3289oWBal/Btr5A8xEp
X-Received: by 2002:a05:6a00:1a41:b0:691:2d4:23b5 with SMTP id h1-20020a056a001a4100b0069102d423b5mr12904604pfv.31.1696244050064;
        Mon, 02 Oct 2023 03:54:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696244050; cv=none;
        d=google.com; s=arc-20160816;
        b=SxWnWmZvKSPYXWfhU7vL5XOo/d1jaDV+VZ3MImx0bp4krE/7PFxEJkKiq0Yy7n4aFC
         Fhya/koZqpH7D/Omvq0TftTBEg+TqnTYvCS0q97HgopDIzipMD+pa871eIikwkOMd0GA
         On0UlXCCDHQuANmu3vSKW+Aunflq2A23xPmYmxKnjOkOvQfdR13z5bD/4MvWHGhnb9Ie
         gqy8JJlJno9nzEQwOqc7hYSCbixPl/xb8hQER+nXLos3YCRitBCZy0Q/iQDhhREEaZBu
         nc/htd9PbJEQL4DgfyTzgwfccqyO3np+DDBL7BwBI9kvmLStNQTvIVH/zvIyf5hdnBrf
         weeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :content-id:content-language:accept-language:in-reply-to:references
         :message-id:date:thread-index:thread-topic:subject:cc:to:from;
        bh=++O11AUuUHXvBP5AFBhAdbWxA1AdtfshuESoYgs/1jU=;
        fh=Pmlfxndagr8ncFD2H30LL38l6fA2V7ddy1Q72dldLj8=;
        b=nBI4nyao1EyO1qYGKRPS7PhjdrqpYeQlTXjZ0vhnU/QaxqN1f7BaXKEn9bt4pCaxL2
         P/y48BlWXOo+BXEwJKBwlFmq99MQQWXtNZqeZ73K34dRFok7S+KGjzwfpNkwEx4fQNMO
         I8pm8iOcZScuUVKewPyp3fZ5qCbU2ctFGzMO8M/KQqxoz/bsNhcfRr01K+gcYxwEHEvv
         0WVtORqDHts6gx58pd9nFtoBEErgFd9NoSu3hHu8evoOSQFDGsducj2V/LKC/cr/XhSs
         yA0dPoaxI8hOAvvCLqv+f8u3hLblLW2ZDt2Wgncs7yTCHEvBVaIxkNjJnFdONSmY2skB
         P3GQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5])
        by mx.google.com with ESMTPS id z5-20020aa78885000000b0068e45c6ca3fsi28925892pfe.93.2023.10.02.03.54.09
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 Oct 2023 03:54:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by groat.vger.email (Postfix) with ESMTP id 22F6B808AB95;
	Mon,  2 Oct 2023 03:47:12 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236501AbjJBKq6 (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 99 others); Mon, 2 Oct 2023 06:46:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52680 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236429AbjJBKq4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Oct 2023 06:46:56 -0400
Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E92C9D;
        Mon,  2 Oct 2023 03:46:48 -0700 (PDT)
Received: from msexch01.omp.ru (10.188.4.12) by msexch01.omp.ru (10.188.4.12)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.986.14; Mon, 2 Oct 2023
 13:46:40 +0300
Received: from msexch01.omp.ru ([fe80::4020:d881:621a:6b6b]) by
 msexch01.omp.ru ([fe80::4020:d881:621a:6b6b%5]) with mapi id 15.02.0986.014;
 Mon, 2 Oct 2023 13:46:40 +0300
From:   Denis Glazkov <d.glazkov@omp.ru>
To:     "jarkko@kernel.org" <jarkko@kernel.org>
CC:     Denis Glazkov <d.glazkov@omp.ru>,
        "dhowells@redhat.com" <dhowells@redhat.com>,
        "dwmw2@infradead.org" <dwmw2@infradead.org>,
        "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "Sergey Shtylyov" <s.shtylyov@omp.ru>
Subject: [PATCH v3] certs: Add option to disallow non-CA certificates in
 secondary trusted keying
Thread-Topic: [PATCH v3] certs: Add option to disallow non-CA certificates in
 secondary trusted keying
Thread-Index: AQHZ9R25FRQFBB8VuUOFgsWwTdSR3g==
Date:   Mon, 2 Oct 2023 10:46:40 +0000
Message-ID: <20231002104525.7631-1-d.glazkov@omp.ru>
References: <CVS5MB3X82Q8.8KDB4346ROR5@suppilovahvero>
In-Reply-To: <CVS5MB3X82Q8.8KDB4346ROR5@suppilovahvero>
Accept-Language: ru-RU, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.188.4.40]
x-kse-serverinfo: msexch01.omp.ru, 9
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean, bases: 10/2/2023 6:03:00 AM
x-kse-attachment-filter-triggered-rules: Clean
x-kse-attachment-filter-triggered-filters: Clean
x-kse-bulkmessagesfiltering-scan-result: InTheLimit
Content-Type: text/plain; charset="utf-8"
Content-ID: <1D4C26ED0CC7E645B19392EB865D6784@omp.ru>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 02 Oct 2023 03:47:12 -0700 (PDT)

VGhlIExpbnV4IGtlcm5lbCBoYXMgYW4gSU1BIChJbnRlZ3JpdHkgTWVhc3VyZW1lbnQgQXJjaGl0
ZWN0dXJlKQ0Kc3Vic3lzdGVtIHRvIGNoZWNrIHRoZSBpbnRlZ3JpdHkgb2YgdGhlIGZpbGUgc3lz
dGVtIGJhc2VkIG9uIGRpZ2l0YWwNCnNpZ25hdHVyZXMuIElNQSB1c2VzIGNlcnRpZmljYXRlcyBp
biBgLmltYWAga2V5aW5nIHRvIGNoZWNrIGludGVncml0eS4NCg0KT25seSBjZXJ0aWZpY2F0ZXMg
aXNzdWVkIGJ5IG9uZSBvZiB0aGUgdHJ1c3RlZCBDQSAoQ2VydGlmaWNhdGUgQXV0aG9yaXR5KQ0K
Y2VydGlmaWNhdGVzIGNhbiBiZSBhZGRlZCB0byB0aGUgYC5pbWFgIGtleWluZy4NCg0KVGhlIExp
bnV4IGtlcm5lbCBub3cgaGFzIGEgc2Vjb25kYXJ5IHRydXN0ZWQga2V5aW5nIHRvIHdoaWNoIHRy
dXN0ZWQNCmNlcnRpZmljYXRlcyBmcm9tIHVzZXIgc3BhY2UgY2FuIGJlIGFkZGVkIGlmIHlvdSBo
YXZlIHN1cGVydXNlcg0KcHJpdmlsZWdlcy4gUHJldmlvdXNseSwgYWxsIHRydXN0ZWQgY2VydGlm
aWNhdGVzIHdlcmUgaW4gdGhlIGJ1aWx0LWluDQp0cnVzdGVkIGtleWluZywgd2hpY2ggY291bGQg
bm90IGJlIG1vZGlmaWVkIGZyb20gdXNlciBzcGFjZS4NClRydXN0ZWQgY2VydGlmaWNhdGVzIHdl
cmUgcGxhY2VkIGluIHRoZSBidWlsdC1pbiB0cnVzdGVkIGtleWluZyBhdA0Ka2VybmVsIGNvbXBp
bGUgdGltZS4NCg0KVGhlIHNlY29uZGFyeSB0cnVzdGVkIGtleWluZyBpcyBkZXNpZ25lZCBzbyB0
aGF0IGFueSBjZXJ0aWZpY2F0ZXMgdGhhdA0KYXJlIHNpZ25lZCBieSBvbmUgb2YgdGhlIHRydXN0
ZWQgQ0EgY2VydGlmaWNhdGVzIGluIHRoZSBidWlsdC1pbiBvcg0Kc2Vjb25kYXJ5IHRydXN0ZWQg
a2V5cmluZyBjYW4gYmUgYWRkZWQgdG8gaXQuDQoNCkxldCdzIGltYWdpbmUgdGhhdCB3ZSBoYXZl
IHRoZSBmb2xsb3dpbmcgY2VydGlmaWNhdGUgdHJ1c3QgY2hhaW46DQoNCiAgICAgICAgICAgICDi
lIzilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilKzilIDilIDilIDilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilJANCiAgICAgICAgICAgICDilIIg
ICAgICAgICAgICAgICAgICAgICAgICAgICDilIIgICAgIOKUjOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUkCAgICAgICDilIINCiAgICAgICAgICAgICDilIIgICAgICAgICAgICAgICAgICAgICAgICAg
ICDilIIgICAgIOKUgiAgICAgICDilIIgICAgICAg4pSCDQrilIzilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilrzilIDilIDilIDilIDilIDilIDilIDilIDilJAgICAg4pSM4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pa84pSA4pSA4pSA4pSA4pSA4pa8
4pSA4pSA4pSA4pSA4pSQICDilIIg4pSM4pSA4pSA4pSA4pSA4pSA4pS04pSA4pSA4pSA4pSA4pSA
4pSQDQrilIIuYnVpbHRpbl90cnVzdGVkX2tleXPilILil4TilIDilIDilIDilKQuc2Vjb25kYXJ5
X3RydXN0ZWRfa2V5cyDilJzilIDilIDilJgg4pSCICAgLmltYSAgICDilIINCuKUnOKUgOKUgOKU
gOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
pCAgICDilJzilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilKQgICAg4pSc4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSkDQrilIIgICAgIFJvb3QgQ0EgQ2VydCAgICDilIItLS0tLeKWuiBJbnRlcm1l
ZGlhdGUgQ0EgQ2VydCAg4pSCLS0tLS3ilrogSU1BIENlcnQg4pSCDQrilJTilIDilIDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilJggICAg
4pSU4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA4pSA
4pSA4pSA4pSA4pSA4pSA4pSA4pSYICAgIOKUlOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKUgOKU
gOKUgOKUmA0KDQogICAgICAgICAgICAgICAgSXNzdWVzICAgICAgICAgICAgICAgICAgUmVzdHJp
Y3RlZCBieQ0KICAgICAgICAgICAgLS0tLS0tLS0tLS0tLeKWuiAgICAgICAgICAgICDilIDilIDi
lIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilroNCg0KU2luY2UgdGhlIElNQSBj
ZXJ0aWZpY2F0ZSBpcyBzaWduZWQgYnkgYSBDQSBjZXJ0aWZpY2F0ZSBmcm9tIGEgc2Vjb25kYXJ5
DQp0cnVzdGVkIGtleWluZywgYW4gYXR0YWNrZXIgd2l0aCBzdXBlcnVzZXIgcHJpdmlsZWdlcyB3
aWxsIGJlIGFibGUgdG8NCmFkZCB0aGUgSU1BIGNlcnRpZmljYXRlIHRvIHRoZSBzZWNvbmRhcnkg
dHJ1c3RlZCBrZXlpbmcuIFRoYXQgaXMsIHRoZSBJTUENCmNlcnRpZmljYXRlIHdpbGwgYmVjb21l
IHRydXN0ZWQuDQoNClNpbmNlLCB3aXRoIGBDT05GSUdfTU9EVUxFX1NJR2Agb3B0aW9uIGVuYWJs
ZWQsIG1vZHVsZXMgY2FuIG9ubHkgYmUNCmxvYWRlZCBpbnRvIGtlcm5lbCBzcGFjZSBpZiB0aGV5
IGFyZSBzaWduZWQgd2l0aCBvbmUgb2YgdGhlIHRydXN0ZWQNCmNlcnRpZmljYXRlcywgYW4gYXR0
YWNrZXIgY291bGQgc2lnbiB1bnRydXN0ZWQga2VybmVsIG1vZHVsZXMgd2l0aA0KdGhlIHByaXZh
dGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhlIElNQSBjZXJ0aWZpY2F0ZSBhbmQgc3VjY2Vzc2Z1
bGx5DQpsb2FkIHRoZSB1bnRydXN0ZWQgbW9kdWxlcyBpbnRvIGtlcm5lbCBzcGFjZS4NCg0KVGhp
cyBwYXRjaCB3YXMgY3JlYXRlZCBub3QgdG8gc29sdmUgb25seSB0aGUgcHJvYmxlbSBvZiBsb2Fk
aW5nDQp1bnRydXN0ZWQga2VybmVsIG1vZHVsZXMsIGJ1dCB0byBtYWtlIGl0IHBvc3NpYmxlIHRv
IHVzZSBhIHNlY29uZGFyeQ0KdHJ1c3RlZCBrZXlpbmcgb25seSBhcyBhIHBhcnQgb2YgYSBjaGFp
biBvZiB0cnVzdCBjb250YWluaW5nIG9ubHkNCkNBIGNlcnRpZmljYXRlcyB3aXRoIG5vIGRpZ2l0
YWwgc2lnbmF0dXJlIGNhcGFiaWxpdHkuIFRoaXMgd2lsbA0KaGVscCBhdm9pZCBzaW1pbGFyIHBy
b2JsZW1zIHdoZW4gbmV3IGZlYXR1cmVzIGFwcGVhciBpbiB0aGUgbGludXgNCmtlcm5lbCB0aGF0
IGFyZSBzaW1pbGFyIHRvIGtlcm5lbCBtb2R1bGVzIGluIHRlcm1zIG9mIHRoZWlyIGltcGFjdA0K
b24gc3lzdGVtIHNlY3VyaXR5LCB3aGljaCB3aWxsIGFsc28gdXNlIHRydXN0ZWQgY2VydGlmaWNh
dGVzIGZvcg0Kc2lnbmF0dXJlIHZlcmlmaWNhdGlvbi4NCg0KVGhpcyBwYXRjaCBhZGRzIHRoZSBj
b25maWd1cmF0aW9uIHRoYXQgb25jZSBlbmFibGVkLCBvbmx5DQpjZXJ0aWZpY2F0ZXMgdGhhdCBt
ZWV0IHRoZSBmb2xsb3dpbmcgcmVxdWlyZW1lbnRzIGNhbiBiZSBhZGRlZA0KdG8gdGhlIHNlY29u
ZGFyeSB0cnVzdGVkIGtleWluZzoNCg0KMS4gVGhlIGNlcnRpZmljYXRlIGlzIGEgQ0EgKENlcnRp
ZmljYXRlIEF1dGhvcml0eSkNCjIuIFRoZSBjZXJ0aWZpY2F0ZSBtdXN0IGJlIHVzZWQgZm9yIHZl
cmlmeWluZyBhIENBJ3Mgc2lnbmF0dXJlcw0KMy4gVGhlIGNlcnRpZmljYXRlIG11c3Qgbm90IGJl
IHVzZWQgZm9yIGRpZ2l0YWwgc2lnbmF0dXJlcw0KDQpTaWduZWQtb2ZmLWJ5OiBEZW5pcyBHbGF6
a292IDxkLmdsYXprb3ZAb21wLnJ1Pg0KLS0tDQp2MSAtPiB2MjoNCiAtIFJlYmFzZSB0aGUgcGF0
Y2ggZnJvbSBgbGludXgtbmV4dGAgdG8gdGhlIG1haW4gYGxpbnV4YCByZXBvIG1hc3RlciBicmFu
Y2gNCiAtIE1ha2UgdGhlIGNvbW1pdCBtZXNzYWdlIG1vcmUgZGV0YWlsZWQNCiAtIE1vdmUgdGhl
IHZhcmlhYmxlIGRlY2xhcmF0aW9uIHRvIHRoZSBgaWZgIGJsb2NrDQogLSBSZXBsYWNlIGAjaWZk
ZWZgIHdpdGggYElTX0VOQUJMRURgIG1hY3JvDQoNCnYyIC0+IHYzOg0KIC0gQWRkIHRoZSBwdXJw
b3NlIGFuZCBnb2FsIG9mIHRoZSBwYXRjaCB0byB0aGUgY29tbWl0IG1lc3NhZ2UNCi0tLQ0KIGNl
cnRzL0tjb25maWcgICAgICAgICAgfCAgOSArKysrKysrKysNCiBjZXJ0cy9zeXN0ZW1fa2V5cmlu
Zy5jIHwgMTYgKysrKysrKysrKysrKysrKw0KIDIgZmlsZXMgY2hhbmdlZCwgMjUgaW5zZXJ0aW9u
cygrKQ0KDQpkaWZmIC0tZ2l0IGEvY2VydHMvS2NvbmZpZyBiL2NlcnRzL0tjb25maWcNCmluZGV4
IDFmMTA5YjA3MDg3Ny4uNGE0ZGM4YWFiODkyIDEwMDY0NA0KLS0tIGEvY2VydHMvS2NvbmZpZw0K
KysrIGIvY2VydHMvS2NvbmZpZw0KQEAgLTkwLDYgKzkwLDE1IEBAIGNvbmZpZyBTRUNPTkRBUllf
VFJVU1RFRF9LRVlSSU5HDQogCSAgdGhvc2Uga2V5cyBhcmUgbm90IGJsYWNrbGlzdGVkIGFuZCBh
cmUgdm91Y2hlZCBmb3IgYnkgYSBrZXkgYnVpbHQNCiAJICBpbnRvIHRoZSBrZXJuZWwgb3IgYWxy
ZWFkeSBpbiB0aGUgc2Vjb25kYXJ5IHRydXN0ZWQga2V5cmluZy4NCiANCitjb25maWcgU0VDT05E
QVJZX1RSVVNURURfS0VZUklOR19GT1JfQ0FfQ0VSVElGSUNBVEVTX09OTFkNCisJYm9vbCAiQWxs
b3cgb25seSBDQSBjZXJ0aWZpY2F0ZXMgdG8gYmUgYWRkZWQgdG8gdGhlIHNlY29uZGFyeSB0cnVz
dGVkIGtleXJpbmciDQorCWRlcGVuZHMgb24gU0VDT05EQVJZX1RSVVNURURfS0VZUklORw0KKwlo
ZWxwDQorCSAgSWYgc2V0LCBvbmx5IENBIGNlcnRpZmljYXRlcyBjYW4gYmUgYWRkZWQgdG8gdGhl
IHNlY29uZGFyeSB0cnVzdGVkIGtleXJpbmcuDQorCSAgQW4gYWNjZXB0YWJsZSBDQSBjZXJ0aWZp
Y2F0ZSBtdXN0IGluY2x1ZGUgdGhlIGBrZXlDZXJ0U2lnbmAgdmFsdWUgaW4NCisJICB0aGUgYGtl
eVVzYWdlYCBmaWVsZC4gQ0EgY2VydGlmaWNhdGVzIHRoYXQgaW5jbHVkZSB0aGUgYGRpZ2l0YWxT
aWduYXR1cmVgDQorCSAgdmFsdWUgaW4gdGhlIGBrZXlVc2FnZWAgZmllbGQgd2lsbCBub3QgYmUg
YWNjZXB0ZWQuDQorDQogY29uZmlnIFNZU1RFTV9CTEFDS0xJU1RfS0VZUklORw0KIAlib29sICJQ
cm92aWRlIHN5c3RlbS13aWRlIHJpbmcgb2YgYmxhY2tsaXN0ZWQga2V5cyINCiAJZGVwZW5kcyBv
biBLRVlTDQpkaWZmIC0tZ2l0IGEvY2VydHMvc3lzdGVtX2tleXJpbmcuYyBiL2NlcnRzL3N5c3Rl
bV9rZXlyaW5nLmMNCmluZGV4IDlkZTYxMGJmMWY0Yi4uZWUxNDQ0NzM3NGU3IDEwMDY0NA0KLS0t
IGEvY2VydHMvc3lzdGVtX2tleXJpbmcuYw0KKysrIGIvY2VydHMvc3lzdGVtX2tleXJpbmcuYw0K
QEAgLTk5LDYgKzk5LDIyIEBAIGludCByZXN0cmljdF9saW5rX2J5X2J1aWx0aW5fYW5kX3NlY29u
ZGFyeV90cnVzdGVkKA0KIAkJLyogQWxsb3cgdGhlIGJ1aWx0aW4ga2V5cmluZyB0byBiZSBhZGRl
ZCB0byB0aGUgc2Vjb25kYXJ5ICovDQogCQlyZXR1cm4gMDsNCiANCisJaWYgKElTX0VOQUJMRUQo
Q09ORklHX1NFQ09OREFSWV9UUlVTVEVEX0tFWVJJTkdfRk9SX0NBX0NFUlRJRklDQVRFU19PTkxZ
KSAmJg0KKwkgICAgZGVzdF9rZXlyaW5nID09IHNlY29uZGFyeV90cnVzdGVkX2tleXMpIHsNCisJ
CWNvbnN0IHN0cnVjdCBwdWJsaWNfa2V5ICpwdWIgPSBwYXlsb2FkLT5kYXRhW2FzeW1fY3J5cHRv
XTsNCisNCisJCWlmICh0eXBlICE9ICZrZXlfdHlwZV9hc3ltbWV0cmljKQ0KKwkJCXJldHVybiAt
RU9QTk9UU1VQUDsNCisJCWlmICghcHViKQ0KKwkJCXJldHVybiAtRU5PUEtHOw0KKwkJaWYgKCF0
ZXN0X2JpdChLRVlfRUZMQUdfQ0EsICZwdWItPmtleV9lZmxhZ3MpKQ0KKwkJCXJldHVybiAtRVBF
Uk07DQorCQlpZiAoIXRlc3RfYml0KEtFWV9FRkxBR19LRVlDRVJUU0lHTiwgJnB1Yi0+a2V5X2Vm
bGFncykpDQorCQkJcmV0dXJuIC1FUEVSTTsNCisJCWlmICh0ZXN0X2JpdChLRVlfRUZMQUdfRElH
SVRBTFNJRywgJnB1Yi0+a2V5X2VmbGFncykpDQorCQkJcmV0dXJuIC1FUEVSTTsNCisJfQ0KKw0K
IAlyZXR1cm4gcmVzdHJpY3RfbGlua19ieV9zaWduYXR1cmUoZGVzdF9rZXlyaW5nLCB0eXBlLCBw
YXlsb2FkLA0KIAkJCQkJICBzZWNvbmRhcnlfdHJ1c3RlZF9rZXlzKTsNCiB9DQotLSANCjIuMzQu
MQ0K